Skip to content
Free 3-5 day delivery and returns on orders over R500
Free 3-5 day delivery and returns on orders over R500

PAIA & POPIA Policy Manual

PAIA & POPIA

PROMOTION OF ACCESS TO INFORMATION ACT, 2000
 &
 THE PROTECTION OF PERSONAL INFORMATION ACT, 2013
 POLICY MANUAL OF LEEROY AGENCIES CC

 

 Prepared in accordance with section 51 of the Promotion of Access to Information Act No. 2 of 2000 (as

amended) and the Protection of Personal Information Act, 2013 (In this Manual, all references to sections are to the Promotion of Access to Information Act, 2000 unless otherwise specified)           

1           DEFINITIONS

1.1       The Company means Leeroy Agencies cc t/a Wayfare Culture (registration number 1988/015221/23), a close corporation duly registered and incorporated with limited liability in accordance with the company laws of the Republic of South Africa and having its registered address and principal place of business situated at 13 Branch Lane, Blairgowrie, Johannesburg, 2194, Gauteng, Republic of South Africa.

1.2       Conditions for Lawful Processing means the conditions for the lawful processing of Personal Information as fully set out in chapter 3 of POPIA;

1.3       Constitution means the Constitution of the Republic of South Africa, 1996;

1.4       Customer refers to any natural or juristic person that received or receives services from the Company;

1.5       Data Subject has the meaning ascribed thereto in section 1 of POPIA;

1.6       Head of the Company means the “head” as defined in section 1 of PAIA and referred to in clause 4;

1.7       Information Officer means the individual referred to in clause 4;  

1.8       Manual means this manual prepared in accordance with section 51 of PAIA and regulation 4(1)(d) of the POPIA Regulations;

1.9       PAIA means the Promotion of Access to Information Act, 2000;

1.10    Personal Information has the meaning ascribed thereto in section 1 of POPIA;

1.11    Personnel refers to any person who works for, or provides services to or on behalf of the Company, and receives or is entitled to receive remuneration and any other person who assists in carrying out or conducting the business of the Company, which includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff as well as contract workers;

1.12    POPIA means the Protection of Personal Information Act, 2013;

1.13    POPIA Regulations mean the regulations promulgated in terms of section 112(2) of POPIA;

1.14    Private Body has the meaning ascribed thereto in sections 1 of both PAIA and POPIA;

1.15    Processing has the meaning ascribed thereto in section 1 of POPIA;

1.16    Responsible Party has the meaning ascribed thereto in section 1 of POPIA;

1.17    Record has the meaning ascribed thereto in section 1 of PAIA and includes Personal Information;

1.18    Requester has the meaning ascribed thereto in section 1 of PAIA;

1.19    Request for Access has the meaning ascribed thereto in section 1 of PAIA; and

1.20    SAHRC means the South African Human Rights Commission.

Capitalised terms used in this Manual have the meanings ascribed thereto in section 1 of POPIA and

         PAIA as the context specifically requires, unless otherwise defined herein.                                                                

2           PURPOSE OF THE MANUAL

This Manual:

2.1       for the purposes of PAIA, details the procedure to be followed by a Requester and the manner in which a Request for Access will be facilitated; and

2.2       for the purposes of POPIA, amongst other things, details the purpose for which Personal Information may be processed; a description of the categories of Data Subjects for whom the Company Processes Personal Information as well as the categories of Personal Information relating to such Data Subjects; and the recipients to whom Personal Information may be supplied.

3           COMPANY DETAILS 

3.1       The details of the Company are as follows: 

Physical address 

13 Branch Lane

Blairgowrie

Johannesburg

Gauteng 

 

South Africa

Postal address: 

PO Box 1715

 

Pinegowrie

 

2123

Telephone number: 

011 787 0672


4
          CONTACT DETAILS OF THE INFORMATION OFFICER 

4.1       The Information Officer’s details are as follows: 

Name

 

Rowan Levieux

 

Physical address 

13 Branch Lane

Blairgowrie

Johannesburg

Gauteng 

 

South Africa

Postal address 

PO Box 1715

 

Pinegowrie

 

2123

Email address: 

 

rowan@leeroy.co.za

 

Telephone number 

011 787 0672

 

5           THE SOUTH AFRICAN HUMAN RIGHTS COMMISSION

5.1       The SAHRC has compiled a guide, as contemplated in section 10 of the South African Human Rights Commission Act, 2013 (“the Act”) containing information to assist any person who wishes to exercise any right as contemplated in the Act. 

5.2       This guide is available from the SAHRC at: 

Postal address 

 

Private Bag 2700, Houghton, 2041 

Website 

www.sahrc.org.za 

Telephone number 

011 877 3600 

Fax number 

011 403 0684  


6
          PUBLICATION AND AVAILABILITY OF CERTAIN RECORDS IN TERMS OF PAIA

6.1       Schedule of Records

The Schedule of Records as contained in Appendix 1 of this Manual details a non-exhaustive list of Records that are held and/or Processed by the Company for the purposes of PAIA and POPIA respectively. Such Access to such Records may not be granted if they are subject to the grounds of refusal which are specified in clause 7 below.

6.2       List of applicable legislation

(1)        The Company retains records which are required in terms of legislation other than PAIA. 

(2)        Certain legislation provides that private bodies shall allow certain persons access to specified records, upon request. Legislation that may be consulted to establish whether the Requester has a right of access to a record other than in terms of the procedure set out in the PAIA are set out in Appendix 2.  

7           GROUNDS FOR REFUSAL OF ACCESS TO RECORDS IN TERMS OF PAIA

The following are the grounds on which the Company may, subject to the exceptions contained in Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:

7.1       mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable;

7.2       mandatory protection of the commercial information of a third party, if the Records contain:

(1)        trade secrets of that third party;

(2)        financial, commercial, scientific or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or

(3)        information disclosed in confidence by a third party to the Company, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition;

7.3       mandatory protection of confidential information of third parties if it is protected in terms of any agreement;

7.4       mandatory protection of the safety of individuals and the protection of property;

7.5       mandatory protection of Records that would be regarded as privileged in legal proceedings;

7.6       protection of the commercial information of the Company, which may include:

(1)        trade secrets;

(2)        financial/commercial, scientific or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of the Company;

(3)        information which, if disclosed, could put the Company at a disadvantage in contractual or other negotiations or prejudice the Company in commercial competition; and/or

(4)        computer programs which are owned by the Company, and which are protected by copyright and intellectual property laws;

7.7       research information of the Company or a third party, if such disclosure would place the research or the researcher at a serious disadvantage; and

7.8       Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.

8           INFORMATION OR RECORDS NOT FOUND 

If the Company cannot find the records that the Requester is looking for despite reasonable and diligent search and it believes either that the records are lost or that the records are in its possession but unattainable, the Requester will receive a notice in this regard from the Information Officer in the form of an affidavit setting out the measures taken to locate the document and accordingly the inability to locate the document. 

9           REMEDIES AVAILABLE TO THE REQUESTER UPON REFUSAL OF A REQUEST FOR ACCESS IN TERMS OF PAIA

9.1       The Company does not have internal appeal procedures. As such, the decision made by the Information Officer is final, and Requesters will have to exercise such external remedies at their disposal if the Request for Access is refused.

9.2       In accordance with sections 56(3) (c) and 78 of PAIA, a Requester may apply to a court for relief within 180 days of notification of the decision for appropriate relief.

10        PROCEDURE FOR A REQUEST FOR ACCESS IN TERMS OF PAIA

10.1    A Requester must comply with all the procedural requirements as contained in section 53 of PAIA relating to a Request for Access to a Record.

10.2    A Requester must complete the prescribed Request for Access form attached as Appendix 3, and submit the completed Request for Access form as well as payment of a request fee (if applicable) and a deposit (if applicable), to the Information Officer at the postal or physical address, facsimile number or electronic mail address stated in clause 4 above.

10.3    The Request for Access form must be completed with enough detail so as to enable the Information Officer to identify the following:

(1)        the Record/s requested;

(2)        the identity of the Requester;

(3)        the form of access that is required, if the request is granted;

(4)        the postal address or fax number of the Requester; and

(5)        the right that the Requester is seeking to protect and an explanation as to why the Record is necessary to exercise or protect such a right.

10.4    If a Request for Access is made on behalf of another person, the Requester must submit proof of the capacity in which the Requester is making the request to the reasonable satisfaction of the Information Officer. 

10.5    If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.

10.6    The Company will voluntarily provide the requested Records to a Personal Requester (as defined in section 1 of PAIA). The prescribed fee for reproduction of the Record requested by a Personal Requester will be charged in accordance with section 54(6) of PAIA and paragraph 11 below.

11        FEES

11.1    When the Request for Access is received by the Information Officer, the Information Officer will by notice require the Requester, other than a Personal Requester, to pay the prescribed request fee (if any), before further processing of the Request for Access.

11.2    Prescribed request fees are set out in Appendix 4.

11.3    If the search for a Record requires more than the prescribed hours for this purpose, the Information Officer will notify the Requester to pay as a deposit, the prescribed portion of the access fee (being not more than one third) which would be payable if the Request for Access is granted.

11.4    The Information Officer will withhold a Record until the Requester has paid the fees set out in Appendix 4.

11.5    A Requester whose Request for Access to a Record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the Record for disclosure, including making arrangements to make it available in a requested form provided for in PAIA.

11.6    If a deposit has been paid in respect of a Request for Access which is refused, the Information Officer will repay the deposit to the Requester.

12        DECISION TO GRANT ACCESS TO RECORDS

12.1    The Company will decide whether to grant or decline the Request for Access within 30 days of receipt of the Request for Access and must give notice to the Requester with reasons (if required) to that effect.

12.2    The period referred to above may be extended for a further period of not more than 30 days if the Request for Access is for a large number of Records or the Request for Access requires a search for Records held at another office of the Company and the Records cannot reasonably be obtained within the original 30 day period.

12.3    The Company will notify the Requester in writing should an extension of time as contemplated above be required.

12.4    If, in addition to a written reply from the Information Officer, the Requester wishes to be informed of the decision on the Request for Access in any other manner, the Requester must state the manner and particulars so required.

13        AVAILABILITY OF THE MANUAL

13.1    This Manual is made available in terms of PAIA and section 4 of the Regulations to POPIA.

13.2    This Manual is further available at and at the offices of the Company for inspection during normal business hours.  No fee will be levied for inspection as contemplated in this clause.

13.3    This Manual will also be available at www.wayfareculture.co.za

13.4    Copies of the Manual can be obtained from the Information Officer.  A fee will be levied for copies of the manual in accordance with Appendix 4.  

14        PROTECTION OF PERSONAL INFORMATION THAT IS PROCESSED BY THE COMPANY

14.1    Chapter 3 of POPIA provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in POPIA. 

14.2    The Company needs Personal Information relating to both individual and juristic persons in order to carry out its business and organisational functions. The manner in which this information is Processed and the purpose for which it is Processed is determined by the Company.  The Company is accordingly a Responsible Party for the purposes of POPIA and will ensure that the Personal Information of a Data Subject:

(1)        is processed lawfully, fairly and transparently. This includes the provision of appropriate information to Data Subjects when their data is collected by the Company, in the form of privacy or data collection notices. The Company must also have a legal basis (for example, consent) to process Personal Information;

(2)        is processed only for the purposes for which it was collected;

(3)        will not be processed for a secondary purpose unless that processing is compatible with the original purpose. 

(4)        is adequate, relevant and not excessive for the purposes for which it was collected;

(5)        is accurate and kept up to date;

(6)        will not be kept for longer than necessary;

(7)        is processed in accordance with integrity and confidentiality principles; this includes physical and organisational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, used and communicated by the Company, in order to protect against access and acquisition by unauthorised persons and accidental loss, destruction or damage;

(8)        is processed in accordance with the rights of Data Subjects, where applicable. Data Subjects have the right to:

(a)        be notified that their Personal Information is being collected by the Company.  The Data Subject also has the right to be notified in the event of a data breach;

(b)        know whether the Company holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Manual;

(c)        request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;

(d)        object to the Company’s use of their Personal Information and request the deletion of such Personal Information (deletion would be subject to the Company’s record keeping requirements);

(e)        object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications; and

(f)         complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non-compliance with the protection of his, her or its personal information. 

14.3    Purpose of the Processing of Personal Information by the Company

As outlined above, Personal Information may only be Processed for a specific purpose. The purposes for which the Company Processes or will Process Personal Information is set out in Part 1 of Appendix 5.

14.4    Categories of Data Subjects and Personal Information/special Personal Information relating thereto

As per section 1 of POPIA, a Data Subject may either be a natural or a juristic person. Part 2 of Appendix 5 sets out the various categories of Data Subjects that the Company Processes Personal Information on and the types of Personal Information relating thereto.

14.5    Recipients of Personal Information

Part 3 of Appendix 5 outlines the recipients to whom the Company may provide a Data Subjects Personal Information to.

14.6    Cross-border flows of Personal Information

Section 72 of POPIA provides that Personal Information may only be transferred out of the Republic of South Africa if the:

(1)        recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws must be substantially similar to the Conditions for Lawful Processing as contained in POPIA; or

(2)        Data Subject consents to the transfer of their Personal Information; or

(3)        transfer is necessary for the performance of a contractual obligation between the Data Subject and the Responsible Party; or

(4)        transfer is necessary for the performance of a contractual obligation between the Responsible Party and a third party, in the interests of the Data Subject; or

(5)        the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to obtain the consent of the Data Subject, and if it were, the Data Subject, would in all likelihood provide such consent.

Part 4 of Appendix 5 sets out the planned cross-border transfers of Personal Information and the condition from above that applies thereto.

14.7    Description of information security measures to be implemented by the Company

Part 5 of Appendix 5 sets out the types of security measures to implemented by the Company in order to ensure that Personal Information is respected and protected.  A preliminary assessment of the suitability of the information security measures implemented or to be implemented by the Company may be conducted in order to ensure that the Personal Information that is processed by the Company is safeguarded and Processed in accordance with the Conditions for Lawful Processing.

14.8    Objection to the Processing of Personal Information by a Data Subject

Section 11 (3) of POPIA and regulation 2 of the POPIA Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its Personal Information in the prescribed form attached to this manual as Appendix 6 subject to exceptions contained in POPIA.

14.9    Request for correction or deletion of Personal Information

Section 24 of POPIA and regulation 3 of the POPIA Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form attached as Appendix 7 to this Manual.

 Appendix 1:

Description of the subjects on which the Company holds records, and the categories of records held on each subject.  Each of these records are available on request in terms of PAIA

1           Client Services Records

1.1       Client correspondence;           

1.2       Client fee files; 

1.3       Client contracts;           

1.4       Client business information;                                                                          

1.5       Legal documentation;     

1.6       Standard terms and conditions of supply of goods and/or services.

2           Corporate Governance 

2.1       Codes of conduct; 

2.2       Legal compliance records.

3           Finance and Administration 

3.1       Accounting records;

3.2       Annual financial statements; 

3.3       Banking records;

3.4       Invoices and statements;

3.5       Tax records and returns;

 4           Information management and Technology

4.1       Information policies;

4.2       Standards, procedures and guidelines.

 Appendix 2

 LIST OF APPLICABLE LEGISLATION

Administration of Adjudication of Road Traffic Offences Act 46 of 1998 

Advertising on Roads & Ribbon Development Act 21 of 1940 

Basic Conditions of Employment Act 75 of 1997 

Bills of Exchange Act 34 of 1964 

Broad-Based Black Economic Empowerment Act 53 of 2003 

Broadcasting Act 4 of 1999 

Companies Act 71 of 2008 

Compensation for Occupational Injuries and Diseases Act 130 of 1993 

Competition Act 89 of 1998 

Constitution of South Africa Act 108 of 1996 

Consumer Protection Act 68 of 2009

Copyright Act 98 of 1987 

Criminal Procedure Act 51 of 1977 

Currency & Exchanges Act 9 of 1933 

Customs and Excise Act 91 of 1964 

Electronic Communications and Transactions Act 2 of 2000 

Employment Equity Act 55 of 1998 

Environment Conservation Act 73 of 1989 

Financial Advisory & Intermediary Services Act 37 of 2002 

Financial Intelligence Centre Act 38 of 2001 

Firearms Control Act 60 of 2000 

Formalities In Respect of Leases of Land Act 18 of 1969 

Health Act 63 of 1977 

Income Tax Act58 of 1962 

Labour Relations Act 66 of 1995 

Long Term Insurance Act 52 of 1998 

National Building Regulations and Building Standards Act 103 of 1997 

National Credit Act 34 of 2005 

National Environmental Management Act 107 of 1998 

National Environmental Management: Air Quality Act 39 of 2004 

National Environmental Management: Waste Act 59 of 2008 

National Water At 36 of 1998 

National Road Traffic Act 93 of 1996 

Occupational Health and Safety Act 85 of 1993 

Patents Act 57 of 1987 

Pension Funds Act 24 of 1956 

Prescription Act 18 of 1943 

Prevention & Combating of Corrupt Activities Act 12 of 2004 

Prevention of Constitutional Democracy Against Terrorist & Related Activities Act 33 of 2004

Prevention of Organised Crime Act 121 of 1998 

Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000 

Protected Disclosures Act 26 of 2000 

Regulation of Interception of Communications and Provisions of Communication Related 

Information Act 70 of 2002 

Sales and Service Matters Act 25 of 1964 

Second-Hand Goods Act 23 of 1955 

Securities Services Act 36 of 2004 

Securities Transfer Act 25 of 2007 

Short-Term Insurance Act 53 of 1998 

Skills Development Act 97 of 1997 

Skills Development Levies Act 9 of 1999 

South African Reserve Bank Act 90 of 1989 

The South African National Roads Agency Limited & National Roads Act 7 of 1998 

Tobacco Products Control Act 12 of 1999 

Trade Marks Act 194 of 1993 

Transfer Duty Act 40 of 1949 

Unemployment Insurance Act 63 of 2001 

Unemployment Insurance Fund Contributions Act 4 of 2002

Value-Added Tax Act 89 of 1991 

Although we have used our best endeavours to supply a list of applicable legislation, it is possible that this list may be incomplete. Whenever it comes to our attention that existing or new legislation allows a Requester access on a basis other than as set out in PAIA, we shall update the list accordingly. If a Requester believes that a right of access to a record exists in terms of other legislation listed above or any other legislation, the Requester is required to indicate what legislative right the request is based on, to allow the Information Officer the opportunity of considering the request in light thereof.  

 Appendix 3

ACCESS REQUEST FORM - RECORD OF PRIVATE BODY

(Section 53(1) of the Promotion of Access to Information Act, 2000)

[Regulation 10] 

_______________________________________________________________________ 

 COMPLETION OF ACCESS REQUEST FORM 

1           The Access Request Form must be completed. 

2           Proof of identity is required to authenticate the identity of the requester. Attach a copy of the requester’s identification document. 

3           Type or print in BLOCK LETTERS an answer to every question. 

4           If a question does not apply, state “N/A”. 

5           If there is nothing to disclose in reply to a question, state “nil”. 

6           When there is insufficient space on a printed form, additional information may be provided on an attached folio, and each answer on such folio must reflect the applicable title.

____________________________________________________________________________ 

1           Particulars of Private Body: The Information Officer:  

Rowan Levieux

Leeroy Agencies cc

13 Branch Lane

Blairgowrie

Johannesburg

Gauteng

Republic of South Africa 

Email: rowan@leeroy.co.za

2           Particulars of Requester (if natural person) 

  1. a) The particulars of the person who requests access to the record must be given below. 
  2. b) The address and/or fax number in the Republic to which the information is to be sent must be given.
  3. c) Proof of the capacity in which the request is made, if applicable, must be attached. 

  Full names and surname: ........................................................................................................ 

Identity number: ....................................................................................................................... 

Postal adress:........................................................................................................................... 

Fax number: ............................................................................................................................. 

Telephone number:.....................................................................................................................

Email address:......................................................................................................................................... 

Capacity in which request is made, when made on behalf of another person: 

....................................................................................................................................................... 

3      Particulars of Requester (if a legal entity) 

  1. a) The particulars of the entity that requests access to the record must be given below. 
  2. b) The address and/or fax number in the Republic to which the information is to be sent. 
  3. c) Proof of the capacity in which the request is made, if applicable, must be attached. 

Name: ........................................................................................................ 

Registration number: ...................................................................................................................... 

Postal adress:........................................................................................................................... 

Fax number: ............................................................................................................................. 

Telephone number:.....................................................................................................................

Email address:......................................................................................................................................... 

4            Particulars of person on whose behalf request is made 

This section must be completed ONLY if a request for information is made on behalf of another person. 

 Full names and surname: ........................................................................................................... 

Identity number: ............................................................................................   

 

5            Particulars of record 

a)

Provide full particulars of the record to which access is requested, including the reference number if that is known to you, to enable the record to be located. 

b)

If the provided space is inadequate, please continue on a separate folio and attach it to this form. The requester must sign all the additional folios. 

 

  1. Description of record or relevant part of the record: 
  1. Reference number, if available: 
  1. Any further particulars of record 

6           Fees 

  1. a) A request for access to a record, other than a record containing personal information about yourself, will be processed only after a non-refundable request fee of R57,00 has been paid.
  2. b) The fee payable for access to a record depends on the form in which access is required and the reasonable time required to search for and prepare a record. 
  3. c)   You will be notified of the amount required to be paid as the access fee. 
  4. d) If you qualify for exemption of the payment of any fee, please state the reason for

exemption.

 Reason for exemption from payment of fees: 

_________________________________________________________________________________ 

7           Form of access to record 

Mark the appropriate box with an X. 

NOTES: 

(a) Compliance with your request in the specified form may depend on the form in which the record is available. 

(b) Access in the form requested may be refused under certain circumstances. In such a case you will be informed whether access will be granted in another form. 

(c) The fee payable for access to the record, if any, will be determined partly by the form in which access is requested.

 

1. If the record is in written or printed form: 

  copy of record* 

inspection of a record 

2. If record consists of visual images 

(photographs, slides, video recordings, computer-generated images, sketches, etc): 

view the images copy of  the images 

  the images*

transcription of

3. If record consists of recorded information that can be reproduced in sound: 

listen to the soundtrack transcription of soundtrack*  (audio cassette)   (written or printed document) 

 

4. If record is held on computer or in an electronic or machine-readable form: 

printed copy of record*  printed copy of copy in computer 

information derived readable form* (stiffy

from record* or compact disc) 

 

*If you are requesting a copy or transcription of a record (above), do you wish the copy or transcription to be posted to you? 

Postage is payable 

YES 

NO 

 

8           In the event of disability 

If you are prevented by a disability to read, view or listen to the record in the form of access provided for in 1 to 4 hereunder, state your disability and indicate in which form the record is required. 

Disability: 

 

Form in which record is required: 

 

 

9           Particulars of right to be exercised or protected 

If the provided space is inadequate, please continue on a separate folio and attach it to this form. The requester must sign all the additional folios.   

  1. Indicate which right is to be exercised or protected: 
  1. Explain why the record requested is required for the exercise or protection of the aforementioned right: 

 

10        Notice of decision regarding request for access 

You will be notified in writing whether your request has been approved/denied. If you wish to be informed in another manner, please specify the manner and provide the necessary particulars to enable compliance with your request.   

 How would you prefer to be informed of the decision regarding your request for access to the record? 

 Signed at _______________________________ on this_________day of ________________20___

 SIGNATURE OF REQUESTER/ PERSON ON WHOSE BEHALF THE REQUEST IS MADE _____________________

Appendix 4

 FEES 

1 The fee for a copy of the manual as contemplated in regulation 9(2)(c) is R1,10 for every photocopy of an A4-size page or part thereof. 2 The fees for reproduction referred to in regulation 11(1) are as follows:    

 

 

R

(a)

For every photocopy of an A4-size page or part thereof

1,10

(b)

For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine readable form

0,75

 

( c)

For a copy in a computer-readable form on -

 

 

 

 

 

 

 

 

 

(d)

 

(i)

For a transcription of visual images, for an A4-size page or part thereof                                             

40,00

 

(ii)

For a copy of visual images                                

60,00

(e)

 

(i)

For a transcription of an audio record, for an A4-size page or part thereof                                    

20,00

 

(ii)

For a copy of an audio record                              

30,00

  

3 The request fee payable by a requester, other than a personal requester, referred to in regulation 11(2) is R50,00. 4 The access fees payable by a requester referred to in regulation 11(3) are as follows:

 

 

R

(1) (a)

For every photocopy of an A4-size page or part

thereof                                                    

1,10

    (b)

For every printed copy of an A4-size page or part thereof held on a computer

or in electronic or machine readable form                                                   

0,75

 

      (c)

For a copy in a computer-readable form on -

 

 

 

 

 

 

 

 

 

    (d)

 

(i)

For a transcription of visual images, for an A4-size page or part thereof                                    

40,00

 

(ii)

For a copy of visual images                                

60,00

    (e)

 

(i)

For a transcription of an audio record, for an A4-size page or part thereof                                    

20,00

 

(ii)

For a copy of an audio record                              

30,00

    (f)

To search for and prepare the record for disclosure, R30,00 for each hour or part of an hour reasonably required for such search and preparation.

   

5           For purposes of section 54(2) of PAIA, the following applies:

5.1       Six hours as the hours to be exceeded before a deposit is payable; and

5.2       one third of the access fee is payable as a deposit by the requester.

6           The actual postage is payable when a copy of a record must be posted to a requester.

Appendix 5

Part 1

PROCESSING OF PERSONAL INFORMATION IN ACCORDANCE WITH POPIA

Purpose of the Processing of Personal Information

 

Type of Processing

1.      To provide services to the Customer in accordance with terms agreed to by the Customer

 

2.      To undertake activities related to the provision of services and transactions, including:

 

2.1.  to fulfil foreign and domestic legal, regulatory and compliance requirements and comply with any applicable treaty or agreement with or between foreign and domestic governments applicable to the Company

 

2.2.  to verify the identity of Customer representatives who contact the Company or may be contacted by the Company; 

 

2.3.  for risk assessment, information security management, statistical, trend analysis and planning purposes; 

 

2.4.  to monitor and record calls and electronic communications with the Customer for quality, training, investigation and fraud prevention purposes;

 

2.5.  for crime detection, prevention, investigation and prosecution; 

 

2.6.  to enforce or defend the Company’s rights; and

 

2.7.  to manage the Company’s relationship with the Customer. 

 

3.      The purposes related to any authorised disclosure made in terms of agreement, law or regulation; 

 

4.      Any additional purposes expressly authorised by the Customer; and 

 

5.      Any additional purposes as may be notified to the Customer or Data Subjects in any notice provided by the Company

Collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

         

Part 2

Categories of Data Subjects and categories of Personal Information relating thereto

Categories of Data Subjects of and categories of Personal Information relating thereto

 

Data Subject

Personal

Information

Processed

Customer:

 

o Corporate

Customer Profile information including, account details, payment information, corporate structure, customer risk rating and other customer information including to the extent the categories of information relate to individuals or representatives of customers (e.g., shareholders, directors, etc.) required for the above mentioned purposes

 

o Individual; 

Name; contact details (Company E-Mail Address,

Company Telephone Number), client details (Home

Facsimile Number, Home Postal Address, Home

Telephone Number, Personal Cellular, Mobile Or Wireless Number, Personal E-Mail Address); regulatory identifiers (e.g. tax identification number);

Account information (Bank Account Currency Code,

Bank Account Id, Bank Account Name, Bank Account Number, Bank Account Type, Bank account balance); transaction details and branch details; “know-your customer” data, photographs; other identification and verification data as

contained in images of ID card, passport and other ID documents; images of customer signatures)

  Natural Persons;

  Juristic Persons.

 

Personal data relating to a Data Subject received by or on behalf of the Company from the Customer,

Customer affiliates and their respective representatives and related parties in the course of providing accounts and services to the Customer or in connection with a transaction or services. Customer personal data may include names, contact details, identification and verification information, nationality and residency information, taxpayer identification numbers, voiceprints, bank account and transactional information (where legally permissible), to the extent that these amount to personal data under POPIA.

Payment beneficiaries: Bank Account Currency

Code, Bank Account Id, Bank Account Name, Bank Account Number, Bank Account Type; beneficiary address, transaction details; payment narrative and, for certain data transferred from the UK only, National Insurance numbers. 

 

 

Personnel

Name; employee ID number; business contact details (address/telephone number/email address)

 

 

 Part 3

Recipients of Personal Information

The Company, its affiliates and their respective representatives

 Part 4

Cross border transfers of Personal Information

When making authorized disclosures or transfers of personal information in terms of section 72 of POPIA, Personal Data may be disclosed to recipients located in countries which do not offer a level of protection for those data as high as the level of protection as South Africa.

 Part 5 

Description of information security measures

The Company undertakes to institute and maintain the data protection measures to accomplish the following objectives outlined below. The details given are to be interpreted as examples of how to achieve an adequate data protection level for each objective. The Company may use alternative measures and adapt to technological security development, as needed, provided that the objectives are achieved.

1           Access Control of Persons

The Company shall implement suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the data are processed.

2           Data Media Control

The Company undertakes to implement suitable measures to prevent the unauthorized manipulation of media, including reading, copying, alteration or removal of the data media used by the Company and containing personal data of Customers.

3           Data Memory Control

The Company undertakes to implement suitable measures to prevent unauthorized input into data memory and the unauthorized reading, alteration or deletion of stored data.

4           User Control

The Company shall implement suitable measures to prevent its data processing systems from being used by unauthorized persons by means of data transmission equipment.

5           Access Control to Data

The Company represents that the persons entitled to use the Company’s data processing system are only able to access the data within the scope and to the extent covered by their respective access permissions (authorization).

6           Transmission Control

The Company shall be obliged to enable the verification and tracing of the locations / destinations to which the personal information is transferred by utilization of the Company’s data communication equipment / devices.

7           Transport Control

The Company shall implement suitable measures to prevent Personal Information from being read, copied, altered or deleted by unauthorized persons during the transmission thereof or during the transport of the data media.

8           Organization Control

The Company shall maintain its internal organization in a manner that meets the requirements of this

         Manual.                                             

Appendix 6

 OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013

REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018

Note:

1           Affidavits or other documentary evidence as applicable in support of the objection may be attached.

2           If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.

3           Complete as is applicable.

A

DETAILS OF DATA SUBJECT

Name(s) and surname/ registered name of data subject:

 

Unique Identifier/ Identity Number

 

Residential, postal or business address:

 

Contact number(s):

 

Fax number / E-mail address:

 

B

DETAILS OF RESPONSIBLE PARTY

Name(s) and surname/ registered name of data subject:

 

Residential, postal or business address:

 

Contact number(s):

 

Fax number / E-mail address:

 

C

REASONS FOR OBJECTION IN TERMS OF

SECTION 11(1)(d) to (f) (Please provide detailed reasons for the objection)

 

 

 

 

 

 

 

Signed at .......................................... this ...................... day of ...........................20………...

............................................................

Signature of data subject/designated person

 Appendix 7

REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR

DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 

REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018

[Regulation 3]

Note:

  1. Affidavits or other documentary evidence as applicable in support of the request may be attached.
  2. If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.
  3. Complete as is applicable.

Mark the appropriate box with an "x".

Request for:

Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party.

Destroying or deletion of a record of personal information about the data subject which is in possession or under the control of the responsible party and who is no longer authorised to   retain the record of information.

A

DETAILS OF DATA SUBJECT

Name(s) and surname/ registered name of data subject:

 

Unique Identifier/ Identity Number

 

Residential, postal or business address:

 

Contact number(s):

 

Fax number / E-mail address:

 

B

DETAILS OF RESPONSIBLE PARTY

Name(s) and surname/ registered name of data subject:

 

Residential, postal or business address:

 

Contact number(s):

 

Fax number / E-mail address:

 

C

REASONS FOR OBJECTION IN TERMS OF

SECTION 11(1)(d) to (f) (Please provide detailed reasons for the objection)

 

 

 

 

 

D

REASONS FOR *CORRECTION OR

DELETION OF THE PERSONAL

INFORMATION ABOUT THE DATA SUBJECT

IN TERMS OF SECTION 24(1)(a) WHICH IS IN

POSSESSION OR UNDER THE CONTROL

OF THE RESPONSIBLE PARTY; and or

REASONS FOR *DESTRUCTION OR

DELETION OF A RECORD OF PERSONAL

INFORMATION ABOUT THE DATA SUBJECT

IN TERMS OF SECTION 24(1)(b) WHICH THE

RESPONSIBLE PARTY IS NO LONGER AUTHORISED TO RETAIN. (Please provide detailed reasons for the request)