POPI & PAIA Manual

Introduction

TThe Protection of Personal Information Act (POPI) and the Promotion of Access to Information Act (PAIA) manual governs how IconAF handles personal data, handles information access requests, and protects individual privacy. These measures are designed to promote transparency, responsibility, and the security of personal information.

Availability of manual

This manual is available at our place of business at 16 York Street, Kensington B, Randburg, 2194, South Africa, and to view on our website at www.iconaf.com.

Contact Details

IconAF:

• Physical Address: 16 York Street, Kensington B, Randburg, 2194
• Postal Address: 50575 V&A Waterfront, Cape Town, 8005
• Website: www.iconaf.com

Information Officer

• Name: David Paul
• Phone number: +27 87 330 5378
• Email address: davidp@iconaf.com

Deputy Information Officer:

• Name: Zeyn Abdullah
• Phone number: +27 87 330 5378
• Email address: zeyn@iconaf.com

Guide of the South African human rights commission

The South African Human Rights Commission has compiled the Guide as required in terms of Section 10 of PAIA. The Guide contains such information as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and accordingly it contains information on understanding and how to use PAIA and includes the objectives of PAIA, the particulars of every public and private body, the manner and form for requests, and contents of the Regulations promulgated under PAIA.

The Guide is available in all the official languages of the Republic of South Africa and can be obtained from the South African Human Rights Commission, at:

PAIA Unit (The Research and Documentation Department)

Private Bag X2700, Houghton, 2041

• Telephone Number: 011 877-3803
• Facsimile Number: 011 403-0625
• Website: www.sahrc.org.za
• E-mail Address: section51.paia@sahrc.org.za

Refusal of Access to Records

IconAF may refuse a request for information based on the following grounds:

• Mandatory protection of personal privacy, including that of third parties (as per POPIA).
• Requests that are frivolous or involve an unreasonable diversion of resources.
• Personal data should only be used for the purpose for which it was collected.
• Records that cannot be found or do not exist.

If a record is later found, the requester will be provided access to the record as per the stipulated request process.

Remedies When a Request is Refused

If a request for information is refused, the requester may apply to a court within 30 days of receiving the decision for further relief. Third parties who are dissatisfied with the decision to disclose information may also apply to a court within the same timeframe.

Processing of Personal Information

IconAF is committed to processing personal information responsibly. Our appointed Information Officer, David Paul, and Deputy Information Officer, Zeyn Abdullah, ensure compliance with the Protection of Personal Information Act (POPIA).

Categories of Personal Information We Process

• Prospective Employees: Organizations must take responsibility for the personal information they collect and manage.
• Employees: Personal data should only be collected for legitimate reasons and should not be excessive.
• Apprentices: Personal data should only be used for the purpose for which it was collected.
• Clients: Any further processing of personal data should be in line with the original purpose.
• Suppliers: The data collected should be accurate, complete, and up-to-date.
• Contractors/Consultants: Identification information and contact information.
• Owners: Name, gender, age, ID number, contact information
• Customers/Potential customers: Name, gender, age, birth, ID number, contact information, location information.

Security of Personal Information

We apply strict measures to ensure the security and integrity of personal information we hold. This includes the implementation of technical and organizational safeguards, such as secure servers, data encryption, access control systems, and internal policies.

Transborder Flows of Personal Information

We do not transfer personal information outside South Africa unless the recipient country provides a similar level of protection, or the data subject consents to the transfer. Current transfers include:

• United Kingdom: Personal information is transferred in compliance with applicable data protection laws.

Direct Marketing

We process personal information for direct marketing purposes only with the consent of the data subject. If consent is withheld, no further attempts will be made. Communications related to marketing will contain the identity of the sender and contact details for unsubscribing.

Purpose of Processing Personal Information

We process personal information for the following purposes:

• Company secretarial and general administrative purposes.
• Recruitment, employment, and apprenticeship processes.
• Execution of contracts with clients, suppliers, and contractors.
• Identification and analysis of customer needs and preferences.
• Customer risk profile assessments, creditworthiness analysis, and fraud detection.
• Monitoring and improving services, products, and internal processes.
• Legal compliance, including the prevention of money laundering and bad debt recovery.

Accessing and Contesting Personal Information

Data subjects can request access to their personal information. If the information is incorrect or outdated, they can contest or request correction. We will restrict the processing of disputed information while we verify its accuracy.