Data Protection

Last Updated: January 2025

Our Commitment: FirmCases is committed to protecting your data and complying with applicable data protection laws, including regulations based on GDPR principles and Zambian data protection requirements.

1. Data Protection Principles

We process personal data in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and transparently
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
  • Data Minimization: We collect only data that is adequate, relevant, and necessary
  • Accuracy: We keep data accurate and up to date
  • Storage Limitation: We retain data only as long as necessary
  • Integrity and Confidentiality: We protect data with appropriate security measures
  • Accountability: We are responsible for and can demonstrate compliance

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to perform our contract with you
  • Consent: You have given clear consent for us to process your data
  • Legal Obligation: Processing necessary to comply with the law
  • Legitimate Interests: Processing necessary for our legitimate business interests

3. Data Subject Rights

As a data subject, you have the following rights:

3.1 Right to Access

You have the right to request access to your personal data and receive information about how we process it.

3.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

3.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data under certain circumstances.

3.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data under certain conditions.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

3.6 Right to Object

You have the right to object to processing of your personal data under certain circumstances.

3.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing.

4. How to Exercise Your Rights

To exercise any of your data protection rights, please contact our Data Protection Officer:

  • Email: dpo@firmcases.com
  • Subject Line: "Data Protection Rights Request"
  • Response Time: We will respond within 30 days of receiving your request

5. Data Security Measures

We implement comprehensive security measures to protect your data:

  • End-to-end encryption for sensitive data
  • Multi-factor authentication (MFA)
  • Regular security audits and penetration testing
  • Secure data centers with ISO 27001 certification
  • Employee confidentiality agreements and training
  • Incident response and breach notification procedures
  • Regular backups with encryption
  • Access controls and logging

6. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Notify affected individuals without undue delay
  • Provide information about the nature of the breach and measures taken

7. International Data Transfers

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard contractual clauses approved by regulatory authorities
  • Adequacy decisions where applicable
  • Additional security measures as needed

8. Data Retention

We retain personal data for different periods depending on the purpose:

  • Account Data: Duration of your subscription plus 3 years
  • Case/Client Data: As required by legal and professional obligations
  • Financial Records: Minimum 7 years for tax and accounting purposes
  • Marketing Data: Until you withdraw consent or 3 years of inactivity

9. Children's Data

Our Service is not directed at children under 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete it promptly.

10. Data Protection Officer

We have appointed a Data Protection Officer to oversee our data protection practices:

Name: Data Protection Officer
Email: dpo@firmcases.com
Address: FirmCases Data Protection Officer, Lusaka, Zambia

11. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

12. Updates to This Policy

We may update this Data Protection policy from time to time. Material changes will be communicated through email or prominent notice on our Service.

13. Contact Us

For any questions about data protection or to exercise your rights:

Email: dpo@firmcases.com
Phone: +260 XXX XXX XXX
Address: Lusaka, Zambia