CloudPrime (Pty) Ltd is committed to full compliance with the Protection of Personal Information Act 4 of 2013 (POPIA), South Africa's comprehensive data protection legislation. As a legal technology provider, we understand the critical importance of data privacy and have designed LexPrime OS and our business practices to meet and exceed the requirements of POPIA.
Our POPIA Commitment
We recognise that law firms handle highly sensitive personal information on a daily basis, including client details, case information, financial records, and privileged communications. Our platform is designed with privacy as a foundational principle, ensuring that your firm's data handling practices align with POPIA requirements from the ground up.
The Eight Conditions of POPIA
Our data processing practices are aligned with the eight conditions for the lawful processing of personal information as set out in POPIA:
- Accountability: CloudPrime appoints an Information Officer responsible for ensuring compliance with POPIA. We maintain documentation of all data processing activities and regularly review our practices.
- Processing Limitation: We collect only the personal information that is necessary for the purposes of providing our Services. Data is collected through lawful, fair, and transparent means.
- Purpose Specification: Personal information is collected for specific, explicitly defined, and lawful purposes related to the provision of our legal practice management Services.
- Further Processing Limitation: We do not process personal information in a manner that is incompatible with the original purpose of collection.
- Information Quality: We take reasonable steps to ensure that personal information is complete, accurate, and up to date. Users of our platform have tools to review and correct data within the system.
- Openness: Our Privacy Policy provides clear notice of our data practices, and we respond promptly to any requests for information about our processing activities.
- Security Safeguards: We implement robust technical and organisational measures to protect personal information against unauthorised access, loss, alteration, or destruction, as detailed below.
- Data Subject Participation: We respect and facilitate the rights of data subjects to access, correct, and request the deletion of their personal information, as outlined in our Privacy Policy.
Technical Security Measures
- Encryption of data at rest using AES-256 encryption
- Encryption of data in transit using TLS 1.3
- Role-based access controls within LexPrime OS
- Audit logging of all data access and modifications
- Regular security assessments and vulnerability scanning
- Secure data centres with physical access controls
- Automated backup and disaster recovery procedures
Data Processing by Law Firms
While CloudPrime provides the platform, our law firm clients act as responsible parties for the personal information of their clients and employees. LexPrime OS provides tools and features to assist firms in meeting their own POPIA obligations, including:
- Granular access controls to limit who can view sensitive client information
- Audit trails that record when and by whom data was accessed or modified
- Data retention and deletion management features
- Client portal for secure, tracked communication with data subjects
- FICA and KYC compliance module for identity verification
Direct Marketing
CloudPrime does not engage in unsolicited direct marketing. Where we send product updates or service-related communications, we do so based on legitimate interest or prior consent. We provide clear opt-out mechanisms in all communications.
Data Breach Response
In the event of a data breach that may compromise the personal information of any data subject, CloudPrime will:
- Take immediate steps to contain and remediate the breach
- Notify the Information Regulator as required by POPIA within 72 hours of becoming aware of the breach
- Notify affected data subjects if the breach poses a real risk of harm
- Conduct a thorough investigation and implement measures to prevent recurrence
Contact Our Information Officer
For any POPIA-related enquiries, data subject access requests, or to report a potential data breach, please contact our Information Officer:
We will acknowledge receipt of any enquiry within five business days and respond substantively within 30 days as required by POPIA.