PAIA – Manual

INFORMATION MANUAL

IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO. 2 OF 2000, (“PAIA”), AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013, (“POPI”) COMPILED FOR:

Linktank (Pty) Ltd

with Registration Number 2014/107916/07

(“the Private Body”)

1. INTRODUCTION
2. DEFINITIONS AND INTERPRETATION
3. CONTACT DETAILS OF THE PRIVATE BODY – Section 51(1)(a)(i) of PAIA and section 18(1)(b) of the POPI Act
4. GUIDE ON HOW TO EXERCISE RIGHTS IN TERMS OF PAIA – Section51(1)(b)(i)

6. DESCRIPTION OF SUBJECTS AND CATEGORIES OF RECORDS – Section 51(1)(b)(iv) of PAIA
7. FORM OF REQUEST FOR RECORDS
8. FEES PRESCRIBED IN TERMS OF THE REGULATIONS – Section 51(1)(f) of PAIA

11. SECURITY MEASURES TO PROTECT PERSONAL INFORMATION – Section 51(1)(v) of PAIA
12. UPDATES TO THE MANUAL – Section 51(2)

3

1. 1.1  This Information Manual is published in terms of section 51 of the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”), as amended by the Protection of Personal Information Act, No. 4 of 2013, (“POPI Act”) as well as section 18 of the POPI Act.
2. 1.2  PAIA gives effect to the provisions of Section 32 of the Constitution, which provides for the right of access to information held by the State and to information held by another person that is required for the exercise and/or protection of any right.
3. 1.3  The POPI Act gives effect to the provisions of, inter alia, Section 14 of the Constitution, which provides for the right to privacy of all persons.
4. 1.4  The information provided in this manual includes:
   1. 1.4.1  contact details of the Head, as defined in PAIA, of the Private Body;
   2. 1.4.2  a description of the guide referred to in section 10 of PAIA, (which is a guide which was produced by the Human Rights Commission and after 1 July 2021 shall be made available and amended, from time to time, by the Information Regulator defined in POPI) dealing with access to information;
   3. 1.4.3  a description of the records of the Private Body which are available in terms of any legislation other than the PAIA;
   4. 1.4.4  a description of the subjects on which the Private Body holds records and the categories of records held on each subject;
   5. 1.4.5  a description of the subjects on which the Private Body holds personal information and the categories of personal information held on each subject;
   6. 1.4.6  the purpose of processing personal information;
   7. 1.4.7  the recipients to whom the personal information may be supplied;
   8. 1.4.8  planned transborder flows of information (if applicable);
   9. 1.4.9  a general description of the security measures in place to ensure the confidentiality, integrity, and availability of the information to be processed;

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

4 1.4.10 sufficient information so as to facilitate a request for access to a record of the

Private Body;

5. 1.5  The reference to any information in addition to that specifically required in terms of section 51 of PAIA and section 18 of the POPI Act does not create any right or entitlement (contractual or otherwise) to receive such information, other than in terms of PAIA and the POPI Act.
6. 1.6  The main aim of this manual is to:
   1. 1.6.1  disclose the types of records held by the Private Body and to facilitate the requests for access to records of the Private Body, as permitted by PAIA (dealt with in Part A hereof);
   2. 1.6.2  make data subjects aware of the type and source of information being collected, the purpose of collecting and processing such information and related matters(dealt with in Part B hereof).

   This manual may be updated from time to time and shall be made available on the Private Body’s website and/or at its principal place of business, to any person on request, subject to the payment of a reasonable fee and to the Information Regulator.

1. 2.1  In this document, clause headings are for convenience and shall not be used in its interpretation unless the context clearly indicates a contrary intention:
2. 2.2  An expression which denotes –
   1. 2.2.1  any gender includes the other genders;
   2. 2.2.2  a natural person includes an artificial or juristic person and vice versa;
   3. 2.2.3  the singular includes the plural and vice versa;
3. 2.3  The following expressions shall bear the meanings assigned to them below and similar expressions bear corresponding meanings:

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

1. 2.3.1  “data subject” means the person to whom personal information relates;
2. 2.3.2  “Personal Information” means information relating to an identifiable living, natural person,

   and where it is applicable, an identifiable existing juristic person;

3. 2.3.3  “this document” or “this manual” means this information manual, together with all of its annexures, as amended from time to time;
4. 2.3.4  “the Private Body” means the private body to which this manual applies with their details as they appear on the front page of this manual;
5. 2.3.5  “requester” means a person or entity requesting access to a record that is under the control of the Private Body.

4. 2.4  Any reference to any statute, regulation or other legislation shall be a reference to that statute, regulation or other legislation as at the signature date, and as amended or substituted from time to time;
5. 2.5  If any provision in a definition is a substantive provision conferring a right or imposing an obligation on any party then, notwithstanding that it is only in a definition, effect shall be given to that provision as if it were a substantive provision in the body of this manual;
6. 2.6  Where any term is defined within a particular clause other than this, that term shall bear the meaning ascribed to it in that clause wherever it is used in this manual;
7. 2.7  Where any number of days is to be calculated from a particular day, such number shall be calculated as excluding such particular day and commencing on the next day. If the last day of such number so calculated falls on a day which is not a business day, the last day shall be deemed to be the next succeeding business day;
8. 2.8  Any reference to days (other than a reference to business days), months or years shall be a reference to calendar days, months or years, as the case may be or as is otherwise defined in any legislation;
9. 2.9  The use of the word “including” followed by a specific example/s shall not be construed as limiting the meaning of the general wording preceding it and the eiusdem generis rule shall not be applied in the interpretation of such general wording or such specific example/s;
10. 2.10  Insofar as there is a conflict in the interpretation of or application of this manual and PAIA or the POPI Act, PAIA or the POPI Act shall prevail;

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

5

2.11 This manual does not purport to be exhaustive of or comprehensively deal with every procedure provided for in PAIA or all rights listed under the POPI Act. The reader relying on any provisions of this Manual is advised to familiarise his/her/itself with the provisions of PAIA and the POPI Act.

6

1. 3.1  Head of the Private Body: Nina Lowes and Jen Mckay.
2. 3.2  Postal Address of Head of the Private Body: 48 Empire Road, Beach Estate, Hout Bay.
3. 3.3  Street Address of Head of the Private Body: 48 Empire Road, Beach Estate, Hout Bay.
4. 3.4  Telephone Number of Head of the Private Body: 0878078500.
5. 3.5  Email of Head of the Private Body: ninalowes@linktank.co.za.

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

PART A: PROMOTION OF ACCESS TO INFORMATION

7

1. 4.1  The Human Rights Commission (“the HRC”) has compiled a guide, as contemplated in section 10 of PAIA, containing information to assist any person who wishes to exercise any right as contemplated in PAIA.
2. 4.2  The contact details of the HRC are as follows:
   1. 4.2.1  Postal address: Private Bag 2700, Houghton, 2041
   2. 4.2.2  Telephone: +27 11 484 8300
   3. 4.2.3  Telefax: +27 11 484 0582
   4. 4.2.4  Website: http://www.sahrc.org.za
   5. 4.2.5  Email: paia@sahrc.org.za
3. 4.3  The guide is also available electronically at https://www.sahrc.org.za/home/21/files/Section%2010%20guide%202014.pdf
4. 4.4  With effect from 1 July 2021, the Information Regulator, (“IR”) must update and make available the existing guide that had previously been compiled by the HRC containing information in an easily comprehensible form and manner as may reasonable be required by a person who wishes to exercise any right contemplated in PAIA and POPI.
5. 4.5  The contact details of the IR are as follows:

4.5.1 Physical address: Braampark, Forum 3, 33 Hoof Street, Braampark, Johannesburg, 2017

4.5.2 Postal Address: P.O Box, 31533

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

3. 4.5.3  Telephone: +27 10 023 5200
4. 4.5.4  Telefax: +27 86 500 3351
5. 4.5.5  Website: http://www.justice.gov.za/inforeg/contact.html
6. 4.5.6  Email: inforeg@justice.gov.za.

8

5.1 Some of the records held by the Private Body are available in terms of legislation other than PAIA or POPI, which legislation is listed below. Records that must be made available in terms of these Acts shall be made available in terms of the requirements of PAIA and this manual. That legislation includes:

1. 5.1.1  THE COMPANIES ACT, NO. 71 OF 2008
2. 5.1.2  INCOME TAX ACT, NO. 58 OF 1962
3. 5.1.3  VALUE ADDED TAX ACT, NO. 89 OF 1991
4. 5.1.4  LABOUR RELATIONS ACT, NO. 66 OF 1995
5. 5.1.5  BASIC CONDITIONS OF EMPLOYMENT ACT, NO. 75 OF 1997
6. 5.1.6  EMPLOYMENT EQUITY ACT, NO. 55 OF 1998
7. 5.1.7  SKILLS DEVELOPMENT LEVIES ACT, NO. 9 OF 1999
8. 5.1.8  UNEMPLOYMENT INSURANCE ACT, NO. 63 OF 2001
9. 5.1.9  ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, NO. 25 OF 2002
10. 5.1.10  TELECOMMUNICATIONS ACT, NO. 103 OF 1996
11. 5.1.11  ELECTRONIC COMMUNICATIONS ACT, NO. 36 OF 2005
12. 5.1.12  BROAD-BASED BLACK ECONOMIC EMPOWERMENT ACT, NO. 53 OF 2003

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

5.1.13 any other industry applicable legislation.

9

1. 6.1  The Private Body holds various records. The subjects on which the Private Body holds records and the categories of records held by the Private Body are reproduced in the tables below.
2. 6.2  The listing of a category or subject matter in this manual does not guarantee access to such records. All requests for access will be evaluated on a case by case basis in accordance with the provisions of PAIA and other applicable legislation. A request for records shall be made in the prescribed form set out later in this manual under the heading “FORM OF REQUEST FOR RECORDS”.

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

Categories of records held:

Records of the owners of the Private Body

Records and minutes of the meetings of the owners and/or managers of the Private Body

Resolutions of the owners and/or managers of the Private Body

Agreements dealing with the internal arrangements between the owners and/or managers of the Private Body

Records relating to the creation and/or registration of the Private Body Internal auditing and risk
Legislative compliance
Regulatory reports

10

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

Categories of records held:

Any personal records provided to the Private Body by their employees

List of employees

Conditions of employment and other employee-related contractual and quasi-legal records

Employee tax and insurance fund information including unemployment insurance fund contributions, group life, disability and income protection

Internal evaluation records
Codes of conduct as well as the relevant disciplinary codes and procedures
All internal policies applicable and accessible to the employees
Any records a third party has provided to the Private Body about any of their employees Other internal records and correspondence relating to employees

11

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

12

Categories of records held:

Financial statements and other accounting records Accounting reports
Taxation records
Debtors and creditors records

Insurance records Banking statements

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

Categories of records held:

Any records a client has provided to the Private Body or a third party acting for or on behalf of the Private Body

Contractual information
Client needs assessments
Personal records of clients
Credit information and other research conducted in respect of clients Any records a third party has provided to the Private Body about clients Confidential, privileged, contractual and quasi-legal records of clients Client evaluation records

Client profiling

Performance research conducted on behalf of clients or about clients

Client account numbers

Any records a third party has provided to the Private Body either directly or indirectly

Records generated by or within the Private Body pertaining to clients, including transactional records

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

13

14

Categories of records held:

Any records a client has provided to the Private Body or a third party acting for or on behalf of the Private Body

Lists of service providers and suppliers
Service providers’ and suppliers’ terms and conditions

Records kept in respect of other third parties, including without limitation joint venture partners, which includes records, falling within the subjects contemplated in this part of the manual, which can be said to belong to the Private Body but which are held by such third party

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

Categories of records held:

Register of assets (movable or immovable)
Insurance records relating to the assets
Register of intellectual property owned by the Private Body

15

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

Categories of records held:

Information relating to the Private Body’ s own commercial activities

Research information belonging to the Private Body, whether carried out itself or commissioned from a third party

Environment and market information Project management

Information technology including information systems, network security, software licenses, technology asset

Support services Internal communication

16

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

17

1. 7.1  A request for records shall be accompanied by adequate proof of identity of the applicant, (such as a certified copy of his/her identity document), and made using the prescribed form, a copy of which is attached hereto and marked annexure “A” (“the prescribed form”). The prescribed form is also available from the website of the Human Rights Commission at https://www.sahrc.org.za, or the website of the Department of Justice and Constitutional Development at https://www.doj.gov.za and as may be advised by the Information Regulator on or after 1 July 2021.
2. 7.2  The prescribed form shall be submitted to the Private Body Head named in clause 3 hereof.
3. 7.3  The above procedure shall apply in the event that the requester is requesting information for personal use and/or on behalf of another person, even if such other person is a permanent employee of the Private Body.
4. 7.4  The Head of the Private Body shall as soon as reasonably possible, and within 30 (thirty) days after the request has been received, decide whether or not to grant such request.
5. 7.5  The requester will be notified of the decision of the Head of the Private Body or the General Manager in the manner indicated by the requester.
6. 7.6  After access is granted, actual access to the record requested will be given as soon as reasonably possible.
7. 7.7  If the request for access is refused, the Head of the Private Body or the General Manager shall advise the requester in writing of the refusal. The notice of refusal shall state:
   1. 7.7.1  adequate reasons for the refusal; and
   2. 7.7.2  that the requester may lodge an appeal with a court of competent jurisdiction

      against the refusal of the request (including the period) for lodging such an appeal.

8. 7.8  If the Head of the Private Body or the General Manager fails to respond within 30 (thirty) days after a request has been received, it is deemed, in terms of section 58 read together with section 56(1) of PAIA, that the Head of the Private Body or the General Manager has refused the request.

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

18

1. 8.1  The following applies to requests (other than personal requests):
   1. 8.1.1  A requestor is required to pay the prescribed fees (R50.00) before a request will be

      processed;

   2. 8.1.2  If the preparation of the record requested requires more than the prescribed 6 (six) hours, a deposit shall be paid (of not more than one third of the access fee which would be payable if the request were granted);
   3. 8.1.3  A requestor may lodge an application with a court against the tender/payment of the request fee and/or deposit;
2. 8.2  Records may be withheld until the fees have been paid.
3. 8.3  The fee structure shall be available by way of regulations published from time to time.
4. 8.4  In addition to the request fee, the following reproduction fees are prescribed by the Minister in respect of private bodies such as the Private Body:

For every photocopy of an A4-size page or R1.10 part thereof:

For every printed copy of an A4-size page R0.75 or part thereof held on a computer or in electronic or machine-readable form:

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

For a copy in a computer-readable form on compact disc:

(i) For a transcription of visual images, for an A4-size page or part thereof:

2. (ii)  For a copy of visual images:
3. (iii)  For transcription of an audio

record, for an A4-size page or part thereof:
(iv) For a copy of an audio record:

To search for the record for disclosure:

R70

(i) R20 (ii) R60

(iii) R20 (iv) R30

R30 for each hour or part of an hour reasonably required for such search.

19

8.5 The request fee payable by a requester, other than a personal requester, referred to in regulation 11(2) is R50,00.

6. 8.6  For purposes of section 54(2) of the Act, the following applies:
   1. 8.6.1  Six hours as the hours to be exceeded before a deposit is payable; and
   2. 8.6.2  one third of the access fee is payable as a deposit by the requester.
7. 8.7  The actual postage is payable when a copy of a record must be posted to a requester.

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

PART B: PROTECTION OF PERSONAL INFORMATION

20

1. 9.1  The Private Body processes certain personal information, as defined in the POPI Act, (“Personal Information”) relating to several data subjects, from time to time. A data subject is the person, (natural or juristic), to whom Personal Information relates and from whom the Private Body collects and processes information.
2. 9.2  A description of the data subjects, (individuals and juristic persons), the information relating thereto, the purpose of processing that information and the recipients of that Personal Information is reproduced in the tables below.

Personal Information Source of the Personal Is the supply of Personal processed: Information Information mandatory or

voluntary?:

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person

Employment Equity

Mandatory

21

Will any of the Personal Information be transferred to another country or international organisation?

No

Purpose of processing Personal Information:

Compliance with Employment Equity Act

Recipient or categories of recipients to whom the Personal Information is supplied:

Department of Labour

The consequences of failure to provide information:

Non-compliance

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

22

3. 9.3  Where Personal Information is collected in terms of specific legislation, the Private Body will

   inform the data subject in terms of which legislation that data is collected.

4. 9.4  Data subjects have the right to object to the processing of their Personal Information.
5. 9.5  In the event a data subject requires confirmation regarding the existence of the Personal Information processed by the Private Body or believes that the Personal Information processed by the Private Body requires rectification, the data subject is entitled to utilise the processes and procedures set out in section A of this manual to request access to the records of the Private Body set out in section 18(1)(h)(iii).
6. 9.6  We will not, without data subjects’ express consent use their Personal Information for any purpose, other than:

   specifically:

9.6.1 as set out in the abovementioned tables;

generally:

2. 9.6.2  in relation to the provision of any goods and services to a data subject;
3. 9.6.3  to inform the data subject of new features, special offers and promotional competitions offered by us or any of our divisions, affiliates and/or partners (unless they have opted out from receiving marketing material from us);
4. 9.6.4  to improve our product and/or service selection and their experience on our website; or
5. 9.6.5  to disclose their Personal Information to any third party as set out below:

9.6.5.1 to our employees and/or third party service providers who assist us to interact with data subjects via our website, for the ordering of goods or services or when delivering goods or services to data subjects, their personal and contact information being essential in order to assist us to communicate with the data subjects properly and efficiently;

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

2. 9.6.5.2  to our divisions, affiliates and/or partners (including their employees and/or third party service providers) in order for them to interact directly with data subjects via email or any other method for purposes of sending data subjects marketing material regarding any current or new goods or services, new features, special offers or promotional items offered by them (unless the data subjects have opted out from receiving marketing material from us);
3. 9.6.5.3  to law enforcement, government officials, fraud detection agencies or other third parties when we believe in good faith that the disclosure of Personal Information is necessary to prevent physical harm or financial loss, to report or support the investigation into suspected illegal activity;
4. 9.6.5.4  to our service providers (under contract with us) who help with parts of our business operations (fraud prevention, marketing, technology services etc). However, these service providers may only use data subjects information in connection with the services they perform for us and not for their own benefit;
5. 9.6.5.5  to our suppliers in order for them to liaise directly with data subject regarding any defective goods or services which requires their involvement;
6. 9.6.5.6  to any third-party seller for purposes of sending data subjects an invoice for any goods purchased from such third-party seller, which disclosed information will be limited to data subjects’ email addresses;

7. 9.7  We are entitled to use or disclose data subjects’ Personal Information if such use or disclosure is required in order to comply with any applicable law, subpoena, order of court or legal process served on us, or to protect and defend our rights or property. In the event of a fraudulent online payment, we are entitled to disclose relevant Personal Information for criminal investigation purposes or in line with any other legal obligation for disclosure of the Personal Information which may be required of it.
8. 9.8  Data subjects’ privacy is important to us and we will therefore not sell, rent or provide their Personal Information to unauthorised third parties for their independent use, without their consent.
9. 9.9  We will not process personal information concerning:

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

23

24

1. 9.9.1  the religious or philosophical beliefs, race or ethnic origin, trade union membership,

   political persuasion, health or sex life or biometric information of a data subject; or

2. 9.9.2  the criminal behaviour of a data subject to the extent that such information relates to i) the alleged commission by a data subject of any offence; or ii) any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.

unless

1. 9.9.2.1  the data subject has given us specific consent to process such data; or
2. 9.9.2.2  processing is necessary for the establishment, exercise or defence of a right or obligation in law;
3. 9.9.2.3  processing is necessary to comply with an obligation of international public law; or
4. 9.9.2.4  processing is for historical, statistical or research purposes to the extent that: (i) the purpose serves a public interest or (ii) requesting consent would constitute an unreasonable requirement in the circumstances.

10. 9.10  In line with our obligations in terms of section 22 of the POPI Act, where there are reasonable grounds to believe that Personal Information has been accessed or acquired by any unauthorised person, we will notify the Information Regulator and the data subject, where possible.
11. 9.11  When data subjects provide a rating or review of our services and/or goods, they consent to us using that rating or review as we deem fit, including without limitation, on our website, in newsletters or other marketing material. The name that will appear next to that rating or review is their first name, as they would have provided. We will not display their surname, nor any of their contact details, with a rating or review.
12. 9.12  Wewill:

9.12.1 treat data subjects’ Personal Information as strictly confidential, save where we are

entitled to share it as set out in this section;

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

2. 9.12.2  take appropriate technical and organisational measures to ensure that data subjects’ Personal Information is kept secure and is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access;
3. 9.12.3  provide data subjects with access to their Personal Information to view and/or update personal details;
4. 9.12.4  promptly notify data subjects if we become aware of any unauthorised use, disclosure or processing of their Personal Information;
5. 9.12.5  provide data subjects with reasonable evidence of our compliance with our obligations under this section on reasonable notice and request; and
6. 9.12.6  upon data subjects request, promptly return or destroy any and all of their Personal Information in our possession or control, save for that which we are legally obliged to retain.

13. 9.13  We will not retain data subjects’ Personal Information longer than the period for which it was originally needed, unless we are required by law to do so, or they consent to us retaining such information for a longer period.
14. 9.14  We undertake never to sell or make data subjects’ Personal Information available to any third- party other than as provided for in this section.
15. 9.15  Whilst we will do all things reasonably necessary to protect data subjects’ rights of privacy, we cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of data subjects’ Personal Information, whilst in our possession, made by third parties who are not subject to our direct control, unless such disclosure is as a result of our gross negligence.
16. 9.16  Should a data subject believe that we have used their Personal Information contrary to this Manual and the provisions of the POPI Act, the data subject should first attempt to resolve any concerns with us. If the data subject is not satisfied, they have the right to lodge a complaint with the Information Regulator (which address can be found herein below), established in terms of the POPI Act.

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

25

The Information Regulator (South Africa) SALU Building
316 Thabo Sehume Street
Pretoria

0004

10.1 The Private Body may from time to time need to transfer authorised Personal Information to another country for storage purposes or for the rendering of services by a foreign third-party service provider or otherwise. We will ensure that any person that we pass data subjects’ Personal Information to agrees to treat their information with the same level of protection as we are obliged to in terms of section 72 of the POPI Act.

26

11.1 The security measures implemented by the Private Body to ensure the confidentiality, integrity and availability of Personal Information, are listed and described below:

PHYSICAL SECURITY MEASURES: CYBER SECURITY MEASURES:

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013

PHYSICAL SECURITY MEASURES:

CYBER SECURITY MEASURES:

27

Security gate
Access control (employee key card)
On site security guards
Safe storage of physical documentation Discarded documentation is shredded

Data is backed up

12 UPDATES TO THE MANUAL – Section 51(2)

The Private Body may update this manual every six months or from time to time as it may deem necessary.

SIGNED at ________________________ on ________________________________ 20______

____________________________________ THE HEAD OF THE PRIVATE BODY

INFORMATION MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT, NO 2 OF 2000 AND SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013