PAIA AND POPIA MANUAL
for
Marketing Spirit (Pty) Ltd
Prepared in accordance with:
The Promotion of Access to Information Act 2 of 2000
The Protection of Personal Information Act 4 of 2013
Clause 1 : DEFINITIONS
1.1 Unless otherwise expressly stated, or the context otherwise requires, the words and expressions listed below shall, when used in this Manual, including this introduction, bear the meanings ascribed to them:
1.1.1 "Company" means Marketing Spirit (Pty) Ltd, registration no. 2004/034264/07, a company with limited liability duly incorporated and registered in accordance with the laws of South Africa, situated at 20 Pamela Avenue, Morehill Terrace, 1501, Benoni, Gauteng, South Africa;
1.1.2 "Constitution" means the Constitution of the Republic of South Africa 108 of 1996;
1.1.3 "Data Subjects" has the meaning ascribed to it in terms of POPIA;
1.1.4 "Information Officer" means the Company's appointed information officer, and whose details are designated and referred to in Error: Reference source not found;
1.1.5 "Manual" means this document entitled the PAIA and POPIA manual and any appendices and schedules attached hereto;
1.1.6 "PAIA" means the Promotion of Access to Information Act 2 of 2000;
1.1.7 "Personal Information" has the meaning ascribed to it in terms of POPIA;
1.1.8 "POPIA" means the Protection of Personal Information Act 4 of 2013;
1.1.9 "Process" has the meaning ascribed to it in terms of POPIA;
1.1.10 "Request for Access" has the meaning ascribed to it in terms of PAIA;
1.1.11 "Responsible Party" has the meaning ascribed to it in terms of POPIA; and
1.1.12 "Website" means www.marketingspirit.co.za.
1.2 Capitalised terms used in this Manual have the meanings ascribed thereto in section 1 of POPIA and PAIA as the context specifically requires, unless otherwise defined herein.
Clause 2 : PURPOSE OF THE MANUAL
2.1 This Manual for the purposes of:
2.1.1 PAIA, details the procedure to be followed by a requester and the manner in which a Request for Access will be facilitated; and
2.1.2 POPIA, amongst other things, details the purpose for which Personal Information may be processed; a description of the categories of Data Subjects for whom the Company Processes Personal Information as well as the categories of Personal Information relating to such Data Subjects; and the recipients to whom Personal Information may be supplied.
Clause 3 : OVERVIEW AND NATURE OF COMPANY'S BUSINESS
3.1 The Company is in the business of the following: Marketing, Business Development and Secondary Manufacturing Consulting and Ecommerce Products Division (ZestySpiritz).
Clause 4 : COMPANY DETAILS
4.1 The details of the Company are as follows:
4.1.1 Physical address: 20 Pamela Avenue, Morehill Terrace, 1501
4.1.2 Postal address: P O Box 12440, Benoryn, 1504
4.1.3 Telephone number: 082 659 0762
4.1.4 Email Address: info@marketingspirit.co.za
4.1.5 Website: www.marketingspirit.co.za
Clause 5: CONTACT DETAILS OF THE INFORMATION OFFICER
5.1 The Information Officer's contact details are as follows:
5.1.1 Information Officer's Full Name: Maryna Elizabeth le Roux
5.1.2 Information Officer's Designation: Director
5.1.3 Information Officer's Email: maryna@marketingspirit.co.za
5.1.4 Physical address: 20 Pamela Avenue, Morehill Terrace, 1501
Clause 6 : APPLICABLE LEGISLATION
6.1 Records of the Company and other legal entities in which the Company has a direct controlling interest or an indirect controlling interest through its subsidiaries) may be kept by or on behalf of the Company in accordance with the following legislation (some of which legislation may not be applicable to the Company ), as well as with other legislation that may apply to the Company and/or its subsidiaries from time to time:
6.1.1 Basic Conditions of Employment Act 57 of 1997;
6.1.2 Broad-based Black Economic Empowerment Act 53 of 2003;
6.1.3 Companies Act 71 of 2008;
6.1.4 Compensation for Occupational Injuries and Diseases Act 130 of 1993;
6.1.5 Competition Act No. 89 of 1998;
6.1.6 Consumer Protection Act 68 of 2008;
6.1.7 Copyright Act 98 of 1978;
6.1.8 Currencies and Exchanges Act 9 of 1993;
6.1.9 Debt Collectors Act 114 of 1998
6.1.10 Electronic Communications and Transactions Act 25 of 2002;
6.1.11 Employment Equity Act 55 of 1998;
6.1.12 Financial Intelligence Centre Act 38 of 2001;
6.1.13 Income Tax Act 58 of 1962;
6.1.14 Insolvency Act 24 of 1936;
6.1.15 Intellectual Property Laws Amendment Act 38 of 1997;
6.1.16 Labour Relations Act 66 of 1995;
6.1.17 National Credit Act 34 of 2005;
6.1.18 Occupational Health and Safety Act 85 of 1993;
6.1.19 Regulation of Interception of Communications and Provision of
Communication-Related Information Act 70 of 2002;
6.1.20 Prevention of Organised Crime Act 121 of 1998;
6.1.21 Prevention and Combating of Corrupt Activities Act 12 of 2004;
6.1.22 Promotion of Access to Information Act 2 of 2000;
6.1.23 Protected Disclosures Act 26 of 2000;
6.1.24 Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004;
6.1.25 Skills Development Act 97 of 1998;
6.1.26 Skills Development Levies Act No. 97 of 1999;
6.1.27 Securities Transfer Tax Act 25 of 2007;
6.1.28 Securities Transfer Tax Administration Act 26 of 2007;
6.1.29 Tax Administration Act No. 28 of 2011;
6.1.30 Trade Marks Act 194 of 1993;
6.1.31 Trust Property Control Act 57 of 1988;
6.1.32 Unemployment Insurance Act 30 of 1966;
6.1.33 Unemployment Insurance Contributions Act 4 of 2002;
6.1.34 Value Added Tax Act 89 of 1991.
PART 1: PAIA MANUAL
Clause 7 : INTRODUCTION
7.1 PAIA gives third parties the right to approach private bodies and the government to request information held by them, which is required in the exercise and/or protection of any rights.
7.2 On request, the private body or government is obliged to release such information unless PAIA expressly states that the records containing such information may or must not be released. This manual informs requestors of procedural and other requirements which a request must meet as prescribed by PAIA.
Clause 8 : REQUESTS FOR ACCESS TO RECORDS
8.1 Records held by the Company may be accessed on request only once the requirements for access have been met.
8.2. A requester is any person making a request for access to a record of the Company and in this regard, PAIA distinguishes between two types of requesters:
8.2.1 Personal Requester: who is a requester who is seeking access to a record containing personal information about the requester. Subject to the provisions of PAIA and applicable law, the Company will provide the requested information, or give access to any record with regard to the requester's personal information. The prescribed fee for reproduction of the information requested will be charged by the Company .
8.2.2 Other Requester: this requester (other than a personal requester) is entitled to request access to information pertaining to third parties. However, the Company is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of PAIA. The prescribed fee for reproduction of the information requested will be charged by the Company .
Clause 9 : PROCEDURE FOR A REQUEST FOR ACCESS
9.1 A requester must comply with all the procedural requirements as contained in section 53 of PAIA relating to a Request for Access to a Record.
9.2 A requester must complete the prescribed Request for Access form (Form C) attached as Annexure 1 and submit the completed Request for Access form as well as payment of a request fee (if applicable) and a deposit (if applicable), to the Information Officer at the postal or physical address, facsimile number or electronic mail address stated herein.
9.3. The Request for Access form must be completed with enough detail so as to enable the Information Officer to identify the following:
9.3.1 the record/s requested;
9.3.2 the identity of the requester;
9.3.3 the form of access that is required, if the request is granted;
9.3.4the postal address or fax number of the requester; and
9.3.5 the right that the requester is seeking to protect and an explanation as to why the Record is necessary to exercise or protect such a right.
9.3.6 If a Request for Access is made on behalf of another person, the requester must submit proof of the capacity in which the requester is making the request to the reasonable satisfaction of the Information Officer.
9.3.7 If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.
Clause 10 : DECISION TO GRANT ACCESS TO RECORDS
10.1 The Company will decide whether to grant or decline the Request for Access within 30 (thirty) days of receipt of the Request for Access and must give notice to the requester with reasons (if required) to that effect.
10.2 The period referred to above may be extended for a further period of not more than 30 (thirty) days if the Request for Access is for a large number of Records or the Request for Access requires a search for Records held at another office of the Company and the Records cannot reasonably be obtained within the original 30 (thirty) day
10.3 The Company will notify the requester in writing should an extension of time as contemplated above be required.
10.4 If, in addition to a written reply from the Information Officer, the requester wishes to be informed of the decision on the Request for Access in any other manner, the requester must state the manner and particulars so required.
Clause 11 : FEES
11.1 PAIA provides for two types of fees, namely:
11.1.1 A request fee: (which will be a standard fee) is applicable when a request is received by the information officer of the Company , the information officer shall by notice require the requester, other than a personal requester, to pay the prescribed request fee (if any), before further processing of the request.
11.1.2 An access fee: is calculated by taking into account reproduction costs, search and preparation time and cost, as well as postal costs where applicable. If a search for the record is necessary and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the information officer shall notify the requester to pay as a deposit the prescribed portion of the access fee which would be payable if the request is granted.
11.2 The information officer shall withhold a record until the requester has paid the fee or fees as indicated. A requester whose request for access to a record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available in the request form. If a deposit has been paid in respect of a request for access, which is refused, then the information officer shall repay the deposit to the requester.
11.3 The Information Officer will withhold a Record until the requester has paid the fees set out in.
Clause 12 : GROUNDS FOR REFUSAL OF ACCESS TO RECORDS
12.1 The following are the grounds on which the Company may, subject to the exceptions contained in Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:
12.1.1 mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable;
12.1.2 mandatory protection of the commercial information of a third party, if the Records contain:
12.1.2.1.trade secrets of that third party;
12.1.2.2 financial, commercial, scientific or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or
12.1.2.3 information disclosed in confidence by a third party to the Company, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition;
12.1.3 mandatory protection of confidential information of third parties if it is protected in terms of any agreement;
12.1.4 mandatory protection of the safety of individuals and the protection of property;
12.1.5 mandatory protection of Records that would be regarded as privileged in legal proceedings;
12.1.6 protection of the commercial information of the Company, which may include:
12.1.6.1 trade secrets;
12.1.6.2 financial/commercial, scientific or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of the Company;
12.1,6.3 information which, if disclosed, could put the Company at a disadvantage in contractual or other negotiations or prejudice the Company in commercial competition; and/or
12.1.6.4 computer programs which are owned by the Company, and which are protected by copyright and intellectual property laws;
12.1.6.5 research information of the Company or a third party, if such disclosure would place the research or the researcher at a serious disadvantage; and
12.1.6.6 requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.
Clause 13 : REMEDIES AVAILABLE UPON REFUSAL OF A REQUEST FOR ACCESS
13.1 The Company does not have internal appeal procedures. As such, the decision made by the Information Officer is final, and a requester will have to exercise such external remedies at their disposal if the Request for Access is refused.
13.2 In accordance with sections 56(3)(c) and 78 of PAIA, a requester may apply to a court for relief within 180 (one hundred and eighty) days of notification of the decision for appropriate relief.
Clause 14 : INFORMATION OR RECORDS NOT FOUND
14.1 If the Company cannot find the records that the requester is looking for despite reasonable and diligent search and it believes either that the records are lost or that the records are in its possession but unattainable, the requester will receive a notice in this regard from the Information Officer in the form of an affidavit setting out the measures taken to locate the document and accordingly the inability to locate the document.
Clause 15 : REQUEST GRANTED
15.1 A requester whose Request for Access to a Record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the Record for disclosure, including making arrangements to make it available in a requested form provided for in PAIA.
15.2 If a deposit has been paid in respect of a Request for Access which is refused, the Information Officer will repay the deposit to the requester.
Clause 16 : AVAILABILITY OF THE MANUAL
16.1 The manual is available for inspection, on reasonable prior notice, at the office of the Company free of charge.
16.2 The Human Rights Commission has been tasked with the administration of the PAIA. Section 10 of the PAIA Act requires the South African Human Rights Commission ("SAHRC") to publish a guide which is intended to assist users in the interpretation of the PAIA and how to access the records of private and public bodies and the remedies available in law regarding a breach of any of the provisions of the PAIA.
16.3. The guide will contain the following information:
16.3.1 the objects of the PAIA;
16.3.2 particulars of the information officer of every public body;
16.3.3 particulars of every private body as are practicable;
16.3.4 the manner and form of a request for access to information held by a body;
16.3.5 assistance available from both the information officers and the SAHRC in terms of PAIA;
16.3.6 all remedies in law regarding acts, omissions, rights and duties, including how to lodge an internal appeal and a court application;
16.3.7 schedules of fees to be paid in relation to requests for access to information;
16.3.8 regulations made in terms of PAIA.
16.4 Copies of this guide are available from SAHRC. Enquiries regarding the Guide and relating to the person's rights and in particular their right to access information from a private or public body can be addressed to the SAHRC, the contact details of which are as follows:
16.4.1 Post: The South African Human Rights Commission, PAIA (Promotion of Access to Information Act) Unit Research and Documentation Department, Private Bag 2700, Houghton, 2041
16.4.2 Telephone Number: 27 (11) 484 8300/ +27 11 877 3600
16.4.3 Fax: +27 (11) 484 7146/ +27 11 403 0625
16.4.5 Website: http://www.sahrc.org.za
Clause 17: CATEGORIES OF RECORDS HELD BY THE COMPANY: SECTION 51(1)(E) OF PAIA
17.1 Corporate, Statutory and Legal
17.1.1 Documents of incorporation (includes, inter alia, memorandum of incorporation).
17.1.2 Minutes of board of directors' meetings.
17.1.3 Minutes of shareholders meetings.
17.1.4 Records relating to the appointment of directors, auditor, secretary, public officer and other officers.
17.1.5 Share register and other statutory registers.
17.1.6 Legal correspondence and compliance.
17.1.7 Licenses and approvals.
17.1.8 Policies and Procedures.
17.1.9 Share Certificates.
17.1.10 Shareholder Agreements.
17.1.11 Shareholder Register.
17.1.12 Statutory Returns to Relevant Authorities.
17.2 Financial & Tax Records
17.2.1 Accounting records.
17.2.2 Annual financial statements.
17.2.3 Audit reports.
17.2.4 Asset register.
17.2.5 Banking records (includes, inter alia, bank statements, electronic banking records).
17.2.6 Foreign Exchange Records (if applicable).
17.2.7 Invoices and statements of account.
17.2.8 Rental and lease agreements (if applicable).
17.2.9 PAYE records and returns.
17.2.10 Tax Records and Returns.
17.2.11 VAT records and returns.
17.2.12 Documents issued to employees for income tax purposes.
17.2.13 Records of payments made to SARS (includes, inter alia, records of payments made on behalf of employees).
17.2.14 All other statutory compliances:
17.3.15 Skills Development Levies;
17.3.16 UIF;
17.3.17 Workmen's Compensation.
17.3 Insurance
17.4 Claim records.
17.5 Details of insurance coverage, limits and insurers.
17.6 Insurance declarations.
17.7 Insurance policies.
17.8 OPERATIONAL AND TECHNICAL
17.8.1 Access control records (if applicable).
17.8.2 Administration documents.
17.8.3 Agreements with contractors and suppliers.
17.8.4 Contractor and supplier data.
17.8.5 Incident reports and investigations.
17.8.6 Licenses and approvals.
17.8.7 Marketing strategies.
17.8.8 Statistics
17.8.9 Resource and reserve information.
17.8.10 Survey reports (if applicable).
17.8.11Security records (if applicable).
17.8.12 Technical records (if applicable).
17.8.13 Vendor's lists.
17.9 Safety, Health, Environment and Quality
17.9.1 Emergency response plans.
17.9.2 Incident registers and IOD claims, if any.
17.9.3 Safety management systems, data and audits.
17.9.4 SHEQ: Safety, Health, Environmental and Quality systems, policies, procedures and reports.
17.10 Personnel Documents and Records (Employees, Consultants & Job Applicants)
17.10.1 BEE Statistics.
17.10.2 Consultancy agreements.
17.10.3 Contact details (telephone numbers and e-mail addresses) of clients.
17.10.4 Correspondence with Employees.
17.10.5 Criminal background checks.
17.10.6 Curriculum vitae (includes, inter alia, work history, work experience, skills, qualifications, work references, etc.).
17.10.7 Details of next of kin for contact purposes.
17.10.8 Disciplinary code.
17.10.9 Disciplinary records.
17.10.10 Education and training records.
17.10.11 Employment agreements.
17.10.12 Employee benefit records.
17.10.13 Employment equity plan (if applicable).
17.10.14 Financial records (e.g. bank account details, invoices, statement of account).
17.10.15 Job applications.
17.10.16 Job offers.
17.10.17 Leave records (which includes, inter alia, reasons for leave taken which may include medical practitioner letters).
17.10.18 Medical records (if applicable).
17.10.19 Salary and other payments to same records.
17.10.20 SETA records (if applicable).
17.10.21 Skills development plans.
17.10.22 Reasons for termination of employment and/or consultancy.
17.10.23 Retirement benefits and medical aid.
17.10.24 Tax records (e.g. IRP5, etc.)
17.10.25 Training records.
17.10.26 Training manuals.
17.10.27 Workmen's compensation claims and records.
17.11 SALES AND MARKETING
17.11.1 Products and/or Services.
17.11.2 Markets.
17.11.3 Customers.
17.11.4 Brochures, newsletters and advertising materials.
17.11.5 Sales.
17.11.6 Delivery notes.
17.11.7 Customer Satisfaction Surveys (if applicable).
17.11.8 Proposals and Tenders.
17.12 Client Documents and Records
17.12.1 Client contact details (client contact persons, telephone numbers, cellphone numbers, e-mail addresses, preferred method of contact).
17.12.2 Client registration and/or identity number details.
17.12.3 Client addresses, both physical and postal.
17.12.4 FICA documents of clients.
17.12.5 Financial records (includes, inter alia, invoices, statement of account, payment history, default history).
17.12.6 Legal records (includes, inter alia, letters of demand, summons, etc.).
17.13 Supplier Documents and Records
17.13.1 Supplier contact details (supplier contact persons, telephone numbers, cellphone numbers, e-mail addresses, preferred method of contact).
17.13.2 Supplier registration and/or identity number details.
17.13.3 Supplier addresses, both physical and postal.
17.13.4 Supplier bank account details.
17.13.5 Financial records (e.g. invoices, statement of account, payment history).
17.14 INFORMATION TECHNOLOGY
17.14.1 Hardware and operating systems.
17.14.2 Telephone exchange equipment (if applicable).
17.14.3 Telephone lines, leased lines and data lines.
17.14.4 Disaster recovery policy and systems.
17.14.5 Internal systems support.
17.14.6 Contracts and agreements.
17.14.7 Licenses
17.14.8 Policies, procedures, standards, templates and guidelines.
17.14.9 Faults, troubleshooting and reporting.
17.14.10 Performance of IT Infrastructure.
17.14.11 Security Access.
PART 2: POPIA MANUAL
Clause 18: INTRODUCTION
18.1 Chapter 3 of POPIA provides for the minimum conditions for lawful processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in POPIA.
18.2 The Company needs Personal Information relating to both individual and juristic persons in order to carry out its business and organisational functions.
18.3 The manner in which this information is Processed and the purpose for which it is Processed is determined by the Company.
18.4 The Company is accordingly a Responsible Party for the purposes of POPIA and will ensure that the Personal Information of a Data Subject:
18.4.1 is processed lawfully, fairly and transparently. This includes the provision of appropriate information to Data Subjects when their data is collected by the Company , in the form of privacy or data collection notices. the Company must also have a legal basis (for example, consent) to process Personal Information;
18.4.2 is processed only for the purposes for which it was collected;
18.4.3 will not be processed for a secondary purpose unless that processing is compatible with the original purpose.
18.4.4 is adequate, relevant and not excessive for the purposes for which it was collected;
18.4.5 is accurate and kept up to date;
18.4.6 will not be kept for longer than necessary;
18.4.7 is processed in accordance with integrity and confidentiality principles; this includes physical and organisational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, used and communicated by the Company , in order to protect against access and acquisition by unauthorised persons and accidental loss, destruction or damage;
18.4.8 is processed in accordance with the rights of Data Subjects, where applicable.
18.5 Data Subjects have the right to:
18.5.1 be notified that their Personal Information is being collected by the Company. The Data Subject also has the right to be notified in the event of a data breach;
18.5.2 know whether the Company holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Manual;
18.5.3 request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;
18.5.4 object to the Company's use of their Personal Information and request the deletion of such Personal Information (deletion would be subject to the Company's record keeping requirements);
18.5.5 object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications; and
18.5.6 complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non-compliance with the protection of his, her or its personal information.
Clause 19 : SPECIFIC PURPOSE
19.1 As outlined above, Personal Information may only be processed by the Company for a specific purpose.
19.2 The Company uses the Personal Information under its care in the following ways:
19.2.1 administration of agreements;
19.2.2 business development and marketing of the Company's products and services;
19.2.3 conducting credit reference checks and assessments;
19.2.4 complying with tax and other laws;
19.2.5 complying with legal and regulatory requirements;
19.2.6 detecting and prevention of fraud, crime, money laundering and other malpractice;
19.2.7 discounting and asset funding purposes;
19.2.8 in connection with legal proceedings;
19.2.9 keeping of accounts and records;
19.2.10 providing products and services to customers;
19.2.11 marketing and sales;
19.2.12 rendering services according to instructions given by clients;
19.2.13 staff recruitment and administration.
Clause 20 : CATEGORIES OF DATA SUBJECTS AND PERSONAL INFORMATION
20.1 The Company may possess records relating to suppliers, shareholders, contractors service providers, staff and clients.
|
20.1.1
|
Juristic Entities:
Clients
Suppliers
Subcontractors
Consultants
|
Names of contact persons
Name of legal entity
Physical and postal address and contact details
Registration number
Founding documents
Banking and financial records
Tax related records
Authorised signatories, beneficiaries, ultimate beneficial owners
Information about products or services
|
|
20.1.2
|
Natural Persons:
Clients
Suppliers
Subcontractors
|
Full name
ID number
Physical and Postal address
Contact details
Banking and financial records
Tax related records
Information about products or services
|
|
20.1.3
|
Employees
|
Full name
ID number
Age
Language
Gender and race
Physical and postal address
Contact details
Marital status
Banking and financial details
Details of payments to third parties (deductions from wages/salary)
Education information
Employment history and references
Remuneration details and records
Tax records
Training records
Leave records
Performance appraisals
Disciplinary records
Pregnancy
Opinions
Criminal behaviour
Well-being
|
Clause 21 : RECIPIENTS OF PERSONAL INFORMATION
21.1 The Company may share the Personal Information with its agents, affiliates, and associated companies who may use this information to send the Data Subject information on products and services.
21. 2 The Company may supply the Personal Information to any party to whom it may have assigned or transferred any of its rights or obligations under any agreement, and/or to service providers who render the following services:
21.2.1 accounting and auditing services;
21.2.2 capturing and organising of data;
21.2 3 conducting due diligence checks (e.g. credit checks);
21.2.4 legal and collection services;
21.2.5 marketing services;
21.2.6 medical aid and pension schemes;
21.2.7sending of emails and other correspondence to clients;
21.2.8 storing of data.
Clause 22 : CROSS-BORDER FLOW OF PERSONAL INFORMATION
22.1 Personal Information may be transmitted trans-border to the Company's authorised dealers and its suppliers in other countries, and Personal Information may be stored in data servers hosted outside South Africa, which may not have adequate data protection laws. The Company will endeavour to ensure that its dealers and suppliers will make all reasonable efforts to secure said data and Personal Information.
Clause 23 : RETENTION OF RECORDS
23.1 The Company may retain Personal Information records indefinitely, unless the Data Subject objects thereto.
23.2. If the Data Subject objects to indefinite retention of its Personal Information the Company shall retain the Personal Information records to the extent permitted or required by law.
Clause 24 : SECURITY MEASURES
24.1 The Company employs up to date technology to ensure the confidentiality, integrity and availability of the Personal Information under its care.
24.2 Security measures include, inter alia:
24.2.1 firewalls;
24.2.2 virus protection software and update protocols;
24.2.3 logical and physical access control;
24.2.4 secure setup of hardware and software making up the IT infrastructure; and
24.2.5 outsourced service providers who process Personal Information on behalf of the Company are contracted to implement security controls.
Clause 25 : OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION
25.1 Section 11 (3) of POPIA and regulation 2 of the POPIA Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its Personal Information in the prescribed form attached to this manual as Annexure 2 subject to exceptions contained in POPIA.
Clause 26 : CORRECTION OR DELETION OF PERSONAL INFORMATION
26.1 Section 24 of POPIA and regulation 3 of the POPIA Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form attached as Annexure 3 to this Manual.
ANNEXURE 1 : FORM C OF PAIA
ACCESS REQUEST FORM
REQUEST FOR ACCESS TO A RECORD (SECTION 53(1) of PAIA)
|
A. PARTICULARS OF private body
|
|
Private Body
|
|
|
Information Officer:
|
|
|
Physical address:
|
|
|
Postal address:
|
|
|
Telephone number:
|
|
|
Email:
|
|
|
Physical Address:
|
|
|
B. PARTICULARS OF PERSON REQUESTING ACCESS TO THE RECORD
|
|
1. The particulars of the person who requests access to the record must be recorded below.
2. Furnish an email address to which information must be sent.
3. Proof of identity is required from both the requester and any person or any party acting on behalf of the requester. The original identity document or such other proof satisfactory to the Chief Executive Officer or Information Officer will need to be presented with this request by the requester or the requester's representative before the request will be processed.
4. If the request is made on behalf of another person, proof of the capacity in which the request is made, is also to be presented with this request.
|
|
Full Name:
|
|
|
Identity/Reg. Number:
|
|
|
Contactperson:
|
|
|
Telephone Number:
|
|
|
Email:
|
|
|
Physical Address:
|
|
|
Postal Address
|
|
|
C. PARTICULARS OF PERSON ON WHOSE BEHALF REQUEST IS MADE
|
|
Private Body:
|
|
|
Information Officer:
|
|
|
Identity Reg. Number:
|
|
|
Email address:
|
|
|
Telephone Number
|
|
|
Postal address:
|
|
|
Physical address:
|
|
|
D. PARTICULARS OF RECORD
|
|
1. Provide full particulars of the record to which access is requested, including the reference number if that is known to you, to enable the record to be located.
2. If the provided space is inadequate please continue on a separate folio and attach it to this form. The requester must sign all the additional folios.
3. The requester's attention is drawn to the grounds on which the private body must or may refuse access to a record (in certain instances this may be mandatory, in others it may be discretionary):
1. mandatory protection of the privacy of a third party who is a natural person (human being);
2. mandatory protection of commercial information of third party;
3. mandatory protection of certain confidential information of a third party;
4. mandatory protection of the safety of individuals, and the protection of property;
5. mandatory protection of records privileged from production in legal proceedings;
6. commercial information of a private body;
7. mandatory protection of research information of a third party and a private body.
|
|
Description of record or relevant part of the record.
|
|
Category
|
Description of Record
|
|
|
|
|
|
|
|
E. FEES
|
|
1. A request for access to a record, other than a record containing personal information about yourself, will be processed only after a request fee (currently R57.50 Including VAT) has been paid.
2. If the prescribed request fee is amended you will be notified of the amount required to be paid as the request fee.
3. The fee payable for access to a record depends on the form in which access is required and the reasonable time required to search for and prepare a record.
4. If you qualify for exemption of the payment of any fee, please state the reason therefore.
|
|
The requester qualifies for an exemption in payment of fees (mark the appropriate box):
|
Yes
|
|
No
|
|
|
Reasons for exemption:
|
|
|
G. FORM OF ACCESS TO RECORD
|
|
If you are prevented by a disability to read, view or listen to the record in the form of access provided for in 1 to 4 hereunder, state your disability and indicate in which form the record is required.
|
|
Disability
|
|
|
Form in which record is required (please mark appropriate box)
|
|
If the record is in written or printed form:
|
|
☐Copy of record ☐ Inspection of record
|
|
If the record consists of visual images:
|
|
☐View the images ☐Copy of images ☐Transcription of the images
|
|
If the record consists of recorded information that can be reproduced in sound
|
|
☐Listen to the soundtrack (audio)☐Transcription of soundtrack
|
|
If the record is held on computer or in electronic or machine-readable form
|
|
☐Printed copy of record ☐Printed copy of information derived ☐Copy in computer readable format
|
|
If you requested a copy or transcription of a record (above) do you wish the copy of transcription to be posted to you? Note that postage is payable by you.
Note that if the record is not available in the language you prefer, access may be granted in the language in which the record is available. In which language would you prefer the record:
|
|
H. PARTICULARS OF RIGHT TO BE EXERCISED OR PROTECTED
|
|
If the provided space is inadequate, please continue on a separate folio and attach it to this form. The requester must sign all the additional folios.
|
|
Indicate which right is to be exercised/protected:
|
|
|
|
Explain why the requested record is required for the exercising or protection of the aforementioned right:
|
|
I. NOTICE OF DECISION REGARDING REQUEST FOR ACCESS
|
|
You will be notified in writing whether your request has been approved/denied. If you wish to be informed thereof in another manner, please specify the manner and provide the necessary particulars to enable compliance with your request.
|
|
|
|
How would you prefer to be informed of the decision regarding your request for access to the record?
|
|
|
|
SIGNATURE OF REQUESTOR/PERSON ON WHOSE BEHALF REQUEST IS MADE
|
|
|
Date and place signed:
|
|
ANNEXURE 2 : DATA SUBJECT OBJECTION FORM
in terms of Section 11(3) of the POPIA
Affidavits or other documentary evidence in support of the objection must be attached.
If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.
|
A. Particulars of Data Subject
|
|
Full Name:
|
|
|
Identity/Reg. Number:
|
|
|
Contact person:
|
|
|
Telephone Number:
|
|
|
Email:
|
|
|
Physical Address:
|
|
|
Postal Address
|
|
|
B. Particulars of responsible person
|
|
Requests can be submitted either via post or e-mail and should be addressed to the Information Officer as indicated per below:
|
|
Private Body:
|
|
|
Information Officer:
|
|
|
Identity Reg. Number:
|
|
|
Email address:
|
|
|
Telephone Number
|
|
|
Postal address:
|
|
|
Physical address
|
|
|
C. reasons for objection/s
|
|
|
|
|
|
|
|
Signature: data subject & objector:
|
|
|
Data and place signed:
|
|
ANNEXURE 3: DATA SUBJECT REQUEST TO CORRECT/DELETE PERSONAL INFORMATION
in terms of Section 24(1) of the POPIA
- Affidavits or other documentary evidence in support of the objection must be attached.
- If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.
- Mark the appropriate box with an "x". Request for:
- ☐Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party.
- ☐Destroying or deletion of a record of personal information about the data subject which is in possession or under the control of the responsible party and who is no longer authorised to retain the record of information
|
A.Particulars of data Subject
|
|
Full Name:
|
|
|
Identity/Reg. Number:
|
|
|
Contact person:
|
|
|
Telephone Number:
|
|
|
Email:
|
|
|
Physical Address:
|
|
|
Postal Address
|
|
|
B. Particulars of responsible person
|
|
Requests can be submitted either via post or e-mail and should be addressed to the Information Officer as indicated per below:
|
|
Private Body:
|
|
|
Information Officer:
|
|
|
Identity Reg. Number:
|
|
|
Email address:
|
|
|
Telephone Number
|
|
|
Postal address:
|
|
|
Physical address
|
|
|
C. reasons for
☐ Correction or Deletion of the personal information about the data subject
☐ Destruction or deletion of a record or personal information about the data subject which is in possession or under the control of the responsible party (Please provide detailed reason for this request)
|
|
|
|
|
|
|
|
Signature: data subject & objector:
|
|
|
Data and place signed:
|
|
