POPI & PAIA MANUAL

PAIA MANUAL PUBLISHED IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT NO. 2 OF 2000

ICONAF (PTY) LTD

MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT

 

 

CONTENTS

1.             

Introduction

3

2.             

Availability of Manual

3

3.             

Contact Details

4

4.             

Guide of The South African Human Rights Commission

4

5.             

Information Regulator

5

6.             

Notice ito Section 52(2) of PAIA

5

7.             

Records Available in accordance with Legislation

6

8.             

Records Available with a Request to Access

7

9.             

How to Request Access to a Record

9

10.           

Prescribed Fees

11

11.           

Refusal of a Request to Access Records

11

12.           

Remedies Available when a Request is Refused

12

13.           

Processing of Personal Information

12

14.           

Purpose of Processing Personal Information

14

15.           

Categories of Personal Information

16

16.           

Sharing of Personal Information

16

17.           

Transborder Flows of Personal Information

17

18.           

Security of Personal Information

17

Annexure 1 – Request for access to record of a private body

18

Annexure 2 – Request for correction or deletion of personal information

22

 

 

 

  1. INTRODUCTION
    • Iconaf (Pty) Ltd (“IconAF”) is a private company with registration number 2014/095777/07 and registered address at 16 York Street, Kensington B, Randburg, Johannesburg, South Africa. We are a digital lead generation and branding company that utilises a range of digital channels and strategies to create brand awareness and generate leads as well as increasing sales revenue of our clients.
    • The objective of the Promotion of Access to Information Act, 2000 (“PAIA”) is to give effect to the constitutional right to access to information, which is held by a public or private body and which is required for the exercise or protection of any rights. PAIA recognises the right entrenched in Section 32 of the Constitution of the Republic of South Africa, 1996, and aims to foster a culture of transparency and accountability in public and private bodies by giving effect to the right of access to information.
    • This manual is published in terms of Section 51 of PAIA and provides an outline of the type of records and personal information which we hold. The manual also explains how to submit requests for access to these records, and explains how to access, or object to, personal information held by us, or request correction of the personal information, in terms of the Protection of Personal Information Act, 2013 (“POPIA”).
    • This manual further describes how we use your information when you utilise our software and services and sets out the requirements with which we undertake to comply when processing personal information pursuant to undertaking our operations.

 

  1. AVAILABILITY OF MANUAL

This manual is available at our place of business at 16 York Street, Kensington B, Randburg, 2194, South Africa, and to view on our website at www.iconaf.com.

 

  1. CONTACT DETAILS
    • IconAF:

Physical Address:         16 York Street, Kensington B, Randburg, 2194

Postal Address:            50575 V&A Waterfront, Cape Town, 8005

Website:                       www.iconaf.com

  • Information Officer:

Name:                          David Paul

Phone number:             +27 87 330 5378

Email address:             davidp@iconaf.com

  • Deputy Information Officer:

Name:                          Zeyn Abdullah

Phone number:            +27 87 330 5378

Email address:             zeyn@iconaf.com

We are a private body and as such our Head of Body, David Paul, is our information officer. We have appointed Zeyn Abdullah as a deputy information officer to whom the responsibilities in terms of PAIA and POPIA have been delegated.

 

  1. GUIDE OF THE SOUTH AFRICAN HUMAN RIGHTS COMMISSION
    • The South African Human Rights Commission has compiled the Guide as required in terms of Section 10 of PAIA. The Guide contains such information as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and accordingly it contains information on understanding and how to use PAIA and includes the objectives of PAIA, the particulars of every public and private body, the manner and form for requests, and contents of the Regulations promulgated under PAIA.
    • The Guide is available in all the official languages of the Republic of South Africa and can be obtained from the South African Human Rights Commission, at:

PAIA Unit (The Research and Documentation Department)

29 Princess of Wales Terrace, corner York and St. Andrews Street, Parktown, Johannesburg

Private Bag X2700, Houghton, 2041

Telephone Number:                 011 877-3803

Facsimile Number:                   011 403-0625

Website:                                   http://www.sahrc.org.za

E-mail Address:                       section51.paia@sahrc.org.za

 

  1. INFORMATION REGULATOR

The Information Regulator has jurisdiction over PAIA and POPIA to educate, guide, monitor and enforce PAIA and POPIA.

Queries and complaints can be directed to the Office of the Information Regulator at:

The Office of the Information Regulator

Braampark Forum, 33 Hoofd Street, Braamfontein, Johannesburg

Po Box 31533, Braamfontein, Johannesburg, 2017

Telephone Number:                 082 746 4173 / 010 023 5207

Website:                                  sahrc.org.za

Email:                                      inforeg@justice.gov.za

 

  1. NOTICE ITO SECTION 52(2) OF PAIA

At this stage no notice(s) has/have been published on the categories of records that are automatically available without a person having to request access in terms of PAIA.

 

  1. RECORDS AVAILABLE IN ACCORDANCE WITH LEGISLATION
    • Where applicable, we retain records in terms of the following legislation:
      • Basic Conditions of Employment Act No. 75 of 1997;
      • Broad-Based Black Economic Empowerment Act No. 53 of 2003;
      • Companies Act No. 71 of 2008;
      • Competition Act. No. 71 of 2008;
      • Constitution of the Republic of South Africa 2008;
      • Copyright Act No. 98 of 1978;
      • Electronic Communications Act No. 36 of 2005;
      • Electronic Communications and Transaction Act No. 25 of 2002;
      • Employment Equity Act No. 55 of 1998;
      • Financial Advisory and Intermediary Services Act No. 37 of 2002;
      • Financial Intelligence Centre Act No 38 of 2001;
      • Identification Act No.68 of 1997;
      • Income Tax Act No. 58 of 1962;
      • Labour Relations Act No. 66 of 1995;
      • National Credit Act No. 34 of 2005;
      • Promotion of Access to Information Act No. 2 of 2000;
      • Protection of Personal Information Act No. 4 of 2013;
      • Value Added Tax Act 89 of 1991.
    • Access to records may be refused on the grounds as set out in this PAIA manual.

 

  1. RECORDS AVAILABLE WITH A REQUEST TO ACCESS
    • The following records are held by us and available only on a request to access in terms of this PAIA manual. The information is classified and grouped according to records relating to the following subjects and categories:
      • Personnel records:
        • information provided by personnel;
        • information provided by third parties relating to personnel;
        • conditions of employment;
        • internal evaluation records;
        • correspondence;
        • training schedules and material;
        • other personnel and consultant-related records.
      • Contractor / consultant records:
        • information provided by contractors / consultants;
        • information provided by third parties relating to contractors / consultants;
        • conditions of service level agreements with contractors / consultants;
        • internal evaluation records;
        • correspondence;
        • other contractor/consultant-related records.
      • Client records:
        • records provided by a client;
        • records provided by a third party related to a client;
        • records generated within IconAF related to a client;
        • records generated within IconAF in execution of IconAF’s contract with their clients;
        • other client-related records.
      • Potential customer records:
        • records provided by potential customers;
        • recordings;
        • correspondence;
        • other potential customer-related records.
      • Customer records:
        • records provided by customers;
        • recordings;
        • correspondence;
        • records generated within IconAF in execution of IconAF’s contract with their customers;
        • other customer-related records.
      • Company records:
        • financial records;
        • operational records;
        • databases;
        • information technology;
        • statutory records;
        • internal policies and procedures;
        • correspondence;
        • other company-related records.
  1. HOW TO REQUEST ACCESS TO A RECORD
    • Records held by us may be accessed by requests only once the prerequisite requirements for access have been met. A requester is any person making a request for access to a record. There are two types of requesters:
      • Personal Requester: a requester who is seeking access to a record containing personal information about the requester. We will voluntarily provide the requested information or give access to any record with regard to the requester’s personal information. We will not charge a request fee, however the prescribed fee for reproduction of the information requested will be charged.
      • Other Requester: This requester (other than a personal requester) is entitled to request access to information on third parties. The requester must comply with all the procedural requirements contained in PAIA relating to the request for access to a record. In considering such a request, we will adhere to the provisions of PAIA and the Information Officer will take all reasonable steps to inform a third party to whom the requested record relates of the request, informing the third party that he/she may make a written or oral representation to the Information Officer why the request should be refused or, where required, give written consent for the disclosure of the Information. We are not obliged to voluntarily grant access to such records. The requester must fulfil the prerequisite requirements as stated herein. The prescribed fees will be charged.
    • The requester must complete the prescribed form – refer to Annexure 1 – Request for access to record of a private body. A requester may need to pay a fee to enable us to respond to a request. These fees will be charged in terms of PAIA. Refer to paragraph 10 below – Prescribed Fees. Where these fees are applicable, the requester will be given a written estimate of the fee before providing the services.
    • The requester must submit the completed form to us together with payment of a fee to the Information Officer or the Deputy Information Officer at the postal or physical address, fax number or electronic mail address as noted in paragraph 3 above – Contact Details.
    • The prescribed from must be filled in with sufficient information to enable the Information Officer to identify the record or records requested and the identity of the requester.
    • The requester should indicate which form of access is required and specify a postal address or fax number of the requester in South Africa.
    • The requester must state that the requester requires the information in order to exercise or protect a right, and clearly state what the nature of the right is so to be exercised or protected. The requester must clearly specify why the record is necessary to exercise or protect such a right.
    • We will process the request within 30 (thirty) days, unless the requester has stated special reasons to the satisfaction of the Information Officer that circumstances dictate that the above time periods not be complied with.
    • The 30 (thirty) day period may be extended for a further period of not more than 30 (thirty) days if the request is for a large number of information, or the request requires a search for information held at another office of IconAF and the information cannot reasonably be obtained within the original 30 (thirty) day period. We will notify the requester in writing should an extension be sought.
    • The requester shall be advised whether access is granted or denied in writing. If denied, the requester will be provided with reasons for the refusal.
    • If a request is made on behalf of another person, then the requester must submit proof of the capacity in which the requester is making the request to the reasonable satisfaction of the Information Officer.
    • If a requester is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.
    • The requester must pay the prescribed fee before any further processing can take place. Refer to paragraph 10 below – Prescribed Fees.

 

  1. PRESCRIBED FEES

Requesters are required to pay a fee for requesting access to records as well as for accessing records. The prescribed fees are as follows:

Requesting access to a record*

R50.00

Copy per A4 page

R1.10

Printing per A4 page

R0.70

Copy on a CD

R70.00

Transcript of visual images per A4 page

R40.00

Copy of a visual image

R60.00

Transcription of an audio recording per A4 page

R20.00

Copy of an audio recording

R30.00

Search & preparation of the record for disclosure, per hour or part thereof (excluding the first hour)

R30.00

Actual postage fee

 

*Requesters who are requesting access to their personal information and requesters earing less than R14,712 (if single) and R27,192 per annum (if married or have a life partner) are exempt from paying a request fee

 

  1. REFUSAL OF A REQUEST TO ACCESS TO RECORDS
    • We are entitled to refuse a request for information in accordance with PAIA. The main grounds for the refuse a request for information relates to the:
      • mandatory protection of the privacy of a third party who is a natural person or a deceased person or a juristic person, as included in POPIA, which would involve the unreasonable disclosure of personal information of that natural or juristic person;
      • mandatory protection of personal information and for disclosure of any personal information to, in addition to any other legislative, regulatory or contractual agreements, comply with the provisions of POPIA.
    • Requests for information that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources will be refused.
    • All requests for information will be assessed on their own merits and in accordance with the applicable legal principles and legislation.
    • If a requested record cannot be found or if the record does not exist, we will notify the requester that it is not possible to give access to the requested record. Such a notice will be regarded as a decision to refuse a request for access to the record concerned for the purpose of PAPIA. If the record should later be found, the requester shall be given access to the record in the manner stipulated by the requester in the prescribed form, unless we refuse access to such record.

 

  1. REMEDIES AVAILABLE WHEN A REQUEST IS REFUSED
    • We do not have an internal appeal procedure. The decision made to refuse access to a record is final.
    • A requestor that is dissatisfied with our refusal to disclose information, may within 30 (thirty) days of notification of the decision, apply to a Court for relief.
    • A third party dissatisfied with our decision to grant a request for information, may within 30 (thirty) days of notification of the decision, apply to a Court for relief.

 

  1. PROCESSING PERSONAL INFORMATION
    • We have appointed David Paul as our Information Officer who is responsible and accountable for ensuring that we comply with the provisions of PAIA and POPIA. We have appointed Zeyn Abdullah as a deputy information officer to whom the responsibilities in terms of PAIA and POPIA have been delegated. Refer to paragraph 3 – Contract Details.
    • We abide by strict principles when collecting, recording, storing, disseminating and destroying personal information and responding to requests for our information. We place a high premium on the privacy of every person or organisation with whom we interact or engage with and therefore acknowledge the need to ensure that personal information is handled with reasonable standard of care as may be expected from us. We are therefore committed to ensuring that we comply with the requirements of POPIA.
    • We ensure that we only process personal information that we actually require for the purposes of running our business, executing our contracts and protecting our legitimate interests. We will only process personal information if, given the purpose for which it is processed, it is adequate, relevant and not excessive.
    • We will only collect personal information for a specific, explicitly defined and lawful purpose related to a legitimate function or activity.
    • We will only process personal information for reasons other than those for which it was obtained if it is in accordance or compatible with the purpose for which it was originally collected.
    • We take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary. Data subjects may access (refer to Annexure 1 – Request for access to record of a private body) and contest (refer to Annexure 2 – Request for correction or deletion of personal information) their personal information, in which case we will restrict the processing of personal information in these instances in order to verify the accuracy of the information.
    • We take all reasonably practicable measures to inform data subjects about the personal information being processed. Any data subject may, having provided adequate proof of identity, request us to confirm whether or not we hold personal information about them and the identity of third parties who have, or have had access to the information.
    • We secure the integrity and confidentiality of personal information in our possession or under our control by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of personal information, and unlawful access to or processing of personal information.
    • We have performed a personal information impact assessment to ensure that adequate measures and standards exist in order to comply with the conditions of lawful processing of personal information as set out in POPIA.
    • We process personal information for the purpose of direct marketing only with the consent of the data subject. In this regard we will only approach a data subject once for consent, and if consent is withheld, we will not approach the data subject again for consent. The data subject may opt-in to the direct marketing again should they choose to. Any communication for the purpose of direct marketing will contain the identity of the sender or the person on whose behalf the communication was sent, and will contain contact details to which the recipient may send a request that such information cease.

 

  1. PURPOSE OF PROCESSING PERSONAL INFORMATION
    • We process personal information for the following purposes:
      • Company secretarial purposes
      • General administration purposes
      • Recruitment purposes
      • Employment purposes
      • Apprenticeship purposes
      • In the execution of contracts
      • Provision or management any information, products, or services requested by customers
      • To establish a customer’s needs, wants and preferences in relation to the products/services provided by IconAF
      • To enable IconAF identify customers when they contact us
      • To ensure the delivery of products/services to clients
      • Activation of new polices or products
      • Secure storage, retention and retraction of customer’s personal information
      • Maintenance of third-party records
      • Health and safety
      • Identification of a customer’s risk profile and assessment of risk in determination of whether IconAF will offer to enter into a contractual relationship with the customer
      • Monitoring access, security and management of facilities owned or operated by IconAF
      • Transacting with third parties
      • Improvement of IconAF’s products and services
      • Detection and prevention of money laundering
      • Analysis of the personal information collected for research and statistical purposes
      • Recovery of bad debts
      • Transborder transfers of personal information to foreign countries
      • Analysis and client profiling
      • Identification of other products and services which might be of interest to our clients and customers in general
      • Direct marketing
      • Acquiring and sharing information about a customer’s creditworthiness and risk profile with any credit bureau or credit provider’s industry association or industry body, which includes information pertaining to a customer’s credit history, claims history, financial history, judgements, default history and sharing information for purposes of risk analysis, tracing and related purposes

 

  1. CATEGORIES OF PERSONAL INFORMATION

We process the following personal information:

Categories of Data Subjects

Categories of Information we Process

Prospective Employees

Name, gender, age, ID number, contact information, location information, education history and employment history

Employees

Name, gender, age, ID number, contact information, location information, education history and employment history

Apprentices

Name, gender, age, ID number, contact information, location information, education history and employment history

Clients

Identification information and contact information

Suppliers

Identification information and contact information

Contractors / Consultants

Identification information and contact information

Owners

Name, gender, age, ID number, contact information

Customers / Potential customers

Name, gender, sex, age, birth, ID number, contact information, location information

 

  1. SHARING OF PERSONAL INFORMATION
    • In processing your personal information, we may share it with third party processors under an operator’s agreement. These include but are not limited to payment processors, data storage providers and server hosts.
    • As an operator, these service providers will not be able to process or use any personal information for any reason other than to provide the service as required by us. In terms of our agreements with our operators, our operators are obliged to implement proper safeguards to ensure the personal information is secured at all times.
    • In the execution of our contractual obligations with our clients, we share the personal information of customers with our clients. In this case, we always obtain prior consent from the data subject.
    • We do not share any personal information with any third parties other than our operators and our clients.

 

  1. TRANSBORDER FLOWS OF PERSONAL INFORMATION
    • We will not transfer personal information about a data subject to a foreign country unless the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection similar to POPIA and includes provisions that similarly limit the further transborder transfers of personal, or the data subject consents to the transfer.
    • We transfer personal information to third parties in foreign countries as follows:
      • United Kingdom

 

  1. SECURITY OF PERSONAL INFORMATION
    • We secure the integrity and confidentiality of personal information in our possession or under our control by taking appropriate, reasonable technical and organisational measures to prevent any loss of, damage to or unauthorised destruction of personal information and unlawful access to or processing of personal information.
    • We have performed a risk assessment to identify internal and external risks to personal information in our possession or under our control and have implemented safeguards to mitigate the risks, such as internal policies, antivirus software, firewalls and access controls.
    • Our servers are geared for high performance and uptime. We utilise a fully redundant and load balanced setup ensuring high availability and data security.
    • We take steps to ensure that any third-party process operators who process personal information on behalf of IconAF apply adequate safeguards as outlined above.

 

info@iconaf.com

 

16 York Street Kensington B

Randburg 2194

 

128 Strand Street, Cape Town

8001

FOLLOW US