PracticeHub

Privacy/POPIA Notice

This Privacy/POPIA Notice explains how RV Consulting (Pty) Ltd processes personal information through PracticeHub.

1. Introduction

RV Consulting (Pty) Ltd respects privacy and is committed to processing personal information in a lawful, reasonable and secure manner.

This notice applies to personal information processed through the PracticeHub system, including the internal staff system, client portal, document upload features, notes, tasks, compliance records, audit logs and related practice management functions.

2. Responsible Party

The responsible party for personal information processed through the system is:

RV Consulting (Pty) Ltd

Privacy, access to information and POPIA-related queries may be directed to RV Consulting using the official practice contact details.

3. Personal Information We Process

The system may process personal information relating to clients, representatives, directors, trustees, beneficiaries, heirs, executors, employees, staff users, portal users, contacts and other persons linked to client matters.

The categories of information may include:

names, surnames and contact details;
identity numbers, passport numbers and date of birth information;
tax numbers, SARS references and tax compliance information;
company, close corporation, trust and deceased estate information;
Master of the High Court references and estate administration information;
director, trustee, executor, beneficiary, heir and representative details;
FICA, KYC and verification documents;
financial records, accounting records, bank details and supporting documents;
uploaded documents, forms, declarations, affidavits, correspondence and instructions;
portal activity records, login records, audit logs and access records;
internal notes, tasks, compliance deadlines and communication records; and
any other information reasonably required for the relevant client matter, statutory obligation or professional service.

4. Special or Sensitive Information

Depending on the nature of a client matter, the system may contain sensitive information, including financial information, estate information, trust information, tax information, identity documentation and information relating to minors, beneficiaries or deceased persons.

Such information is processed only where required for a lawful purpose, professional service, statutory obligation, client instruction, compliance requirement, record keeping obligation or other legitimate practice purpose.

5. Purpose of Processing

Personal information is processed for purposes including:

client file administration;
tax, accounting, compliance and fiduciary administration;
trust, deceased estate, company and individual client administration;
document requests, document uploads and document management;
communication with clients, representatives and authorised users;
access control, user authentication and portal management;
audit logging, security monitoring and system administration;
task management, compliance deadline tracking and internal practice workflows;
statutory, regulatory and professional record keeping;
responding to lawful requests from SARS, CIPC, the Master of the High Court, banks, regulators, courts or other authorised bodies; and
any other purpose reasonably connected to the Practice's professional services and lawful obligations.

6. Legal Basis for Processing

The Practice processes personal information where it is permitted or required to do so under applicable law. This may include processing:

to perform services requested by a client or authorised representative;
to comply with statutory, regulatory, tax, accounting, fiduciary, estate or professional obligations;
where processing is necessary for a legitimate interest of the Practice, client or another authorised party;
where processing is necessary to protect a legal right or comply with a legal duty;
where the information has been provided by the client, user or authorised representative for the relevant purpose; or
where consent is required and has been obtained.

7. Sources of Information

Personal information may be collected from:

clients and prospective clients;
portal users and authorised representatives;
directors, trustees, executors, beneficiaries, heirs, employees and related persons;
documents uploaded or submitted to the Practice;
public records and official registries;
SARS, CIPC, the Master of the High Court, banks, regulators or other authorised bodies;
professional advisors, attorneys, accountants, auditors, financial institutions or other service providers; and
system-generated logs, audit trails and security records.

8. Access to Information

Access to information in the system is restricted by user role, permission level and linked client/entity records.

Client portal users can only access records linked to their portal account. Internal users are granted access according to their role, work responsibilities and permissions assigned by the Practice.

The Practice may restrict or remove access where access is no longer required, where a security concern exists, where a user is no longer authorised, or where access must be limited for legal, operational or compliance reasons.

9. Sharing of Information

The Practice may share personal information where necessary for the relevant client matter, professional service, statutory obligation or lawful purpose.

Recipients may include:

SARS, CIPC, the Master of the High Court and other public authorities;
banks, financial institutions and verification providers;
attorneys, auditors, accountants, tax practitioners, fiduciary practitioners and other professional advisors;
software, hosting, IT, backup, email, document management and security service providers;
authorised staff members, contractors or representatives of the Practice;
clients and persons authorised by the client; and
any other person or body where disclosure is required or permitted by law.

10. Third-Party Service Providers

The Practice may use third-party service providers to host, secure, support, maintain, back up or operate the system and related services.

Where appropriate, the Practice will take reasonable steps to ensure that service providers process personal information securely and only for authorised purposes.

11. Cross-Border Processing

Some service providers, hosting providers, backup providers, email providers or software platforms may process or store information outside South Africa.

Where personal information is transferred or stored outside South Africa, the Practice will take reasonable steps to ensure that appropriate safeguards are in place, taking into account the nature of the information, the service provider used and the purpose of the processing.

12. Security Measures

The system uses technical and organisational safeguards intended to protect information against unauthorised access, loss, misuse, alteration or disclosure.

These safeguards may include password hashing, authenticated sessions, HTTP-only cookies, user roles, permission controls, audit logs, authenticated document download routes, access restrictions, server security measures and backup procedures.

No system can be guaranteed to be completely secure. Users must also take reasonable steps to protect their own devices, passwords, email accounts and portal access.

13. User Security Responsibilities

Users must:

keep login details confidential;
use strong passwords where applicable;
sign out when finished, especially on shared devices;
avoid uploading malicious, irrelevant or unauthorised files;
notify the Practice immediately if they suspect unauthorised access or a compromised account; and
ensure that information submitted through the system is accurate and intended for the correct client matter.

14. Retention of Information

Personal information is retained for as long as reasonably required for practice administration, statutory obligations, client instructions, professional record keeping, legal purposes, compliance requirements, audit purposes and legitimate operational needs.

Retention periods may vary depending on the type of client, the nature of the matter, applicable tax laws, accounting requirements, estate or trust administration requirements, professional obligations and legal prescription periods.

When information is no longer required, the Practice may archive, delete, de-identify or securely dispose of the information, subject to applicable legal and operational requirements.

15. Data Subject Rights

Subject to applicable law, a person whose personal information is processed may have the right to:

request confirmation of whether the Practice holds personal information about them;
request access to their personal information;
request correction or updating of inaccurate or incomplete information;
object to certain processing where permitted by law;
request deletion or restriction of information where legally applicable;
withdraw consent where processing is based on consent; and
lodge a complaint with the Information Regulator of South Africa.

These rights may be limited where the Practice is required or permitted to retain or process information for legal, tax, accounting, fiduciary, estate, compliance, professional or legitimate business reasons.

16. Access, Correction and Deletion Requests

Requests for access to information, correction of information or deletion of information must be submitted to RV Consulting using the official practice contact details.

The Practice may require proof of identity, authority or mandate before processing a request, especially where the request relates to a client, company, trust, deceased estate, beneficiary, minor, representative or third party.

17. Security Compromises

If the Practice becomes aware of a security compromise affecting personal information, it will take reasonable steps to investigate, contain and respond to the incident.

Where required by law, the Practice will notify affected persons and/or the Information Regulator.

18. Cookies and Session Information

The system may use cookies or similar technologies for login sessions, authentication, security, user experience and system functionality.

These cookies are generally necessary for the operation of the system. If cookies are disabled, the system or portal may not function correctly.

19. Audit Logs and Activity Records

The system may record user activity, including login events, document access, document uploads, record changes, administrative actions and other security or audit-related events.

These records are used for security, accountability, troubleshooting, compliance, internal monitoring and professional record keeping.

20. Accuracy of Information

The Practice takes reasonable steps to keep information accurate and updated where required. However, users and clients are responsible for providing accurate, complete and current information.

If any information shown in the system is incorrect, outdated or incomplete, the user should notify the Practice as soon as reasonably possible.

21. Children's and Minors' Information

The system may process information relating to minors where this is necessary for trust administration, deceased estate administration, beneficiary records, tax administration, family-related matters, client instructions or legal compliance.

Such information will be processed only where there is a lawful basis or appropriate authority to do so.

22. Links and External Platforms

The system may contain references or links to external platforms, public bodies or third-party systems. The Practice is not responsible for the privacy practices, security or content of external platforms that it does not control.

23. Changes to this Notice

This Privacy/POPIA Notice may be updated from time to time as the system, practice processes, legal requirements or security measures develop.

The latest version made available through the system will apply to continued use of the system.

24. Contact

For privacy, POPIA, access to information, correction, deletion or security-related queries, contact RV Consulting using the official practice contact details.

Back to sign in