POPI MANUAL
as prescribed by the provisions of
THE PROMOTION OF ACCESS TO INFORMATION ACT, 2000
and
THE PROTECTION OF PERSONAL INFORMATION ACT, 2013
1 DEFINITIONS
1.1 Company means Niya Consulting Pty Ltd (Registration No: 2018/510978/07), a company duly registered and incorporated with the company laws of the Republic of South Africa and having its principal place of business situated at, Glenashley Views, 36 Newport Avenue, Glenashley, Durban, KwaZulu-Natal, Republic of South Africa;
1.2 Conditions for Lawful Processing means the conditions for the lawful processing of Personal
Information as fully set out in chapter 3 of POPIA;
1.3 Constitution means the Constitution of the Republic of South Africa, 1996;
1.4 Client refers to any natural or juristic person that received or receives legal services from the Company;
1.5 Data Subject has the meaning ascribed thereto in section 1 of POPIA which is a person to whom
personal information relates, being a Client, Debtor or any other third party;
1.6 Information Officer, in relation to a private body, means the head of the private body as contemplated in Section 1 of PAIA and Regulation 5.1 of the POPIA Regulations, in this case being Niya Consulting’s Managing Director as referred to in clause 4;
1.7 Information Regulator means the Regulator established in terms of Section 39 of POPIA, with the powers, duties and functions as contained in Section 40 of POPIA;
1.8 Manual means this manual prepared in accordance with section 51 of PAIA and regulation 4(1) (c) of the POPIA Regulations;
1.9 PAIA means the Promotion of Access to Information Act, 2000;
1.10 Personal Information has the meaning ascribed thereto in section 1 of POPIA which means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including but not limited to:-
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identified or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature of further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
- Personnel refers to any person who works for, or provides services to or on behalf of the Company, and receives or is entitled to receive remuneration and any other person who assists in carrying out or conducting the business of the Company, which includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff as well as candidate attorneys and other contract workers;
- POPIA means the Protection of Personal Information Act, 2013;
- POPIA Regulations mean the regulations promulgated in terms of section 112(2) of POPIA;
- Private Body has the meaning ascribed thereto in sections 1 of both PAIA and POPIA which is
- a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
- a partnership which carries or has carried on any trade, business or profession; or
- any former or existing juristic person, but excludes a public body.
1.15 Processing has the meaning ascribed thereto in section 1 of POPIA which is any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:-
- the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- dissemination by means of transmission, distribution or making available in any other form; or
- merging, linking, as well as restriction, degradation, erasure or destruction of information.
- Responsible Party has the meaning ascribed thereto in section 1 of POPIA which is a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;
- Record has the meaning ascribed thereto in section 1 of PAIA and Section 1 of POPIA which means any recorded information, regardless or form or medium, in the possession or under the control of a responsible party, whether or not it was created by a responsible party, and regardless of when it came into existence.
- Requester has the meaning ascribed thereto in section 1 of PAIA which means, in relation to the Company being a private body, any person, including but not limited to, a public body or an official thereof, making a request for access to a record of that private body, or a person acting on behalf of the person contemplated above. This is other than the Data Subject himself/herself/itself.
- Request for Access has the meaning ascribed thereto in section 1 of PAIA as read with Section 50 of PAIA and Section 23 of POPIA; and
- SAHRC means the South African Human Rights Commission.
Capitalised terms used in this Manual have the meanings ascribed thereto in section 1 of POPIA and PAIA as the context specifically requires, unless otherwise defined herein.
2 PURPOSE OF THE MANUAL
This Manual:
2.1 in general, provides the postal and street address, phone and email address of the head of the Company;
2.2 for the purposes of PAIA, details a description of the SAHRC guide in terms of Section 10 of PAIA and how to access it, contains the latest Section 52(2) Notice with regards to the categories of record of the Company which are available without a person having to request access thereto, a description of the records of the Company which are available in accordance with any other legislation and sufficient detail of the procedure to be followed by a Requester and the manner in which a Request for Access will be facilitated; and
2.3 for the purposes of POPIA, amongst other things, details the purpose for which Personal
Information may be processed; a description of the categories of Data Subjects for whom the Company Processes Personal Information as well as the categories of Personal Information relating to such Data Subjects; the recipients to whom Personal Information may be supplied; the process should there be any transborder flow of the personal information and a general description allowing a preliminary assessment of the suitability of the information security measures to be implemented by the Responsible Party to ensure confidentiality, integrity and availability of the information which is to be processed.
- COMPANY DETAILS
- The details of the Company are as follows:
Physical address |
Niya Consulting Pty Ltd Glenashley Views 36 Newport Avenue Durban |
Postal address: |
Niya Consulting Pty Ltd Glenashley Views 36 Newport Avenue Durban |
Email address: |
devon@niyaconsulting.co.za |
|
|
Tel number |
+27 72 134 2225 |
- CONTACT DETAILS OF THE INFORMATION OFFICER
- The Information Officer’s contact details are as follows:
Name |
Thandeka Zulu |
Physical address |
Niya Consulting Pty Ltd Glenashley Views 36 Newport Avenue Durban |
Postal address |
Niya Consulting Pty Ltd Glenashley Views 36 Newport Avenue Durban |
Email address: |
thandeka@niyaconsutling.co.za |
|
|
Tel number |
+27 72 637 0736 |
5 PUBLICATION AND AVAILABILITY OF CERTAIN RECORDS IN TERMS OF PAIA
5.1 Schedule of Records
The Schedule of Records as contained in Appendix 1 of this Manual details the Records that are held and/or Processed by the Company for the purposes of PAIA and POPIA respectively. Access to such Records may not be granted if they are subject to the grounds of refusal which are specified in clause 7 below. In terms of Regulation 9A, the Company voluntarily / automatically avails its online articles and this Manual for access to the public.
5.2 List of applicable legislation
- The Company retains records which are required in terms of legislation other than PAIA.
- Certain legislation provides that private bodies shall allow certain persons access to specified records, upon request. Legislation that may be consulted to establish whether the Requester has a right of access to a record other than in terms of the procedure set out in the PAIA are set out in Appendix 2.
- SAHC GUIDE
- A guide has been complied in terms of Section 10 of PAIA by the Human Rights It contains information required by a person wishing to exercise any right, contemplated by PAIA. It is available in all of the official languages.
- The Guide is available for inspection, inter alia, at the offices of the Human Rights Commission, contact details of which are as follows:
Address: 29 Princess of Wales Terrace
Cnr York and St. Andrews Street
Parktown
2193
Postal: South African Human Rights Commission
Promotion of Access to Information Act Unit
Private Bag 2700
Houghton
2041
Telephone: (011) 484-8300
Telefax: (011) 484-0582
Website: www.sahrc.org.za
E-mail: paiar.sahrc.org.za
7 RIGHT OF ACCESS TO RECORDS OF PRIVATE BODIES IN TERMS OF PAIA
A Requester must be given access to any record of a private body if the record is required for the exercise or protection of any rights, that requester complies with the procedure relating to access and access to that record is not refused on a ground in terms of Part 3, Chapter 4 of this Act. Such request shall include a request for access to a record containing personal information about the requester or the person on whose behalf the request is made. Should a public body require access to a record for the exercise or protection of any rights other than its own rights, then it must be acting in the public interest.
As contemplated in Sections 23 and 24 of POPIA, a Data Subject may, upon proof of adequate identification, within a reasonable time and at a reasonable fee, request access to the personal information held by the Company, which personal information relates to the Data Subject, including information about the identity of all third parties or categories of third parties who have or have had access to such personal information. The Data Subject must comply with clause 11 below in respect of requests for access.
The Data Subject is further entitled to request a correction or deletion of their personal information, which request must be in the correct format, on the following grounds: 1) In light of the purpose for processing the information, it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or has been obtained unlawfully; or
2) The Company is no longer authorised to retain such personal information.
Form 2 of the POPIA Regulations is used for correction / deletion of personal information and is appended hereto as Appendix 3A
Upon request in terms of POPIA, the Company must give the Data Subject a written estimate of the fee for providing the services and request that a deposit is paid. PAIA has prescribed statutory fees for any request in terms thereof, where any person other than the Data Subject itself has requested access to records. However, the same fees shall be applicable to any request made in terms of Section 23 and 24 of POPIA for uniformity purposes.
8 GROUNDS FOR REFUSAL OF ACCESS TO RECORDS IN TERMS OF PAIA
The following are the grounds on which the Company may, subject to the exceptions contained in Part 3, Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:
8.1 mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable;
8.2 mandatory protection of the commercial information of a third party, if the Records contain:
- trade secrets of that third party;
- financial, commercial, scientific or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or
- information disclosed in confidence by a third party to the Company, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition;
- mandatory protection of confidential information of third parties if it is protected in terms of a duty of confidence owed to the third party in terms of an agreement;
- mandatory protection of the safety of individuals and the protection of property;
- mandatory protection of Records that would be regarded as privileged in legal proceedings;
- protection of the commercial information of the Company, which may include:
- trade secrets;
- financial/commercial, scientific or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of the Company;
- information which, if disclosed, could put the Company at a disadvantage in contractual or other negotiations or prejudice the Company in commercial competition; and/or
- computer programs which are owned by the Company, and which are protected by
copyright and intellectual property laws;
- research information of the Company or a third party, if such disclosure would place the research or the researcher at a serious disadvantage; and
- Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.
9 INFORMATION OR RECORDS NOT FOUND
If the Company cannot find the records that the Requester is looking for despite reasonable and diligent search and it believes either that the records are lost or that the records are in its possession but unattainable, the Requester will receive a notice in this regard from the Information Officer in the form of an affidavit setting out the measures taken to locate the document and accordingly the inability to locate the document.
10 REMEDIES AVAILABLE TO THE REQUESTER UPON REFUSAL OF A REQUEST FOR ACCESS IN TERMSOF PAIA
10.1. The Company does not have internal appeal procedures. As such, the decision made by the Information Officer is final, and Requesters will have to exercise such external remedies at their disposal if the Request for Access is refused
10.2. In terms of Section 77A of PAIA, a requester may submit a complaint to the Information Regulator within 180 days of the Company’s decision, The Information Regulator will then investigate the complaint and advise the requester of the decision accordingly. The Information Regulator may issue an Enforcement Notice to the Company which obliges the Company to comply with the request.
10.3 In accordance with sections 56(3) (c) and 78 of PAIA, a Requester may apply to a court for
relief within 180 days of notification of the decision for appropriate relief, if the requester has exhausted the Company’s internal remedies or has referred the matter to the Information Regulator in terms of Section 77A without any success.
11 PROCEDURE FOR A REQUEST FOR ACCESS IN TERMS OF PAIA AMD POPIA
11.1 A Requester must comply with all the procedural requirements as contained in section 53 of PAIA relating to a Request for Access to a Record.
11.2 A Requester must complete the prescribed Request for Access form attached as Appendix 3, and submit the completed Request for Access form as well as payment of a request fee (if applicable) and a deposit (if applicable), to the Information Officer at the postal or physical address, facsimile number or electronic mail address stated in clause 4 above.
11.3 The Request for Access form must be completed with enough detail so as to enable the Information Officer to identify the following:
- the Record/s requested;
- the identity of the Requester;
- the form of access that is required, if the request is granted;
- the postal address or fax number of the Requester; and
- the right that the Requester is seeking to protect and an explanation as to why the Record is necessary to exercise or protect such a right.
- If a Request for Access is made on behalf of another person, the Requester must submit proof of the capacity in which the Requester is making the request to the reasonable satisfaction of the Information Officer.
- If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.
- The Company will voluntarily provide the requested Records to a Personal Requester (as defined in section 1 of PAIA). The prescribed fee for reproduction of the Record requested by a Personal Requester will be charged in accordance with section 54(6) of PAIA and paragraph 11
12 FEES
12.1 When the Request for Access is received by the Information Officer, the Information Officer will by notice require the Requester, other than a Personal Requester, to pay the prescribed request fee (if any), before further processing of the Request for Access.
12.2 Prescribed request fees are set out in Appendix 4.
12.3 If the search for a Record requires more than the prescribed hours for this purpose, the Information Officer will notify the Requester to pay as a deposit, the prescribed portion of the access fee (being not more than one third) which would be payable if the Request for Access is granted.
12.4 The Information Officer will withhold a Record until the Requester has paid the fees set out in Appendix 4.
12.5 A Requester whose Request for Access to a Record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the Record for disclosure, including making arrangements to make it available in a requested form provided for in PAIA.
12.6 If a deposit has been paid in respect of a Request for Access which is refused, the Information Officer will repay the deposit to the Requester.
13 DECISION TO GRANT ACCESS TO RECORDS
13.1 The Company will decide whether to grant or decline the Request for Access within 30 days of receipt of the Request for Access and must give notice to the Requester with reasons (if required) to that effect.
13.2 The period referred to above may be extended for a further period of not more than 30 days if the
Request for Access is for a large number of Records or the Request for Access requires a search for Records held at an off-site storage facility and the Records cannot reasonably be obtained within the original 30 day period.
13.3 The Company will notify the Requester in writing should an extension of time as contemplated above be required.
13.4 If, in addition to a written reply from the Information Officer, the Requester wishes to be informed of the decision on the Request for Access in any other manner, the Requester must state the manner and particulars so required.
14 PROTECTION OF PERSONAL INFORMATION THAT IS PROCESSED BY THE COMPANY
14.1 Chapter 3 of POPIA provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in POPIA.
The conditions are as follows:
- Accountability (Section 8);
- Processing limitation (Sections 9 to 12);
- Purpose specification (sections 13 to 14);
- Further processing limitation (Section 15);
- Information quality (Section 16);
- Openness (Sections 17 to 18);
- Security safeguards (Sections 19 to 22); and
- Data subject participation (Sections 23 to 25).
- The Company needs Personal Information relating to both individual and juristic persons in order to carry out its business and organisational functions. The Company provides a variety of legal services including inter alia winding-up of deceased estates, conveyancing, court proceedings and commercial legal services, and as such processes the personal information in accordance thereto.
- The manner in which this information is Processed and the purpose for which it is Processed is determined by the Company according to the action authorised by the Client. The Company requires its Clients to conclude mandates with the respective company representatives, which mandates shall outline the reason for processing the personal information and the action which the Client requires in respect of legal services to be rendered.
- The Company is accordingly a Responsible Party for the purposes of POPIA and will ensure that the Personal Information of a Data Subject:
- is processed lawfully, fairly, transparently and in a reasonable manner that does not infringe the privacy of the Data Subject. This includes obtaining the requisite consent from the Data Subject in the form of a privacy or data collection notice, unless:
- the processing is necessary to carry out the actions for the conclusion or performance of a contract to which the Data Subject is a party;
- the processing complied with an obligation imposed by law on the responsible party;
- the processing protects a legitimate interest of the Data Subject; or
- the processing is necessary for pursuing the legitimate interest of the Company or of a third party to whom the personal information is supplied.
- is collected directly from the Data Subject unless such personal information forms public record, collection from another source is necessary for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated, collection from another source would be necessary to maintain the legitimate interests of the responsible party or of a third party, or obtaining consent would prejudice a lawful purpose of the collection or not be reasonably practicable in the circumstances;
- is processed only for the purposes for which it was collected, which purpose is related to a function or activity of the Company as stipulated above;
- will not be processed for a secondary purpose unless inter alia that processing is compatible with the original purpose, or the Data Subject has consented to the further processing, or the further processing is relevant for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated.
- is accurate and kept up to date, with the Company taking reasonably practicable steps to ensure such information is updated including obtaining updated information from the Data
Subject directly or from a third party, as the case may be;
- will be retained for a period of five years as required by relevant law unless stated otherwise, and shall be destroyed or deleted as soon as reasonably practicable after the
Company is no longer permitted to retain such information;
- is processed in accordance with integrity and confidentiality principles; this includes physical and organisational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, used and communicated by the Company or Data Subject, in order to protect against access and acquisition by unauthorised persons and accidental loss, destruction or damage. In light of this, the Company has established the following safety measures:
1. locked cabinet storage which requires prior authorised access;
- confidentiality and privacy internal workplace policies binding all Company personnel to the provisions therein; and
- online security measures to ensure authorised access to third party databases to process personal information;
- agreements of confidentiality with third party service providers, including Messenger King and Globeflight.
(8) is processed in accordance with the rights of Data Subjects as contemplated in Sections 5, 11(2), 11(3), 23 and 24 of POPIA, where applicable. Data Subjects have the right to:
- be notified that their Personal Information is being collected by the Company. The
Data Subject also has the right to be notified in the event of a data breach;
- know whether the Company holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Manual;
- request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;
- object to the Company’s use of their Personal Information and request the deletion of such Personal Information (deletion would be subject to the Company’s record keeping requirements);
- object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications; and
- complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non-compliance with the protection of his, her or its personal information.
14.5 PERSONAL INFORMATION OF CHILDREN
The Company shall only process personal information of children with the prior consent of the Data Subject or if it is necessary for the establishment, exercise or defence of a right or obligation in law. The Company respects the rights of the child. The purposes for processing such information, if necessary, are outlined in Part 1 of Appendix 5.
14.6 Purpose of the Processing of Personal Information by the Company
As outlined above, Personal Information may only be Processed for a specific purpose. The purposes for which the Company Processes or will Process Personal Information is set out in Part 1 of Appendix 5.
14.7 Categories of Data Subjects and Personal Information/special Personal Information relating thereto
As per section 1 of POPIA, a Data Subject may either be a natural or a juristic person. Part 2 of Appendix 5 sets out the various categories of Data Subjects that the Company Processes Personal Information on and the types of Personal Information relating thereto.
14.8 Recipients of Personal Information
Part 3 of Appendix 5 outlines the recipients to whom the Company may provide a Data Subjects Personal Information to.
14.9 Description of information security measures to be implemented by the Company
Part 4 of Appendix 5 sets out the types of security measures to implemented by the Company in order to ensure that Personal Information is respected and protected. A preliminary assessment of the suitability of the information security measures implemented or to be implemented by the Company may be conducted in order to ensure that the Personal Information that is processed by the Company is safeguarded and Processed in accordance with the Conditions for Lawful Processing.
14.10 Objection to the Processing of Personal Information by a Data Subject
Section 11 (3) of POPIA and regulation 2 of the POPIA Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its Personal Information in the prescribed statutory form attached to this manual as Appendix 6 subject to exceptions contained in POPIA.
14.11 Request for correction or deletion of Personal Information
Section 24 of POPIA and regulation 3 of the POPIA Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form attached as Appendix 7 to this Manual.
15 AVAILABILITY OF THE MANUAL
15.1 This Manual is made available in terms of PAIA and section 4 of the Regulations to POPIA.
15.2 This Manual is also available at: https://www.niyaconsulting.co.za.
15.3 This Manual is further available at the offices of the Company for inspection during normal business hours. No fee will be levied for inspection as contemplated in this clause.
15.4 Copies of the Manual can be obtained from the Information Officer. A fee will be levied for copies of the manual in accordance with Appendix 4.
15.5 Access forms are also available at https://www.justice.gov.za/forms/form_paia.htm
16 RESERVATION OF RIGHTS
Nothing in this manual is to be construed as a waiver of the right to the confidentiality of any document or any legal privilege or right of non-disclosure attaching to any document mentioned herein, whether in terms of any statute or under the common law. All rights in this regard are fully reserved.
Appendix 1
Description of the subjects on which the Company holds records, and the categories of records held on each subject. Each of these records are available on request in terms of PAIA, subject to the provisions of the Act and subject to Attorney Client privilege, in terms of Clause 7 above:
- Client Records
- Correspondence (recorded in writing, verbal or on Whatsapp or sms); contact numbers; email address; physical and postal address; fee records; contracts and mandates; business information; identity/passport document; proof of residence; banking records; consultation notes;
- Management agreements; resolutions; minutes of meetings; memorandum of incorporation; CIPC documentation; other legal documentation and contracts;
- Accounting records; banking records; remittances; invoices and statements; tax records and returns;
- Personnel information; general terms of employment; letters of employment; policies and codes of conduct; salary slips;
- Property
Company / Client leases; building plans; asset register; finance and lease agreements for movable property
- Legal
Complaints; pleadings; briefs and other documents pertaining to any actual, pending or threatened litigation, arbitration or investigation; material licences, permits and authorisations
- Corporate Governance
Codes of conduct; staff and board meeting minutes; legal compliance records; policies; Certificate of
Incorporation; Memorandum and Articles of Association; Certificate to Commence Business; Minute Book, CM25 and CM26, as well as Resolutions passed at general/class meetings;
- Marketing
Brochures, newsletters and advertising material; articles; public relations policies and procedures.
- Finance and Administration
Accounting records; annual financial statements; agreements; banking records; correspondence; remittances; invoices and statements; tax records and returns; Books of Account regarding information required by the Companies Act, 1973; invoices, statements, receipts, vouchers and bills of exchange; databases; Law Society Records; internal correspondence; external correspondence; securities.
- Human Capital
BEE statistics; personnel information; employment equity reports; general terms of employment; letters of employment; leave records; PAYE records and returns; performance management records; assessments; Policies and procedures; UIF returns; salary or wage information; attendance register; staff records
[including former staff members]; study assistance schemes; staff loan schemes
- Information Management and Technology
Agreements; equipment register; information policies; standards, procedures and guidelines; insurance policies; software information and policies; agreements with online service providers; hardware; operating systems; telephone exchange equipment; telephone lines, leased lines and data lines; LAN installations; software packages; disaster recovery; internal system support and programming/development; capacity and utilisation of current systems; development or investment plans; agreements, licences and audits Appendix 2
LIST OF APPLICABLE LEGISLATION
Administration of Deceased Estates Act 66 of 1965 (as amended)
Attorneys Act No. 53 of 1979
Basic Conditions of Employment Act 75 of 1997
Bills of Exchange Act 34 of 1964
Broad-Based Black Economic Empowerment Act 53 of 2003
Children’s Act 38 of 2005 (as amended)
Child Justice Act 41 of 2007
Community Schemes Ombud Service Act 9 of 2011
Companies Act 71 of 2008
Compensation for Occupational Injuries and Diseases Act 130 of 1993
Competition Act 89 of 1998
Constitution of South Africa Act 108 of 1996
Consumer Protection Act 68 of 2009
Criminal Procedure Act 51 of 1977
Debt Collectors Act 114 of 1998 (as amended)
Disaster Management Act 57 of 2002 (as amended)
Divorce Act 70 of 1979 (as amended)
Domestic Violence Act 116 of 1998 (as amended)
Electronic Communications and Transactions Act 2 of 2000
Employment Equity Act 55 of 1998
Financial Intelligence Centre Act 38 of 2001
Formalities In Respect of Leases of Land Act 18 of 1969
Health Act 63 of 1977
Income Tax Act58 of 1962
Insolvency Act 24 of 1936
Institution of Legal Proceedings Against Certain State Organs Act 40 of 2002
Justice of the Peace and Commissioners of Oaths Act 16 of 1963
Labour Relations Act 66 of 1995
Legal Practice Act 28 of 2014
Local Government: Municipal Systems Act 32 of 2000
Magistrates’ Court Act 32 of 1944 (as amended)
Maintenance Act 99 of 1998 (as amended)
Matrimonial Property Act 88 of 1984
National Credit Act 34 of 2005
Occupational Health and Safety Act 85 of 1993
Prescription Act 18 of 1943
Prevention & Combating of Corrupt Activities Act 12 of 2004
Prevention of Constitutional Democracy Against Terrorist & Related Activities Act 33 of 2004
Prevention of Organised Crime Act 121 of 1998
Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000
Protected Disclosures Act 26 of 2000
Regulation of Interception of Communications and Provisions of Communication Related
Information Act 70 of 2002
Rental Housing Act 50 of 1999 (as amended)
Road Accident Fund Act 56 of 1996 (as amended)
Sectional Title Scheme Management Act 8 of 2011
Share Blocks Control Act 59 of 1980 (as amended)
South African Reserve Bank Act 90 of 1989
Superior Courts Act 10 of 2013
Unemployment Insurance Act 63 of 2001
Unemployment Insurance Fund Contributions Act 4 of 2002
Value-Added Tax Act 89 of 1991
Although we have used our best endeavours to supply a list of applicable legislation, it is possible that this list may be incomplete. Whenever it comes to our attention that existing or new legislation allows a Requester access on a basis other than as set out in PAIA, we shall update the list accordingly. If a Requester believes that a right of access to a record exists in terms of other legislation listed above or any other legislation, the Requester is required to indicate what legislative right the request is based on, to allow the Information Officer the opportunity of considering the request in light thereof.
Appendix 3
ACCESS REQUEST FORM – RECORD OF PRIVATE BODY
(Section 53(1) of the Promotion of Access to Information Act, 2000) [Regulation 10]
COMPLETION OF ACCESS REQUEST FORM
- The Access Request Form is available must be completed.
- Proof of identity is required to authenticate the identity of the requester. Attach a copy of the requester’s identification document.
- Type or print in BLOCK LETTERS an answer to every question.
- If a question does not apply, state “N/A”.
- If there is nothing to disclose in reply to a question, state “nil”.
- When there is insufficient space on a printed form, additional information may be provided on an attached folio, and each answer on such folio must reflect the applicable title.
- Form is available in pdf / hardcopy.
Appendix 4
FEES
- The fee for a copy of the manual as contemplated in regulation 9(2)(c) is R1,10 for every photocopy
of an A4-size page or part thereof.
- The fees for reproduction referred to in regulation 11(1) are as follows:
a) |
For every photocopy of an A4-size page or part thereof |
R 1,10 |
b) |
For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine readable form |
R 0,75 |
c) |
For a copy in a computer-readable form on:- |
|
i) |
Stiffy disc |
R 7,50 |
ii) |
Compact Disc / Memory stick |
R 70,00 |
d) i) |
For a transcription of visual images, for an A4-size page or part thereof |
R 40,00 |
ii) |
For a copy of visual images |
R 60,00 |
e) i) |
For a transcription of an audio record, for an A4-size page or part thereof |
R 20,00 |
ii) |
For a copy of an audio record |
R 30,00 |
- The request fee payable by a requester, other than a personal requester, referred to in regulation 11(2) is R50,00.
- The access fees payable by a requester referred to in regulation 11(3) are as follows:
a) |
For every photocopy of an A4-size page or part thereof |
R 1,10 |
b) |
For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine readable form |
R 0,75 |
c) |
For a copy in a computer-readable form on:- |
|
i) |
Stiffy disc |
R 7,50 |
ii) |
Compact Disc / Memory stick |
R 70,00 |
d) i) |
For a transcription of visual images, for an A4-size page or part thereof |
R 40,00 |
ii) |
For a copy of visual images |
R 60,00 |
e) i) |
For a transcription of an audio record, for an A4-size page or part thereof |
R 20,00 |
ii) |
For a copy of an audio record |
R 30,00 |
(f) To search for and prepare the record for disclosure, R30,00 for each hour or part of an hour reasonably required for such search and preparation.
- For purposes of section 54(2) of PAIA, the following applies:
- Six hours as the hours to be exceeded before a deposit is payable; and
- one third of the access fee is payable as a deposit by the requester.
- The actual postage is payable when a copy of a record must be posted to a requester.
Appendix 5
Part 1
PROCESSING OF PERSONAL INFORMATION IN ACCORDANCE WITH POPIA
Purpose of the Processing of Personal Information |
Type of Processing |
To provide services to the Client in accordance with terms agreed to by the Client; |
Collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
To undertake activities related to the provision of legal services including: – deceased estates and trusts; – court proceedings or proceedings in other tribunals / forums; – property transfers; – registration of notarial deeds, mortgage bonds and other related activities; – correspondences and attendances involved in debt recovery; – drafting and vetting commercial agreements, corporate documents and other commercial documentation;
|
|
The purposes related to any authorised disclosure made in terms of agreement, law or regulation |
|
Any additional purposes expressly authorised by the Client or relevant law; and |
|
Any additional purposes as may be notified to the Client or Data Subjects in any notice provided by the Company |
Part 2
Categories of Data Subjects and categories of Personal Information relating thereto
Categories of Data Subjects of and categories of Personal Information relating thereto |
Data Subject |
Personal Information Processed |
Client
o Corporate Client Profile information including, account details, payment information, corporate structure, other customer information including to the extent the categories of information n relate to individuals or representatives of the client (e.g., shareholders, directors etc.) required for the above mentioned purposes
o Individual; Name; contact details, client details (Home Facsimile Number, Home Postal Address, Home Telephone Number, Personal Cellular, Mobile Or Wireless Number, Personal E-Mail Address); regulatory identifiers; Account information; credit information; ownership of property (immovable and movable); photographs; other identification and verification data as contained in images of ID card, passport and other ID |
•Natural Persons;
•Juristic Persons. |
Personal data relating to a Data Subject received by or on behalf of the Company from the Client, Client affiliates and their respective representatives and related parties in the course of providing accounts and services to the Client or in connection with a transaction or services. Client personal data may include names, contact details, identification and verification information, nationality and residency information, VAT numbers, bank account to the extent that these amount to personal data under POPIA |
documents; images of customer signatures. |
|
|
Payment beneficiaries (payments to third parties)
Bank account information; beneficiary address; VAT numbers (if applicable). |
•Sheriff •Advocate •Correspondent Attorneys •Courier / Messenger King •Lodging Agents •Municipality
|
Personal information relating to accounts held at beneficiaries; name of account and recipients of payment; may include other information related to the Data Subject for purposes of affecting the necessary payments |
Personnel
Name; ID number and card/book; contact details (telephone number; address); employment history; credentials (academic transcript, degree certificate); tax number; marital status. |
•Attorneys •Candidate Attorneys •Secretaries •Debt Collectors •Other support staff |
Personal information to be processed for purposes of employment; necessary to assess suitability to position and to be updated when necessary. Personal Information will include name, ID number and documents, contact details, address, employment history and academic credentials. |
Part 3
Recipients of Personal Information
The Company, its operators / third parties, Clients (where they are not Data Subjects and in respect of their specific matter, without breach of confidentiality) and their respective representatives
Part 4
Description of information security measures
The Company undertakes to institute and maintain the data protection measures to accomplish the following objectives outlined below. The details given are to be interpreted as examples of how to achieve an adequate data protection level for each objective. The Company may use alternative measures and adapt to technological security development, as needed, provided that the objectives are achieved.
- Access Control of Persons
The Company shall implement suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the data are processed, including the storage room, storage cabinets, client and personnel files and online databases.
- Data Media Control
The Company undertakes to implement suitable measures to prevent the unauthorized manipulation of media, including reading, copying, alteration or removal of the data media used by the Company and containing personal data of Clients.
- Data Memory Control
The Company undertakes to implement suitable measures to prevent unauthorized input into data memory and the unauthorized reading, alteration or deletion of stored data.
- User Control
The Company shall implement suitable measures to prevent its data processing systems from being used by unauthorized persons by means of data transmission equipment.
- Access Control to Data
The Company represents that the persons entitled to use the Company’s data processing system are only able to access the data within the scope and to the extent covered by their respective access permissions (authorization).
- Transmission Control
The Company shall be obliged to enable the verification and tracing of the locations / destinations to which the personal information is transferred by utilization of the Company’s data communication equipment / devices.
- Transport Control
The Company shall implement suitable measures to prevent Personal Information from being read, copied, altered or deleted by unauthorized persons during the transmission thereof or during the transport of the data media, including concluding the necessary agreements and reasonable safety measures with couriers, Sheriffs and Messenger King.
- Organisation Control
The Company shall maintain its internal organisation in a manner that meets the requirements of this Manual.
Appendix 6
OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF
SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013
REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018
Note:
- Affidavits or other documentary evidence as applicable in support of the objection may be attached.
- If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.
- Complete as is applicable.
A |
DETAILS OF DATA SUBJECT |
Name(s) and surname/ registered name of data subject: |
|
Unique Identifier/ Identity Number |
|
Residential, postal or business address: |
|
Contact number(s): |
|
Fax number / E-mail address: |
|
B |
DETAILS OF RESPONSIBLE PARTY |
Name(s) and surname/ registered name of data subject: |
|
Residential, postal or business address: |
|
Contact number(s): |
|
Fax number / E-mail address: |
|
C |
REASONS FOR OBJECTION IN TERMS OF SECTION 11(1)(d) to (f) (Please provide detailed reasons for the objection) |
|
|
|
|
|
|
Signed at …………………………………… this …………………. day of ………………………20…………
……………………………………………………
Signature of data subject/designated person
Appendix 7
REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR
DESTROYING OR DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT,
2013
REGULATIONS RELATING TO THE PROTECTION OF PERSONAL
INFORMATION, 2018
[Regulation 3]
Note:
- Affidavits or other documentary evidence as applicable in support of the request may be attached.
- If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.
- Complete as is applicable.
Mark the appropriate box with an “x”.
Request for:
|
Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party. Destroying or deletion of a record of personal information about the data subject which is in possession or under the control of the responsible party and who is no longer authorised to retain the record of information.
| P a g e
A |
DETAILS OF DATA SUBJECT |
Name(s) and surname/ registered name of data subject: |
|
Unique Identifier/ Identity Number |
|
Residential, postal or business address: |
|
Contact number(s): |
|
Fax number / E-mail address: |
|
B |
DETAILS OF RESPONSIBLE PARTY |
Name(s) and surname/ registered name of data subject: |
|
Residential, postal or business address: |
|
Contact number(s): |
|
Fax number / E-mail address: |
|
C |
REASONS FOR OBJECTION IN TERMS OF SECTION 11(1)(d) to (f) (Please provide detailed reasons for the objection) |
|
|
D |
REASONS FOR *CORRECTION OR DELETION OF THE PERSONAL INFORMATION ABOUT THE DATA SUBJECT IN TERMS OF SECTION 24(1)(a) WHICH IS IN POSSESSION OR UNDER THE CONTROL OF THE RESPONSIBLE PARTY ; and or REASONS FOR *DESTRUCTION OR DELETION OF A RECORD OF PERSONAL INFORMATION ABOUT THE DATA SUBJECT IN TERMS OF SECTION 24(1)(b) WHICH THE RESPONSIBLE PARTY IS NO LONGER AUTHORISED TO RETAIN. (Please provide detailed reasons for the request) |
- | P a g e