Majibana Nhuku Inc. Attorneys← Home

Last updated · 18 May 2026

Privacy Notice (POPIA)

This notice explains how Majibana Nhuku Inc. Attorneys collects, stores and processes personal information through our FICA client intake portal, in accordance with the Protection of Personal Information Act, 2013 (POPIA) and the Financial Intelligence Centre Act, 2001 (FICA).

1. What information we collect

The information we collect depends on whether you're completing an intake as an individual, a company, or a trust. Where you upload supporting documents, we may automatically extract text from them to pre-fill the form (you can correct anything we got wrong).

Identification & contact

Full name, ID or passport number, date of birth, nationality, place of birth, RSA residency status and visa details, email address, phone number, residential address and postal address.

Marital & family

Marital status, marriage certificate, antenuptial contract where applicable, spouse's ID or passport and spouse's SARS/tax document.

Tax & financial

SARS tax reference number, tax clearance or SARS letter, banking details (account name, bank, account number), proof of banking and, where required, proof of source of income.

Employment & business activity

Employer, employer details, occupation, industry, countries of trade, source of income, declarations regarding dual-use goods and arms or weapons, and Politically Exposed Person (PEP) status.

Matter & transaction

AJS matter number, transaction context, signature date and the timestamp of your POPIA consent.

If the intake is for a company

Company registration / CIPC documents, Certificate of Incorporation (CM1), Memorandum (CM2/CM4), Articles of Association (CM44), Certificate to Commence Business (CM46), Certificate of Name Change (CM9) where applicable, company letterhead, shareholding structure, resolution of authorised signatories, and the ID and proof of address of each director, shareholder and authorised signatory.

If the intake is for a trust

Trust Deed, Letters of Authority from the Master's Office, and the ID, proof of address and SARS/tax document of each trustee, beneficiary, authorised signatory and founder. For foreign trusts: founding documentation and foreign letter of authority.

Supporting uploads

Any document you upload through the portal (ID, proof of address, SARS letter, marriage certificate, registration documents, etc.). We process these to verify your identity and to extract information to pre-fill the intake.

Account & technical

Login email, securely hashed password, one-time passcodes used for sign-in (hashed), trusted-device tokens you choose to create, and audit timestamps (when records were created or updated). We do not use tracking cookies or marketing pixels on this portal.

2. Why we collect it

We collect this information solely to:

  • Verify your identity in terms of FICA;
  • Open and maintain your file with the firm;
  • Carry out the legal or conveyancing work you've engaged us for; and
  • Meet our regulatory record-keeping and reporting obligations.

We do not use your information for marketing and we do not sell it to anyone, ever.

3. Who can see it

Access is limited to:

  • The attorney assigned to your matter;
  • Authorised compliance and support staff of the firm; and
  • Our trusted backend providers under written confidentiality terms (hosting, document storage, email delivery).

Every record access is enforced at the database level (row-level security) so staff can only see the matters assigned to them. We only share your information with third parties (such as the Financial Intelligence Centre or SARS) where we are legally required to.

4. How long we keep it

As required by the FIC Act regulations, we keep your records for at least 5 years after the conclusion of our professional relationship, after which the information is securely deleted. Longer retention may apply where another law requires it.

5. Security

Your information is protected with:

  • TLS encryption in transit and encryption at rest;
  • Row-level security enforced in the database;
  • One-time email passcode on every sign-in (optional 30-day trusted-device exemption);
  • Password-breach checks at sign-up and password change;
  • Audit logging of access and changes.

See our security page for the full technical detail.

6. Your rights under POPIA

You have the right, at any time, to:

  • Request access to the personal information we hold about you;
  • Correct or update it;
  • Request its deletion (subject to legal retention requirements);
  • Withdraw your consent. Note this may prevent us from completing FICA verification and continuing to act for you;
  • Object to processing in limited circumstances.

You may also lodge a complaint with the Information Regulator of South Africa.

7. Cross-border transfers

Your data is stored on infrastructure operated under POPIA-aligned terms. Some processing (such as email delivery or document extraction) may transit servers outside South Africa, in which case those providers are contractually bound to a level of protection at least equivalent to POPIA.

8. Changes to this notice

We will update this notice from time to time. The "Last updated" date at the top reflects the current version. We'll notify active clients of material changes by email.

9. Contact Support

For any privacy question, access request, correction or complaint, please contact:

Majibana Nhuku Inc. Attorneys Support
Email: info@mnattorneys.capetown
Phone: 021 422 1296