Promotion of Access to Information Policy
TABLE OF CONTENTS
1 DEFINITIONS
1.1 Data Subject
1.2 Deputy Information Officer
1.3 Head
1.4 Information Officer
1.5 Information Regulator
1.6 PAIA
1.7 Person
1.8 Personal Information
1.9 Personal Requester
1.10 POPIA
1.11 Private body
1.12 Processing
1.13 Public body
1.14 Requester
1.15 Request for access
1.16 Record
1.17 Third Party
2 MANUAL PURPOSE
3 DUTIES OF THE INFORMATION OFFICER
3.1 Right of Access
3.2 Grounds for Refusal
4 NOTICE
4.1 Payable
4.2 Granted Request for Access
4.3 Refused Request for Access
4.4 Undiscoverable Record
5 AVAILABILITY OF THE MANUAL
ANNEXURE A : CONTACT DETAILS & BUSINESS TYPE
ANNEXURE B : SECTION 10 PAIA GUIDE
ANNEXURE C : STATUTORY RECORDS
ANNEXURE D : AVAILABILITY OF RECORDS
ANNEXURE E : REQUEST FOR ACCESS TO RECORD
ANNEXURE F : PRESCRIBED FEES
ANNEXURE G : PROCESSING OF PERSONAL INFORMATION
ANNEXURE H : OUTCOME OF REQUEST AND OF FEES PAYABLE
ANNEXURE I : DEPUTY INFORMATION OFFICER APPOINTMENT
1. DEFINITIONS
1.1 Data Subject
The person to whom personal information relates.
1.2 Deputy Information Officer
The person to whom any power or duty conferred or imposed on an Information Officer by POPIA has been delegated.
1.3 Head
In relation to a private body means:
- in the case of a natural person, that natural person or any person duly authorised by that natural person;
- in the case of a partnership, any partner of the partnership or any person duly authorised by the partnership;
- in the case of a juristic person:
– the chief executive officer or equivalent officer of the juristic person or any person duly authorised by that officer; or
– the person who is acting as such or any person duly authorised by such acting person.
1.4 Information Officer
The head of a private body.
1.5 Information Regulator
The Regulator established in terms of Section 39 of POPIA.
1.6 PAIA
The Promotion of Access to Information Act 2 of 2000, as amended from time to time.
1.7 Person
A natural person or a juristic person.
1.8 Personal Information
- Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to: information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- Information relating to the education or the medical, financial, criminal or employment history of the person;
- Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person, the biometric information of the person;
- The personal opinions, views or preferences of the person; correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- The views or opinions of another individual about the person; and the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
1.9 Personal Requester
A requester seeking access to a record containing personal information about the requester.
1.10 POPIA
The Promotion of Personal Information Act 4 of 2013, as amended from time to time.
1.11 Private Body
- a natural person who carries or has carried on any trade, business or profession, but only in such capacity
- a partnership which carries or has carried on any trade, business or profession; or
- any former or existing juristic person, but excludes a public body.
1.12 Processing
Any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use, dissemination by means of transmission, distribution or making available in any other form, or merging, linking, as well as restriction, degradation, erasure or destruction of information.
1.13 Public Body
- any department of state or administration in the national or provincial sphere of government or any municipality in the local sphere of government; or
- in any other functionary or institution when:
– exercising a power or performing a duty in terms of the Constitution or a provincial constitution; or
– exercising a public power or performing a public function in terms of any legislation.
1.14 Requester
In relation to a private body, means any person, including, but not limited to public body or an official thereof, making a request for access to a record of the organisation or a person acting on behalf of such person.
1.15 Request for Access
A request for access to a record of the organisation in terms of section 50 of PAIA.
1.16 Record
Any recorded information regardless of the form or medium, in the possession or under the control of the organisation irrespective of whether or not it was created by the organisation.
1.17 Third Party
In relation to a request for access to a record held by the organisation, means any person other than the requester.
2. MANUAL PURPOSE
The Promotion of Access to Information Act, 2000, gives effect to section 32 of the Constitution, which provides that everyone has the right to access information held by the State or any other person (or private body), when that information is required for the exercise or protection of any rights.
The purpose of PAIA is to:
- foster a culture of transparency and accountability in public and private bodies by giving effect to the right of access to information, and to; and
- actively promote a society in which the people of South Africa have effective access to information to enable them to exercise and protect all of their rights more fully.
The organisation recognises everyone’s right to access to information and is committed to provide access to the organisation’s records where the proper procedural requirements as set out by PAIA and POPIA have been met.
The organisation’s PAIA manual is compiled in accordance with section 51 of the Act and contains the following provisions:
Annexure A : Contact Details & Business Type |
This section provides the organisation’s postal and street address, phone and fax number and, if available, the e-mail address of the head of the organisation. |
Annexure B : Section 10 PAIA Guide |
This section provides a description of the guide referred to in Section 10 of PAIA and how you may obtain access to it. |
Annexure C : Statutory Records |
This section provides a description of the various statutes in terms of which the organisation is required to maintain records. |
Annexure D : Availability of Records |
This section provides a list of records held by the organisation along with an indication of whether the record is freely available or only accessible by way of a formal request in terms of the provisions of PAIA. The section also provides a description of the category of data subject(s) to who the respective records relates along with an indication of the purpose for which the record is being kept. Records that are indicated as “Freely Available” can be accessed by contacting the Deputy Information Officer (see Annexure A), without having to follow any formal procedures. Records that are indicated as a “PAIA Request”, requires the requester to lodge a formal request as provided for in Annexure E. |
Annexure E : Request Procedure |
This section sets out the procedure required to be followed by a Request or to obtain access to a record indicated as a “PAIA Request” in Annexure D. |
Annexure F : Prescribed Fees |
This section sets out the fees that are payable to the organisation by the Requestor prior to the organisation processing a request to obtain access to a record held by the organisation. |
Annexure G : Processing of Personal Information |
This section sets out the applicable aspects for the processing of personal information. |
Annexure H : Deputy Information Officer Appointment |
This section provides for the formal appointment of a Deputy Information Officer where so o required. |
3. DUTIES OF THE INFORMATION OFFICER
The Information Officer and/or the Deputy Information Officer of the organisation are responsible for:
- Publishing and proper communication of the manual i.e. creating manual awareness;
- The facilitation of any request for access;
- Providing adequate notice and feedback to the requester;
- Determining whether to grant a request for access to a complete/full record or only part of a record;
- Ensuring that access to a record, where so granted, is provided timeously and in the correct format; and
- Reviewing the manual for accuracy and communicating any amendments.
3.1 Right of Access
The Information Officer and/or Deputy Information Officer may only provide access to any record held by the organisation to a requester if:
- The record is required for the exercise or protection of any right;
- The requester complies with the procedural requirements relating to a request for access to that record;; and
- Access to that record is not refused in terms of any of the grounds for refusal listed below.
The Requestor must complete and submit Annexure E to the organisation.
3.2 Grounds for Refusal
The Information Officer and/or Deputy Information Officer must assess whether there are any grounds for refusing a request for access.
Where any grounds for refusal are found, a request for access will not be granted and the Information Officer and/or Deputy Information Officer must complete Annexure H and make the completed Annexure available to the Requestor.
However, despite finding any grounds for refusal, access to the record(s) will be provided where:
- the disclosure of the record would reveal evidence of a substantial contravention of, or failure to comply with the law or imminent and serious public or environmental risk; and
- the public interest in disclosing record, will clearly outweigh the harm contemplated in the provision in question,
where there are no grounds for refusal, request for access will be granted.
If a request for access is made with regards to a record containing information that would justify a ground for refusal, every part of the record which
- does not contain; and
- can reasonably be severed from any part that contains, any such information must, despite any other provision of PAIA, also be disclosed,
the grounds for refusal, or absence thereof, are set out below:
A: Mandatory Protection of privacy of a Third Party who is a Natural Person |
Grounds for Refusal: |
|
No Grounds for Refusal: |
|
B: Mandatory Protection of Commercial Information of a Third Party |
Grounds for Refusal: |
|
No Grounds for Refusal: |
|
C: Mandatory Protection of certain Confidential Information of a Third Party |
Grounds for Refusal: |
|
D: Mandatory Protection of Safety of Individuals and Protection of Property |
Grounds for Refusal: |
|
E: Mandatory Protection of Records privileged from Production in Legal Proceedings |
Grounds for Refusal: |
|
F: Commercial Information of the Organisation |
Grounds for Refusal: |
|
No Grounds for Refusal |
|
G: Mandatory Protection of Research Information of a Third Party and the Organisation |
Grounds for Refusal: |
|
4. NOTICE
4.1 Fee Payable
Where a request for access has been received the Information Officer and/or Deputy Information Officer will notify the requester of receipt and the prescribed fee (if any) that is payable prior to processing the request. Refer to Annexure F for a full breakdown of fees payable. Personal Requesters will not be charged a request fee.
The notice must state:
- The amount of the deposit payable (if any);
- That the requester may lodge a complaint with the Information Regulator or an application with a court against the tender or payment of the request fee, or the tender or payment of a deposit, as the case may be; and
- The procedure (including the period) for lodging the complaint with the Information Regulator or the application,
except to the extent that the provisions regarding third party notification may apply, the Information Officer and/or Deputy Information Officer to whom the request is made, must as soon as reasonably possible, but in any event within 30 days, after the request has been received in the prescribed format:
- Decide in accordance with PAIA whether to grant the request; and
- Notify the requester of the decision and, if the requester stated that he or she wishes to be informed of the decision in any other manner, inform him or her in that manner, if it is reasonably possible.
4.2 Granted Request for Access
If the request for access is granted, the notice must state:
- The access fee (if any) to be paid upon access;
- The form in which access will be given; and
- That the requester may lodge a complaint with the Information Regulator or an application with a court against the access fee to be paid or the form of access granted, and the procedure, including the period allowed, for lodging a complaint with the Information Regulator or the application.
4.3 Refused Request for Access
If the request for access is refused, the notice must:
- State adequate reasons for the refusal, including the relevant provision of PAIA that was relied on;
- Exclude, from any such reasons, any reference to the content of the records’; and
- State that the requester may lodge a complaint with the Information Regulator or an application with a court against the refusal of the request, and the procedure (including the period) for lodging a complaint with the Information Regulator or the application.
4.4 Undiscoverable Record
Should all reasonable steps have been taken to find a record requested, and there are reasonable grounds for believing that the record:
- Is in the organisation’s possession, but cannot be found; or
- Simply does not exist,
the head of the organisation must, by way of affidavit or affirmation, notify the requester that it is not possible to provide access to that record. The affidavit or affirmation must provide full account of all steps taken to find the record in question or to determine whether the record exists, as the case may be, including all communication with every person who conducted the search on behalf of the head.
5. AVAILABILITY OF THE MANUAL
A copy of the Manual is available-
- on (specify the website), if any;
- head office of the (name of the body) for public inspection during normal business hours;
- to any person upon request and upon the payment of a reasonable prescribed fee; and
- to the Information Regulator upon request.
A fee for a copy of the Manual, as contemplated in Annexure F, shall be payable per each A4-size photocopy made.
ANNEXURE A: CONTACT DETAILS & BUSINESS TYPE
A. Organisation Contact Details | |
Postal address: | P.O. Box 783088, Sandton, Gauteng, 2146 |
Street address: | RockWealth Capital, 8th Floor, Firestation Rosebank, 16 Baker Street, Rosebank, Gauteng, 2196 |
Phone number: | +27 (0)10 599 5959 |
Email address: | info@rockwealth.co.za |
Fax number: | N/A |
B. Head of Organisation | |
Full names & surname: | Louis Christian Pfeiffer |
Email address: | louis@rockwealth.co.za |
Phone number: | +27 (0)84 800 0246 |
Fax number: | N/A |
C. Deputy Information Officer | |
Full names & surname | Juané van Dyk |
Email address: | admin@rockwealth.co.za |
Phone number: | +27 (0)10 599 5959 |
Fax number: | N/A |
D. Business Type | |
The organisation conducts its main type of business in the following sector(s): | |
Finance & Business Services | X |
ANNEXURE B: SECTION 10 PAIA GUIDE
The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.
The Guide is available in each of the official languages and in braille.
The aforesaid Guide contains the description of-
- the objects of PAIA and POPIA;
- the postal and street address, phone and fax number and, if available, electronic mail address of-
the Information Officer of every public body, and
every Deputy Information Officer of every public and private body designated in terms of section 17(1) of PAIA and section 56 of POPIA ;
- the manner and form of a request for- access to a record of a public body contemplated in section 11 ; and access to a record of a private body contemplated in section 50 ;
- the assistance available from the IO of a public body in terms of PAIA and POPIA;
- the assistance available from the Regulator in terms of PAIA and POPIA;
- all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging- an internal appeal; a complaint to the Regulator; and an application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body;
- the provisions of sections 14 and 51 requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual;
- the provisions of sections 15 and 52 providing for the voluntary disclosure of categories of records by a public body and private body, respectively;
- the notices issued in terms of sections 22 and 54 regarding fees to be paid in relation to requests for access; and the regulations made in terms of section 92.
Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.
The Guide can also be obtained-
- upon request to the Information Officer;
- from the website of the Regulator (https://www.justice.gov.za/inforeg/).
PAIA grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights. Where a public body lodges a request, the public body must be acting in the public interest.
Requests in terms of PAIA shall be made in accordance with the prescribed procedures at the rates provided.
ANNEXURE C: STATUTORY RECORDS
The organisation maintains statutory records and information in terms of the following legislation:
Arbitration Act | X |
Basic Conditions of Employment Act | X |
Collective Investment Schemes Control Act | X |
Companies Act | X |
Compensation of Occupational Injuries & Diseases Act | X |
Consumer Protection Act | X |
Copyright Act | X |
Electronic Communications and Transactions Act | X |
Employment Equity Act | X |
Financial Advisory & Intermediary Services Act | X |
Financial Institutions (Protection of Funds) Act | X |
Financial Intelligence Centre Act | X |
Friendly Societies Act | X |
Income Tax Act | X |
Insolvency Act | X |
Labour Relations Act | X |
Long-term Insurance Act | X |
Occupational Health and Safety Act | X |
Pension Funds Act | X |
Prevention of Organised Crime Act | X |
Prevention and Combatting of Corrupt Activities Act | X |
Promotion of Equality and Prevention of Unfair Discrimination Act | X |
Protection of Constitutional Democracy against Terrorist and related Activities Act | X |
Short-term Insurance Act | X |
Skills Development Act | X |
Unemployment Insurance Act | X |
Value Added Tax Act | X |
ANNEXURE D: AVAILABILITY OF RECORDS
The organisation maintains the following categories of records and related subject matter. The status of the record’s availability, the purpose for its processing and the relevant data subject category to who the record relates are set out below:
Category: | Record: | Availability: | Purpose: | Data Subject: |
Public Affairs | Public Product Information | Freely Available | Convey Public Information | Organisation |
Public Affairs | Public Corporate Records | Freely Available | Convey Public Information | Organisation |
Public Affairs | Media Releases | Freely Available | Convey Public Information | Organisation |
Public Affairs | Published Newsletters | Freely Available | Convey Public Information | Organisation |
Public Affairs | Magazine Articles | Freely Available | Convey Public Information | Organisation |
Category: | Record: | Availability: | Purpose: | Data Subject: |
Regulatory & Administrative | Permits, Licenses or Authorities | Freely Available | Statutory Requirement | Organisation |
Regulatory & Administrative | Conflict of Interest Management Policy | Freely Available | Statutory Requirement | Organisation |
Regulatory & Administrative | Complaints Policy | Freely Available | Statutory Requirement | Organisation |
Regulatory & Administrative | FICA Internal Rules | PAIA Request | Statutory Requirement | Organisation |
Regulatory & Administrative | Health & Safety Plan | PAIA Request | Statutory Requirement | Organisation |
Regulatory & Administrative | Memorandum of Incorporation | PAIA Request | Statutory Requirement | Organisation |
Regulatory & Administrative | Minutes of Board or Directors Meetings | PAIA Request | Statutory Requirement | Organisation |
Regulatory & Administrative | Register of Members | PAIA Request | Statutory Requirement | Organisation |
Regulatory & Administrative | Register of Board of Directors | PAIA Request | Statutory Requirement | Organisation |
Regulatory & Administrative | Internal correspondence (e-mails/memos) | PAIA Request | Internal Communications | Employees |
Regulatory & Administrative | Insurance Policies held by organisation | PAIA Request | Risk Management | Organisation |
Category: | Record: | Availability: | Purpose: | Data Subject: |
Human Resources | Employment Applications | PAIA Request | Internal Referencing | Employees |
Human Resources | Employment Contracts | PAIA Request | Contractual Agreement | Employees |
Human Resources | Personal Information of Employees | PAIA Request | Internal Referencing | Employees |
Human Resources | Employment Equity Plan | PAIA Request | Statutory Requirement | Organisation |
Human Resources | Medical Aid Records | PAIA Request | Internal Referencing | Employees |
Human Resources | Pension Fund Records | PAIA Request | Internal Referencing | Employees |
Human Resources | Disciplinary Records | PAIA Request | Statutory Requirement | Employees |
Human Resources | Performance Management Records | PAIA Request | Internal Referencing | Employees |
Human Resources | Salary Records | PAIA Request | Internal Referencing | Employees |
Human Resources | Employee Benefit Records | PAIA Request | Internal Referencing | Employees |
Human Resources | PAYE Records | PAIA Request | Statutory Requirement | Employees |
Human Resources | Seta Records | PAIA Request | Statutory Requirement | Employees |
Human Resources | Disciplinary Code | PAIA Request | Statutory Requirement | Organisation |
Human Resources | Leave Records | PAIA Request | Internal Referencing | Employees |
Human Resources | Training Records | PAIA Request | Internal Referencing | Employees |
Human Resources | Training Manual | PAIA Request | Internal Referencing | Organisation |
Category: | Record: | Availability: | Purpose: | Data Subject: |
Financial | Financial Statements | PAIA Request | Internal Referencing | Organisation |
Financial | Financial and Tax Records | PAIA Request | Statutory Requirement | Organisation |
Financial | Asset Register | PAIA Request | Internal Referencing | Organisation |
Financial | Management Accounts and Reports | PAIA Request | Internal Referencing | Organisation |
Financial | Vouchers, Cash Books and Ledgers | PAIA Request | Internal Referencing | Organisation |
Financial | Banking Records and Statements | PAIA Request | Internal Referencing | Organisation |
Financial | Electronic Banking Records | PAIA Request | Internal Referencing | Organisation |
Category: | Record: | Availability: | Purpose: | Data Subject: |
Marketing | Market Information | PAIA Request | Internal Referencing | Organisation |
Marketing | Product Brochures | PAIA Request | Internal Referencing | Organisation |
Marketing | Advertisements | PAIA Request | Internal Referencing | Organisation |
Marketing | Field Records | PAIA Request | Internal Referencing | Organisation |
Marketing | Performance Records | PAIA Request | Internal Referencing | Organisation |
Marketing | Product / Service Sales Records | PAIA Request | Internal Referencing | Organisation |
Marketing | Marketing Strategies | PAIA Request | Internal Referencing | Organisation |
Category: | Record: | Availability: | Purpose: | Data Subject: |
Client Customer | Customer / Client Database | PAIA Request | Internal Referencing | Customers |
Client Customer | Customer / Client agreements | PAIA Request | Internal Referencing | Customers |
Client Customer | Customer / Client Files | PAIA Request | Internal Referencing | Customers |
Client Customer | Customer / Client Instructions | PAIA Request | Internal Communications | Customers |
Client Customer | Customer / Client Correspondence | PAIA Request | External Communications | Customers |
Category: | Record: | Availability: | Purpose: | Data Subject: |
Third Party | Rental agreements | PAIA Request | Contractual Agreement | Third Party |
Third Party | Franchise agreements | PAIA Request | Contractual Agreement | Third Party |
Third Party | Non-disclosure agreements | PAIA Request | Risk Management | Third Party |
Third Party | Letters of Intent | PAIA Request | Contractual Agreement | Third Party |
Third Party | Supplier Contracts | PAIA Request | Contractual Agreement | Third Party |
ANNEXURE E: REQUEST PROCEDURE
To facilitate the processing of your request, kindly complete and submit the form below to the e-mail address of the Deputy Information Officer indicated in Annexure A.
The Deputy Information Officer will notify the requester that a request for access has been received and that the prescribed fee (if any) is payable prior to processing the request. Please refer to Annexure F for a full breakdown of fees payable. Personal requesters will not be charged a request fee.
Once the request has been processed, the Deputy Information Officer will inform you of the outcome of your request and any additional fees that may fall due.
Please be advised that PAIA provides a number of grounds on which a request for access to information must be refused. These grounds mainly comprise instances where:
- the privacy and interests of other individuals are protected.
- where such records are already otherwise publicly available.
- instances where public interest are not served.
- the mandatory protection of commercial information of a third party.
- the mandatory protection of certain confidential information of a third party.
When completing the form below please:
- indicate the identity of the person seeking access to the information.
- provide sufficient particulars to enable the deputy information officer to identify the information requested.
- specify the format in which the information is required.
- indicate the contact details of the person requiring the information.
- indicate the right to be exercised and/or to be protected, and specify the reasons why the information required will enable the person to protect and/or exercise the right.
- where the person requesting the information wishes to be informed of the decision of the request in a particular manner, state the manner and particulars to be so informed.
- if the request for information is made on behalf of another person, submit proof that the person submitting the request, has obtained the necessary authorisation to do so.
NOTE:
- Proof of identity must be attached by the requester.
- If requests made on behalf of another person, proof of such authorisation, must be attached to this form.
ANNEXURE F: PRESCRIBED FEES
The following applies to requests (other than personal requests):
- A requester is required to pay a preliminary request fee before a request will be processed.
- If the preparation of the record requested requires more than the prescribed hours (six), an additional deposit shall be paid (of not more than one third of the access fee which would be payable if the request was granted).
- A requestor may lodge an application with a court against the render / payment of the request fee and/or deposit.
- Records may be withheld until the fees have been paid.
No. | Description | Fee |
1. | The request fee payable by every requester | R140.00 |
2. | Photocopy/printed black & white copy of A4-size page | R2.00 |
3. | Printed copy of an A4 size page | R2.00 |
4. | For a copy in a computer-readable form on: | R2.00 |
i. | Flash drive (to be provided by requester) | R40.00 |
ii. | Compact disc: provided by requestor | R40.00 |
iii. | Compact disc: provided to the requestor | R60.00 |
5. | For a transcription of visual images per A4-size page | Outsourced |
6. | Copy of a visual images | Outsourced |
7. | Transcription of an audio record, per A-4 size page | R24.00 |
Description | ||
For a transcription of visual images per A4-size page | Outsourced | |
Copy of a visual images | Outsourced | |
Transcription of an audio record, per A-4 size page | R24.00 | |
Description | ||
8. | For a copy of an audio record on | |
i. | Flash drive (to be provided by requester) | R40.00 |
ii. | Compact disc: | |
If provided by requestor | R40.00 | |
If provided to the requestor | R60.00 | |
9. | To search for and prepare the record for disclosure for each hour or part of an hour, excluding the first hour, reasonably required for such search and preparation. | R145.00 |
To not exceed a total cost of | R435.00 | |
Deposit: If search exceeds 6 hours: | ||
10. | (One third of amount per request i.t.o items 2 – 8) | See above. |
11. | Postage, e-mail or any other electronic transfer | For own account. |
ANNEXURE G: PROCESSING OF PERSONAL INFORMATION
1 Purpose of Processing Personal Information
Describe the purpose or reasons for processing personal information in your organisation.
2. Description of the categories of Data Subjects and of the information or categories of information relating thereto
Specify the categories of data subjects in respect of whom the body processes personal information and the nature or categories of the personal information being processed.
Below is the template that can be used to set out the categories of data subjects and the description of the nature or categories of the personal information to be processed. Note that the nature or categories of the personal information is dependent on the purpose of the body in performing its functions or services.
Categories of Data Subjects | Personal Information that may be processed |
Customers / Clients | name, address, registration numbers or identity numbers, employment status and bank details |
Service Providers | names, registration number, vat numbers, address, trade secrets and bank details |
Employees | address, qualifications, gender and race |
3. The recipients or categories of recipients to whom the personal information may be supplied
Specify the person or category of persons to whom the body may disseminate personal information. Below is an example of the category of personal information which may be disseminated and the recipient or category of recipients of the personal information.
Category of personal information | Recipients or Categories of Recipients to whom the personal information may be supplied |
Identity number and names, for criminal checks | South African Police Services |
Qualifications, for qualification verifications | South African Qualifications Authority |
Credit and payment history, for credit information | Credit Bureaus |
4. Planned trans-border flows of personal information
Indicate if the body has planned trans-border flows of personal information. For example, some personal information may be stored in the cloud outside the Republic. Please specify the country in which personal information will be stored and categories of personal information.
5. General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information
Specify the nature of the security safeguards to be implemented or under implementation to ensure the confidentiality and integrity of the personal information under the care of the body. This may, for example, include Data Encryption; Anti-virus and Anti-malware Solutions.