defend^

Trust Centre

Client privacy and the security of their data is a very important factor to us in Defend. We want to be exceptionally clear about what that means and how we handle your data in understandable terms. Our formal documentation remains authoritative but we hope to make this easier to digest.

Documentation

Defend^ is registered in South Africa under Gwala Rolling Defend (Pty) Ltd and that means we process data of South African’s under POPIA or Protection of Personal Information Act.

For the specifics please consult our documentation:

  1. Privacy Policy
  2. Terms and Conditions
  3. Cookie Policy.
  4. Disclaimer
  5. Imprint
  6. Data Processors
  7. Technology

What does this relate to?

The data collected and processed by Defend and Practising Attorney’s on its behalf. This includes:

  1. How Defend^’s employees and suppliers use and process your data
  2. How a Practising Attorney use and process your data.
  3. This website (defend.my)
  4. The membership location (defendby.co.za)
  5. Any technology service that we use to communicate with you
  6. Any technology service that we use to manage or access your matters.

Your data and Defend^

Do I have to agree when processing data?

This is called ‘Consent’. It is imperative that you understand when you enter into an agreement with Defend, and any of their practising attorney’s that you are:

  1. Consenting that we can store and process your data.
  2. Agreeing that some of the data we collect is for contractual; reasons (e.g. for processing payments, or anti-money laundering).
  3. Agreeing that we have a lawful and legal purpose for processing it.
  4. Agreeing that we can make it available to our Practising Attorneys.
  5. Agreeing that we can transfer it to third-party countries for processing and storage.

Further, whilst you can withdraw consent for us to process your data (and terminate your agreement), you cannot do so if it impacts our performance or ability to conclude a contract of service, or if the processing complies with an obligation imposed by law or the legitimate interests of a third-party to whom the information has been supplied (e.g. as a matter).

What type of data does Defend^ hold or have access to?

When we create your membership, we capture (and request) personal data about you that we store and use to maintain your account and membership.  We use a third party service for payment processing – who hold your card details and they on our behalf may also hold additional financial details directly such as Bank Account information that you volunteer to use.

When you are using our services, we collect further information about you in order to run our services.

When you contact an attorney, raise a matter with them, or make a claim, you, your representatives, the Courts, Police or other law enforcement agencies, or other legal council may share with us significant and sensitive personal data.

As an example, if you were to go into Court, we would have access to copies of any associated court records and potentially your identity documentation.

In each case, this information is shared and accessible to Defend^ and your chosen (or allocated) practising Attorney. 

The types of data we collect could include very sensitive data – but it is entirely down to your specific matter.  We refer to this as ‘Client Data’.

Is my data only stored in South Africa? Where is my data stored?

No, your data is not stored in South Africa. That means we transfer information to a third country for processing and storage.

When we select and implement technology data security and data privacy are our primary concern – and therefore we are only implementing technology that meets GDPR (General Data Protection Regulation) adequacy, and is implemented under POPIA.

Defend^ stores and processes many different pieces of data on your behalf in order to provide its products and services to you.  We do this through our own technology and many different service providers.  All data you provide is processed in other countries.

Depending on your data and the reason we are storing or processing it determines where it is stored.   With the exception of payment information (which is stored in Nigeria by Paystack),most of the information that you provide is stored and processed either within the European Union or the United Kingdom. A limited amount of data is transferred to the United States.

We process and store data in these countries for technical reasons – as it is the location of our technology.  Your data is still managed under POPIA.

What does that make you?

In Privacy lingo, we’re a Joint-Data Custodian and a Data Processor.  We share parts of responsibility for safeguarding and managing parts of your data.

Your practising Attorney is also a Joint-Data Custodian and a Data Processor.

Can you give me some examples of Client Data?

When we say ‘matter’ we are referring to the reason that you contacted one of our Practising Attorney’s and why you take out a policy with Defend.  So the matter generates Client Data.

By Client data we are referring to any Case Data / Legal Advice / Communication that you bring to our Practising Attorney’s as part of your membership or policy and/or communicate through our systems.

As example, this could be the details of the communication you raised to your Attorney – the specific people involved, the time and place of an incident or your address – and the nature of the case.  Anything you seek legal advice about. 

Or it could be a criminal record or court papers that contain specific offence details, sentencing, or similar.

Could this include Medical data?

Yes – if your medical history is part of a case you are defending or introducing, or provided by the other party.

Could this include Financial data?

Yes – if its involved in the case or the matter, and either you provided it or another party did in relation to that case.

Could that include other peoples data?

Yes – It is inherent that when we are handling a matter for you that you or they provide details about other people.

Do you correlate data or share data between clients/matters?

No. To be clear – the data you share about you, your matters, is only stored in your client file.  We don’t associate data between clients and their matters.

You may pass information about another party (who could also be a Defend^ client) – we don’t store or associate that information together in any way.

Why does Defend^ need that Client Data (Case Data / Legal Advice / Communication)?

Defend^ has access to any information (in any form) that you share with your practising attorney under this agreement and the details of any claim.

Defend^ requires access to:

  1. Process your claim,
  2. Offer the services it offers via Practising Attorney’s,
  3. Evaluate the quality and behaviour of the Practising Attorney’s,
  4. Transfer details, cases, or clients, between Practising Attorneys.

Without access to that data, and without providing access to it for Practising Attorney’s – Defend^ couldn’t do its job.

Who in Defend^ has access?

Day to day only Defend^ Chief Counsel or their legal representatives have access to any legal advise/document data that you provide and all associated communications. 

As a technology service, our technology department does have the ability to access this information in order for them to fulfil their duties, however, they have been subject to UK Government Security Vetting and are bound by a strong Non-Disclosure Agreement in both the United Kingdom and South Africa.

Does Defend^ share my data with any other organisation?

We do not sell your data to anybody.

We only share data to organisations that process data on our behalf (i.e. Processing Attorney’s, credit agencies, payment processors); or providers of technology systems that we use.

Does this impact ‘privilege’ ?

No – legal professional privilege and litigation remains as per legal guidance when you are seeking legal advice the person who represents Defend^ has the same responsibility as your Practising Attorney. 

We’d only share data under instruction from the Court and in that instance, are a legal representative of you (unless we – as Defend^ are the plaintiff and you are the defendant).

Can I request a copy of the data that Defend^ has referring to me?

Yes. You can make a request using the process in our privacy policy.  We will share data related to your account, billing, claims and any support requests, etc.

Please note that any request for Client Data is passed to your Practising Attorney, they are responsible for judging the ability to share that data in accordance with the guidance for lawyers.

We may also hold data about you in reference to other matters (under other practising attorney’s). Each relevant practising attorney will be contacted to share any relevant and authorised data that doesn’t break their privilege.  To safeguard that privilege, you will not be notified as to who has been contacted and in what capacity.

Can a third party request a copy of the data that Defend^ has that I have provided?

Yes.

Is there any guidance on POPIA that details these rights?

https://www.lssa.org.za/wp-content/uploads/2021/06/Guidelines-for-Lawyers-POPIA-25-June-2021.pdf

Your Data and Your Practising Attorney^

Why does my practicing attorney need my information?

Your Practising attorney requires access to this information and can do so under their legal mandate as your attorney – failure to share relevant information with your Attorney will terminate your relationship with the Attorney with immediate effect. 

Who can my practising attorney share my information with?

As you’d expect: Attorney’s are responsible for how they hold information and provide it to other parties in the course of their job.

Your practising attorney can delegate access to data that Defend^ holds and which they hold on their behalf to other members of their practice, and members of our network at their discretion, in order to provide you necessary services.

As an example, if your attorney requires the services of an advocate, then the advocate would need access to your data to present the case.

Further, your practising attorney may share your information, with your consent, to any party as required by either law or in accordance with your wishes.

Does this impact ‘privilege’ ?

No – legal professional privilege and litigation remains as per legal guidance when you are seeking legal advice. 

Do practising attorney’s copy my information?

Most information is initially captured in Defend^ digital systems – for which we take great care over.  We provide access to Attorney’s in order for them to use those services wherever possible.

However, some Attorney’s have their existing systems and processes setup to operate a different way – so they may ‘download’ working copies of documents to their own services – for which they become solely responsible for.

Further, Practising Attorney’s are likely to operate with hard copy documents and information (e.g. printed), or forms, – including notarised. These are submitted to and from the courts, law-enforcement and to third parties (e.g. letters).  Defend^ has no control over hard copy documents – it’s just the way the legal system works.

For example, if you find yourself in prison – you won’t have access to your phone.

Does Defend^ do any verification of Attorney’s systems?

Not directly.  Each Practising Attorney (and their operating firm) has to sign a Data Processing Addendum – which states how/what uses of the data and our systems is acceptable.  

In the event that the Practising Attorney wishes to use their own systems – we provide set and stated guidance on the minimum standards we expect. 

To safeguard your data we do not however offer direct integration between our services and theirs.

What happens to information I email/text/whatsapp/telegram directly to a Practising Attorney?

If the Attorney has given you their direct contact details (not the ones provided by Defend) then the Attorney is responsible for ensuring that all contact is logged within Defend^’s systems.   Failure for an Attorney to capture those logs puts you in violation of your policy, the Attorney in violation of their agreement and Defend^ in violation of maintaining your personal data.  Therefore, we expect that the Attorney will log all appropriate information in accordance with their agreed Data Protection Addendum/Agreement.

Can Practising Attorney’s use my data for marketing or selling me other services?

No, we do not allow marketing from Practising Attorney’s to Defend^ client, unless you have explicitly provided consent (we do not ask for your consent – so we don’t do it).

If you have received unexpected marketing from a Practising Attorney please use the contact form in your account portal, or contact support@defend.my and we’ll investigate. 

We believe unsolicited marketing is a breach of trust and will act accordingly to remove it.

Can Practising Attorney’s sell my data?

No. We believe unsolicited marketing is a breach of trust and will act accordingly to remove it.