Privacy Policy

Introduction

Cornerstone Legal Consulting (Pty) Ltd (Registration number: 2025/227013/07) ("Cornerstone, we, us, our") is sensitive to the personal nature of the Personal Information you provide to us and we are committed to protecting your privacy and to ensuring that personal information provided to us is collected and used properly, lawfully and transparently in line with the Protection of Personal Information Act 4 of 2013 ("POPIA").

This privacy policy ("Policy") explains how we protect and use your Personal Information.

This Policy applies to all Data Subjects with whom we interact, including but not limited to individual clients, representatives of client organisations, visitors to our offices, and other users of our legal and related services. Defined terms used in this Policy are explained in Annexure A.

Why Do We Process Your Personal Information?

We will use and process your personal information in the ordinary course of the business of providing legal, fiduciary and related services to you.

We will primarily use your personal information only for the purpose for which it was originally collected. In circumstances where we have to use your personal information for a different purpose, we will only do so if such purpose constitutes a legitimate interest and is closely related to the original or primary purpose for which the personal information was collected, alternatively when you have provided consent.

Specific processing purposes include:

• operating the business of Cornerstone;
• complying with applicable law and fraud prevention;
• transferring information to the service providers and other third parties;
• recruitment; relationship management and marketing purposes;
• internal management and management reporting purposes including conducting internal audits, conducting internal investigations, implementing internal business controls, providing central processing facilities, for insurance purposes and for management reporting analysis; and
• safety and security purposes.

Personal Information We Collect

Categories of Personal Information that we collect include:

• contact and biographical information such as name, job title, business, residential and/or postal address, email address, telephone or mobile number, employer information;
• payment and financial information necessary for processing payments, investing funds and tax compliance as well as conducting fraud prevention;
• business information when you or your organisation becomes a client, and as necessary to provide legal service in relation to instructions given, requests and mandates;
• identification information required for client onboarding purposes which includes information required for anti-money laundering and counterterrorist financing;
• information sourced from publicly available resources, integrity data bases and credit agencies;
• marketing, communication preferences and related information such as feedback and survey responses;
• technical information, such as information from your visits to our website or in relation to electronic communications we send to you

Collection of Personal Information

We may collect or obtain Personal Information about you:

• directly from you;
• in the course of our relationship with you;
• in the course of providing legal services to you or your organisation;
• when you make your Personal Information public;
• when you visit and/or interact with our website or our various social media platforms;
• when you register to use any of our legal and related services including but not limited to newsletters, seminars and legal updates;
• when you interact with any third-party content or advertising on our website; or
• when you visit our offices.

In addition to the above, we may create Personal Information about you such as records of your communications and interactions with us, including, but not limited to, your attendance at events or at interviews in the course of applying for a job with us, when you give us feedback (by completing a survey) subscription to our newsletters and other mailings and interactions with you during the course of our digital marketing campaigns.

We may also use automated technologies or interactions to collect technical data and usage data about your equipment and behaviour (e.g. browsing actions and patterns). We collect this Personal Information by using cookies, server logs and other similar technologies. Please see our Cookies Notice for further details.

Special Personal Information

Where we need to process your Special Personal Information, we will do so in the ordinary course of our business, for a legitimate purpose, and in accordance with applicable law, particularly POPIA.

Our services are neither aimed at nor intended for children. However, we may process children's Personal Information when we act for you in relation to certain private matters (for instance, when we are advising you about estate planning and guardianship). We process such personal information only where necessary for the specific client services we are providing. In such cases, we act on behalf of the parent or guardian. If the specific client service for which we need children's Personal Information is not entirely clear, please contact your relationship partner, who will be able to explain further.

Your Legal Rights

As a Data Subject, you may be entitled to the following rights:

• you have a right to be informed about how we will use and share your Personal Information;
• you have a right to obtain confirmation of whether we are processing your Personal Information, access to your Personal Information and information regarding how your Personal Information is being used by us;
• you have a right to have any inaccurate or incomplete Personal Information rectified. If we have disclosed the relevant Personal Information to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
• you have a right to request that certain Personal Information held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all Personal Information to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your Personal Information;
• you have a right to block the processing of your Personal Information in certain circumstances;
• you have a right to object to our processing of your Personal Information; and
• you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.

Contact Details

The contact details of our Information Officer are as follows:

Information Regulator Contact Details

As a Data Subject, you also have a right to lodge a complaint to the Information Regulator of South Africa if you are unsatisfied with the manner in which we addressed any complaint with regard to our processing of your personal information, the contact details of the Information Regulator are as follows:

Amendments to This Policy

We reserve the right to amend and/or modify this Policy at any time, in response to local laws and at times, international laws.