PAIA AND POPIA MANUAL
for
ROSEWALL AGENCIES CC
REG NO: 1994/000947/23
Prepared in accordance with:
The Promotion of Access to Information Act 2 of 2000
The Protection of Personal Information Act 4 of 2013
Clause 1 DEFINITIONS
1.1 Unless otherwise expressly stated, or the context otherwise requires, the words and expressions listed below shall, when used in this Manual, including this introduction, bear the meanings ascribed to them:
1.1.1 “Company” means Rosewall Agencies CC, registration no. 1994/000947/23, a close corporation with limited liability duly incorporated and registered in accordance with the laws of South Africa, situated 11 North Way, Kelvin, Sandton, 2146;
1.1.2 “Constitution” means the Constitution of the Republic of South Africa 108 of 1996;
1.1.3 “Data Subjects” has the meaning ascribed to it in terms of POPIA;
1.1.4 “Information Officer” means the Company’s appointed information officer, and whose details are designated and referred to Grant Clark Bain Error! Reference source not found.;
1.1.5 “Manual” means this document entitled the PAIA and POPIA manual and any appendices and schedules attached hereto;
1.1.6 “PAIA” means the Promotion of Access to Information Act 2 of 2000;
1.1.7 “Personal Information” has the meaning ascribed to it in terms of POPIA;
1.1.8 “POPIA” means the Protection of Personal Information Act 4 of 2013;
1.1.9 “Process” has the meaning ascribed to it in terms of POPIA;
1.1.10 “Request for Access” has the meaning ascribed to it in terms of PAIA;
1.1.11 “Responsible Party” has the meaning ascribed to it in terms of POPIA;and
1.1.12 “Website” means www.rosewall.co.za.
1.2 Capitalised terms used in this Manual have the meanings ascribed thereto in section 1 of POPIA and PAIA as the context specifically requires, unless otherwise defined herein.
Clause 2 PURPOSE OF THE MANUAL
2.1 This Manual for the purposes of:
2.1.1 PAIA, details the procedure to be followed by a requester and the manner in which a Request for Access will be facilitated; and
2.1.2 POPIA, amongst other things, details the purpose for which Personal Information may be processed; a description of the categories of Data Subjects for whom the Company Processes Personal Information as well as the categories of Personal Information relating to such Data Subjects; and the recipients to whom Personal Information may be supplied.
Clause 3 OVERVIEW AND NATURE OF COMPANY’S BUSINESS
3.1 The Company is a service design consulting company that uses its own professionals to develop digital assets.
Clause 4 COMPANY DETAILS
4.1 The details of the Company are as follows:
4.1.1 Physical address: 11 North Way, Kelvin, Sandton, 2146
4.1.2 Postal address: 11 North Way, Kelvin, Sandton, 2146
4.1.3 Telephone number: 082 555 0204
4.1.4 Email Address: grant@rosewall.co.za
4.1.5 Website: www.rosewall.co.za
Clause 5 CONTACT DETAILS OF THE INFORMATION OFFICER
5.1 The Information Officer’s contact details are as follows:
5.1.1 Information Officer’s Full Name: Grant Clark Bain
5.1.2 Information Officer’s Designation: Member
5.1.3 Information Officer’s Email: grant@rosewall.co.za
5.1.4 Physical address: 11 North Way, Kelvin, Sandton, 2146
Clause 6 APPLICABLE LEGISLATION
6.1 Records of the Company and other legal entities in which the Company has a direct controlling interest or an indirect controlling interest through its subsidiaries) may be kept by or on behalf of the Company in accordance with the following legislation (some of which legislation may not be applicable to the Company ), as well as with other legislation that may apply to the Company and/or its subsidiaries from time to time:
6.1.1 Basic Conditions of Employment Act 57 of 1997;
6.1.2 Broad-based Black Economic Empowerment Act 53 of 2003;
6.1.3 Companies Act 71 of 2008;
6.1.4 Compensation for Occupational Injuries and Diseases Act 130 of 1993;
6.1.5 Competition Act No. 89 of 1998;
6.1.6 Consumer Protection Act 68 of 2008;
6.1.7 Copyright Act 98 of 1978;
6.1.8 Currencies and Exchanges Act 9 of 1993;
6.1.9 Debt Collectors Act 114 of 1998
6.1.10 Electronic Communications and Transactions Act 25 of 2002;
6.1.11 Employment Equity Act 55 of 1998;
6.1.12 Financial Intelligence Centre Act 38 of 2001;
6.1.13 Income Tax Act 58 of 1962;
6.1.14 Insolvency Act 24 of 1936;
6.1.15 Intellectual Property Laws Amendment Act 38 of 1997;
6.1.16 Labour Relations Act 66 of 1995;
6.1.17 National Credit Act 34 of 2005;
6.1.18 Occupational Health and Safety Act 85 of 1993;
6.1.19 Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002;
6.1.20 Prevention of Organised Crime Act 121 of 1998;
6.1.21 Prevention and Combating of Corrupt Activities Act 12 of 2004;
6.1.22 Promotion of Access to Information Act 2 of 2000;
6.1.23 Protected Disclosures Act 26 of 2000;
6.1.24 Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004;
6.1.25 Skills Development Act 97 of 1998;
6.1.26 Skills Development Levies Act No. 97 of 1999;
6.1.27 Securities Transfer Tax Act 25 of 2007;
6.1.28 Securities Transfer Tax Administration Act 26 of 2007;
6.1.29 Tax Administration Act No. 28 of 2011;
6.1.30 Trade Marks Act 194 of 1993;
6.1.31 Trust Property Control Act 57 of 1988;
6.1.32 Unemployment Insurance Act 30 of 1966;
6.1.33 Unemployment Insurance Contributions Act 4 of 2002;
6.1.34 Value Added Tax Act 89 of 1991.
PART 1: PAIA MANUAL
Clause 7 INTRODUCTION
7.1 PAIA gives third parties the right to approach private bodies and the government to request information held by them, which is required in the exercise and/or protection of any rights.
7.2 On request, the private body or government is obliged to release such information unless PAIA expressly states that the records containing such information may or must not be released. This manual informs requestors of procedural and other requirements which a request must meet as prescribed by PAIA.
Clause 8 REQUESTS FOR ACCESS TO RECORDS
8.1 Records held by the Company may be accessed on request only once the requirements for access have been met.
8.2 A requester is any person making a request for access to a record of the Company and in this regard, PAIA distinguishes between two types of requesters:
8.2.1 Personal Requester: who is a requester who is seeking access to a record containing personal information about the requester. Subject to the provisions of PAIA and applicable law, the Company will provide the
requested information, or give access to any record with regard to the requester’s personal information. The prescribed fee for reproduction of the information requested will be charged by the Company .
8.2.2 Other Requester: this requester (other than a personal requester) is entitled to request access to information pertaining to third parties. However, the Company is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of PAIA. The prescribed fee for reproduction of the information requested will be
charged by the Company .
Clause 9 PROCEDURE FOR A REQUEST FOR ACCESS
9.1 A requester must comply with all the procedural requirements as contained in section 53 of PAIA relating to a Request for Access to a Record.
9.2 A requester must complete the prescribed Request for Access form (Form C) attached as Annexure 1 and submit the completed Request for Access form as well as payment of a request fee (if applicable) and a deposit (if applicable), to the Information Officer at the postal or physical address, facsimile number or electronic mail address stated herein.
9.3 The Request for Access form must be completed with enough detail so as to enable the Information Officer to identify the following:
9.3.1 the record/s requested;
9.3.2 the identity of the requester;
9.3.3 the form of access that is required, if the request is granted;
9.3.4 the postal address or fax number of the requester; and
9.3.5 the right that the requester is seeking to protect and an explanation as to why the Record is necessary to exercise or protect such a right.
9.3.6 If a Request for Access is made on behalf of another person, the requester must submit proof of the capacity in which the requester is making the request to the reasonable satisfaction of the Information
Officer.
9.3.7 If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.
Clause 10 DECISION TO GRANT ACCESS TO RECORDS
10.1 The Company will decide whether to grant or decline the Request for Access within 30 (thirty) days of receipt of the Request for Access and must give notice to the requester with reasons (if required) to that effect.
10.2 The period referred to above may be extended for a further period of not more than 30 (thirty) days if the Request for Access is for a large number of Records or the Request for Access requires a search for Records held at another office of the Company and the Records cannot reasonably be obtained within the original 30 (thirty) day period.
10.3 The Company will notify the requester in writing should an extension of time as contemplated above be required.
10.4 If, in addition to a written reply from the Information Officer, the requester wishes to be informed of the decision on the Request for Access in any other manner, the requester must state the manner and particulars so
required.
Clause 11 FEES
11.1 PAIA provides for two types of fees, namely:
11.1.1 A request fee: (which will be a standard fee) is applicable when a request is received by the information officer of the Company , the information officer shall by notice require the requester, other than apersonal requester, to pay the prescribed request fee (if any), before further processing of the request.
11.1.2 An access fee: is calculated by taking into account reproduction costs, search and preparation time and cost, as well as postal costs where applicable. If a search for the record is necessary and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the information officer shall notify the requester to pay as a deposit the prescribed portion of the access fee which would be payable if the request is granted.
11.2 The information officer shall withhold a record until the requester has paid the fee or fees as indicated. A requester whose request for access to a record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available in the request form. If a deposit has been paid in respect of a request for access, which is refused, then the information officer shall repay the deposit to the requester.
11.3 The Information Officer will withhold a Record until the requester has paid the fees set out in.
Clause 12 GROUNDS FOR REFUSAL OF ACCESS TO RECORDS
12.1 The following are the grounds on which the Company may, subject to the exceptions contained in Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:
12.1.1 mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable;
12.1.2 mandatory protection of the commercial information of a third party, if the Records contain:
12.1.2.1 trade secrets of that third party;
12.1.2.2 financial, commercial, scientific or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or
12.1.2.3 information disclosed in confidence by a third party to the Company, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition;
12.1.3 mandatory protection of confidential information of third parties if it is protected in terms of any agreement;
12.1.4 mandatory protection of the safety of individuals and the protection of property;
12.1.5 mandatory protection of Records that would be regarded as privileged in legal proceedings;
12.1.6 protection of the commercial information of the Company, which may include:
12.1.6.1 trade secrets;
12.1.6.2 financial/commercial, scientific or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of the Company;
12.1.6.3 information which, if disclosed, could put the Company at a disadvantage in contractual or other negotiations or prejudice the Company in commercial competition; and/or
12.1.6.4 computer programs which are owned by the Company, and which are protected by copyright and intellectual property laws;
12.1.6.5 research information of the Company or a third party, if such disclosure would place the research or the researcher at a serious disadvantage; and
12.2 Requests for Records that are clearly frivolous or vexatious, or which
involve an unreasonable diversion of resources.
Clause 13 REMEDIES AVAILABLE UPON REFUSAL OF A REQUEST FOR
ACCESS
13.1 The Company does not have internal appeal procedures. As such, the
decision made by the Information Officer is final, and a requester will
Page 12 of 35
have to exercise such external remedies at their disposal if the Request
for Access is refused.
13.2 In accordance with sections 56(3)(c) and 78 of PAIA, a requester may
apply to a court for relief within 180 (one hundred and eighty) days of
notification of the decision for appropriate relief.
Clause 14 INFORMATION OR RECORDS NOT FOUND
14.1 If the Company cannot find the records that the requester is looking for
despite reasonable and diligent search and it believes either that the
records are lost or that the records are in its possession but unattainable,
the requester will receive a notice in this regard from the Information
Officer in the form of an affidavit setting out the measures taken to locate
the document and accordingly the inability to locate the document.
Clause 15 REQUEST GRANTED
15.1 A requester whose Request for Access to a Record has been granted,
must pay an access fee for reproduction and for search and preparation,
and for any time reasonably required in excess of the prescribed hours
to search for and prepare the Record for disclosure, including making
arrangements to make it available in a requested form provided for in
PAIA.
15.2 If a deposit has been paid in respect of a Request for Access which is
refused, the Information Officer will repay the deposit to the requester.
Clause 16 AVAILABILITY OF THE MANUAL
16.1 The manual is available for inspection, on reasonable prior notice, at the
office of the Company free of charge.
16.2 The Human Rights Commission has been tasked with the administration
of the PAIA. Section 10 of the PAIA Act requires the South African
Human Rights Commission (“SAHRC”) to publish a guide which is
intended to assist users in the interpretation of the PAIA and how to
Page 13 of 35
access the records of private and public bodies and the remedies
available in law regarding a breach of any of the provisions of the PAIA.
16.3 The guide will contain the following information:
16.3.1 the objects of the PAIA;
16.3.2 particulars of the information officer of every public body;
16.3.3 particulars of every private body as are practicable;
16.3.4 the manner and form of a request for access to information held by a
body;
16.3.5 assistance available from both the information officers and the SAHRC
in terms of PAIA;
16.3.6 all remedies in law regarding acts, omissions, rights and duties, including
how to lodge an internal appeal and a court application;
16.3.7 schedules of fees to be paid in relation to requests for access to
information;
16.3.8 regulations made in terms of PAIA.
16.4 Copies of this guide are available from SAHRC. Enquiries regarding the
Guide and relating to the person’s rights and in particular their right to
access information from a private or public body can be addressed to the
SAHRC, the contact details of which are as follows:
16.4.1 Post: The South African Human Rights Commission, PAIA (Promotion
of Access to Information Act) Unit Research and Documentation
Department, Private Bag 2700, Houghton, 2041
16.4.2 Telephone Number: 27 (11) 484 8300/ +27 11 877 3600
16.4.3 Fax: +27 (11) 484 7146/ +27 11 403 0625
16.4.4 Email: PAIA@sahrc.org.za or section51.paia@sahrc.org.za
Page 14 of 35
16.4.5 Website: http://www.sahrc.org.za
Clause 17 CATEGORIES OF RECORDS HELD BY THE COMPANY: SECTION
51(1)(E) OF PAIA
17.1 Corporate, Statutory and Legal
17.1.1 Documents of incorporation (includes, inter alia, memorandum of
incorporation).
17.1.2 Minutes of board of directors’ meetings.
17.1.3 Minutes of shareholders meetings.
17.1.4 Records relating to the appointment of directors, auditor, secretary,
public officer and other officers.
17.1.5 Share register and other statutory registers.
17.1.6 Legal correspondence and compliance.
17.1.7 Licenses and approvals.
17.1.8 Policies and Procedures.
17.1.9 Share Certificates.
17.1.10 Shareholder Agreements.
17.1.11 Shareholder Register.
17.1.12 Statutory Returns to Relevant Authorities.
17.2 Financial & Tax Records
17.2.1 Accounting records.
17.2.2 Annual financial statements.
17.2.3 Audit reports.
17.2.4 Asset register.
Page 15 of 35
17.2.5 Banking records (includes, inter alia, bank statements, electronic
banking records).
17.2.6 Foreign Exchange Records (if applicable).
17.2.7 Invoices and statements of account.
17.2.8 Rental and lease agreements (if applicable).
17.2.9 PAYE records and returns.
17.2.10 Tax Records and Returns.
17.2.11 VAT records and returns.
17.2.12 Documents issued to employees for income tax purposes.
17.2.13 Records of payments made to SARS (includes, inter alia, records of
payments made on behalf of employees).
17.2.14 All other statutory compliances:
17.2.14.1 Skills Development Levies;
17.2.14.2 UIF;
17.2.14.3 Workmen’s Compensation.
17.3 Insurance
17.4 Claim records.
17.5 Details of insurance coverage, limits and insurers.
17.6 Insurance declarations.
17.7 Insurance policies.
17.8 OPERATIONAL AND TECHNICAL
17.8.1 Access control records (if applicable).
Page 16 of 35
17.8.2 Administration documents.
17.8.3 Agreements with contractors and suppliers.
17.8.4 Contractor and supplier data.
17.8.5 Incident reports and investigations.
17.8.6 Licenses and approvals.
17.8.7 Marketing strategies.
17.8.8 Statistics.
17.8.9 Resource and reserve information.
17.8.10 Survey reports (if applicable).
17.8.11 Security records (if applicable).
17.8.12 Technical records (if applicable).
17.8.13 Vendor’s lists.
17.9 Safety, Health, Environment and Quality
17.9.1 Emergency response plans.
17.9.2 Incident registers and IOD claims, if any.
17.9.3 Safety management systems, data and audits.
17.9.4 SHEQ: Safety, Health, Environmental and Quality systems, policies,
procedures and reports.
17.10 Personnel Documents and Records (Employees, Consultants &
Job Applicants)
17.10.1 BEE Statistics.
17.10.2 Consultancy agreements.
Page 17 of 35
17.10.3 Contact details (telephone numbers and e-mail addresses) of clients.
17.10.4 Correspondence with Employees.
17.10.5 Criminal background checks.
17.10.6 Curriculum vitae (includes, inter alia, work history, work experience,
skills, qualifications, work references, etc.).
17.10.7 Details of next of kin for contact purposes.
17.10.8 Disciplinary code.
17.10.9 Disciplinary records.
17.10.10 Education and training records.
17.10.11 Employment agreements.
17.10.12 Employee benefit records.
17.10.13 Employment equity plan (if applicable).
17.10.14 Financial records (e.g. bank account details, invoices, statement of
account).
17.10.15 Job applications.
17.10.16 Job offers.
17.10.17 Leave records (which includes, inter alia, reasons for leave taken which
may include medical practitioner letters).
17.10.18 Medical records (if applicable).
17.10.19 Salary and other payments to same records.
17.10.20 SETA records (if applicable).
17.10.21 Skills development plans.
17.10.22 Reasons for termination of employment and/or consultancy.
Page 18 of 35
17.10.23 Retirement benefits and medical aid.
17.10.24 Tax records (e.g. IRP5, etc.)
17.10.25 Training records.
17.10.26 Training manuals.
17.10.27 Workmen’s compensation claims and records.
17.11 SALES AND MARKETING
17.11.1 Products and/or Services.
17.11.2 Markets.
17.11.3 Customers.
17.11.4 Brochures, newsletters and advertising materials.
17.11.5 Sales.
17.11.6 Delivery notes.
17.11.7 Customer Satisfaction Surveys (if applicable).
17.11.8 Proposals and Tenders.
17.12 Client Documents and Records
17.12.1 Client contact details (client contact persons, telephone numbers,
cellphone numbers, e-mail addresses, preferred method of contact).
17.12.2 Client registration and/or identity number details.
17.12.3 Client addresses, both physical and postal.
17.12.4 FICA documents of clients.
17.12.5 Financial records (includes, inter alia, invoices, statement of account,
payment history, default history).
Page 19 of 35
17.12.6 Legal records (includes, inter alia, letters of demand, summons, etc.).
17.13 Supplier Documents and Records
17.13.1 Supplier contact details (supplier contact persons, telephone numbers,
cellphone numbers, e-mail addresses, preferred method of contact).
17.13.2 Supplier registration and/or identity number details.
17.13.3 Supplier addresses, both physical and postal.
17.13.4 Supplier bank account details.
17.13.5 Financial records (e.g. invoices, statement of account, payment history).
17.14 INFORMATION TECHNOLOGY
17.14.1 Hardware and operating systems.
17.14.2 Telephone exchange equipment (if applicable).
17.14.3 Telephone lines, leased lines and data lines.
17.14.4 Disaster recovery policy and systems.
17.14.5 Internal systems support.
17.14.6 Contracts and agreements.
17.14.7 Licenses.
17.14.8 Policies, procedures, standards, templates and guidelines.
17.14.9 Faults, troubleshooting and reporting.
17.14.10 Performance of IT Infrastructure.
17.14.11 Security Access.
Page 20 of 35
PART 2: POPIA MANUAL
Clause 18 INTRODUCTION
18.1 Chapter 3 of POPIA provides for the minimum conditions for lawful
processing of Personal Information by a Responsible Party. These
conditions may not be derogated from unless specific exclusions apply
as outlined in POPIA.
18.2 The Company needs Personal Information relating to both individual and
juristic persons in order to carry out its business and organisational
functions.
18.3 The manner in which this information is Processed and the purpose for
which it is Processed is determined by the Company.
18.4 The Company is accordingly a Responsible Party for the purposes of
POPIA and will ensure that the Personal Information of a Data Subject:
18.4.1 is processed lawfully, fairly and transparently. This includes the provision
of appropriate information to Data Subjects when their data is collected
by the Company , in the form of privacy or data collection notices. the
Company must also have a legal basis (for example, consent) to process
Personal Information;
18.4.2 is processed only for the purposes for which it was collected;
18.4.3 will not be processed for a secondary purpose unless that processing is
compatible with the original purpose.
18.4.4 is adequate, relevant and not excessive for the purposes for which it was
collected;
18.4.5 is accurate and kept up to date;
18.4.6 will not be kept for longer than necessary;
Page 21 of 35
18.4.7 is processed in accordance with integrity and confidentiality principles;
this includes physical and organisational measures to ensure that
Personal Information, in both physical and electronic form, are subject to
an appropriate level of security when stored, used and communicated by
the Company , in order to protect against access and acquisition by
unauthorised persons and accidental loss, destruction or damage;
18.4.8 is processed in accordance with the rights of Data Subjects, where
applicable.
18.5 Data Subjects have the right to:
18.5.1 be notified that their Personal Information is being collected by the
Company. The Data Subject also has the right to be notified in the event
of a data breach;
18.5.2 know whether the Company holds Personal Information about them, and
to access that information. Any request for information must be handled
in accordance with the provisions of this Manual;
18.5.3 request the correction or deletion of inaccurate, irrelevant, excessive, out
of date, incomplete, misleading or unlawfully obtained personal
information;
18.5.4 object to the Company’s use of their Personal Information and request
the deletion of such Personal Information (deletion would be subject to
the Company’s record keeping requirements);
18.5.5 object to the processing of Personal Information for purposes of direct
marketing by means of unsolicited electronic communications; and
18.5.6 complain to the Information Regulator regarding an alleged infringement
of any of the rights protected under POPIA and to institute civil
proceedings regarding the alleged non-compliance with the protection of
his, her or its personal information.
Clause 19 SPECIFIC PURPOSE
Page 22 of 35
19.1 As outlined above, Personal Information may only be processed by the
Company for a specific purpose.
19.2 The Company uses the Personal Information under its care in the
following ways:
19.2.1 administration of agreements;
19.2.2 business development and marketing of the Company’s products and
services;
19.2.3 conducting credit reference checks and assessments;
19.2.4 complying with tax and other laws;
19.2.5 complying with legal and regulatory requirements;
19.2.6 detecting and prevention of fraud, crime, money laundering and other
malpractice;
19.2.7 discounting and asset funding purposes;
19.2.8 in connection with legal proceedings;
19.2.9 keeping of accounts and records;
19.2.10 providing products and services to customers;
19.2.11 marketing and sales;
19.2.12 rendering services according to instructions given by clients;
19.2.13 staff recruitment and administration.
Clause 20 CATEGORIES OF DATA SUBJECTS AND PERSONAL
INFORMATION
20.1 The Company may possess records relating to suppliers, shareholders,
contractors service providers, staff and clients.
Page 23 of 35
20.1.1 Juristic Entities:
Clients
Suppliers
Subcontractors
Consultants
Names of contact persons
Name of legal entity
Physical and postal address and contact details
Registration number
Founding documents
Banking and financial records
Tax related records
Authorised signatories, beneficiaries, ultimate
beneficial owners
Information about products or services
20.1.2 Natural
Persons:
Clients
Suppliers
Subcontractors
Full name
ID number
Physical and Postal address
Contact details
Banking and financial records
Tax related records
Information about products or services
Page 24 of 35
20.1.3 Employees Full name
ID number
Age
Language
Gender and race
Physical and postal address
Contact details
Marital status
Banking and financial details
Details of payments to third parties (deductions from
wages/salary)
Education information
Employment history and references
Remuneration details and records
Tax records
Training records
Leave records
Performance appraisals
Disciplinary records
Pregnancy
Opinions
Page 25 of 35
Criminal behaviour
Well-being
Clause 21 RECIPIENTS OF PERSONAL INFORMATION
21.1 The Company may share the Personal Information with its agents,
affiliates, and associated companies who may use this information to
send the Data Subject information on products and services.
21.2 The Company may supply the Personal Information to any party to whom
it may have assigned or transferred any of its rights or obligations under
any agreement, and/or to service providers who render the following
services:
21.2.1 accounting and auditing services;
21.2.2 capturing and organising of data;
21.2.3 conducting due diligence checks (e.g. credit checks);
21.2.4 legal and collection services;
21.2.5 marketing services;
21.2.6 medical aid and pension schemes;
21.2.7 sending of emails and other correspondence to clients;
21.2.8 storing of data.
Clause 22 CROSS-BORDER FLOW OF PERSONAL INFORMATION
22.1 Personal Information may be transmitted trans-border to the Company’s
authorised dealers and its suppliers in other countries, and Personal
Information may be stored in data servers hosted outside South Africa,
which may not have adequate data protection laws. the Company will
endeavour to ensure that its dealers and suppliers will make all
reasonable efforts to secure said data and Personal Information.
Page 26 of 35
Clause 23 RETENTION OF RECORDS
23.1 The Company may retain Personal Information records indefinitely,
unless the Data Subject objects thereto.
23.2 If the Data Subject objects to indefinite retention of its Personal
Information the Company shall retain the Personal Information records
to the extent permitted or required by law.
Clause 24 SECURITY MEASURES
24.1 The Company employs up to date technology to ensure the
confidentiality, integrity and availability of the Personal Information under
its care.
24.2 Security measures include, inter alia:
24.2.1 firewalls;
24.2.2 virus protection software and update protocols;
24.2.3 logical and physical access control;
24.2.4 secure setup of hardware and software making up the IT infrastructure;
and
24.2.5 outsourced service providers who process Personal Information on
behalf of the Company are contracted to implement security controls.
Clause 25 OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION
25.1 Section 11 (3) of POPIA and regulation 2 of the POPIA Regulations
provides that a Data Subject may, at any time object to the Processing
of his/her/its Personal Information in the prescribed form attached to this
manual as Annexure 2 subject to exceptions contained in POPIA.
Clause 26 CORRECTION OR DELETION OF PERSONAL INFORMATION
Page 27 of 35
26.1 Section 24 of POPIA and regulation 3 of the POPIA Regulations provides
that a Data Subject may request for their Personal Information to be
corrected/deleted in the prescribed form attached as Annexure 3 to this
Manual.
.
Page 28 of 35
ANNEXURE 1: FORM C OF PAIA
ACCESS REQUEST FORM
REQUEST FOR ACCESS TO A RECORD (SECTION 53(1) of PAIA)
A. PARTICULARS OF private body
Private Body
Information Officer
Physical address:
Postal address:
Telephone number:
Email:
Physical Address:
B. PARTICULARS OF PERSON REQUESTING ACCESS TO THE RECORD
- The particulars of the person who requests access to the record must be recorded below.
- Furnish an email address to which information must be sent.
- Proof of identity is required from both the requester and any person or any party acting on behalf of
the requester. The original identity document or such other proof satisfactory to the Chief Executive
Officer or Information Officer will need to be presented with this request by the requester or the
requester’s representative before the request will be processed. - If the request is made on behalf of another person, proof of the capacity in which the request is
made, is also to be presented with this request.
Full Name:
Identity/Reg. Number:
Contactperson:
Telephone Number:
Email:
Physical Address:
Postal Address
Page 29 of 35
C. PARTICULARS OF PERSON ON WHOSE BEHALF REQUEST IS MADE
Private Body:
Information Officer:
Identity Reg. Number:
Email address:
Telephone Number
Postal address:
Physical address
D. PARTICULARS OF RECORD - Provide full particulars of the record to which access is requested, including the reference number if
that is known to you, to enable the record to be located. - If the provided space is inadequate please continue on a separate folio and attach it to this form. The
requester must sign all the additional folios. - The requester’s attention is drawn to the grounds on which the private body must or may refuse
access to a record (in certain instances this may be mandatory, in others it may be discretionary): - mandatory protection of the privacy of a third party who is a natural person (human being);
- mandatory protection of commercial information of third party;
- mandatory protection of certain confidential information of a third party;
- mandatory protection of the safety of individuals, and the protection of property;
- mandatory protection of records privileged from production in legal proceedings;
- commercial information of a private body;
- mandatory protection of research information of a third party and a private body.
Description of record or relevant part of the record.
Category Description of Record
E. FEES
Page 30 of 35 - A request for access to a record, other than a record containing personal information about yourself,
will be processed only after a request fee (currently R57.50Including VAT) has been paid. - If the prescribed request fee is amended you will be notified of the amount required to be paid as the
request fee. - The fee payable for access toa record depends on the form in which access is required and the
reasonable time required to search for and prepare a record. - If you qualify for exemption of the payment of any fee, please state the reason therefore.
The requester qualifies for an exemption in payment of fees (mark the
appropriate box)
Yes
No
Reasons for exemption:
G. FORM OF ACCESS TO RECORD
If you are prevented by a disability to read, view or listen to the record in the form of access provided for
in 1 to 4 hereunder, state your disability and indicate in which form the record is required.
Disability
Form in which record is required (please mark appropriate box)
If the record is in written or printed form:
☐Copy of record ☐ Inspection of record
If the record consists of visual images:
☐View the images ☐Copy of images ☐Transcription of the images
If the record consists of recorded information that can be reproduced in sound
☐Listen to the soundtrack (audio)☐Transcription of soundtrack
If the record is held on computer or in electronic or machine-readable form
☐Printed copy of record ☐Printed copy of information derived ☐Copy in computer readable format
If you requested a copy or transcription of a record (above) do you wish the copy of transcription to be
posted to you? Note that postage is payable by you.
Note that if the record is not available in the language you prefer, access may be granted in the
language in which the record is available. In which language would you prefer the record:
H. PARTICULARS OF RIGHT TO BE EXERCISED OR PROTECTED
If the provided space is inadequate, please continue ona separate folio and attach it to this form. The
requester must sign all the additional folios.
Page 31 of 35
Indicate which right is to be exercised/protected:
Explain why the requested record is required for the exercising or protection of the aforementioned
right:
I. NOTICE OF DECISION REGARDING REQUEST FOR ACCESS
You will be notified in writing whether your request has been approved/denied. If you wish to be
informed thereof in another manner, please specify the manner and provide the necessary particulars to
enable compliance with your request.
How would you prefer to be informed of the decision regarding your request for access to the record?
SIGNATURE OF REQUESTOR/PERSON ON WHOSE BEHALF REQUEST IS MADE
Date and place signed:
Page 32 of 35
Annexure 2: Data Subject objection form
in terms of Section 11(3) of the POPIA
Affidavits or other documentary evidence in support of the objection must be attached.
If the space provided for in this Form is inadequate, submit information as an Annexure
to this Form and sign each page.
A.Particulars of data Subject
Full Name:
Identity/Reg. Number:
Contactperson:
Telephone Number:
Email:
Physical Address:
Postal Address
B.Particulars of responsible person
Requests can be submitted either via post or e-mail and should be addressed to the Information
Officer as indicated per below:
Private Body:
Information Officer:
Identity Reg. Number:
Email address:
Telephone Number
Postal address:
Physical address
C. reasons for objection/s
Page 33 of 35
Signature: data subject & objector:
Data and place signed:
Page 34 of 35
Annexure 3: Data Subject request to correct/delete Personal Information
in terms of Section 24(1) of the POPIA - Affidavits or other documentary evidence in support of the objection must be
attached. - If the space provided for in this Form is inadequate, submit information as an
Annexure to this Form and sign each page. - Mark the appropriate box with an “x”. Request for:
- ☐Correction or deletion of the personal information about the data subject
which is in possession or under the control of the responsible party. - ☐Destroying or deletion of a record of personal information about the data
subject which is in possession or under the control of the responsible party and
who is no longer authorised to retain the record of information
A.Particulars of data Subject
Full Name:
Identity/Reg. Number:
Contactperson:
Telephone Number:
Email:
Physical Address:
Postal Address
B.Particulars of responsible person
Requests can be submitted either via post or e-mail and should be addressed to the Information
Officer as indicated per below:
Private Body:
Information Officer:
Identity Reg. Number:
Email address:
Telephone Number
Page 35 of 35
Postal address:
Physical address
C. reasons for
☐ Correction or Deletion of the personal information about the data subject
☐ Destruction or deletion of a record or personal information about the data subject which is in
possession or under the control of the responsible party (Please provide detailed reason for this
request)
Signature: data subject & objector:
Data and place signed: