Chat with us, powered by LiveChat

PAIA Manual

PROMOTION OF ACCESS TO INFORMATION MANUAL

Prepared in terms of the requirements of the

Promotion of Access to Information Act No. 2 of 2002 (“PAIA”)

 

TABLE OF CONTENTS

  1. INTRODUCTION …………………………………………………………………………………………………… 1

  2. BUSINSESS AND CONTACT PARTICULARS………………………………………………………………… 2

  3. SECTION 51(1) OF THE PAIA ………………………………………………………………………………….. 2

  4. STATUTORY RECORDS…………………………………………………………………………………………… 3

  5. RECORDS OR INFORMATION AUTOMATICALLY AVAILABLE TO THE PUBLIC …………………4

  6. RECORDS HELD BY THE COMPANY NOT AUTOMATICALLY AVAILABLE…………………………4

  7. PROCESSING OF PERSONAL INFORMATION………………………………………………………………5

  8. TRANS-BORDER / CROSS BORDER FLOWS OF PERSONAL INFORMATION …………………….7

  9. GENERAL DESCRIPTION OF INFORMATION SECURITY MEASURES ……………………………….7

  10. INFORMATION REQUEST PROCEDURE ……………………………………………………………………. 9

  11. DENIALOFACCESS………………………………………………………………………………………………10

  12. FEES…………………………………………………………………………………………………………………..11

  13. REQUEST FEE …………………………………………………………………………………………………….. 11

  14. ACCESS FEE ……………………………………………………………………………………………………….. 11

  15. MANUALAVAILABILITY………………………………………………………………………………………..11

1. INTRODUCTION

The Promotion of Access to Information Act 2 of 2000 (“PAIA” or “the Act”) gives effect to the constitutional right of access to any information held by the state and any information that is held by another person and that is required for the exercise or protection of any rights. The Protection of Personal Information Act 2013 has amended the PAIA and also requires from private bodies to disclose certain information through the relevant organisation’s PAIA Manual.

Specifically, section 51(1) of the Act, read with the Protection of Personal Information Act of 2013, requires a private body to compile a manual that must contain information as specified and required by both PAIA and POPI. In addition, the PAIA manual must set out the formal procedure that a person must follow in order to request to view, update or delete personal information held by the private body.

In this context, a “private body” is defined as any natural person who carries or has carried on any trade, business or profession, but only in such capacity or any partnership which carries or has carried on any trade, business or profession or any former or existing juristic person (e.g. any company, close corporation or business trust).

This organisation falls within the definition of a “private body” and this Manual has been compiled in accordance with the said provisions and to fulfil the requirements of the Act.

In terms of the Act, where a request for information is made to a body, there is an obligation to provide the information, except where the Act expressly provides that the information may not be released. In this context, Section 9 of the Act recognises that access to information can be limited. In general, the limitations relate to circumstances where such release would pose a threat to the protection of privacy, commercial confidentiality, and the exercising of efficient governance.

Accordingly, this manual provides a reference to the records held and the process that needs to be adopted to access such records.

All requests for access to information (other than information that is available to the public) must be addressed to the Head of the Business named in section 2 of this Manual.

Page 1

2. BUSINSESS AND CONTACT PARTICULARS

Name of business: Practicing name: Type of business: Website:

Main office: Postal address:

Physical address:

Lighthouse Trustees (Pty) Ltd
Lighthouse Trust & Corporate
Trust and corporate administration services www.lhtc.co.za
Pietermaritzburg
PO Box 271
Pietermaritzburg, 32o1
Ground Floor
12 Montrose Park Boulevard
Victoria Country Club Estate
170 Peter Brown Drive
Montrose
Pietermaritzburg, 3201
033 815 1550
info@lhtc.co.za
Arno Goebel
Director

Page 2

Telephone number: Email:
Information Officer: Position:

3. SECTION 51(1) OF THE PAIA

  1. 3.1  The Act grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights. If a public body lodges a request, the public body must be acting in the public interest.

  2. 3.2  Requests in terms of the Act must be made in accordance with the prescribed procedures, at the rates provided. The forms and tariff are dealt with in regulations 6 and 7 of the Act.

3.3 Requesters are referred to the Guide in terms of Section 10 which has been compiled by the South African Human Rights Commission, which will contain information for the purposes of exercising Constitutional Rights. The Guide is available from the SAHRC.

The contact details of the Commission are:

Postal Address: Telephone Number: Fax Number: Website:
Email:

Private Bag 2700, Houghton, 2041 (011) 877 3600
(011) 403 0625
www.sahrc.org.za lidlamini@sahrc.org.za

Page 3

4. STATUTORY RECORDS
Records are maintained in accordance with the following legislation which is not an

exhaustive list of applicable legislation:

  1. 4.1  Financial Intelligence Centre Act 38 of 2001

  2. 4.2  Companies Act 61 of 1973

  3. 4.3  Legal Practice Act 28 of 2014

  4. 4.4  Income Tax Act 58 of 1962

  5. 4.5  Value Added Tax Act 89 of 1991

  6. 4.6  Regional Services Councils Act 109 of 1985

  7. 4.7  Unemployment Insurance Act 63 of 2001

  8. 4.8  Labour Relations Act 66 of 1995

  9. 4.9  Basic Conditions of Employment Act 75 of 1997

  10. 4.10  Employment Equity Act 55 of 1998

  11. 4.11  Skills Development Act 97 of 1998

  12. 4.12  Pension Fund Act 24 of 1956

  1. 4.13  Medical Schemes Act No. 131 of 1993

  2. 4.14  Occupational Health and Safety Act 85 of 1993

  3. 4.15  Compensation for Occupational Injuries and Diseases Act 130 of 1993

  4. 4.16  Promotion of Access to Information Act 2 of 2000

  5. 4.17  Protection of Personal Information Act 4 of 2013

5. RECORDS OR INFORMATION AUTOMATICALLY AVAILABLE TO THE PUBLIC

  1. 5.1  Company documentation held by the Companies and Intellectual Property

    Commission

  2. 5.2  Fields of expertise and professional staff

  3. 5.3  Publications of the company which include blogs and legalbriefs; and

  4. 5.4  Any other information made available on the company’s website.

6. RECORDS HELD BY THE COMPANY NOT AUTOMATICALLY AVAILABLE

Records relating to the company:

6.1

  1. 6.1.1  Partnership information

  2. 6.1.2  Client database

  3. 6.1.3  Fee structure

  4. 6.1.4  Commercial contracts with service providers

  5. 6.1.5  Company guidelines, policies and procedures

  6. 6.1.6  Trademarks

  7. 6.1.7  Business plans

  8. 6.1.8  General operational information

  9. 6.1.9  Systems; and

  10. 6.1.10  Procedures and statutory records.

6.2 Employee Records:

Page 4

  1. 6.2.1  Personal records of present, past and prospective employees and directors of the company

  2. 6.2.2  Employment contracts

  3. 6.2.3  Personnel guidelines, policies and procedures

  4. 6.2.4  Operational Information.

6.3 Client Records:

  1. 6.3.1  Clients’ personal information

  2. 6.3.2  Clients’ intellectual property; and

  3. 6.3.3  Any other information relating to clients.

6.4 Other Records:

  1. 6.4.1  Financial records

  2. 6.4.2  Correspondences; and

  3. 6.4.3  Contractual records.

7. PROCESSING OF PERSONAL INFORMATION

7.1

Purpose of Processing

  1. 7.1.1  Fulfilling statutory obligations in terms of applicable legislation;

  2. 7.1.2  Historical record keeping, research and recording statistics necessary for fulfilling

    your business objectives;

  3. 7.1.3  Keeping of accounts and records;

  4. 7.1.4  Marketing and advertising;

  5. 7.1.5  Monitoring, maintaining and managing our contractual obligations to customers, clients, suppliers, service providers, employees, directors and other third parties;

  6. 7.1.6  Obtaining information necessary to provide contractually agreed services to a customers and clients;

  7. 7.1.7  Resolving and tracking complaints;

Page 5

  1. 7.1.8  Staff administration; and

  2. 7.1.9  Verifying information provided to us.

7.2 Categories of Data Subjects

  1. 7.2.1  Clients and client’s employees, representatives, agents, contractors and service providers;

  2. 7.2.2  Existing and former employees, including contractors, agents, temporary and casual employees;

  3. 7.2.3  Our stakeholders;

  4. 7.2.4  Suppliers and service providers and their respective authorised employees, representatives, agents, contractors and service providers of such suppliers and service providers.

7.3 Categories of Personal Information processed 7.3.1 Natural Persons

  1. 7.3.1.1  Names

  2. 7.3.1.2  Physical and postal addresses

  3. 7.3.1.3  Date of birth

  4. 7.3.1.4  ID number

  5. 7.3.1.5  Tax related information

  6. 7.3.1.6  Nationality

  7. 7.3.1.7  Gender

  8. 7.3.1.8  Confidential correspondence

  9. 7.3.1.9  Email address

  10. 7.3.1.10  Telephone number

7.3.2 Juristic Persons

  1. 7.3.2.1  Names of contact persons

  2. 7.3.2.2  Name of Legal Entity

  3. 7.3.2.3  Registration Number

  4. 7.3.2.4  Physical and Postal address and contact details

  5. 7.3.2.5  Financial information

Page 6

  1. 7.3.2.6  Founding documents

  2. 7.3.2.7  Tax related information

  3. 7.3.2.8  Authorised signatories, beneficiaries, ultimate beneficial owners

  4. 7.3.2.9  BBBEE information

7.3.3 Categories of special information processed

  1. 7.3.3.1  Racial / ethnic origin

  2. 7.3.3.2  Religious or other beliefs

  3. 7.3.3.3  Criminal proceedings, outcomes & sentences

7.3.4 Possible Recipients of Personal Information

  1. 7.3.4.1  Banks and other financial institutions.

  2. 7.3.4.2  Employment and recruitment agencies

  3. 7.3.4.3  Ombudsman and regulatory authorities

  4. 7.3.4.4  Regulatory, statutory and government bodies

8. TRANS-BORDER / CROSS BORDER FLOWS OF PERSONAL INFORMATION

It may be required from time to time to share personal information of data subjects with third parties in other countries. Any sharing of personal information of data subjects with third parties in other countries will be done only if the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection which effectively upholds principles for reasonable processing of the information that are substantially similar to the conditions for the lawful processing of personal information relating to a data subject who is a natural person and, where applicable, a juristic person, as set out in the Protection of Personal Information Act, and the data subject consents to the transfer.

Any such transfer will have to be shown to be necessary for the performance of a contract between the data subject and the recipient in question, or for the implementation of pre- contractual measures taken in response to the data subject’s request.

9. GENERAL DESCRIPTION OF INFORMATION SECURITY MEASURES

Page 7

Up to date technology is employed to ensure the confidentiality, integrity and availability of the Personal Information under our care.

Measures include:

  1. 9.1  Acceptable usage of personal information.

  2. 9.2  Access control to personal information.

  3. 9.3  All third parties with whom any contract exists are required to ensure that appropriate security, privacy and confidentiality obligations are observed.

  4. 9.4  Computer and network security including Firewalls, Virus protection software and update protocols.

  5. 9.5  Governance and regulatory compliance.

  6. 9.6  Information security and HR policies including Bring Your Own Device (BYOD) policies.

  7. 9.7  Internal process to report security breach or anticipated security breach.

  8. 9.8  Investigating and reacting to security incidents.

  9. 9.9  Logical and physical access control.

  10. 9.10  Monitoring access and usage of private information.

  11. 9.11  Physical security.

  12. 9.12  Retention and disposal of information.

  13. 9.13  Secure communications.

  14. 9.14  Security in the outsourcing of any activities or functions through appropriate contracts.

  15. 9.15  Training of staff members.

We continuously establish and maintain appropriate, reasonable technical and organisational measures to ensure that the integrity of the Personal Information which may be in our possession or under our control, is secure and that such information is protected against unauthorised or unlawful processing, accidental loss, destruction or damage,

Page 8

alteration or access by having regard to the requirements set forth in law, in industry practice and generally accepted information security practices and procedures applicable.

10. INFORMATIONREQUESTPROCEDURE

  1. 10.1  The requester must use the prescribed form to make the request for access to a record. The prescribed form is available from the Information Officer named in Section 2 above. The form is also available from the website of the Department of Justice and Constitutional Development at www.doj.gov.za

  2. 10.2  The request must be made to the Information Officer named in Section 2 above. This request must be made to the address, fax number or electronic mail address of the business.

  3. 10.3  The requester must provide sufficient detail on the request form to enable the Information Officer to identify the record and the requester. The requester should also indicate which form of access is required. The requester should also indicate if any other manner should be used to inform the requester. If this is the case, please furnish the necessary particulars to be so informed.

  4. 10.4  The requester must identify the right that is sought to be exercised or to be protected and must provide an explanation of why the requested record is required for the exercise or protection of that right.

  5. 10.5  If a request is made on behalf of another person, the requester must submit proof of the capacity in which the requester is making the request to the satisfaction of Information Officer aforesaid.

  6. 10.6  The prescribed request fee must be attached.

  7. 10.7  We will respond to your request within 30 days of receiving the request by indicating whether your request for access has been granted or denied.

  8. 10.8  Please note that the successful completion and submission of a request for access form does not automatically allow the requestor access to the requested record.

  9. 10.9  Access will be granted to a record only if the following criteria are fulfilled:

10.9.1 The record is required for the exercise or protection of any right; and

Page 9

  1. 10.9.2  The requestor complies with the procedural requirements set out in the Act relating to a request; and

  2. 10.9.3  Access to the record is not refused in terms of any ground for refusal as contemplated in Chapter 4 of Part 3 of the Act.

11. DENIALOFACCESS
Access to any record may be refused under certain limited circumstances. These include:

  1. 11.1  The protection of personal information from unreasonable disclosure concerning any natural person;

  2. 11.2  The protection of commercial information held concerning any third party (for example trade secrets);

  3. 11.3  The protection of financial, commercial, scientific or technical information that may harm the commercial or financial interests of any third party;

  4. 11.4  Disclosures that would result in a breach of a duty of confidence owed to a third party;

  5. 11.5  Disclosures that would jeopardize the safety or life of an individual;

  6. 11.6  Disclosures that would prejudice or impair the security of property or means of transport;

  7. 11.7  Disclosures that would prejudice or impair the protection of a person in accordance with a witness protection scheme;

  8. 11.8  Disclosures that would prejudice or impair the protection of the safety of the public;

  9. 11.9  Disclosures that are privileged from production in legal proceedings unless the privilege has been waived;

  10. 11.10  Disclosures of details of any computer programme;

  11. 11.11  Disclosures that will put Lighthouse Trustees at a disadvantage in contractual or other negotiations or prejudice it in commercial competition;

Page 10

11.12

11.13

11.14

11.14.1 11.14.2

Disclosures of any record containing any trade secrets, financial, commercial, scientific, or technical information that would harm the commercial or financial interests of Lighthouse Trustees

Disclosures of any record containing information about research and development being carried out or about to be carried out by Lighthouse Trustees;

If access to a record or any other relevant information is denied, our response will include:

Adequate reasons for the refusal; and

Notice that you may lodge an application with the court against the refusal and the procedure including details of the period for lodging the application.

12. FEES
The applicable fees are prescribed in terms of the Regulations promulgated under the Act.

There are two basic types of fees payable in terms of the Act.

13. REQUESTFEE

The non-refundable request fee of R 50 (excluding VAT) is payable on submission of any request for access to any record. This does not apply if the request is for personal records of the requestor. No fee is payable in such circumstances.

14. ACCESSFEE

The access fee is payable prior to being permitted access to the records in the required form. The applicable fees are prescribed in terms of Part III of Annexure A as identified in Government Notice Number 187, Regulation 11.

15. MANUALAVAILABILITY

A copy of this Manual may be obtained from the Information Officer referred to in Section 2 hereof.

Page 11

Any transmission costs or postage required in respect of hard copies of the Manual, will be for the account of the requester.

Page 12