PAIA & POPIA Policy Manual
1 DEFINITIONS
1.1 The Company means Viewpoint Holdings (Pty) Ltd t/a Wayfare Culture (Registration Number: 2019/483471/07), a Private Company duly registered and incorporated with limited liability in accordance with the company laws of the Republic of South Africa and having its principal place of business situated at 13 Branch Lane, Blairgowrie, Johannesburg, 2194, Gauteng, Republic of South Africa.
1.2 Conditions for Lawful Processing means the conditions for the lawful processing of Personal Information as fully set out in chapter 3 of POPIA;
1.3 Constitution means the Constitution of the Republic of South Africa, 1996;
1.4 Customer refers to any natural or juristic person that received or receives services from the Company;
1.5 Data Subject has the meaning ascribed thereto in section 1 of POPIA;
1.6 Head of the Company means the “head” as defined in section 1 of PAIA and referred to in clause 4;
1.7 Information Officer means the individual referred to in clause 4;
1.8 Manual means this manual prepared in accordance with section 51 of PAIA and regulation 4(1)(d) of the POPIA Regulations;
1.9 PAIA means the Promotion of Access to Information Act, 2000;
1.10 Personal Information has the meaning ascribed thereto in section 1 of POPIA;
1.11 Personnel refers to any person who works for, or provides services to or on behalf of the Company, and receives or is entitled to receive remuneration and any other person who assists in carrying out or conducting the business of the Company, which includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff as well as contract workers;
1.12 POPIA means the Protection of Personal Information Act, 2013;
1.13 POPIA Regulations mean the regulations promulgated in terms of section 112(2) of POPIA;
1.14 Private Body has the meaning ascribed thereto in sections 1 of both PAIA and POPIA;
1.15 Processing has the meaning ascribed thereto in section 1 of POPIA;
1.16 Responsible Party has the meaning ascribed thereto in section 1 of POPIA;
1.17 Record has the meaning ascribed thereto in section 1 of PAIA and includes Personal Information;
1.18 Requester has the meaning ascribed thereto in section 1 of PAIA;
1.19 Request for Access has the meaning ascribed thereto in section 1 of PAIA; and
1.20 SAHRC means the South African Human Rights Commission.
Capitalized terms used in this Manual have the meanings ascribed thereto in section 1 of POPIA and
PAIA as the context specifically requires, unless otherwise defined herein.
2 PURPOSE OF THE MANUAL
This Manual:
2.1 for the purposes of PAIA, details the procedure to be followed by a Requester and the manner in which a Request for Access will be facilitated; and
2.2 for the purposes of POPIA, amongst other things, details the purpose for which Personal Information may be processed; a description of the categories of Data Subjects for whom the Company Processes Personal Information as well as the categories of Personal Information relating to such Data Subjects; and the recipients to whom Personal Information may be supplied.
3 COMPANY DETAILS
3.1 The details of the Company are as follows:
|
Physical address |
13 Branch Lane Blairgowrie Johannesburg Gauteng
South Africa |
|
Postal address: |
PO Box 1715
Pinegowrie
2123 |
|
Telephone number: |
011 787 0672 |
4 CONTACT DETAILS OF THE INFORMATION OFFICER
4.1 The Information Officer’s details are as follows:
|
Name |
Rowan Levieux
|
|
Physical address |
13 Branch Lane Blairgowrie Johannesburg Gauteng
South Africa |
|
Postal address |
PO Box 1715
Pinegowrie
2123 |
|
Email address: |
rowan@leeroy.co.za
|
|
Telephone number |
011 787 0672 |
5 THE SOUTH AFRICAN HUMAN RIGHTS COMMISSION
5.1 The SAHRC has compiled a guide, as contemplated in section 10 of the South African Human Rights Commission Act, 2013 (“the Act”) containing information to assist any person who wishes to exercise any right as contemplated in the Act.
5.2 This guide is available from the SAHRC at:
|
Postal address |
Private Bag 2700, Houghton, 2041 |
|
Website |
www.sahrc.org.za |
|
Telephone number |
011 877 3600 |
|
Fax number |
011 403 0684 |
6 PUBLICATION AND AVAILABILITY OF CERTAIN RECORDS IN TERMS OF PAIA
6.1 Schedule of Records
The Schedule of Records as contained in Appendix 1 of this Manual details a non-exhaustive list of Records that are held and/or Processed by the Company for the purposes of PAIA and POPIA respectively. Such Access to such Records may not be granted if they are subject to the grounds of refusal which are specified in clause 7 below.
6.2 List of applicable legislation
(1) The Company retains records which are required in terms of legislation other than PAIA.
(2) Certain legislation provides that private bodies shall allow certain persons access to specified records, upon request. Legislation that may be consulted to establish whether the Requester has a right of access to a record other than in terms of the procedure set out in the PAIA are set out in Appendix 2.
7 GROUNDS FOR REFUSAL OF ACCESS TO RECORDS IN TERMS OF PAIA
The following are the grounds on which the Company may, subject to the exceptions contained in Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:
7.1 mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable;
7.2 mandatory protection of the commercial information of a third party, if the Records contain:
(1) trade secrets of that third party;
(2) financial, commercial, scientific or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or
(3) information disclosed in confidence by a third party to the Company, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition;
7.3 mandatory protection of confidential information of third parties if it is protected in terms of any agreement;
7.4 mandatory protection of the safety of individuals and the protection of property;
7.5 mandatory protection of Records that would be regarded as privileged in legal proceedings;
7.6 protection of the commercial information of the Company, which may include:
(1) trade secrets;
(2) financial/commercial, scientific or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of the Company;
(3) information which, if disclosed, could put the Company at a disadvantage in contractual or other negotiations or prejudice the Company in commercial competition; and/or
(4) computer programs which are owned by the Company, and which are protected by copyright and intellectual property laws;
7.7 research information of the Company or a third party, if such disclosure would place the research or the researcher at a serious disadvantage; and
7.8 Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.
8 INFORMATION OR RECORDS NOT FOUND
If the Company cannot find the records that the Requester is looking for despite reasonable and diligent search and it believes either that the records are lost or that the records are in its possession but unattainable, the Requester will receive a notice in this regard from the Information Officer in the form of an affidavit setting out the measures taken to locate the document and accordingly the inability to locate the document.
9 REMEDIES AVAILABLE TO THE REQUESTER UPON REFUSAL OF A REQUEST FOR ACCESS IN TERMS OF PAIA
9.1 The Company does not have internal appeal procedures. As such, the decision made by the Information Officer is final, and Requesters will have to exercise such external remedies at their disposal if the Request for Access is refused.
9.2 In accordance with sections 56(3) (c) and 78 of PAIA, a Requester may apply to a court for relief within 180 days of notification of the decision for appropriate relief.
10 PROCEDURE FOR A REQUEST FOR ACCESS IN TERMS OF PAIA
10.1 A Requester must comply with all the procedural requirements as contained in section 53 of PAIA relating to a Request for Access to a Record.
10.2 A Requester must complete the prescribed Request for Access form attached as Appendix 3, and submit the completed Request for Access form as well as payment of a request fee (if applicable) and a deposit (if applicable), to the Information Officer at the postal or physical address, facsimile number or electronic mail address stated in clause 4 above.
10.3 The Request for Access form must be completed with enough detail so as to enable the Information Officer to identify the following:
(1) the Record/s requested;
(2) the identity of the Requester;
(3) the form of access that is required, if the request is granted;
(4) the postal address or fax number of the Requester; and
(5) the right that the Requester is seeking to protect and an explanation as to why the Record is necessary to exercise or protect such a right.
10.4 If a Request for Access is made on behalf of another person, the Requester must submit proof of the capacity in which the Requester is making the request to the reasonable satisfaction of the Information Officer.
10.5 If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.
10.6 The Company will voluntarily provide the requested Records to a Personal Requester (as defined in section 1 of PAIA). The prescribed fee for reproduction of the Record requested by a Personal Requester will be charged in accordance with section 54(6) of PAIA and paragraph 11 below.
11 FEES
11.1 When the Request for Access is received by the Information Officer, the Information Officer will by notice require the Requester, other than a Personal Requester, to pay the prescribed request fee (if any), before further processing of the Request for Access.
11.2 Prescribed request fees are set out in Appendix 4.
11.3 If the search for a Record requires more than the prescribed hours for this purpose, the Information Officer will notify the Requester to pay as a deposit, the prescribed portion of the access fee (being not more than one third) which would be payable if the Request for Access is granted.
11.4 The Information Officer will withhold a Record until the Requester has paid the fees set out in Appendix 4.
11.5 A Requester whose Request for Access to a Record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the Record for disclosure, including making arrangements to make it available in a requested form provided for in PAIA.
11.6 If a deposit has been paid in respect of a Request for Access which is refused, the Information Officer will repay the deposit to the Requester.
12 DECISION TO GRANT ACCESS TO RECORDS
12.1 The Company will decide whether to grant or decline the Request for Access within 30 days of receipt of the Request for Access and must give notice to the Requester with reasons (if required) to that effect.
12.2 The period referred to above may be extended for a further period of not more than 30 days if the Request for Access is for a large number of Records or the Request for Access requires a search for Records held at another office of the Company and the Records cannot reasonably be obtained within the original 30 day period.
12.3 The Company will notify the Requester in writing should an extension of time as contemplated above be required.
12.4 If, in addition to a written reply from the Information Officer, the Requester wishes to be informed of the decision on the Request for Access in any other manner, the Requester must state the manner and particulars so required.
13 AVAILABILITY OF THE MANUAL
13.1 This Manual is made available in terms of PAIA and section 4 of the Regulations to POPIA.
13.2 This Manual is further available at and at the offices of the Company for inspection during normal business hours. No fee will be levied for inspection as contemplated in this clause.
13.3 This Manual will also be available at www.wayfareculture.co.za
13.4 Copies of the Manual can be obtained from the Information Officer. A fee will be levied for copies of the manual in accordance with Appendix 4.
14 PROTECTION OF PERSONAL INFORMATION THAT IS PROCESSED BY THE COMPANY
14.1 Chapter 3 of POPIA provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in POPIA.
14.2 The Company needs Personal Information relating to both individual and juristic persons in order to carry out its business and organisational functions. The manner in which this information is Processed and the purpose for which it is Processed is determined by the Company. The Company is accordingly a Responsible Party for the purposes of POPIA and will ensure that the Personal Information of a Data Subject:
(1) is processed lawfully, fairly and transparently. This includes the provision of appropriate information to Data Subjects when their data is collected by the Company, in the form of privacy or data collection notices. The Company must also have a legal basis (for example, consent) to process Personal Information;
(2) is processed only for the purposes for which it was collected;
(3) will not be processed for a secondary purpose unless that processing is compatible with the original purpose.
(4) is adequate, relevant and not excessive for the purposes for which it was collected;
(5) is accurate and kept up to date;
(6) will not be kept for longer than necessary;
(7) is processed in accordance with integrity and confidentiality principles; this includes physical and organisational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, used and communicated by the Company, in order to protect against access and acquisition by unauthorised persons and accidental loss, destruction or damage;
(8) is processed in accordance with the rights of Data Subjects, where applicable. Data Subjects have the right to:
(a) be notified that their Personal Information is being collected by the Company. The Data Subject also has the right to be notified in the event of a data breach;
(b) know whether the Company holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Manual;
(c) request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;
(d) object to the Company’s use of their Personal Information and request the deletion of such Personal Information (deletion would be subject to the Company’s record keeping requirements);
(e) object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications; and
(f) complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non-compliance with the protection of his, her or its personal information.
14.3 Purpose of the Processing of Personal Information by the Company
As outlined above, Personal Information may only be Processed for a specific purpose. The purposes for which the Company Processes or will Process Personal Information is set out in Part 1 of Appendix 5.
14.4 Categories of Data Subjects and Personal Information/special Personal Information relating thereto
As per section 1 of POPIA, a Data Subject may either be a natural or a juristic person. Part 2 of Appendix 5 sets out the various categories of Data Subjects that the Company Processes Personal Information on and the types of Personal Information relating thereto.
14.5 Recipients of Personal Information
Part 3 of Appendix 5 outlines the recipients to whom the Company may provide a Data Subjects Personal Information to.
14.6 Cross-border flows of Personal Information
Section 72 of POPIA provides that Personal Information may only be transferred out of the Republic of South Africa if the:
(1) recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws must be substantially similar to the Conditions for Lawful Processing as contained in POPIA; or
(2) Data Subject consents to the transfer of their Personal Information; or
(3) transfer is necessary for the performance of a contractual obligation between the Data Subject and the Responsible Party; or
(4) transfer is necessary for the performance of a contractual obligation between the Responsible Party and a third party, in the interests of the Data Subject; or
(5) the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to obtain the consent of the Data Subject, and if it were, the Data Subject, would in all likelihood provide such consent.
Part 4 of Appendix 5 sets out the planned cross-border transfers of Personal Information and the condition from above that applies thereto.
14.7 Description of information security measures to be implemented by the Company
Part 5 of Appendix 5 sets out the types of security measures to implemented by the Company in order to ensure that Personal Information is respected and protected. A preliminary assessment of the suitability of the information security measures implemented or to be implemented by the Company may be conducted in order to ensure that the Personal Information that is processed by the Company is safeguarded and Processed in accordance with the Conditions for Lawful Processing.
14.8 Objection to the Processing of Personal Information by a Data Subject
Section 11 (3) of POPIA and regulation 2 of the POPIA Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its Personal Information in the prescribed form attached to this manual as Appendix 6 subject to exceptions contained in POPIA.
14.9 Request for correction or deletion of Personal Information
Section 24 of POPIA and regulation 3 of the POPIA Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form attached as Appendix 7 to this Manual.
Appendix 1:
Description of the subjects on which the Company holds records, and the categories of records held on each subject. Each of these records are available on request in terms of PAIA
1 Client Services Records
1.1 Client correspondence;
1.2 Client fee files;
1.3 Client contracts;
1.4 Client business information;
1.5 Legal documentation;
1.6 Standard terms and conditions of supply of goods and/or services.
2 Corporate Governance
2.1 Codes of conduct;
2.2 Legal compliance records.
3 Finance and Administration
3.1 Accounting records;
3.2 Annual financial statements;
3.3 Banking records;
3.4 Invoices and statements;
3.5 Tax records and returns;
4 Information management and Technology
4.1 Information policies;
4.2 Standards, procedures and guidelines.
Appendix 2
LIST OF APPLICABLE LEGISLATION
|
Administration of Adjudication of Road Traffic Offences Act 46 of 1998 |
|
Advertising on Roads & Ribbon Development Act 21 of 1940 |
|
Basic Conditions of Employment Act 75 of 1997 |
|
Bills of Exchange Act 34 of 1964 |
|
Broad-Based Black Economic Empowerment Act 53 of 2003 |
|
Broadcasting Act 4 of 1999 |
|
Companies Act 71 of 2008 |
|
Compensation for Occupational Injuries and Diseases Act 130 of 1993 |
|
Competition Act 89 of 1998 |
|
Constitution of South Africa Act 108 of 1996 |
|
Consumer Protection Act 68 of 2009 |
|
Copyright Act 98 of 1987 |
|
Criminal Procedure Act 51 of 1977 |
|
Currency & Exchanges Act 9 of 1933 |
|
Customs and Excise Act 91 of 1964 |
|
Electronic Communications and Transactions Act 2 of 2000 |
|
Employment Equity Act 55 of 1998 |
|
Environment Conservation Act 73 of 1989 |
|
Financial Advisory & Intermediary Services Act 37 of 2002 |
|
Financial Intelligence Centre Act 38 of 2001 |
|
Firearms Control Act 60 of 2000 |
|
Formalities In Respect of Leases of Land Act 18 of 1969 |
|
Health Act 63 of 1977 |
|
Income Tax Act58 of 1962 |
|
Labour Relations Act 66 of 1995 |
|
Long Term Insurance Act 52 of 1998 |
|
National Building Regulations and Building Standards Act 103 of 1997 |
|
National Credit Act 34 of 2005 |
|
National Environmental Management Act 107 of 1998 |
|
National Environmental Management: Air Quality Act 39 of 2004 |
|
National Environmental Management: Waste Act 59 of 2008 |
|
National Water At 36 of 1998 |
|
National Road Traffic Act 93 of 1996 |
|
Occupational Health and Safety Act 85 of 1993 |
|
Patents Act 57 of 1987 |
|
Pension Funds Act 24 of 1956 |
|
Prescription Act 18 of 1943 |
|
Prevention & Combating of Corrupt Activities Act 12 of 2004 |
|
Prevention of Constitutional Democracy Against Terrorist & Related Activities Act 33 of 2004 |
|
Prevention of Organised Crime Act 121 of 1998 |
|
Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000 |
|
Protected Disclosures Act 26 of 2000 |
|
Regulation of Interception of Communications and Provisions of Communication Related Information Act 70 of 2002 |
|
Sales and Service Matters Act 25 of 1964 |
|
Second-Hand Goods Act 23 of 1955 |
|
Securities Services Act 36 of 2004 |
|
Securities Transfer Act 25 of 2007 |
|
Short-Term Insurance Act 53 of 1998 |
|
Skills Development Act 97 of 1997 |
|
Skills Development Levies Act 9 of 1999 |
|
South African Reserve Bank Act 90 of 1989 |
|
The South African National Roads Agency Limited & National Roads Act 7 of 1998 |
|
Tobacco Products Control Act 12 of 1999 |
|
Trade Marks Act 194 of 1993 |
|
Transfer Duty Act 40 of 1949 |
|
Unemployment Insurance Act 63 of 2001 |
|
Unemployment Insurance Fund Contributions Act 4 of 2002 |
|
Value-Added Tax Act 89 of 1991 |
Although we have used our best endeavours to supply a list of applicable legislation, it is possible that this list may be incomplete. Whenever it comes to our attention that existing or new legislation allows a Requester access on a basis other than as set out in PAIA, we shall update the list accordingly. If a Requester believes that a right of access to a record exists in terms of other legislation listed above or any other legislation, the Requester is required to indicate what legislative right the request is based on, to allow the Information Officer the opportunity of considering the request in light thereof.
Appendix 3
ACCESS REQUEST FORM - RECORD OF PRIVATE BODY
(Section 53(1) of the Promotion of Access to Information Act, 2000)
[Regulation 10]
_______________________________________________________________________
COMPLETION OF ACCESS REQUEST FORM
1 The Access Request Form must be completed.
2 Proof of identity is required to authenticate the identity of the requester. Attach a copy of the requester’s identification document.
3 Type or print in BLOCK LETTERS an answer to every question.
4 If a question does not apply, state “N/A”.
5 If there is nothing to disclose in reply to a question, state “nil”.
6 When there is insufficient space on a printed form, additional information may be provided on an attached folio, and each answer on such folio must reflect the applicable title.
____________________________________________________________________________
1 Particulars of Private Body: The Information Officer:
Rowan Levieux
Viewpoint Holdings (Pty) Ltd
13 Branch Lane
Blairgowrie
Johannesburg
Gauteng
Republic of South Africa
Email: rowan@leeroy.co.za
2 Particulars of Requester (if natural person)
Full names and surname: ........................................................................................................
Identity number: .......................................................................................................................
Postal adress:...........................................................................................................................
Fax number: .............................................................................................................................
Telephone number:.....................................................................................................................
Email address:.........................................................................................................................................
Capacity in which request is made, when made on behalf of another person:
.......................................................................................................................................................
3 Particulars of Requester (if a legal entity)
Name: ........................................................................................................
Registration number: ......................................................................................................................
Postal adress:...........................................................................................................................
Fax number: .............................................................................................................................
Telephone number:.....................................................................................................................
Email address:.........................................................................................................................................
4 Particulars of person on whose behalf request is made
This section must be completed ONLY if a request for information is made on behalf of another person.
Full names and surname: ...........................................................................................................
Identity number: ............................................................................................
5 Particulars of record
|
a) |
Provide full particulars of the record to which access is requested, including the reference number if that is known to you, to enable the record to be located. |
|
b) |
If the provided space is inadequate, please continue on a separate folio and attach it to this form. The requester must sign all the additional folios. |
6 Fees
exemption.
Reason for exemption from payment of fees:
_________________________________________________________________________________
7 Form of access to record
|
Mark the appropriate box with an X. NOTES: (a) Compliance with your request in the specified form may depend on the form in which the record is available. (b) Access in the form requested may be refused under certain circumstances. In such a case you will be informed whether access will be granted in another form. (c) The fee payable for access to the record, if any, will be determined partly by the form in which access is requested. |
|
1. If the record is in written or printed form: |
|||
|
copy of record* |
inspection of a record |
||
|
2. If record consists of visual images (photographs, slides, video recordings, computer-generated images, sketches, etc): |
|||
|
view the images copy of the images |
the images* |
transcription of |
|
|
3. If record consists of recorded information that can be reproduced in sound: |
|||
|
listen to the soundtrack transcription of soundtrack* (audio cassette) (written or printed document)
|
|||
|
4. If record is held on computer or in an electronic or machine-readable form: |
|||
|
printed copy of record* printed copy of copy in computer information derived readable form* (stiffy from record* or compact disc)
|
|||
|
*If you are requesting a copy or transcription of a record (above), do you wish the copy or transcription to be posted to you? Postage is payable |
YES |
NO |
|
8 In the event of disability
If you are prevented by a disability to read, view or listen to the record in the form of access provided for in 1 to 4 hereunder, state your disability and indicate in which form the record is required.
|
Disability:
|
Form in which record is required:
|
9 Particulars of right to be exercised or protected
If the provided space is inadequate, please continue on a separate folio and attach it to this form. The requester must sign all the additional folios.
10 Notice of decision regarding request for access
You will be notified in writing whether your request has been approved/denied. If you wish to be informed in another manner, please specify the manner and provide the necessary particulars to enable compliance with your request.
How would you prefer to be informed of the decision regarding your request for access to the record?
Signed at _______________________________ on this_________day of ________________20___
SIGNATURE OF REQUESTER/ PERSON ON WHOSE BEHALF THE REQUEST IS MADE _____________________
Appendix 4
FEES
1 The fee for a copy of the manual as contemplated in regulation 9(2)(c) is R1,10 for every photocopy of an A4-size page or part thereof. 2 The fees for reproduction referred to in regulation 11(1) are as follows:
|
|
|
R |
|
|
(a) |
For every photocopy of an A4-size page or part thereof |
1,10 |
|
|
(b) |
For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine readable form |
0,75
|
|
|
( c) |
For a copy in a computer-readable form on - |
|
|
|
|
|
|
|
|
|
|
|
|
|
(d)
|
(i) |
For a transcription of visual images, for an A4-size page or part thereof |
40,00 |
|
|
(ii) |
For a copy of visual images |
60,00 |
|
(e)
|
(i) |
For a transcription of an audio record, for an A4-size page or part thereof |
20,00 |
|
|
(ii) |
For a copy of an audio record |
30,00 |
3 The request fee payable by a requester, other than a personal requester, referred to in regulation 11(2) is R50,00. 4 The access fees payable by a requester referred to in regulation 11(3) are as follows:
|
|
|
R |
|
|
(1) (a) |
For every photocopy of an A4-size page or part thereof |
1,10 |
|
|
(b) |
For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine readable form |
0,75
|
|
|
(c) |
For a copy in a computer-readable form on - |
|
|
|
|
|
|
|
|
|
|
|
|
|
(d)
|
(i) |
For a transcription of visual images, for an A4-size page or part thereof |
40,00 |
|
|
(ii) |
For a copy of visual images |
60,00 |
|
(e)
|
(i) |
For a transcription of an audio record, for an A4-size page or part thereof |
20,00 |
|
|
(ii) |
For a copy of an audio record |
30,00 |
|
(f) |
To search for and prepare the record for disclosure, R30,00 for each hour or part of an hour reasonably required for such search and preparation. |
||
5 For purposes of section 54(2) of PAIA, the following applies:
5.1 Six hours as the hours to be exceeded before a deposit is payable; and
5.2 one third of the access fee is payable as a deposit by the requester.
6 The actual postage is payable when a copy of a record must be posted to a requester.
Appendix 5
Part 1
PROCESSING OF PERSONAL INFORMATION IN ACCORDANCE WITH POPIA
|
Purpose of the Processing of Personal Information
|
Type of Processing |
|
1. To provide services to the Customer in accordance with terms agreed to by the Customer;
2. To undertake activities related to the provision of services and transactions, including:
2.1. to fulfil foreign and domestic legal, regulatory and compliance requirements and comply with any applicable treaty or agreement with or between foreign and domestic governments applicable to the Company
2.2. to verify the identity of Customer representatives who contact the Company or may be contacted by the Company;
2.3. for risk assessment, information security management, statistical, trend analysis and planning purposes;
2.4. to monitor and record calls and electronic communications with the Customer for quality, training, investigation and fraud prevention purposes;
2.5. for crime detection, prevention, investigation and prosecution;
2.6. to enforce or defend the Company’s rights; and
2.7. to manage the Company’s relationship with the Customer.
3. The purposes related to any authorised disclosure made in terms of agreement, law or regulation;
4. Any additional purposes expressly authorised by the Customer; and
5. Any additional purposes as may be notified to the Customer or Data Subjects in any notice provided by the Company |
Collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
Part 2
Categories of Data Subjects and categories of Personal Information relating thereto
|
Categories of Data Subjects of and categories of Personal Information relating thereto
|
Data Subject |
Personal Information Processed |
|
Customer:
o Corporate Customer Profile information including, account details, payment information, corporate structure, customer risk rating and other customer information including to the extent the categories of information relate to individuals or representatives of customers (e.g., shareholders, directors, etc.) required for the above mentioned purposes
o Individual; Name; contact details (Company E-Mail Address, Company Telephone Number), client details (Home Facsimile Number, Home Postal Address, Home Telephone Number, Personal Cellular, Mobile Or Wireless Number, Personal E-Mail Address); regulatory identifiers (e.g. tax identification number); Account information (Bank Account Currency Code, Bank Account Id, Bank Account Name, Bank Account Number, Bank Account Type, Bank account balance); transaction details and branch details; “know-your customer” data, photographs; other identification and verification data as contained in images of ID card, passport and other ID documents; images of customer signatures) |
• Natural Persons; • Juristic Persons.
|
Personal data relating to a Data Subject received by or on behalf of the Company from the Customer, Customer affiliates and their respective representatives and related parties in the course of providing accounts and services to the Customer or in connection with a transaction or services. Customer personal data may include names, contact details, identification and verification information, nationality and residency information, taxpayer identification numbers, voiceprints, bank account and transactional information (where legally permissible), to the extent that these amount to personal data under POPIA. |
|
Payment beneficiaries: Bank Account Currency Code, Bank Account Id, Bank Account Name, Bank Account Number, Bank Account Type; beneficiary address, transaction details; payment narrative and, for certain data transferred from the UK only, National Insurance numbers. |
|
|
|
Personnel: Name; employee ID number; business contact details (address/telephone number/email address) |
|
|
Part 3
Recipients of Personal Information
The Company, its affiliates and their respective representatives
Part 4
Cross border transfers of Personal Information
When making authorized disclosures or transfers of personal information in terms of section 72 of POPIA, Personal Data may be disclosed to recipients located in countries which do not offer a level of protection for those data as high as the level of protection as South Africa.
Part 5
Description of information security measures
The Company undertakes to institute and maintain the data protection measures to accomplish the following objectives outlined below. The details given are to be interpreted as examples of how to achieve an adequate data protection level for each objective. The Company may use alternative measures and adapt to technological security development, as needed, provided that the objectives are achieved.
1 Access Control of Persons
The Company shall implement suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the data are processed.
2 Data Media Control
The Company undertakes to implement suitable measures to prevent the unauthorized manipulation of media, including reading, copying, alteration or removal of the data media used by the Company and containing personal data of Customers.
3 Data Memory Control
The Company undertakes to implement suitable measures to prevent unauthorized input into data memory and the unauthorized reading, alteration or deletion of stored data.
4 User Control
The Company shall implement suitable measures to prevent its data processing systems from being used by unauthorized persons by means of data transmission equipment.
5 Access Control to Data
The Company represents that the persons entitled to use the Company’s data processing system are only able to access the data within the scope and to the extent covered by their respective access permissions (authorization).
6 Transmission Control
The Company shall be obliged to enable the verification and tracing of the locations / destinations to which the personal information is transferred by utilization of the Company’s data communication equipment / devices.
7 Transport Control
The Company shall implement suitable measures to prevent Personal Information from being read, copied, altered or deleted by unauthorized persons during the transmission thereof or during the transport of the data media.
8 Organization Control
The Company shall maintain its internal organization in a manner that meets the requirements of this
Manual.
Appendix 6
OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013
REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018
Note:
1 Affidavits or other documentary evidence as applicable in support of the objection may be attached.
2 If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.
3 Complete as is applicable.
|
A |
DETAILS OF DATA SUBJECT |
|
Name(s) and surname/ registered name of data subject: |
|
|
Unique Identifier/ Identity Number |
|
|
Residential, postal or business address: |
|
|
Contact number(s): |
|
|
Fax number / E-mail address: |
|
|
B |
DETAILS OF RESPONSIBLE PARTY |
|
Name(s) and surname/ registered name of data subject: |
|
|
Residential, postal or business address: |
|
|
Contact number(s): |
|
|
Fax number / E-mail address: |
|
|
C |
REASONS FOR OBJECTION IN TERMS OF SECTION 11(1)(d) to (f) (Please provide detailed reasons for the objection) |
|
|
|
|
|
|
|
|
|
Signed at .......................................... this ...................... day of ...........................20………...
............................................................
Signature of data subject/designated person
Appendix 7
REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR
DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013
REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018
[Regulation 3]
Note:
Mark the appropriate box with an "x".
Request for:
Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party.
Destroying or deletion of a record of personal information about the data subject which is in possession or under the control of the responsible party and who is no longer authorised to retain the record of information.
|
A |
DETAILS OF DATA SUBJECT |
|
Name(s) and surname/ registered name of data subject: |
|
|
Unique Identifier/ Identity Number |
|
|
Residential, postal or business address: |
|
|
Contact number(s): |
|
|
Fax number / E-mail address: |
|
|
B |
DETAILS OF RESPONSIBLE PARTY |
|
Name(s) and surname/ registered name of data subject: |
|
|
Residential, postal or business address: |
|
|
Contact number(s): |
|
|
Fax number / E-mail address: |
|
|
C |
REASONS FOR OBJECTION IN TERMS OF SECTION 11(1)(d) to (f) (Please provide detailed reasons for the objection) |
|
|
|
|
|
|
|
|
|
|
D |
REASONS FOR *CORRECTION OR DELETION OF THE PERSONAL INFORMATION ABOUT THE DATA SUBJECT IN TERMS OF SECTION 24(1)(a) WHICH IS IN POSSESSION OR UNDER THE CONTROL OF THE RESPONSIBLE PARTY; and or REASONS FOR *DESTRUCTION OR DELETION OF A RECORD OF PERSONAL INFORMATION ABOUT THE DATA SUBJECT IN TERMS OF SECTION 24(1)(b) WHICH THE RESPONSIBLE PARTY IS NO LONGER AUTHORISED TO RETAIN. (Please provide detailed reasons for the request) |
|
|
|
|
|
|
|
|
|
|
|
|