PAIA and POPI Manual

Published in terms of Section 51 of the Promotion of Access to Information Act 2 of 2000

This manual applies to
LEADWITHLOVE (PTY) LIMITED
Registration number: 2022/859485/07
(“Organisation”)

 

  1. BACKGROUND TO THE PROMOTION OF ACCESS TO INFORMATION ACT
  • The Promotion of Access to Information Act, No.2 of 2000 (“PAIA Act”) was enacted on 3 February 2000, giving effect to the constitutional right in terms of section 32 of the Bill of Rights contained in the Constitution of the Republic of South Africa 108 of 1996 (the “Constitution”) of access to any information held by the state and any information that is held by another person that is required for the exercise or protection of any rights.
  • In terms of section 51 of the PAIA Act, all private bodies (juristic and natural persons) are required to compile an Information Manual (“PAIA Manual”).
  • Where a request is made in terms of the PAIA Act, the body to whom the request is made is obliged to release the information, subject to applicable legislative and/or regulatory requirements, except where the PAIA Act expressly provides that the information may be adopted when requesting information from a public or private body.
  1. DETAILS OF ORGANISATION THIS MANUAL APPLIES TO
  • This manual was prepared in accordance with section 51 of the PAIA Act and to address requirements of the POPI Act for the Organisation.
  • The Organisation is the supplier of collars and leashes and related accessories.
  • This PAIA manual is available at its premises: 8 Dikkop Street, Southdowns Estate, Irene, Centurion, Pretoria, 0157, as well as on its website: https://leadwithlove.africa
  1. PURPOSE
  • The purpose of the PAIA Act is to promote the right of access to information, to foster a culture of transparency and accountability within the Organisation by giving the right to information that is required for the exercise or protection of any right and to actively promote a society in which the people of South Africa have effective access to information to enable them to exercise and protect their rights.
  • In order to promote effective governance of private bodies, it is necessary to ensure that everyone is empowered and educated to understand their rights in relation to public and private bodies.
  • Section 9 of the PAIA Act recognizes that the right to access information cannot be unlimited and should be subjected to justifiable limitations, including, but not limited to:
    • limitation aimed at the reasonable protection of privacy;
    • commercial confidentiality;
    • effective, efficient and good governance,

and in a manner which balances that right with any other rights, including such rights contained in the Bill of Rights in the Constitution.

  • This PAIA manual complies with the requirements of the guide contained in section 10 of the PAIA Act and recognizes that upon commencement of the POPI Act, that the appointed Information Regulator will be responsible to regulate compliance with the PAIA Act and its regulations by private and public bodies.
  1. CONTACT DETAILS [Section 51(1)(a)]

4.1          The details of the Organisation that adopted this PAIA Manual is as follows:

Managing Director

Sarah Bryce

Registered Address

8 Dikkop Street, Southdowns Estate, Irene, Pretoria, 0157

Postal Address

8 Dikkop Street, Southdowns Estate, Irene, Pretoria, 0157

Telephone Number

072 605 5093

Website

https://leadwithlove.africa

 

  1. THE INFORMATION OFFICER [Section 51(1)(b)]
  • The PAIA Act prescribes the appointment of an Information Officer for the public bodies where such Information Officer is responsible to, inter alia, assess requests for access to information.
  • The head of a private body fulfils such a function in terms of section 51 of the PAIA Act. The Organisation has opted to appoint the following person as Information Officer to assess such a request for access to information as well as to oversee its required functions in terms of the PAIA Act:

Information Officer

Sarah Bryce

Address

8 Dikkop Street, Southdowns Estate, Irene, Pretoria, 0157

Telephone Number

072 605 5093

E-mail

sarah@leadwithlove.africa

 

  • The Information Officer appointed in terms of the PAIA Act also refers to the Information Officer as referred to in the POPI Act. The Information Officer oversees the functions and responsibilities as required for in terms of both the PAIA Act as well as the duties and responsibilities in terms of section 55 of the POPI Act after registering with the Information Regulator.
  • The Information Officer may appoint, where it deemed necessary, Deputy Information Officers, as allowed in terms of section 17 of the PAIA Act as well as section 56 of the POPI Act. The Organisation has opted not to appoint a Deputy Information Officer.
  • This is to render the Organisation as accessible as reasonable possible for requesters of its records and to ensure fulfilment of its obligations and responsibilities as prescribed in terms of section 55 of the POPI Act. All requests for information in terms of the PAIA Act must be addressed to the Information Officer.
  1. GUIDE OF SA HUMAN RIGHTS COMMISSION AND THE INFORMATION REGULATOR [Section 51(1)(b)]
  • The PAIA Act grants a Requester access to records of a private body, if the record is required for the exercise to protection of any rights.
  • Requests in terms of the PAIA Act shall be made in accordance with the prescribed procedures, at the rates provided. The forms and tariff are dealt with in paragraphs 6 and 7 of the PAIA Act.
  • Requests are referred to the Guide in terms of section 10 of the PAIA Act which has been compiled by the South African Human Rights Commission (“SAHRC”), which will contain information for the purposes of exercising Constitutional Rights.
  • Sections 110 and 114(4) of the POPI Act states that the SAHRC will be replaced as the Regulator under the PAIA Act and will be replaced with the Information Regulator. The Information Regulator will take over the PAIA functions from SAHRC. Requests to access records of a private body can be made to the Information Regulator as follows:

Contact Body

The Information Regulator (South Africa)

Physical Address

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Postal Address

P.O Box 31533, Braamfontein, Johannesburg, 2017

Telephone Number

+27 (0)12 406 4818

E-mail

inforeg@justice.gov.za

Website

www.justice.gov.za/inforeg

 

  1. LATEST NOTICE IN TERMS OF SECTION 52(2) (IF ANY) [Section51(1)(c)]

No notice has been published on the categories of records that are automatically available without a person having to request access in terms of section 52(2) of the PAIA Act.

  1. SUBJECTS AND CATEGORIES OF RECORDS AVAILABLE ONLY ON REQUEST TO ACCESS IN TERMS OF THE ACT [Section 51(1)(e)]
  • Records held by the Organisation
  • This clause serves as reference to the categories of information that the Organisation may hold if applicable. The information is classified and grouped according to records relating to the following subjects and categories:

Subject

Category

Companies Act Records

Documents of Incorporation

Index of names of Directors

Memorandum of Incorporation

Minutes of meetings of the board of directors

Minutes of meetings of shareholders

Proxy forms

Register of directors ’shareholdings

Share certificates

Share Register and other statutory registers and/or records and/or documents

Special resolutions/Resolutions passed at General and Class meetings

Records relating to the appointment of:

Auditors

Directors

Prescribed officers

Public Officers

Secretary

Financial Records

Accounting records

Annual Financial Reports

Annual Financial Statements

Asset Registers

Bank statement

Banking details and bank accounts

Banking records

Debtors/Creditors statements and invoices;

General ledgers and subsidiary ledgers

General reconciliation

Invoices

Policies and procedures

Rental Agreements; and

Tax returns

Income Tax records

PAYE Records

Documents issued to employees for income tax purposes

Records of payments made to SARS on behalf of employees

All other statutory compliances:

VAT

Regional Services Levies

Skills Development Levies

UIF

Workmen’s Compensation

Personal Documents and Records

Accident books and records

Address lists

Disciplinary Code and Records

Employee benefit arrangement rules and records

Employment contracts

Employment Equity Plans

Forms and Applications

Grievance procedure

Leave records

Medical Aid records

Payroll Reports/ Wage registers

Pension Fund Records

Safety, Health and Environmental records

Salary records

SETA records

Standard letters and notices

Training Manuals

Training records

Workplace and Union agreements and records

Procurement

Standard terms and Conditions for supply of services and products

Contractor, client and supplier agreements

Lists of suppliers, products, services and distribution

Policies and Procedures

Sales

Customer details

Credit application information

Information and records provided by a third party

Marketing

Advertising and promotional material

Safety, Health and Environment

Complete Safety, Health and Environmental Risk assessment

Environmental Management Plans

Inquiries, inspections, examinations by environmental authorities

IT

Computer/mobile device usage policy documentation

Disaster recovery plans

Hardware asset registers

Information security policies/standard/procedures

Information technology systems and user manuals

Information usage policy documentation

Project implementation plans

Software licensing

System documentation and manuals

 

  • Note that the accessibility of the records may be subject to the grounds of refusal set out in this PAIA Manual.
  • Amongst other, records deemed confidential on the part of a third party, will necessitate permission from the third party concerned, in addition to normal requirements, before the Organisation will consider access.
  1. RECORDS AVAILABLE WITHOUT REQUEST TO ACCESS IN TERMS OF THE PAIA ACT
  • Records of a public nature may be accessed without the need to submit a formal application.
  • Other non-confidential records, such as statutory records maintained at Companies and Intellectual Property Commission, may also be accessed without the need to submit a formal application. However, please note that an appointment to view such records will still have to be made with the Information Officer.
  1. DESCRIPTION OF RECORDS OF THE BODY WHICH ARE AVAILABLE IN ACCORDANCE WITH ANY OTHER LEGISLATION [Section 51(1)(d)]
  • Where applicable to its operations, the Organisation also retains records and documents in terms of the legislation below. Unless disclosure is prohibited in terms of legislation, regulations, contractual agreement or otherwise, records that are required to be made available in terms of these shall be made available for inspection by interested parties in terms of the requirements and conditions of the PAIA Act and the POPI Act or in terms of the below mentioned legislation and applicable internal policies, should such interested parties be entitled to such information.
  • A request to access must be done in accordance with the prescriptions of the PAIA Act.
  • The legislation applicable to the Organisation may include but are not limited to the following:
    • Basic Conditions of Employment Act, No 75 of 1997;
    • Broad-Based Black Economic Empowerment Act, No 53 of 2003;
    • Business Act, No71 of 1991;
    • Companies Act, No 71 of 2008;
    • Compensation for Occupational Injuries & Diseases Act, 130 of 1993;
    • Competition Act, No 71 of 2008;
    • Consumer Protection Act, No 68 of 2008;
    • Constitution of the Republic of South Africa 2008;
    • Copyright Act, No 98 of 1978;
    • Customs and Excise Act, 91 of 1964;
    • Electronic Communications Act, No 36 of 2005;
    • Electronic Communications and Transactions Act No 25 of 2002;
    • Employment Equity Act No 55 of 1998;
    • Financial Intelligence Centre Act, No 38 of 2001;
    • Identification Act, No 68 of 1997;
    • Income Tax Act, No 58 of 1962;
    • Intellectual Property Laws Amendment Act No 38 of 1997;
    • Labour Relations Act, No 66 of 1995;
    • Occupational Health and Safety Act, No 85 of 1993;
    • Prescription Act, No 68 of 1969;
    • Prevention of Organised Crime Act, No 121 of 1998;
    • Promotion of Access to Information Act, No. 2 of 2000;
    • Protection of Personal Information Act, No 4 of 2013;
    • Regulations of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002;
    • Revenue Laws Second Amendment Act No. 61 of 2008;
    • Skills Development Levies Act No. 9 of 1999;
    • Unemployment Insurance Contributions Act 4 of 2002;
    • Unemployment Insurance Act no.30 of 1966; and
    • Value Added Tax Act 89 of 1991.
  • It is further recorded that the accessibility of documents and records may be subject to the grounds of refusal set out in this PAIA Manual.
  1. DETAIL TO FACILTATE A REQUEST FOR ACCESS TO A RECORD OF THE ORGANISATION [Section 51(1)(e)]
  • The Requester, as defined in the PAIA Act, must comply with all the procedural requirements contained in the PAIA Act relating to the request for access to a record.
  • The Requester must complete the prescribed form and submit same as well as payment of a request fee and a deposit (if applicable) to the Information Officer or the Deputy Information Officer at the postal or physical address or electronic mail address as noted in clause 5
  • The form can be obtained from the Information Regulator’s website justice.gov.za/inforeg
  • The prescribed from must be filled in with sufficient information to enable the Information Officer to identify:
    • the record or records requested; and
    • the identity of the
  • The Requester should indicate which form of access is required and specify a postal address or fax number of the Requester in the Republic of South Africa.
  • The Requester must state that he/she requires the information in order to exercise or protect a right, and clearly state what the nature of the right is so to be exercised or protected. The Requester must clearly specify why the record is necessary to exercise or protect such a right (section 53(2)(d) of the PAIA Act).
  • The Organisation will process the request within 30 (thirty) days, unless the Requester has stated special reasons to the satisfaction of the Information Officer that circumstances dictate that the above time periods not be complied with.
  • The Requester shall be advised whether access is granted or denied in writing. If, in addition, the Requester requires the reasons for the decision in any other manner, the Requester will be obliged to state which manner and the particulars required.
  • If a request is made on behalf of another person, then the Requester must submit proof of the capacity in which the Requester is making the request to the reasonable satisfaction of the Information Officer (section 53(2)(f) of the PAIA Act).
  • If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.
  • The Requester must pay the prescribed fee, before any further processing can take place.
  • All information as listed in this clause 11 herein should be provided and failing which the process will be delayed until the required information is provided. The prescribed time periods will not commence until the Requester has furnished all the necessary and required information. The Information Officer shall sever a record, if possible, and grant only access to that portion requested and which is not prohibited from being disclosed.
  1. REFUSAL OF ACCESS TO RECORDS
  • Grounds to Refuse Access
  • A private body such as the Organisation is entitled to refuse a request for information.
  • The main grounds for the Organisation to refuse a request for information relates to the:
    • mandatory protection of the privacy of a third party who is a natural person or a deceased person (section 63) or a juristic person, as included in POPI Act, which would involve the unreasonable disclosure of personal information of that natural or juristic person;
    • mandatory protection of personal information and for disclosure of any personal information to, in addition to any other legislative, regulatory or contractual agreements, to comply with the provisions of the POPI Act;
    • mandatory protection of the commercial information of a third party (section 64 of the PAIA Act) if the record contains:
      • trade secrets of the third party;
      • financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of that third party; or
      • information disclosed in confidence by a third party to the Organisation, if the disclosure could put that third party at a disadvantage in negotiations or commercial competition;
    • mandatory protection of confidential information of third parties (section 65 of the PAIA Act) if it is protected in terms of any agreement;
    • mandatory protection of the safety of individuals and the protection of property (section 66 of the PAIA Act);
    • mandatory protection of records which would be regarded as privileged in legal proceedings (section 67 of the PAIA Act);
    • the commercial activities (section 68 of the PAIA Act) of a private body, such as the Organisation, which may include:
      • trade secrets of the Organisation;
      • financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of the Organisation;
      • information which, if disclosed could put the Organisation at a disadvantage in negotiations or commercial competition;
      • a computer program which is owned by the Organisation, and which is protected by copyright; or
      • the research information (section 69 of the PAIA Act) of the Organisation or a third party, if its disclosure would disclose the identity of the Organisation, the researcher or the subject matter of the research and would place the research at a serious disadvantage; or
    • requests for information that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources shall be refused.
  • All requests for information will be assessed on their own merits and in accordance with the applicable legal principles and legislation.
  • If a requested record cannot be found or if the record does not exist, the Information Officer shall, by way of an affidavit or affirmation, notify the Requester that it is not possible to give access to the requested record. Such a notice will be regarded as a decision to refuse a request for access to the record concerned for the purpose of the PAIA Act. If the record should later be found, the Requester shall be given access to the record in the manner stipulated by the Requester in the prescribed form, unless the Information Officer refuses access to such record.
  1. REMEDIES AVAILABLE WHEN THE ORGANISATION REFUSES A REQUEST
  • Internal Remedies
    • The Organisation does not have internal appeal procedures. The decision made by the Information Officer is final.
    • Requesters will have to exercise such external remedies at their disposal if the request for information is refused and the Requestor is not satisfied with the answer supplied by the Information Officer.
  • External Remedies
    • A Requestor that is dissatisfied with the Information Officer’s refusal to disclose information, may within 30 (thirty) days of notification of the decision, may apply to a Court for relief.
    • For purposes of the PAIA Act, the Courts that have jurisdiction over these applications are the Constitutional Court, the High Court or another court of similar status and a Magistrate’s Court designated by the Minister of Justice and Constitutional Development, and which is presided over by a designated Magistrate.
  1. ACCESS TO RECORDS HELD BY THE ORGANISATION
  • Prerequisites for Access by Personal/Other Requester
  • Records held by the Organisation may be accessed by requests only once the prerequisite requirements for access have been met.
  • A Requester is any person making a request for access to a record of the Organisation.
  • There are 2 (two) types of requesters:
  • Personal Requester
  • A personal requester is a requester who is seeking access to a record containing personal information about the Requester.
  • The Organisation will voluntarily provide the requested information, or give access to any record with regard to the requester’s personal information. The prescribed fee for reproduction of the information requested will be charged.
  • Other Requester
  • This Requester (other than a personal requester) is entitled to request access to information on third parties.
  • In considering such a request, the Organisation will adhere to the provisions of the PAIA Act. Section 71 of the PAIA Act requires that the Information Officer take all reasonable steps to inform a third party to whom the requested record relates of the request, informing him/her that he/she may make a written or oral representation to the Information Officer why the request should be refused or, where required, give written consent for the disclosure of the Information.
  • The Organisation is not obliged to voluntarily grant access to such records. The Requester must fulfil the prerequisite requirements, in accordance with the requirements of the PAIA Act and as stipulated in Chapter 5: Part 3, including the payment of a request and access fee.
  1. PRESCRIBED FEES [Section 51(1)(f)]
  • Fees Provided by the PAIA Act
    • The PAIA Act provides for 2 (two) types of fees, namely:
      • a request fee, which is a form of administration fee to be paid by all Requesters except personal requesters, before the request is considered and is not refundable; and
      • an access fee, which is paid by all Requesters in the event that a request for access is granted. This fee is inclusive of costs involved by the private body in obtaining and preparing a record for delivery to the Requester.
    • When the request is received by the Information Officer, such officer shall by notice require the Requester, other than a personal requester, to pay the prescribed request fee, before further processing of the request (section 54(1) of the PAIA Act).
    • If the search for the record has been made and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the Information Officer shall notify the Requester to pay as a deposit the prescribed portion of the access fee which would be payable if the request is granted.
    • The Information Officer shall withhold a record until the Requester has paid the fees as indicated below.
    • A Requester whose request for access to a record has been granted, must pay an access fee that is calculated to include, where applicable, the request fee, the process fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available in the request form.
    • If a deposit has been paid in respect of a request for access, which is refused, then the Information Officer concerned must repay the deposit to the Requester.
  1. REPRODUCTION FEE
  • Where the Organisation has voluntarily provided the Minister with a list of categories of records that will automatically be made available to any person requesting access thereto, the only charge that may be levied for obtaining such records, will be a fee for reproduction of the record in question, which will be as prescribed by the PAIA Act.
  • Request Fees
  • Where a Requester submits a request for access to information held by an institution on a person other than the Requester himself/herself, a request fee in the amount of R50,00 is payable up-front before the institution will further process the request received.
  • Access Fees
  • An access fee is payable in all instances where a request for access to information is granted, except in those instances where payment of an access fee is specially excluded in terms of the PAIA Act or an exclusion is determined by the Minister in terms of section 54(8) of the PAIA Act. The applicable access fees will be payable as prescribed by the PAIA Act.
  • Deposits
  • Where the institution receives a request for access to information held on a person other than the Requester himself/herself and the Information Officer upon receipt of the request is of the opinion that the preparation of the required record of disclosure will take more than 6 (six) hours, a deposit is payable by the Requester.
  • The amount of the deposit is equal to 1/3 (one third) of the amount of the applicable access fee.
  • Collection Fees
  • The initial “request fee” of R50,00 should be deposited into the bank account nominated by the Organisation and a copy of the deposit slip, application form and other correspondence / documents, forwarded to the Information Officer via fax/ email.
  • All fees are subject to change as allowed for in the PAIA Act and as a consequence such escalations may not always be immediately available at the time of the request being made.
  • Requesters shall be informed of any changes in the fees prior to making a payment.
  1. DECISION
  • Time Allowed to Institution
  • The Organisation will, within 30 (thirty) days of receipt of the request, decide whether to grant or decline the request and give notice with reasons (if required) to that effect.
  • The 30 (thirty) day period within which the Organisation has to decide whether to grant or refuse the request, may be extended for a further period of not more than (30) thirty days if the request is for a large number of information, or the request requires a search for information held at another office of the Organisation and the information cannot reasonably be obtained within the original 30 (thirty) day period.
  • The Organisation will notify the Requester in writing should an extension be sought.
  1. PROTECTION OF PERSONAL INFORMATION THAT IS PROCESSED BY THE ORGANISATION
  • The POPI Act requires the Organisation to inform their clients as to the manner in which their Personal Information is used, disclosed and destroyed.
  • Chapter 3 of the POPI Act provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in the POPI Act.
  • In this clause 18 words and phrases shall have the meanings assigned to them as in the POPI Act.
  • The Organisation needs Personal Information relating to both individual and juristic persons in order to carry out its business and organizational functions. The manner in which this information is Processed and the purpose for which it is Processed is determined by the Organisation. The Organisation is accordingly a Responsible Party for the purposes of the POPI Act and will ensure that the Personal Information of a Data Subject:
    • is processed lawfully, fairly and transparently. This includes the provision of appropriate information to Data Subjects when their data is collected by the Organisation, in the form of privacy or data collection notices. The Organisation must also have a legal basis (for example, consent) to process Personal Information;
    • is processed only for the purposes for which it was collected;
    • will not be processed for a secondary purpose unless that processing is compatible with the original purpose.
    • is adequate, relevant and not excessive for the purposes for which it was collected;
    • is accurate and kept up to date;
    • will not be kept for longer than necessary;
    • is processed in accordance with integrity and confidentiality principles. This includes physical and organizational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, used and communicated by the Organisation, in order to protect against access and acquisition by unauthorized persons and accidental loss, destruction or damage;
    • is processed in accordance with the rights of Data Subjects, where applicable. Data Subjects have the right to:
      • be notified that their Personal Information is being collected by the Organisation. The Data Subject also has the right to be notified in the event of a data breach;
      • know whether the Organisation holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this PAIA Manual;
      • request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;
      • object to the Organisation’s use of their Personal Information and request the deletion of such Personal Information (deletion would be subject to the Organisation’s record keeping requirements);
      • object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications; and
      • complain to the Information Regulator regarding an alleged infringement of any of the rights protected under the POPI Act and to institute civil proceedings regarding the alleged non- compliance with the protection of his, her or its personal information.
  • Purpose of the Processing of Personal Information by the Organisation
    • As outlined above, Personal Information may only be processed for a specific purpose. The purposes for which the Organisation processes or will process Personal Information is:
      • for the ordering and delivery of products;
      • to communicate with clients;
      • confirming, verifying and updating client details;
      • conducting market or customer satisfaction research;
      • internal HR purposes; and
      • in connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
  • Categories of Data Subjects and Personal Information/Special Personal Information relating thereto
    • As per section 1 of the POPI Act, a Data Subject may either be a natural or a juristic person. Below are the types of Personal Information that will be collected:
      • title, full names, initials and identity number/ passport number of natural person;
      • registration name and number of juristic person; and
      • contact number, email addresses, fax numbers, postal addresses and physical addresses.
  • Recipients of Personal Information
  • The Organisation may provide a Data Subject’s Personal Information to the following recipients:
    • employees of the Organization;
    • sub-contractors;
    • auditors; and
    • as required by law.

 

  • Cross-border flows of Personal Information
  • Section 72 of the POPI Act provides that Personal Information may only be transferred out of the Republic of South Africa if the:
    • recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws must be substantially similar to the Conditions for Lawful Processing as contained in the POPI Act; or
    • Data Subject consents to the transfer of their Personal Information; or
    • transfer is necessary for the performance of a contractual obligation between the Data Subject and the Responsible Party; or
    • transfer is necessary for the performance of a contractual obligation between the Responsible Party and a third party, in the interests of the Data Subject; or
    • the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to obtain the consent of the Data Subject, and if it were, the Data Subject, would in all likelihood provide such consent.
  • The Organisation’s planned cross-border transfers, if applicable, of Personal Information and the condition that applies thereto will be on the same terms and conditions as set out herein.
  • Description of information security measures to be implemented by the Organisation
  • The types of security measures to be implemented by the Organisation in order to ensure that Personal Information is respected and protected is:
    • firewalls;
    • anti-virus programmes;
    • password protected computers; and
    • access rights to confidential information and systems.
  • A preliminary assessment of the suitability of the information security measures implemented or to be implemented by the Organisation may be conducted in order to ensure that the Personal Information that is processed by the Organisation is safeguarded and Processed in accordance with the Conditions for Lawful Processing.
  • Objection to the Processing of Personal Information by a Data Subject
  • Section 11 (3) of the POPI Act and regulation 2 of the POPI Act Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its Personal Information in the prescribed form (Form 1 to be obtained under the POPI Act Regulations), subject to exceptions contained in the POPI Act.
  • Request for correction or deletion of Personal Information
  • Section 24 of the POPI Act and regulation 3 of the POPI Act Regulations provides that a Data Subject may in the prescribed form (Form 2 to be obtained under the POPI Act Regulations) request for their Personal Information to be corrected or deleted.
  1. AVAILABILITY AND UPDATING OF THE PAIA MANUAL
  • This PAIA Manual is made available in terms of Regulation Number R.187 of 15 February 2002. The Organisation will update this PAIA Manual at such intervals as may be deemed necessary.
  • This PAIA Manual of the Organisation is available to view at its premises and on its website.

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.