Embedded Files
Version 1.0
POPI ACT COMPLIANCE MANAGEMENT FRAMEWORK
Index
PART A: INTRODUCTION 3
A.1. What is the purpose of this Manual? 3
A.2. What is the status and scope of this Manual? 3
A.3. Introduction to the Organisation 3
A.4. What is the Data Subject rights under the Promotion of Access to Information Act, 2000? 3
A.5. Availability of this manual [S 51(l)(b) - Promotion of Access to Information Act] 4
A.6. Description of the guide referred to in section 10, if available, and how to obtain access to it: [S 51(1)(b)(i)] 5
A.7. Records that are automatically available without a person having to request access in terms
of this Act 5
A.8. Description of the records of the body which are available in accordance with any other
Legislation [S 51(1)(b)(iii)] 5
PART B: MAKE A REQUEST UNDER PAIA 8
B.1. How can I make a request to TRACKING AFRICA under PAIA [S 51(1)(b)(iv)]? 8
B.2. How will my PAIA request be processed by TRACKING AFRICA? 8
B.3. Grounds for Refusal of Access to Records in Terms of PAIA 9
B.4. What if I'm not happy about how TRACKING AFRICA handled my PAIA/POP IA request? 10 B.5. What are the charges applicable to my PAIA/POPIA request? 10
PART C:PROTECTION OF PERSONAL INFORMATION ACT 12
C.1. Purpose of the processing 12
C.2. Categories of data subjects and of the information or categories of information relating thereto 13
C.3. Planned transborder flows of personal information 13
C.4. General description allowing a preliminary assessment of the suitability of the information
security measures to be implemented by the responsible party to ensure the confidentiality
integrity and availability of the information which is to be processed
13
PART D: FORMS 15
D.1. Access Request Form [51(1)(b)( iv) & 51(l)] 16
D.2.R Request for Correction or Deletion of Personal Information or Destroying or Deletion of
Record of Personal Information 20
D.3. Objection to the Processing of Personal Information 22
PART A: INTRODUCTION
A.1. What is the purpose of this Manual?
A.1.1. Under the Promotion of Access to Information Act 2000 (“PAIA”.),TRACKING AFRICA is required to grant individuals access to records held by TRACKING AFRICA if that record is required by the individual to exercise or protect any legal right that individual enjoys under the law.
A.1.2. Additionally, under the Protection of Personal Information 2013 (“POPIA),”TRACKING AFRICA is required to be open and transparent about how TRACKING AFRICA handles personal information and allow individuals to access and correct their personal information.
A.1.3. The purpose of this Manual is to set out the information which TRACKING AFRICA is legally required to disclose under PAIA and POPIA, and to explain how you can exercise your statutory rights under PAIA and POPIA with respect to records and personal information handled by TRACKING AFRIC
A.2. What is the status and scope of this Manual?
This Manual (version 1.1) was first updated on 20 November 2023 and will become effective on 21 November 2023. This Manual may be revised from time to time to reflect changes in laws and regulations or changes in TRACKING AFRICA’s business operations
A.3. Introduction to the Organisation
A.3.1. TRACKING AFRICA falls within the definition of a “private body” and this Manual has been compiled in accordance with the said provisions and to fulfil the requirements of the Act.
A.3.2. Definition of a Private Body: A “private body “is defined as any natural person who carries or has carried on any trade, business or profession, but only in such capacity or any partnership which carries or has carried on any trade, business or profession or any former or existing juristic person (e.g. any company, close corporation or business trust).
A.4. What is the Data Subject rights under the Promotion of Access to Information Act, 2000?
A.4.1. On 9 March 2001,the Promotion of Access to Information Act became operative giving effect to the constitutional right of access to any information held by the State and any information that is held by another person and that is required for the exercise or protect on of any rights; and to provide for matters connected therewith.
A.4.2. Under PAIAI everyone has the right to access:
a) any information held by the state; and
b) any information that is held by another person and that is required for the exercise or protect on of any rights.
A.4.3. Records TRACKING AFRICA makes available under PAIA is described in Part C of this Manual. If you wish to make a request under PAIA to TRACKING AFRICA ,please follow the procedure described in Section B of this Manual. Please note that your request will be subject to the applicable charges set out in Section B.5.
A.4.5. You can learn more about your rights under PAIA by contacting the office of the Information Regulator (“1R) at:
Information Regulator
Address Physical: JD House, 27 Stiemens Street, Braamfontein, Johannesburg,2001
Address Postal: P.O Box 31533, Braamfontein, Johannesburg, 2017
Tel No: +27 (0) 10 023 5200
Email: complaints.IR@justice.gov.za
Web Address: https://www.justice.gov.za/inforeg/contact.html
A.4.6. IR has produced a detailed guidance on how to exercise your rights under PAIA. This guidance (known as PAIA Section 10 Guide) is available from SAHRC and can be accessed on IR’s website.
A.5. Availability of this manual [S 51(1)(b) – Promotion of Access to Information Act]
A.5.1. A copy of this manual is available to the public for inspection at our website or registered offices as listed below or on request from the designated contact person during business hours. A fee for a copy of the manual as contemplated in B.5.3 shall be payable for each A4 Size copy made.
A.5.2. Contact Details (S 51(1)(a)) – This contact person is responsible for the administration of and compliance with the Act in a fair objective and unbiased manner.
Information Officer
Contact person name: Miss Carla Greyling
Physical Address: 251 Old Howick Road, Worlds View , Pietermaritzburg,3201
Postal Address: 251 Old Howick Road, Worlds View , Pietermaritzburg,3201
Telephone number: +27 33 343 1494 / +27 82 886 8425
Facsimile No: Not Available
Emai l address: sales@trackingafrica.co.za
Web Site: http://www.trackingafrica.co.za
A.6. Description of the guide referred to in section 10, if available, and how to obtain access to it: (S 51(1)(b)(i)
A.6.1. The Act grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights. If a public body lodges a request, the public body must be acting in the public interest.
A.6.2. Requests in terms of the Act shall be made in accordance with the prescribed procedures ,at the
rates provided .
A.6.3. Requesters are referred to the Guide in terms of Section 10 which has been compiled by the Information Regulator, which will contain information for the purposes of exercising Constitutional Rights.
A.6.4. The Guide is available from the offices of the Information Regulator.
A.6.5. The contact details of the Information Regulator is as in paragraph A.4.5.
A.7. Records that are automatically available without a person having to request access in terms
of this Act [S 51(1)(b)(ii)]
· Inspection in terms of legislation other than this Act None
· Purchase or copying from us None
· From us free of charge Services, information leaflets
A.8. Description of the records of the body which are available in accordance with any other legislation [S 5 1(1)(b)(iii)]
A.8.1. Records are kept in accordance with the following legislation (this list is not exhaustive):
(a) Companies Act 71of 2008
· Company's Memorandum of Incorporation and all amendments
Company Incorporation
Names of Directors
Minutes of Board Meetings
Records relating to the appointment of directors / auditor/ secretary/ public officer and other officers.
(b) Basic Conditions of Employment Act 75 of 1997
· Record containing the following information Section 31:
employee's name and occupation;
time worked (attendance register};
remuneration paid (wages register};
date of birth if under 18 years of age.
(c) Occupational Health and Safety Act 85 of 1993
• A copy of the Occupational Health and Safety Act 85 of 1993
(d) Compensation for Occupational Injuries and Diseases Act 130of 1993
• All records required by the Act.
(e) Employment Equity Act 55 of 1998
• Summary of the Employment Equity Act, 55 of 1998 ,issued in terms of Sect on 25(1)
(f) Income TaxAct 58 of 1962
• All records required by the Act.
(g) Labour Relations Act 66 of 1995
• Records of disciplinary hearings (if any)
(h) Unemployment Insurance Act 30 of 1966
• Records detailing the contributions by contributors employed by the employer in respect
of earnings paid time worked, payments made for piece work and overtime.
(i) Value Added TaxAct 58 of 1962.
• All records required by the Act.
(j) Promotion of Access to Information Act 2 Of 2000.
• All records required by the Act.
(k) Protection of Personal Information Act 4 of 2013.
• All records required by the Act.
A.8.1. The subjects on which the organisation holds records and the categories on each subject are as listed below. Please note that a requester is not automatically allowed to these records and that access to them may be refused in accordance with Section 62 of the Act.
(a) Administration
Attendance registers
Correspondence
Founding Documents
Licences (categories)
Minutes of Management Meetings
Minutes of Staff Meetings
Statutory Returns
(b) Human Resources
Conditions of Service
Employee Records
Employment Contracts
Employment Equity Records
General Correspondence
Industrial and Labour Relations Records
Information relating to Health and Safety Regulations
Pension and Provident Fund Records
Appraisals
Personnel Guidelines, Policies and Procedures
Remuneration Records and Policies
Skills Requirements
Staff Recruitment Policies
Statutory Records
Training Records
(c) Operations
Brochures on Company Information
Client and Customer Registry
Contracts
General Correspondence
Information relating to Employee Sales Performance
Marketing and Future Strategies
Marketing Records
Sales Records
Suppliers' Registry
(d) Finances
Annual Financial Statements
Asset Register
Banking Records
Budgets
Contracts
Financial Transactions
General Correspondence
Insurance Information
Internal Audit Records
Management Accounts
Purchase and Order Information
Stock Records
Tax Records (company and employee)
(e) Information Technology
IT Policies and Procedures
Network Diagrams
User Manuals
PART B : MAKE A REQUEST UNDER PAIA
B.1. How can Imake a request to TRACKING AFRICA under PAIA (S 51 (1)(b)(IV)?
B.1.1. Records held by TRACKING AFRICA may be accessed on request only once the requirements for access have been met.
B.1.2. A requester is any person making a request for access to a record of TRACKING AFRICA and in this regard, the Act distinguishes between two types of requesters:
B.1.2.1. Personal Requester
A personal requester is a requester who is seeking access to a record containing personal information about the requester. Subject to the provisions of the Act and applicable law, TRACKING AFRICA will provide the requested information, or give access to any record about the requester's personal information. The prescribed fee for reproduction of the information requested will be charged by TRACKING AFRICA.
B.1.2.2. Other Requester
This requester (other than a personal requester) is entitled to request access to information pertaining to third parties. However, TRACKING AFRICA is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of the Act. The prescribed fee for reproduction of the information requested will be charged by TRACKING AFRICA.
B.2. How will my PAIA request be processed by TRACKING AFRICA?
B.2.1. A requester must comply with all the procedural requirements contained in the Act relating to a request for access to a record.
B.2.2. A requester must complete the request form enclosed herewith in Appendix A and submit it, as well as the payment of a request fee, if applicable to the information officer at the physical address, or electronic mail address as stated herein.
B.2.3. The request form must be filled in with enough information to at least enable the information officer to identify:
a) The record or records requested.
b) The identity of the requester.
c) What form of access is required?
d) The postal address or fax number of the requester.
B.2.4. A requester must state that he or she requires the information to exercise or protect a right, and clearly state what the nature of the right is, so to be exercised or protected.
B.2.5. The requester must also provide an explanation of why the requested record is required for the exercise or protection of that right.
B.2.6. TRACKING AFRICA will process a request within 30 days, unless the requester has stated special reasons which would satisfy the information officer that circumstances dictate that this period not be complied with.
B.2.7. The requester shall be informed in writing whether access has been granted or denied. if, in addition, the requester requires the reasons for the decision in any other manner, he or she must state the way it is required.
B.2.8. If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is making the request to the satisfaction of the information officer.
B.2.9. If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally to the Information Officer.
B.3. Grounds for Refusal of Access to Records in Terms of PAIA.
The following are the grounds on which TRACKING AFRICA may, subject to the Exceptions contained in Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:
B.3.1. Mandatory protection of the privacy of third party who is a natural person, including a deceased person, where such disclosure of Personal Information on would be unreasonable.
B.3.2. Mandatory protection of the commercial information of a third party, If the Records contain:
a) Trade secrets of that third party.
b) Financial, commercial, scientific, or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or
c) Information disclosed in confidence by a third party to TRACKING AFRICA, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition.
B.3.3. Mandatory protection of confidential information of third parties if it is protected in terms of any agreement.
B.3.4. Mandatory protection of the safety of Individuals and the protection of property.
B.3.S. Mandatory protection of Records that would be regarded as privileged in legal proceedings.
B.3.6. Protection of the commercial information of TRACKING AFRICA, which may include:
a) Trade secrets.
b) Financial/commercial, scientific, or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of TRACKING AFRICA.
c) Information which, if disclosed, could put TRACKING AFRICA at a disadvantage in contractual or other negotiations or prejudice TRACKING AFRICA in commercial competition; and/or
d) Computer programs which are owned by TRACKING AFRICA and their suppliers, and which are protected by copyright and intellectual property laws.
B.3.7. Research information of TRACKING AFRICA or a third party, if such disclosure would place the research or the researcher at a serious disadvantage, and
B.3.8. Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.
B.4. What if I'm not happy about how TRACKING AFRICA handled my PAIA/POPIA request?
B.4.1. If you are not satisfied about the way in which your request was handled by TRACKING AFRICA (including where you are not happy about the Access Fee charged by TRACKING AFRICA, the length of time TRACKING AFRICA is taking to process your request), you can make an application for relief to the Constitutional Court, the High Court or another court of similar status.
B.4.2. Please note that if you wish to make an application to the court, you will need to do so within 180 days of receiving the relevant decision made by TRACKING AFRICA,
B.5. What are the charges applicable to my PAIA/POPIA request?
B.5.1. There are two types. of fees. which are payable under PAIA, namely Request Fee, and Access Fee.
B.5.2. Request Fee is payable upon making a request to access records/personal information, and it is R50.00 (Inclusive of VAT) for each request. You do not have to pay a request fee if:
a. You are a private individual requesting access to your own records/personal information.
b. You are single and earning less than R14,812 p/a ; or
c. You are married (or in a life partnership), and earning less than R27,192 p/a.
B.5.3. Access Fee is payable in respect of records/personal information which are produced in response to your request. Access Fee is payable by everyone who makes a request. The rate of Access Fees are as follows:
Item
Description
Amounts Excl VAT
1.
Photocopy or printed black and white (A4 page)
R2.00 per page or part of
2.
Printed copy A4 size page
R2.00 per page or part of
3.
For a copy in a computer-readable form on:
• A USB (provided by the requester)
• A compact disc (CD) if the requested provides the CD
• A CD that is provided to the requester
R40.00
R40.00
R40.00
4.
A transcription of visual images, for an A4 size page or part of the page
R40.00
5.
A copy of visual images
R40.00
6.
A transcription of an audio record, per A4 size page
R20.00
7.
• For a copy of an audio record on a USB (provided by the requester)
• For a copy of an audio record on a CD if the requester provides the CD
• For a copy of an audio record on CD if the CD is provided to the requester
R40.00
R40.00
R60.00
8.
For each hour or part of an hour (excl. the first hour) reasonably required to search for and prepare the record for disclosure. The search and preparation fee cannot exceed
R145.00
R435.00
9.
Deposit: if the search exceeds 6hrs
One third of the amount per request. It is calculated in terms of items 1 to 7 above to be paid upfront
10.
Postage, email or any other electronic transfer
Actual expense, if any.
11.
Confirmation that TRACKING AFRICA handles personal information of the requestor (POPIA s23(1)(a) request)
No Charges
B.5.4. Please note that:
a. where Request Fee is payable, your request will not be processed until you pay the Request
Fee;
b. where Access Fee is payable, the record/personal information you requested will not be
released until the Access Fee is paid; and
PART C: PROTECTION OF PERSONAL INFORMATION ACT
C.1. Purpose of the processing [S 51(l)(c)(i))
Description of category of data subjects
Purpose of the Processing
Employees
1. Human Resource Management
2. Verification of applicant employees' information during recruitment process
3. General matters relating to employees:
a. Pension;
b. Medical aid;
c. Payroll;
d. Disciplinary action;
e. Training relationship.
4. Any other reasonably required purpose
relating to the employment or possible
employment
Clients
1. Registration as a client.
2. Compliance with legislation.
3. Delivering of Service.
4. Manage payments etc
5. Manage our relationship.
Visitors
Security of employees and facilities.
Suppliers, professional advisers, and consultants
1. Administration of Agreement
2. Verifying and updating information
3. Performing duties in terms of any agreement.
4. Make, or assist in making, credit decisions.
5. Operate and manage accounts and manage any application, agreement or correspondence vendors may have with the Organisation.
6. Communicating with vendors by email, SMS, letter, telephone or in any other way about the Organisation’s the services.
7. Performing other administrative and operational purposes including the testing of systems.
8. Recovering any debt vendors may owe the Organization.
9. Complying with the organisation’s regulatory and other obligations.
10. Any other reasonably required purpose relating to the organisation business.
C.2. Categories of data subjects and of the information or categories of information relating thereto [S S51(l)(c)(ii))
Category of data subjects
Information or categories of information relating thereto
Employees
1. Full name and identifying particulars.
2. Occupation of the employee.
3. Remuneration paid.
4. Tax which has been deducted.
5. Unemployment insurance fund contributions
6. Disciplinary Proceedings
7. Banking Details
Visitors
Full Name and identifying particulars
Suppliers, Professional advisers and consultants
1. Company ,Contact person and banking Details
2. Professional details
C.3. Planned transborder flows of personal information (S 51(l)(c)(iv)]
C.3.1. Some of our external third parties may be based outside your country so their processing of your Personal Information could involve a transfer of data outside your country.
C.3.2. Whenever we transfer your Personal Information out of your country, we ensure a similar degree
of protection afforded to it by ensuring at least one of the following safeguards are implemented:
(a) We will only transfer your Personal Information to countries that have appropriate data protect on and privacy legislation to protect your Personal Information.
(b) Where we use certain service providers, we conclude an agreement with them to confirm that your Personal Information is confidential, they can only process on our instructions and that they should establish and maintain appropriate technological and organisational measures to protect your Personal Information.
(c) Where we use providers with servers based in other countries, we may transfer data to them if they are part of the Privacy Shield which requires them to provide protection to Personal information similar to the principles under the GDPR, which we believe are good principles to ensure compliance.
C.3.3. By submitting your Personal Information to us you consent to the transfer of your Personal Information outside the borders of the Republic of South Africa.
C.4. General description allowing a preliminary assessment of the suitability of the information security measures to be implemented by the responsible party to ensure the confidentiality, integrity, and availability of the information which is to be processed [S51(l)(c)(v)]
C.4.1. TRACKING AFRICA undertakes to institute and maintain the data protect on measures to accomplish the following objectives outlined below. The details given are to be interpreted as examples of how to achieve an adequate data protect on level for each objective. TRACKING AFRICA may use alternative measures and adapt to technological security development, as needed, provided that the objectives are achieved.
1. Access Control of Persons:
TRACKING AFRICA shall implement suitable measures in order to prevent unauthorized persons from
gaining access to the data processing equipment where the data are processed.
2. Data Media Control:
TRACKING AFRICA undertakes to implement suitable measures to prevent the unauthorized manipulation of media, including reading, copying, alteration or removal of the data media used by TRACKING AFRICA and containing personal information of Customers.
3. Data Memory Control:
TRACKING AFRICA undertakes to implement suitable measures to prevent unauthorized input into data memory and the unauthorised reading, alteration, or deletion of stored data.
4. User Control:
TRACKING AFRICA shall implement suitable measures to prevent its data processing systems from being used by unauthorised persons by means of data transmission equipment.
5. Access Control to Data:
TRACKING AFRICA represents that the persons entitled to use TRACKING AFRICA's data processing system are only able to access the data within the scope and to the extent covered by their respective access permissions.
6. Transmission Control:
TRACKING AFRICA shall be obliged to enable the verification and tracing of the locations / destinations to which the personal information is transferred by utilization of TRACKING AFRICA's data communication equipment / devices.
7. Transport Control:
TRACKING AFRICA shall implement suitable measures to prevent Personal Information from being read, copied, altered, or deleted by unauthorized persons during the transmission thereof or during the transport of the data media.
8. Organisation Control:
TRACKING AFRICA shall maintain its internal organisation in a manner that meets the requirements of this Manual.
C.4.2. TRACKING AFRICA is doing this by implementing the following security measures:
a) Staff awareness program
b) Policies
c) Procedure Guidelines
d) Technical Security Measures
e) Organisational Security Measures
PART D: FORMS
Form Name
Link to download:
D1. Access Request Form
https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-PAIA-Form02-Reg7.pdf
D2. Request for Correction or Deletion
of Personal Information or
Destroying or Deletion of Record of
Personal Information
D3. Objection to the Processing of
Personal Information
Please find printable forms on the following page should you not have access to online forms
Page updated
Google Sites
Report abuse