This section explains the categories of information the Licentia Group may collect and process, depending on the service requested, the stage of engagement (quotation vs mandate/SLA), and the statutory requirements applicable to the client’s business and premises.

Licentia applies the principle of minimum necessary collection: we request and process only the information reasonably required to deliver the service, comply with the law, and protect lawful interests.

4.0 Sources of Information

Licentia may collect personal information directly from:

the data subject (client, owner, director, authorised representative);
the business entity represented by the client;
authorised third parties under mandate/SLA (e.g., landlords, accountants, attorneys, consultants, architects, environmental practitioners, town planners);
competent authorities and regulators (e.g., municipalities, provincial authorities, SAPS), where lawful; and/or
Licentia’s digital systems (website/app/platform logs), where the data subject interacts with the system.

4.1 Quotation / Enquiry Stage (Limited Information)

At the quotation or enquiry stage, Licentia generally collects limited information required to assess scope, provide pricing, and contact the client, including:

full name and surname;
contact details (mobile number, WhatsApp number, email address);
business name and trading name (if applicable);
province, municipality, and physical area where the premises operate;
category of licence/permit/certificate required;
high-level business activity description;
preferred communication method; and
consent record details (checkbox acceptance, timestamp, IP/device metadata where applicable).

Licentia does not require full application packs, identity documents, or sensitive information at the quotation stage unless specifically required to scope a regulated matter accurately.

4.2 Mandate / SLA Stage (Full Service-Level Information)

Where a client proceeds under a mandate or SLA, and depending on the service category, Licentia may process information, including, without limitation:

4.2.1 Identity and Personal Details

full names, surname, and initials;
identity number and/or passport number (where required);
date of birth (where required);
nationality and residency status (where required);
copies of identity documents (certified where required);
contact details and communication records.

4.2.2 Business and Entity Information

company/close corporation/trust registration details;
CIPC records and supporting statutory documents;
director/member/trustee/shareholder details and registers;
organisational structure and authorised signatories;
business addresses, domicilium, and operational contact points.

4.2.3 Premises and Property Information

physical address and location details;
lease agreements and addenda;
property ownership confirmations (where required);
premises consent documentation;
building layout details relevant to compliance;
photos and video evidence obtained during inspections (see Section 5 and relevant inspection terms).

4.2.4 Financial and Commercial Information

bank confirmations and banking details (where required);
invoices, quotations, payment records, and receipts;
turnover declarations and financial statements (where required by regulators or for due diligence);
proof of payment for statutory fees (where applicable).

4.2.5 Regulatory and Compliance Documentation

licences, permits, and certificates currently held;
renewal histories (where applicable);
compliance notices and inspection reports;
municipal accounts and compliance documents (where relevant);
zoning confirmations and land-use documents (where applicable);
environmental documentation and reports (where applicable);
health approvals and evidence packs (where applicable);
fire and safety documentation and related supporting evidence packs (where applicable).

4.2.6 Due Diligence and Verification Records (Where Mandated / Lawful)

business due diligence notes, findings, and risk flags;
verification outputs required for regulated submissions or risk controls;
correspondence with third parties relevant to due diligence.

4.3 Special Personal Information and High-Risk Categories

Depending on the service and lawful requirements, Licentia may process information that may be regarded as special category or higher-risk information, including:

4.3.1 Criminal Clearance and Enforcement-Related Information

criminal clearance certificates and related records (where required for licensing, compliance, or due diligence);
SAPS-related submissions or confirmations where applicable.

4.3.2 Biometric Information

biometric information may be processed only where required for lawful verification, premises security systems, regulated processes, or client-authorised compliance procedures.

4.3.3 Credit Bureau and Financial Risk Information

credit bureau reports and related outputs, where mandated and lawful.

4.3.4 CCTV Footage

CCTV footage captured at Licentia offices; and/or
CCTV footage at client premises where access is lawfully granted and authorised, and where relevant to compliance, security reporting, incident investigations, or lawful enforcement.

4.4 Inspection Media (Photos and Video)

Licentia may collect and store photographic and video evidence generated during site inspections and compliance assessments, including where individuals appear incidentally during operational trading hours.

Inspection media may include:

interior and exterior premises evidence;
surrounding environment and proximity evidence (where relevant to licensing);
safety and compliance evidence;
displayed licences, permits, and compliance documentation;
operational evidence required for regulator submissions;
video recordings were required for evidence completeness.

Inspection media forms part of the client compliance record and is governed by Licentia’s security, access control, retention, and deletion standards (see relevant sections of this Notice).

4.5 Communications and System Metadata

Licentia may process:

emails, calls, WhatsApp messages, and system communications;
message attachments and supporting documents;
system logs (IP address, device type, timestamps, user access logs);
consent logs and privacy notice version acceptance records.

4.6 Children / Minors Information

Licentia does not intentionally request, collect, photograph, or process personal information relating to children/minors as part of its ordinary services and operations, and historically has not performed services involving children/minors.

If, in exceptional circumstances, information relating to a minor becomes incidentally included in lawfully required business documentation (for example, statutory ownership structures, beneficiary disclosures, or regulatory records), such information will be processed only to the minimum extent necessary to comply with applicable legal requirements and will be subject to heightened access controls, confidentiality measures, and lawful retention rules.