Legal Consultation

The Importance of Maintaining Accurate Shareholder Records

One of the crucial tasks in ensuring the longevity and success of your business is managing accurate shareholder records. Maintaining clear and up-to-date records of your shareholders not only fulfils legal requirements but also helps with better decision-making and business growth. 

Key Elements of Shareholders’ Records
The Companies Act regulates the record keeping of shareholders records, often referred to as a securities register. In addition to the above, the register must include the following detailed information: 
  • The shareholders’ names and addresses 
  • The number of shares held
  • The date of share allocation 
  • Transfers or changes in ownership 
  • The share certificate number
  • Beneficial ownership details

These records are to be kept at the company’s registered office for a period of 7 years from the date on which the record is issued. There is no obligation for this to be registered with a regulator or registrar or any other organisation. Not maintaining an accurate and complete shareholder record results in non-compliance with legal requirements and even potential disputes between the shareholders due to lack of clarity in ownership. This would result in possible discrepancies in voting rights, dividend payments, and damage to investor confidence.

How to Maintain Shareholders’ Record
  • Update records promptly with all changes, including dates and transaction details, in a physical or digital format.
  • Verify that all shareholder information is accurate and up to date.
  • Keep the register securely stored and maintain backup copies.
  • Conduct regular reviews and updates to ensure compliance and accuracy.

The Importance of Shareholders’ Records
1.  Clear Ownership Structure
  • Helps establish transparency in ownership.
  • Reduces misunderstandings or conflicts regarding shares, voting rights, and dividends.
  • Essential for attracting investors, securing loans, and facilitating mergers or sales.
2.  Efficient Decision-Making
  • Enables informed and timely business decisions.
  • Simplifies processes related to raising capital, issuing dividends, and future planning.
  • Ensures shareholder meetings and votes are properly conducted.
3.  Mitigating Risks
  • Prevents costly errors such as issuing shares incorrectly.
  • Ensures shareholders receive necessary notifications for meetings.
  • Strengthens governance and supports long-term business stability.

Best practice for record-keeping
Many companies use spreadsheets for their share register, this method is prone to errors from manual entry and formula mistakes, creates confusion with multiple versions, and requires significant administrative effort. Online share register platforms offer many advantages, including fewer errors, less manual work, better preparation for growth and fundraising, and a more professional image for investors. They also improve investor access to information and facilitate communication, allowing stakeholders to easily update their own details online.

Maintaining a comprehensive and accurate shareholder record in accordance with the Companies Act is essential for legal compliance, transparency, and smooth business operations. Entrepreneurs should regularly update their shareholder registers and seek professional assistance where necessary to ensure accuracy.

Rules Against Misleading/Deceptive Advertising under the ARB Code of Advertising Practice

Advertising plays a crucial role in brand promotion and consumer engagement. However, ethical advertising practices must be upheld to maintain consumer trust and industry integrity. The Advertising Regulatory Board (ARB) enforces the Code of Advertising Practice, which sets strict guidelines against misleading and deceptive advertising. Understanding these rules is vital for South African entrepreneurs to avoid legal pitfalls and protect their brand reputation. 

The Role of the ARB
South Africa's advertising industry is self-regulated by the independent body known as the ARB.  The ARB plays a vital role in consumer protection by upholding the provisions of the CPA through its administration and enforcement of the Code of Advertising Practice (the Code). The Code provides that advertisements must not contain statements or visuals that are likely to mislead the consumer directly or indirectly or by way of omission, ambiguity, inaccuracies or exaggerated claims, etc. Any individual or entity may be held liable for deceptive advertising practices that contravene applicable South African advertising laws and regulations. This is similarly provided for in the Consumer Protection Act – which states that suppliers may not market goods or services in a manner that is false, misleading or deceptive. 

Application of the Code
The Code of Advertising Practice and rulings made by the board binds and applies to multiple industry bodies and their members who have voluntarily agreed to be subjected to it. Most advertisers, advertising agencies and media sources are members of the ARB. The ARB lacks jurisdiction over non-members, therefore its rulings cannot legally bind them, and the Code’s provisions are unenforceable in their case. Consequently, the ARB cannot issue rulings specifically targeting non-member advertising. However, it retains the authority to make rulings that benefit the industry as a whole and its own membership. The Code covers most types of advertising, including traditional radio, television, online and print advertisements, but also “point-of-sale” materials, menus, labels, letterheads, circulars, stickers and product packaging.

What Constitutes Misleading or Deceptive Advertising?
Misleading or deceptive advertising occurs when an advertisement provides false, exaggerated, or deceptive claims that can mislead consumers. This includes:
  • False claims about a product or service – Advertisements must be factually accurate and verifiable.
  • Omissions of key information – Concealing crucial details that might influence consumer decisions is prohibited.
  • Comparative advertising inaccuracies – If an advertisement compares products, it must do so fairly and truthfully.
  • Puffery vs. deception – While exaggeration in advertising (puffery) is allowed to some extent, it should not be so misleading that it deceives consumers.

Key Provisions of the ARB Code of Advertising Practice
The ARB Code establishes clear principles to prevent deceptive advertising. Key provisions include:
1.  Truthful and Honest Advertising
  • Entrepreneurs must ensure that all advertising statements are truthful and not likely to mislead consumers. Claims about a product’s benefits, price, or quality must be backed by evidence.
2.  Substantiation of Claims
  • All advertising claims must be substantiated with adequate proof. For instance, if a company claims that its product is “clinically proven,” it must have verifiable clinical evidence to support this statement.
3.  No False Testimonials or Endorsements
  • Endorsements and testimonials must be genuine and not fabricated. Businesses cannot use deceptive reviews or falsely attribute endorsements to well-known personalities or organisations.
4.  Clarity in Pricing and Promotional Offers
  • Entrepreneurs must provide clear and unambiguous information on pricing and promotional offers. Hidden costs, misleading discounts, or deceptive pricing tactics are not permitted.
5.  Comparative Advertising Must Be Fair
  • Comparative advertising is allowed but must be factual and not disparaging. Any comparisons made must be based on objective criteria and should not unfairly discredit competitors.

Advertising to children and vulnerable groups
The Code aligns with the South African Constitution by upholding human rights, addressing societal sensitivities, and ensuring democratic freedoms. The ARB promotes responsible advertising that protects consumers, especially vulnerable groups like children.
  • Children are defined as those under 18 or appearing as such.
  • Advertising aimed at or featuring children is interpreted narrowly due to their credulity and inexperience.
  • Children must not be portrayed in a sexually suggestive manner.
  • Ads must not encourage unsafe behaviour, interactions with strangers, or dangerous activities.
  • Alcohol ads are banned during breaks around children's TV and radio programs.
  • Direct marketing to children is regulated, requiring consent for data collection.
  • Marketing must not exploit children's inexperience or loyalty and must use age-appropriate, simple language.
  • Orders from children require parental or guardian consent.

Social media marketing and influencers
As things stand, South Africa has no legislation that relates specifically to social media, but the Code has provided Appendix K that entails principles related to social media marketing. 
  • The key element is transparency - content should be clearly identified as part of a social media campaign (paid or not) or organic content.
  • Influencers must have a written contract detailing their engagement and compensation and, whether they were paid or provided goods/services in exchange for a post.
  • Advertising content must be accurate and avoid any form of deception.
  • Parody accounts must be stated within the account’s description or bio and clearly indicate that the user is not affiliated with the subject of the account. 
  • Social media advertising and marketing is subject to the same rules and regulations as all advertising and marketing, including the Electronic Communications and Transactions Act as it applies to all forms of electronic communication.

Non-compliance with the Code (Sanctions)
Any person or entity can be held liable for deceptive advertising if the laws and regulations (including codes) governing advertising in South Africa are not adhered to. Penalties that the regulatory board can impose or instructions it can impose on an advertiser to:
  • Revise the advertisement to comply with the Code.
  • Withdraw an advertisement
  • Pre-clear advertisement amendments.
  • Pre-clear all their advertising for a specified period

Businesses must adhere to both legislation and self-regulatory codes, in all marketing and advertising activities.  Compliance is crucial to avoid sanctions for misleading practices, particularly when targeting vulnerable groups like children, and within the evolving landscape of social media marketing.

Disclosure Requirements for Product Defects to Avoid Liability

Product liability is a significant concern for entrepreneurs and businesses. The legal framework mandates that companies disclose any defects in their products to protect consumers and avoid liability claims. Failing to comply with these regulations can lead to severe legal and financial consequences. Understanding the disclosure requirements is essential for any entrepreneur looking to build a reputable and legally compliant business.

Legal Framework for Product Liability
Product liability is primarily governed by the Consumer Protection Act (CPA), which safeguards consumers' right to safe and good quality goods. 
Under the CPA, a product is considered to be defective if there is a material imperfection making it not reasonably safe, or if it does not meet the quality and performance standards that consumers are entitled to expect, potentially causing harm.

Types of Product Defects 
Types of product defects that incur liability in manufacturers and suppliers:
  1. Design defects: inherent defects that exist before the product is manufactured.
  2. Manufacturing defects: defects that happen while the product is manufactured.
  3. Marketing defects: improper instructions and failures to warn consumers of latent dangers in the product.
  4. Latent defects: hidden issues that only experts can identify.
  5. Patent defects: visible issues that can be observed upon inspection.

Disclosure Requirements for Entrepreneurs
Entrepreneurs must take proactive steps to disclose product defects. The following are essential disclosure requirements:
1.  Labelling and Packaging Information
  • Clearly label products with safety warnings and usage instructions.
  • Indicate potential hazards, especially for chemicals, electronics, and children’s products.
  • Provide expiration dates for perishable goods.
2.  Pre-Sale Disclosure
  • If a known defect exists, the seller must inform consumers before purchase.
  • Disclose material risks related to the product’s use.
  • Ensure all product descriptions are accurate and not misleading.
3.  Post-Sale Notifications and Recalls
  • If a defect is discovered after the product is sold, notify consumers promptly.
  • Establish an effective recall system to remove defective products from the market.
  • Provide replacement, repair, or refund options to affected consumers.
4.  Compliance with Industry Standards
  • Adhere to South African Bureau of Standards (SABS) regulations and industry-specific safety guidelines.
  • Regularly review and update compliance measures to reflect changes in safety standards.

What are the Consumer’s Rights 
Under Section 55 and 56 of the CPA, consumers have the right to receive goods that:
  • Are of good quality, free from defects, and in working order.
  • Are fit for their intended purpose.
  • Comply with the standards that consumers reasonably expect.
Failure to meet these requirements can result in liability claims, making proper disclosure critical for businesses.

Consumers have a right to return unsafe or defective goods within six months by way of: 
  • a refund 
  • a repair 
  • a replacement 
The supplier has no right to decide for the consumer. If the products break again after six months, they may be returned again within three months for a refund or a replacement.

Penalties for non-compliance (failure to disclose)
Section 61 of the CPA holds a supplier strictly liable for the supply of defective goods and for the harm resulting from inadequate instructions or warnings being given to the consumer whether the supplier was negligent or not. Although, there are exceptions to this strict liability.
But the consequence of non-compliance with the CPA for a supplier attracts a possible fine or imprisonment for a period not exceeding 12 months or both a fine and imprisonment. 

The National Consumer Tribunal may also impose administrative fines for prohibited or required conduct. An administrative fine imposed in terms of the CPA may not exceed the greater of:
  • Ten percent of the respondent’s annual turnover during the preceding financial year; or
  •  R1 million.

The recall procedure and purpose
Section 60 of the CPA deals with the safety, monitoring and recall of goods that are found to be defective and hazardous. Where the National Consumer Commission (NCC) reasonably believes that goods are unsafe or hazardous and that the supplier fails to take adequate measures to notify consumers of the defect or to recall the goods, the NCC may give written notice to the supplier to conduct an investigation into the nature, causes, extent and degree of risk posed to the public and to carry out a recall programme. A supplier may apply to the Tribunal to have the notice set aside entirely or in part. Voluntary product recall can be initiated by a supplier when it becomes aware of safety issues relating to products supplied. In a voluntary recall, suppliers must notify the NCC when they initiate the recall.

Best Practices for Entrepreneurs
To avoid liability, South African entrepreneurs should adopt the following best practices:
  • Conduct Regular Product Testing: Regularly assess products for defects and compliance with safety standards.
  • Keep Detailed Records: Maintain records of quality control checks, testing results, and consumer complaints.
  • Train Employees: Educate staff on consumer rights and product safety responsibilities.
  • Obtain Insurance: Consider product liability insurance to cover potential claims and losses.
  • Engage Legal Experts: Consult with legal professionals to ensure compliance with the CPA and other relevant regulations.

Disclosing product defects is crucial for businesses to avoid liability under the CPA. Transparency builds trust, prevents harm, and avoids hefty penalties. Prioritising product safety and clear communication is also essential for responsible business practice.

How to Lawfully Collect and Store Customer Contact Information

Collecting and storing customer contact information is a fundamental part of your business operations. However, it is crucial to do so in a manner that respects customer privacy and complies with the laws governing data protection. This article provides practical guidance on how to lawfully collect and store customer contact information while maintaining a strong commitment to customer trust and compliance with legal regulations.

Understanding the Legal Framework 
The primary legal framework for data protection in South Africa is the Protection of Personal Information Act (POPIA). This act regulates how personal data, including customer contact information, should be collected, stored, and processed. The POPIA aims to protect individuals' privacy by ensuring that personal information is handled responsibly and securely.

Key Principles of POPIA
POPIA establishes eight key principles that must be followed when collecting and processing personal data:
  1. Accountability: Businesses must ensure that personal information is collected lawfully and processed with consent.
  2. Processing Limitation: Personal information should only be collected for specific, legitimate purposes.
  3. Purpose Specification: Data collection must be done for specific and lawful purposes that are communicated to the customer.
  4. Further Processing Limitation: Personal data should only be used in a manner compatible with the original purpose for which it was collected.
  5. Information Quality: Personal information must be accurate, complete, and up to date.
  6. Openness: Businesses must be transparent about how personal data is collected and used.
  7. Security Safeguards: Adequate measures must be in place to protect personal information from loss, damage, or unauthorised access.
  8. Data Subject Participation: Customers must have the right to access their personal information and request corrections.

Steps to Lawfully Collect Customer Contact Information
1.  Obtain Explicit Consent
Before collecting any customer contact information, ensure that you obtain explicit, informed consent. This can be done through a clear opt-in process on your website, mobile application, or during face-to-face interactions. You must inform your customers of what information you will collect, how it will be used, and any third parties with whom it may be shared.
For example, when a customer fills out a contact form on your website, provide a checkbox for them to consent to the collection of their personal information. This ensures that they are aware of how their data will be used.

2.  Collect Only Essential Information
POPIA emphasises data minimisation, meaning you should only collect the information necessary for the purpose at hand. If you are simply collecting customer contact details for a newsletter, it may only be necessary to ask for an email address and name. Avoid asking for excessive information unless absolutely required.

3.  Securely Store Customer Contact Information
Once you have collected customer contact information, storing it securely is paramount. Under POPIA, businesses are required to implement measures to prevent unauthorised access, loss, or damage to personal data. Here are a few strategies:
  • Encryption: Store sensitive data, such as email addresses and phone numbers, in an encrypted format.
  • Access Control: Limit access to customer information only to authorised personnel within your business.
  • Data Backups: Ensure regular backups of customer contact information in case of data loss.
  • Secure Platforms: Use secure platforms and software that are specifically designed to handle personal information in compliance with POPIA.

4.  Implement Data Retention Policies
You should establish clear policies regarding how long customer contact information will be retained. POPIA stipulates that personal information should not be kept longer than necessary for the purpose it was collected. For example, if a customer unsubscribes from your email list, their information should be deleted promptly, unless required for legal or accounting purposes.

5.  Provide Customers with Access to Their Information
POPIA grants individuals the right to access their personal information and request corrections if the information is inaccurate. As part of your customer service, ensure that customers can easily request their information, and if necessary, update it.

6.  Educate Your Team on Data Protection
It is essential that all employees involved in handling customer contact information are educated about POPIA and the importance of data protection. Training your team will ensure that everyone is on the same page when it comes to processing and safeguarding customer data.

Conclusion
In the digital age, protecting customer contact information is not just a legal obligation but also a business imperative. By adhering to the principles set out by POPIA and implementing secure practices for data collection, storage, and processing, entrepreneurs can build trust with their customers and avoid costly legal issues. Make sure you stay informed about the latest developments in data protection law to ensure your business remains compliant.

POPIA Obligations for Online Stores Managing Customer Payment Data

A business must be compliant with the Protection of Personal Information Act (POPIA) by ensuring that it complies with provisions of this law that regulates how personal information is collected, stored, processed, and disclosed. Online stores handle sensitive customer payment data and are just as accountable as regular stores to take the necessary precautions to protect consumers’ payment data by implementing security measures, obtaining informed consent, and being transparent about the purpose of the data usage. 

Definition of Personal Information and Payment Data
Personal information is defined in POPIA as any information that can be used to identify a living person or a juristic person, which includes information about a person's identity, history, and preferences.

Customer payment data is any personal or financial information collected from a credit card, debit card or other payment method, which also includes but is not limited to a cardholder's account number, card expiration date, and CVV code.

The definition of personal information includes information relating to the financial history of the person. This therefore means that payment data, such as credit card details, bank account information, and billing address, generally constitutes personal. 

Consent 
A condition in POPIA for collecting and processing information, is Condition 2: Processing Limitations. Personal information can only be processed by a responsible party with the data subject's consent.
Requirements for Valid Consent:
  • Must be voluntary.
  • Must relate to a specific purpose.
  • Data subjects must be sufficiently informed, as per Section 18 of POPIA, to make an informed decision.
  • Certain circumstances may allow processing without consent, subject to legal exceptions.

Data Collection and Purpose Limitation
Condition 3: Purpose Specification of POPIA states that data subjects may not grant blanket consent for the processing of their Personal Information. The Responsible Party is obligated to disclose the specific purpose for which the information is being collected, hence consent must be “specific” according to the POPIA definition.

For online stores, this means gathering only the information required to process transactions and fulfil orders. Storing excessive or unnecessary data increases compliance risks and potential exposure to data breaches.
It is important to also note that if records are to be kept for longer than the prescribed period, consent needs to be obtained for that purpose.

Security Measures for Protecting Payment Data
Robust security measures designed to protect customer payment data from cyber threats, hacking, and unauthorised access must be implemented, may include:
  • Using SSL (Secure Socket Layer) encryption for payment processing.
  • Partnering with Payment Card Industry Data Security Standard (PCI DSS) compliant payment gateways.
  • Implementing multi-factor authentication (MFA) for account logins and administrative access.
  • Patch and update software regularly to close security gaps.
  • Perform routine security audits and risk assessments

Outsourcing Payments to Third Parties 
POPIA allows for personal information to be outsourced to third parties. The responsibility party collecting the data is responsible and must be accountable for the information being passed on to third parties. The responsible party must instruct and ensure the third party (called an “operator”) complies with all POPIA requirements when processing the data by having a contractual agreement which manages the transfer and security of the data. The POPIA compliance accountability and responsibilities cannot be outsourced or transferred.

Penalties for Non-Compliance 
Failure to comply with POPIA can lead to severe consequences, including:
  • Administrative fines of up to R10 million.
  • Criminal prosecution, with sentences of up to 10 years’ imprisonment.
  • Civil claims, where businesses may be required to compensate affected data subjects.
  • Reputational damage, impacting customer trust and business credibility.

Steps to ensure security measures 
To enhance security and maintain compliance, online stores should:
  • Establish an Information Officer for data protection.
  • Conduct periodic audits to identify potential security vulnerabilities.
  • Regularly test and update security measures in software and payment systems.
  • Review and update company policies and procedures to align with evolving risks.
  • Provide staff training on data protection best practices and POPIA requirements.

Safeguarding customer payment data is not only a regulatory requirement under POPIA but also a fundamental aspect of building customer trust. By prioritising compliance, online stores can mitigate risks, avoid substantial penalties, and reinforce their reputation in the market.

POPIA consent

This sample document is for guidance only. It may differ depending on the information your business collects and what the information is used for. If you require assistance with a tailored consent document, give us a call. 
Sample Third-Party Consent in terms of the Protection of Personal Information Act 4 Of 2013 (POPIA)
1. Introduction
1.1 POPIA gives effect to the constitutional right to privacy. It requires that the personal information of individuals  be processed in a lawful and reasonable manner which does not infringe on the individual’s right to privacy.
1.2 This document sets out the personal information that will be collected and processed by the Company.
2. What is personal information?
2.1 - The Company will collect the following information:
2.1.1 - names and surnames;
2.1.2 - birth dates; 
2.1.3 - demographic information; 
2.1.4 - details regarding education;
2.1.5 - personal and email addresses;
2.1.6 - occupation details; and
2.1.7 - contact details.
3. What is the purpose of the collection and processing of the processing of the personal information? 
3.1 - The Company is required to collect this information ___________________________________.
3.2 - The Company may use and disclose collected personal information to ______________________________________, without obtaining further consent from the relevant individual. 
3.3 - The Company will not process personal information for a purpose other than that identified in clause 3.2 above without obtaining prior consent from the relevant individual to further processing.
4. What is ‘processing’?
4.1 - According to POPIA, “processing’’ refers to any operation or activity, whether or not by automatic means, concerning personal information, including collection, receipt, recording, organisation, collation, storage, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form, or merging, linking, as well as restriction and destruction of information.
5. How will the Company process personal information? 
5.1 - Information will be collected in the following manner:
5.1.1 - Directly from the individual; 
5.1.2 - STATE OTHER RELEVANT WAYS.
6. To whom will personal information be disclosed? 
6. 1 - The personal information may be disclosed and exchanged within the Company and ________________________________.
7. Consent and Permission to process personal information:
7.1 - I hereby provide authorisation to the Company to process the personal information provided for the purpose stated above.
7.2 - Where I shared personal information of individuals other than myself with the Company, I hereby provide consent on their behalf to the collection and processing of their personal information in accordance with this consent provided and I warrant that I am authorised to give this consent on their behalf.
7.3 - To this end, I indemnify and hold the Company harmless in respect of any claims by any other person on whose behalf I have consented, against the Company should they claim that I was not so authorised.
7.4- I understand that in terms of POPIA and other laws of South Africa, there are instances where my express consent is not necessary in order to permit the processing of personal information, which may be related to police investigations, litigation or when personal information is publicly available.
7.5- I will not hold the Company responsible for any improper or unauthorised use of personal information that is beyond its reasonable control.
8. Rights regarding the processing of personal information
8.1 - The individual may withdraw consent to the processing of personal information at any time, subject to the provision of reasonable notice to the Company’s Information Officer of the withdrawal to the following email address: ________________________________________.
8.2 - The withdrawal will be subject to the terms and conditions of any other contract in place between the individual and the Company.
8.3 - The withdrawal will come into effect once the notice has been acknowledged in writing by the Information Officer. Acknowledgement of the notice will not be unreasonably withheld. 
8.4 - Where personal information has changed, the individual is encouraged to notify the Company to allow records to be updated. 
8.5 - The individual may request access records of their personal information and the details of third parties to which their personal information has been supplied, by notice to the Company’s Information Officer. A request may be declined if:
8.5.1 - The information comes under legally privileged;
8.5.2 - The disclosure of personal information in the form that it is processed may result in the disclosure of confidential or proprietary information;
8.5.3 - The information was collected in terms of an investigation or legal dispute, instituted or being contemplated;
8.5.4 - Disclosing the information may result in the disclosure of another person’s information; or 
8.5.5 - The disclosure is prohibited by law.
9. Declaration 
9.1 - I give consent to the processing of my personal information by the Company and third parties stated above. 
9.2 - I acknowledge that the Company any of its affiliates will be processing my personal information. The processing of such information will be carried out in accordance with the law and will be reasonable and carefully done. 
9.3 - I agree that the purpose for collection of the personal information as stated above is adequate, relevant, and not excessive. 
9.4 - We agree that the personal information processed shall be confidential information and shall be treated as such by us. 
9.5 - I have read and understood the information provided above. 
Name
Signature
Date

POPIA contract clause

This sample document is for guidance only. It may differ depending on the information your business collects and what the information is used for. If you require assistance with a tailored consent document, give us a call. 
Sample Consent Clause in terms of the Protection of Personal Information Act 4 Of 2013 (POPIA)
1. CONSENT TO USE OF PERSONAL INFORMATION
1.1 - It is recorded that the Parties have disclosed, and in the future shall continue to disclose, personal information to each other as defined and regulated by various other legislation including the Protection of Personal Information Act 4 of 2013 (POPIA).
1.2 - The Parties:
1.2.1 - commit to protecting each other’s right to privacy; 
1.2.2 - shall ensure the processing of personal information is conducted fairly and in accordance with law; 
1.2.3 - shall ensure that the purpose of processing of the personal information is adequate, relevant, and not excessive; and
1.2.3 - shall ensure that the purpose of processing of the personal information is adequate, relevant, and not excessive; and
1.2.4 - shall not, under any circumstances, processes any personal information in any manner prohibited by POPIA or any other legislation.
1.3 - The Parties know and understand the purpose and use of the personal information, and the method and manner of processing of the personal information.
1.4 - The Parties hereby irrevocably give consent to each other to process, and further process, personal information where the processing is necessary and for an agreed-upon purpose.
1.5 - The Parties indemnify and hold harmless each other from any action or claim of any nature whatsoever that might be brought by any person as a result of any personal loss, injury or damage arising directly or indirectly from any act or omission on relating to any negligent or wilful breach of compliance with any law and POPIA.

CIPC: Beneficial Ownership Register 

If you are a director of a company or member of a close corporation, it is your duty to complete a detailed Beneficial Ownership Register, supported by relevant documents, which must be submitted to CIPC on its e-services platform. You may outsource this function to an accountant but remember that this nevertheless remains your responsibility.

What is a Beneficial Owner?
The “Beneficial Owner” of a company is an individual who directly or indirectly, owns 5% or more of that company, or exercises effective control of that particular company, by:
- holding beneficial interests in securities of that company.
- exercising, or controlling the exercise of, voting rights associated with the securities of the company.
- exercising, or controlling the exercise of, the right to appoint or remove members of the board of directors of the company.
- holding beneficial interest in the securities, or the ability to exercise control, including through a chain of ownership or control of a holding company of that company.
- being able to materially influence the management of that company.

What must you do?
You must identify the Beneficial Owners of your business, collect their information, and record it in a Register to be filed with CIPC. All security requirements applicable to personal information should be adhered to.

For each beneficial owner, you must capture the following information in the register:
- their full name, Identity number or registration number, and date of birth.
- business or residential and postal address.
- email address.
- confirmation of their participation and the extent of the beneficial interest in the business.

The Register must be submitted to CIPC on behalf of your business by no later than October 2023.

Thereafter, the Register must be regularly updated as needed and audited annually. Any changes to beneficial ownership must be captured in the register as soon as possible and no later than within ten business days of the change. Your updated Register can be submitted with your business’ annual returns by yourself or your accountant.

If you are required to complete a Beneficial Ownership Register, not doing so is an offence in terms of the Companies Act which may result in the imposition of an administrative penalty on your business. It is therefore imperative that you ensure compliance with CIPC’s requirements.