Last updated: 1 January 2026
1. Introduction
UJS Accountants (Pty) Ltd ("we", "us", "our") respects your right to privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, share and protect personal information when you engage our services or use our website at www.ujs.co.za.
This policy is published in compliance with the Protection of Personal Information Act, 4 of 2013 ("POPIA").
By engaging our services or using our website, you confirm that you have read and understood this Privacy Policy.
2. Who we are
UJS Accountants (Pty) Ltd is an accounting, bookkeeping, tax compliance and payroll services firm based in South Africa.
| Responsible Party | UJS Accountants (Pty) Ltd |
| Registration number | 2025/404523/07 |
| Physical address | 618 Pam Street, Rietvlei View CE, Pretoria, 0181 |
| Information Officer | Mrs. Annamarie Botha |
| info@ujs.co.za |
Our Information Officer is registered with the Information Regulator of South Africa and is responsible for ensuring our compliance with POPIA.
3. The personal information we collect
We collect only the personal information that is necessary to provide our services, comply with our legal obligations, and operate our business. This may include:
Identification and contact information
- Full names and surname
- Identity or passport number
- Date of birth
- Residential and postal address
- Email address and telephone number(s)
Financial and tax information
- Income tax reference number
- VAT registration number
- PAYE, UIF and SDL reference numbers
- Bank account details
- Financial statements, invoices, receipts and supporting documentation
- Payroll information (for clients who use our payroll services), including employee personal and banking details
Business information (where applicable)
- Company / Close Corporation / Trust registration details
- Director, member or trustee information
- CIPC registration documents
Website information
- Information you submit via our contact form (name, email address, message)
- Basic technical information such as IP address and browser type (where applicable)
4. How we collect personal information
We collect personal information:
- Directly from you when you engage our services, complete forms, or correspond with us
- Through our website contact form
- From third parties where you have authorised us to do so (for example, SARS or your previous accountant)
- From public registers (such as CIPC) where relevant to our services
5. Why we collect and process your personal information (lawful basis)
We process your personal information for the following purposes, relying on one or more of the lawful bases set out in POPIA:
| Purpose | Lawful basis (POPIA s.11) |
|---|---|
| Providing bookkeeping, tax compliance, and payroll services | Performance of a contract with you |
| Submitting tax returns and other filings to SARS | Compliance with a legal obligation |
| Registering or updating company details with CIPC | Compliance with a legal obligation / your consent |
| Processing payroll and statutory submissions | Performance of a contract / legal obligation |
| Responding to enquiries via our website | Your consent / legitimate interest |
| Maintaining records as required by law | Compliance with a legal obligation |
| Communicating with you about our services | Performance of a contract / legitimate interest |
6. Who we share your personal information with
We only share your personal information where it is necessary to provide our services, where the law requires it, or where you have consented. The third parties we share information with include:
Regulatory and statutory bodies
- South African Revenue Service (SARS) — for tax returns, VAT, PAYE, UIF, SDL and related submissions
- Companies and Intellectual Property Commission (CIPC) — for company registrations, director changes, annual returns and related filings
- Department of Labour / UIF — for employer registrations and submissions where applicable
Service providers and software platforms
- Xero — our cloud accounting platform, used to maintain client accounting records
- Google Workspace (Google LLC) — for email, document creation and internal collaboration
- Microsoft OneDrive (Microsoft Corporation) — for secure document storage and sharing
We do not sell your personal information to any third party. We do not share your information for marketing purposes.
7. Cross-border transfers
Some of the service providers we use (Xero, Google Workspace, Microsoft OneDrive) may store or process personal information outside South Africa. We rely on these providers' contractual safeguards, security certifications, and compliance with applicable data protection laws (which provide a level of protection substantially similar to POPIA) when transferring information internationally.
8. How long we keep your personal information
We retain personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are:
| Type of record | Retention period |
|---|---|
| Active client records | For the duration of the engagement |
| General client records after end of engagement | 3 years after end of engagement |
| Closed client files (full file) | 5 years after engagement closure (aligned with SARS audit requirements) |
| Payroll records | Minimum 3 years (BCEA / LRA) |
| Tax-related records | Minimum 5 years (Tax Administration Act) |
| Website enquiries not converting into an engagement | 12 months, unless a longer period is justified |
Where statutory retention periods are longer than those listed above, the statutory period prevails. After the applicable retention period expires, we will securely delete or destroy your personal information.
9. Your rights under POPIA
You have the following rights in relation to your personal information:
- Access — to request confirmation of, and access to, the personal information we hold about you
- Correction — to request that we correct or update inaccurate or incomplete information
- Deletion — to request that we delete personal information that we are no longer entitled to retain
- Objection — to object to the processing of your personal information in certain circumstances
- Withdrawal of consent — where processing is based on your consent, to withdraw that consent at any time
- Complaint — to lodge a complaint with the Information Regulator
To exercise any of these rights, please contact our Information Officer using the details in section 2 above. We may require you to verify your identity before processing your request. We will respond within a reasonable period and, in any event, within the time periods required by POPIA.
10. How we protect your personal information
We implement appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised access, alteration, or disclosure. These include:
- Access controls and unique logins for our staff
- Encrypted storage and transmission of data where reasonably practicable
- Secure cloud platforms (Google Workspace, Microsoft OneDrive, Xero) with industry-standard security certifications
- Regular staff awareness of confidentiality and data protection obligations
- Confidentiality undertakings by staff
While we take reasonable steps to safeguard your information, no method of transmission or storage is entirely secure. We cannot guarantee absolute security, but we will notify you and the Information Regulator without undue delay if a security compromise affects your personal information.
11. Cookies and our website
Our website is primarily informational and does not deliberately set tracking or advertising cookies. Where any essential cookies are used to enable basic site functionality, we will indicate this clearly. You can configure your browser to refuse cookies or alert you when cookies are being set.
12. Children's personal information
We do not knowingly collect personal information from children under the age of 18 without the consent of a parent or guardian. If you believe we have inadvertently collected such information, please contact us so that we can take appropriate steps.
13. Changes to this policy
We may update this Privacy Policy from time to time. The most recent version will always be available on our website with the "Last updated" date clearly shown. Material changes will be communicated to clients via email or other appropriate means.
14. Contact us and complaints
If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact our Information Officer:
Email: info@ujs.co.za
Postal: PostNet Suite 555, Private Bag X10, Elardus Park, 0047
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator:
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: complaints.IR@justice.gov.za
Website: inforegulator.org.za