Legato Trust & Fiduciary Service (Pty) Ltd

Privacy Policy

Keith Keller
  1. Introduction
  • This Privacy Policy applies to Legato Trust and Fiduciary Services (Pty) Ltd with registration no: 2021/565041/07 (“the Company”).
  • Your receipt of this Privacy Policy in electronic or hardcopy form, alternatively your browsing and use of the Company’s website: https://www.legato-tfs.com indicates that you have both read and agreed to the terms and conditions of this Privacy Policy. You cannot browse or use our website if you do not accept and agree to this Privacy Policy.
  • You consent and agree to this Privacy Policy and to the use and processing of your Personal Information as set out in this Privacy Policy by:
    1. Being an employee, officer, director and/or other representative of the Company (“Employee”);
    2. Being a client of the Company for the rendering of services in terms an agreement with us or making enquiries thereto (including proposals, offers, quotations, bids, tenders and the like) (“Client”);
    3. Being a supplier or service provider of the Company for the supply of goods and/or the rendering of services to us or making enquiries thereto (including proposals, offers, quotations, bids, tenders and the like) (“Supplier”); and
    4. When dealing with or transacting with the Company in any other manner and for any other purpose whatsoever (“Third Party”).
  • The categories of persons listed in 1 – 4 above are jointly referred to as “Affected Persons”.

 

  1. Application
  • All sections of this Privacy Policy are applicable to all Affected Persons, unless the section expressly states otherwise or the context indicates otherwise.

 

  1. Personal Information and Purpose
  • For the purposes of this section, Personal Information will be understood in accordance with the definition provided in the Protection of Personal Information Act 4 of 2013 (“the POPI Act”). Employee Information, Client Information, Supplier Information and Special Personal Information as defined later in this Privacy Policy, constitute sub-sets of such Personal Information.
  • The Company also subscribes to the principles for electronically collecting Personal Information outlined in the POPI Act, and the further legislation referred to therein. We endeavour to ensure the quality, accuracy and confidentiality of personal information in our possession.
  • The primary purpose of the Company’s business is that a trust and fiduciary services company where family multi-generational succession planning and the governance and management thereof is central to the service offering.
  • The Company provides estate planning, wills, trusts, tax and accounting and company secretarial services as more fully described on its website: https://www.legato-tfs.com and related support services for its Clients (“the Services”).
  • Certain Personal Information needs to be obtained by the Company during the course of the rendering of its Services and the general operation of its business and affairs.
  • In adopting this Privacy Policy, the Company wishes to balance our legitimate business rights and interests with the Affected Person’s reasonable rights and expectations of privacy. Accordingly, we will adopt a minimal approach to obtaining, processing, storing and generally dealing with Personal Information; and we shall take all reasonable steps to prevent unauthorised access to or disclosure of your Personal Information. However, it is impossible to guarantee that your Personal Information shall be 100% secure.
  • Affected Persons who are employees, officers, directors and/or other representatives of the Company, or such prospective persons, will be required to furnish certain Personal Information. In so doing, such Affected Persons will be asked to provide the following information:
    • First names;
    • Surname;
    • Date of birth;
    • Identity number or passport number;
    • Race;
    • Gender;
    • Previous criminal convictions or pending proceedings;
    • Physical residential address;
    • Cellphone number;
    • Email address;
    • Identity document or passport;
    • Driver’s license;
    • Fingerprints, photographs and possibly other biometric information;
    • Any other relevant information which may be required in order to be able to do identity verifications and/or criminal checks;
    • Bank account details (to pay salaries, fees, etc);
    • Next of kin details;
    • Education and qualifications and relevant supporting documents;
    • Work history or curriculum vitae (CV) and relevant supporting documents.

 

(“the Employee Information”)

  • The purpose for the Employee Information is in order to be able to verify the information (in particular concerning identity, work history, education and qualifications, criminal records and other material matters concerning their identity and history), for human resources management purposes and to communicate with them. The Personal Information is furnished on a voluntary basis.
  • By failing to provide the necessary Employee Information may result in the Company being unable to appoint or employ such Affected Persons and/or to be able to responsibly carry out the Company’s human resources and related functions.
  • Affected Persons who wish to procure the Services as Clients, or such prospective persons, will be required to furnish certain Personal Information. In so doing, such Affected Persons will be asked to provide the following information:
    • Contracting Party Name (Company, Other Legal Entity, Trust, Individual, etc)
    • Company / Legal Entity / Trust registration number, alternatively Natural Person ID number (as the case may be);
    • First name/s and surname of directors, trustees, management, key contact persons and representatives;
    • Details of shareholders, owners and beneficiaries;
    • Tax and statutory registration numbers and details;
    • BEE status, including scoring and rating certificates;
    • Telephone number;
    • Cellphone number/s;
    • Email address/s;
    • Physical address/s;
    • Postal address;
    • General description of business activities;
    • General description of estate affairs;
    • More in depth knowledge and understanding of business operations (whether technical, financial, human resources, operational and/or otherwise) in order for the Services to be able to be satisfactorily provided, as the context indicates;
    • More in depth knowledge and understanding of the estate affairs (whether financial, operational and/or otherwise) in order for the Services to be able to be satisfactorily provided, as the context indicates;

 

(“the Client Information”)

  • The purpose for the Client Information is in order to be able to communicate with the Affected Persons as Clients, render the Services and generally be able to conduct business to a high standard and in a professional and legally compliant manner. The Personal Information is furnished on a voluntary basis.
  • By failing to provide the necessary Client Information may result in the Company being unable to supply such Affected Persons with the Services and/or to be able to responsibly carry out the Company’s business.
  • Affected Persons who wish to contract with the Company as suppliers of their goods and/or as service providers of their services, or such prospective persons, will be required to furnish certain Personal Information. In so doing, such Affected Persons will be asked to provide the following information:
    • Contracting Party Name (Company, Other Legal Entity, Individual, etc);
    • Company / Legal Entity registration number, alternatively Natural Person ID number (as the case may be);
    • First name/s and surname of directors, management, key contact persons and representatives;
    • Details of shareholders or owners;
    • Tax and statutory registration numbers and details;
    • BEE status, including scoring and rating certificates;
    • Telephone number;
    • Cellphone number/s;
    • Email address/s;
    • Physical address/s;
    • Postal address;
    • General description of goods or services offered;
    • Company, CC or other legal entity proof of registration documents (if owner is a legal person);
    • Tax and statutory registration certificates or satisfactory documentary proof of such registrations;
    • Bank account details (to pay for goods or services).

 

(“the Supplier Information”)

  • The purpose for the Supplier Information is in order to be able to verify, approve and register the Affected Persons as suppliers or service providers and to communicate with and generally deal with them. The Personal Information is furnished on a voluntary basis.
  • By failing to provide the necessary Supplier Information may result in the Company being unable to approve, contract with and register such Affected Persons as suppliers or service providers.
  • The Affected Persons who are all other persons which the Company deals with or transacts with in any other manner and for any other purpose whatsoever will be required to furnish certain Personal Information. In so doing, such Affected Persons will be asked to provide the following information:
    • Party Name (Company, Other Legal Entity, Individual, etc);
    • First name/s and surname of Directors, managers, key contact persons and Representatives;
    • Details of shareholders or owners;
    • Tax and statutory registration numbers and details;
    • BEE status, including scoring and rating certificates;
    • Telephone number;
    • Cellphone number/s;
    • Email address/s;
    • Physical address/s;
    • Postal address;
    • General description of goods or services offered;
    • Company, CC or other legal entity proof of registration documents (if owner is a legal person);
    • Tax and statutory registration certificates or satisfactory documentary proof of such registrations;
    • General description of business activities.

 

(“the Third Party Information”)

  • The purpose for the Third Information is in order to be able to verify, approve, transact with and generally deal with the Affected Persons on the basis of the type of Third Party relationship the Company has with them and to communicate with and generally deal with them. The Personal Information is furnished on a voluntary basis.
  • By failing to provide the necessary Third Party Information may result in the Company being unable to transact and generally deal with such Affected Persons as Third Parties.
  • The Company will not share, sell or rent your Personal Information to any third party or use your email address or phone number for unsolicited email, texts or instant messages. Any emails, texts or instant messages sent by the Company will only be in connection with the conduct of our business in regard to the Affected Persons.
  • The Personal Information remains the property of the Affected Persons subject to the consents and authorisations given below. This includes any biometric information or other Special Personal Information.

 

  1. Consent and Authorisation
  • By your receipt of this Privacy Policy in electronic or hardcopy form, alternatively by your browsing and use of the Company’s website: https://www.legato-tfs.com and online platform indicates that you as an Affected Person are confirming your express consent to the use, processing and further processing of your Personal Information.
  • By your receipt of this Privacy Policy in electronic or hardcopy form, alternatively by your browsing and use of the Company’s website: https://www.legato-tfs.com and online platform, you as an Affected Person are confirming your express consent in terms of Section 27(1)(a) of the POPI Act to the use, processing and further processing of your special personal information as defined in Section 26(a) and (b) of the POPI Act in respect of biometric information (such as fingerprints and photographs) and criminal activity, which is the subject matter of the criminal checks and identity verifications which may be required to be conducted for your identification, vetting and approval, and the findings thereof (“Special Personal Information”), in instances where such Special Personal Information is furnished to the Company.
  • The Company will not collect, use or disclose Special Personal Information as contemplated in Sections 26 of the POPI Act (such as biometric information and criminal behaviour) except with an Affected Person’s specific consent or in the circumstances permitted by law.
  • The Affected Person agrees that the Personal Information may be transferred cross-border to other countries, which do not necessarily have data protection laws similar to the Republic of South Africa, for verification or storage purposes. In any cross-border transfer of the Personal Information and Special Personal Information, the recipient will be notified of the requirement to keep this Personal Information confidential and to meet the equivalent compliance levels to that of the POPI Act.
  • The Affected Person warrants that the Personal Information provided to the Company is accurate and current and that they have not knowingly withheld any facts or circumstances.
  • The Affected Person agrees that they will correct and update the Personal Information when necessary.
  • The Affected Person understands that the Company will use reasonable efforts to maintain the confidentiality of the Personal Information and that the Personal Information will be stored in a secure manner and accessed and transferred only for the purposes they have authorised.
  • In instances of natural persons being Affected Persons and agreeing to this Privacy Policy, they warrant that they are an adult alternatively a minor acting with the authorisation and approval of their parent or legal guardian, of sound mind and declare that they have read through this Privacy Policy and know and understand its terms and conditions and the consequences thereof; and fully agree to bind themself to these provisions.
  • By agreeing to the terms contained in this Privacy Policy, the Affected Person consents to the use of their Personal Information in relation to:
    • Them as an Employee, Client, Supplier or Third Party (whichever is applicable) and the Company’s relationship and dealings with them in this capacity;
    • Informing you of changes made to our website, online platform and Privacy Policy;
    • The provision of marketing related services to you by the Company;
    • Responding to any queries or requests you may have;
    • Developing a more direct and substantial relationship with Affected Persons for the purposes of the Company’s business and/or dealings with them;
    • Understanding general Affected Person trends and patterns so that we can develop and support existing and ongoing marketing strategies;
    • For security, administrative and legal purposes; and
    • The creation and development of market data profiles which may provide insight into market norms, practices and trends to help us improve our offering to Affected Persons. Such information will be compiled and retained in aggregated form, but shall not be used in any way which may comprise the identity of a Affected Person.
  • The Company will attempt to limit the types of Personal Information we process to only that to which the Affected Person consents to [for example: in the context of the Company’s relationship and dealings with the respective Affected Persons (whether Employees, Clients, Suppliers or Third Parties), the rendering of Services, newsletters, message boards, surveys, polls, professional announcements, text messages, instant messages and other mobile services], but, to the extent necessary, the Affected Person’s agreement to this Privacy Policy constitutes their consent as contemplated in Section 69 of the POPI Act. 
  • The Affected Person has the right to object to the processing of their Personal Information in terms of Section 11 (3) of the POPI Act, in which case the Company shall no longer process or further process the Affected Person’s Personal Information.
  • If for any reason an Affected Person believes their Personal Information is being accessed and/or used without their consent or in any other unlawful or wrongful manner, they can submit an ‘Abuse Notice’ in writing to the Company containing the relevant information to be brought to our attention and we will conduct an investigation into the matter and provide feedback to the Affected Person as soon as reasonably possible.

 

  1. Security
  • Although absolute security cannot be guaranteed physically, electronically and on the internet, the Company has in place up-to-date, reasonable physical, technical and organisational security measures to protect the Affected Person’s Personal Information against accidental or intentional manipulation, loss, misuse, destruction or against unauthorised disclosure or access to the Personal Information we process.
  • While the Company cannot ensure or warrant the security of any Personal Information an Affected Person provides to us, we will continue to maintain and improve these security measures over time in line with legal and technological developments.

 

  1. Storage and Destruction or Deletion
  • An Affected Person’s Personal Information will not be stored or hosted for longer than is reasonably necessary for the purposes described in this Privacy Policy, in any agreement with the Affected Person or as required by applicable legislation.
  • Personal Information shall be destroyed and/or deleted upon a written request received from an Affected Person. The only Personal Information that will remain thereafter will be that required to retain records for legal or corporate governance compliance and only for the required legal period.
  • All bank payment information may be captured through our website and online platform using a payment gateway or via email or telephone. The Company shall not retain bank payment information on behalf of its Affected Persons where this is captured through our website and online platform using a payment gateway.

 

  1. Monitoring
  • The Personal Information the Company collects from Affected Persons shall only be accessed by the Company employees, representatives, agents, contractors, service providers and consultants on a need-to-know basis, and subject to reasonable confidentiality obligations binding such persons.
  • The Company shall have the right, but shall not be obliged, to monitor or examine any information and materials including any website link that an Affected Person publishes or submits to the Company for publishing on its website or online platform.  The Affected Person shall be solely responsible for the contents of all material published by them.
  • The Company regularly reviews its systems and data to ensure the best possible service to our Affected Persons.

 

  1. Marketing
  • The Company or one of our employees, representatives, agents, contractors, service providers or consultants may contact a Affected Person by email, text message, instant message or telephone to ask you for your feedback and comments on our Services and business in general. We may also wish to provide you with information about special features or other matter in respect of Services and other business information, which we think may be of interest to you. If you would rather not receive this information, an opt out option will be given to you.
  • The Company may use various online marketing and advertising platforms and service providers from time to time (such as but not limited to Google, Facebook, Instagram, Twitter and/or LinkedIn) to market and advertise our website, online platform and Services across the web. We place a cookie on a browser, and then a third party (such as, but not limited to Google, Facebook, Instagram, Twitter and/or LinkedIn) reads these cookies and may serve an ad on a third party site. An Affected Person may opt out of this ad serving on the relevant third party’s opt out page.
  • The Company may use a variety of third party service providers, such as but not limited to Google, Facebook, Instagram, Twitter and/or LinkedIn Analytics, to better understand our website, online platform, app usage and Services. We may allow such third party service providers to place and read their own cookies, web beacons and similar technologies to collect information through our website and online platform. This information is collected directly and automatically by these third parties and we do not participate in these data transmissions. The Company will, wherever feasible, contractually obligate our third party service providers to abide by the terms of this Privacy Policy.

 

  1. Children Under 18 and 13
  • The Company does not accept any Affected Persons, or representatives of Affected Persons, under 18 years of age or who otherwise do not have the relevant legal capacity and/or authorisation and approval from their parent or legal guardian to be bound by this Privacy Policy, our contracts and to generally use our website and online platform and the Services offered.
  • The Company recognises and respects the privacy interests of children and encourages parents and guardians to take an active role in their children’s activities, including their online activities and interests. We do not knowingly collect Personal Information from children under 13 years of age. If we learn that we have collected personal information from a child under 13, we will destroy or delete such information. Children under the age of 13 may not register for an account or register for or purchase our Services.

 

  1. Outside of South Africa
  • The Company’s website and online platform are operated and managed on servers located and operated within the Republic of South Africa. In order to provide our Services to you, we may send and store your Personal Information outside of the country where you reside or are located, including to South Africa.
  • Accordingly, if an Affected Person resides or is located outside of South Africa, your Personal Information may be transferred outside of the country where you reside or are located, including to countries that may not or do not provide the same level of protection for your Personal Information.
  • The Company is committed to protecting the privacy and confidentiality of your Personal Information when it is transferred. We shall take appropriate steps to provide the same level of protection for the processing carried out in any such countries, as you would have within your country to the extent reasonably feasible under applicable law.
  • By using and accessing our Services, Affected Persons who reside or are located in countries outside of South Africa agree and consent to the transfer to and processing of their Personal Information on servers located outside of the country where they reside, and that the protection of such information may be different than required under the laws of their residence or location.
  • The Affected Person agrees that their Personal Information may be transferred cross-border to other countries (outside of South Africa) for processing, provided that these countries abide by the provisions in the POPI Act relating to such transfer.

 

  1. Changes
  • The Company reserves the right to update this Privacy Policy, from time to time.
  • If the Company changes our Privacy Policy we will post the changes on the home page of our website: https://www.legato-tfs.com and may place notices on other pages of our website and online platform, so that Affected Persons may be aware of the Personal Information we collect and how we use it at all times.
  • Your continued use of our website and online platform, your continued relationship with, contracting with and/or transacting with the Company for our Services and general dealing with the Company as an Affected Person, will signify that you agree to any such changes.
  • The Affected Persons have the right to access and rectify their Personal Information collected.

 

  1. Complaints
  • Affected Persons have a right to lodge complaints with the Information Regulator. The Information Regulator’s contact details are:

    Attention:                       The Information Regulator

    Office Address:                JD House, 27 Stiemens Street, Braamfontein

    Johannesburg (Head Office)

    Postal Address:                P.O. Box, Braamfontein, Johannesburg, 2007

    Email:                             complaints.IR@justice.gov.za

    Website:                         https://www.justice.gov.za/inforeg/index.html

 

  1. Responsible Party
  • The responsible party in terms of the POPI Act is: Legato Trust and Fiduciary Services (Pty) Ltd, registration number: 2021/565041/07, a private company incorporated, registered and operated in accordance with the laws of the Republic of South Africa.

 

  1. Log Files
  • When a Affected Person visits our website and online platform, even if they do not submit an enquiry or complete a form/s, the Company may collect information, such as your IP address, the name of your ISP (Internet Service Provider), your browser, the website from which you visit us, the pages on our website or app that you visit and in what sequence, the date and length of your visit, and other information concerning your computer’s or device’s operating system, language settings, geographical location and broad demographic information.
  • This information is aggregated as anonymous data and does not identify you specifically. However, you acknowledge that this data may be able to be used to identify you if it is aggregated with other Personal Information that you supply to us. This information is not shared with third parties and is used only within the Company on a need-to-know basis. Any individually identifiable information related to this data will never be used in any way different to that stated above, without your explicit permission.

 

  1. Cookies
  • The Company’s website and online platform uses cookies. A cookie is a small piece of information stored on your computer, tablet, smart phone or device by the web browser. The two types of cookies used on our website and online platform are described below:
    • “Session cookies”: These are used to maintain a so-called ‘session state’ and only lasts for the duration of your use of the website and online platform. A session cookie expires when you close your browser, or if you have not visited the server for a certain period of time. Session cookies are required for our website and online platform to function optimally, but are not used in any way to identify you personally;
    • “Permanent cookies”: These cookies permanently store a unique code on your computer, tablet, smart phone or device hard drive in order to identify you as an individual Affected Person. No Personal Information is stored in permanent cookies. You can view permanent cookies by looking in the cookies directory of your browser installation. These permanent cookies are not required for our website and online platform to work, but may enhance your browsing experience.
  • Most web browsers provide the option to block some or all cookie types should you wish to. Affected Persons can also opt out of the various online marketing and advertising platforms and service providers used by the Company from time to time (such as but not limited to Google, Facebook, Instagram, Twitter and/or LinkedIn) to market and advertise the Company’s website and online platform and the Services offered across the web, using the relevant third party’s opt out page. Because many of our website and online platform features utilise cookies, we recommend that Affected Persons do no block them.

 

  1. Application of the Electronic Communications and Transactions Act 25 of 2002 (“ECT Act”)
  • Data Messages (as defined in the ECT Act) will be deemed to have been received by the Company if and when the Company responds to the Data Messages.
  • Data Messages sent by the Company to an Affected Person will be deemed to have been received by such Affected Person in terms of the provisions specified in Section 23(b) of the ECT Act.
  • Affected Persons acknowledge that electronic signatures, encryption and/or authentication are not required for valid electronic communications between Affected Persons and the Company.
  • Information to be provided in terms of Section 43(1) of the ECT Act:
    • Affected Persons warrant that Data Messages sent to the Company from any electronic device owned or used by such Affected Person, from time to time, were sent and/or authorised by such Affected Person, personally;
    • The Company’s website and online platform is owned and operated by: Legato Trust and Fiduciary Services (Pty) Ltd, registration number: 2021/565041/07, a private company incorporated, registered and operated in accordance with the laws of the Republic of South Africa, with directors Hanna Marais and Stephan Marais;
    • Address for service of legal documents and notices: 8 Kopje Road, Morningside, Sandton, Johannesburg, 2196;
    • Contact number: +27 12 548-6460
    • Email address: info@legato-tfs.com; and
    • Website address: https://www.legato-tfs.com.

 

Scroll to Top