MANUAL IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO
INFORMATION ACT 2 OF 2000 (“PAIA”)
(“POPIA”)
FENWICK BOSHOFF INC. (PTY) LTD
(REG. NO.: 2001/002612/07)
(“COMPANY”)
1.1 This Manual constitutes the Company PAIA manual.
1.2 This Manual is compiled in accordance with section 51 of PAIA as amended by the Protection of Personal Information Act, 2013 (“POPIA”). POPIA promotes the protection of personal information processed by private bodies, including certain conditions so as to establish minimum requirements for the processing of personal information. POPIA amends certain provisions of PAIA, balancing the need for access to information against the need to ensure the protection of personal information. Where a request is made in terms of PAIA to a private body, that private body must disclose the information if the requester is able to show that the record is required for the exercise or protection of any rights, and provided that no grounds of refusal contained in PAIA are applicable. PAIA sets out the requisite procedural issues attached to information requests.
1.3 This PAIA manual also includes information on the submission of objections to the processing of personal information and requests to delete or destroy personal information or records thereof in terms of POPIA.
1.4 For purposes of this Manual, we refer to ourselves as the “Company”, “we”,” us” or “our”.
2.1 Fenwick Boshoff Incorporated.
3.1 All requests for access to records in terms of the Act for the Company must be in writing and must be addressed to the Information Officer, at the contact details below;
Information Officer: Brett Tromp
Street Address: 21 John Gainsford Street, Springbok Park, Brackenfell, 7560
Email address: Brett@fb-law.co.za
4.1 The information available on our website, may be automatically accessed by you, without having to follow the formal PAIA request process.
5.1 We are subject to many laws and regulations, some of which require us to keep certain records.
6.1 Described below are the records which we hold, divided into categories for ease of reference:
Personnel Records
Personnel records include:
Client Records
Client records include:
Private Body Records
“Private Body Records” are records which include, but are not limited to, records which pertain to the Company’s own affairs including:
Other Party Records
7.1 Requests for personal information under POPIA must be made in accordance with the provisions of PAIA. This process is outlined in paragraph 9 below.
7.2 If we provide you with your personal information, you have the right to request the correction, deletion or destruction of your personal information, in the prescribed form. You may also object to the processing of your personal information in the prescribed form.
7.3 We have attached the prescribed forms to this Manual for your convenience.
7.4 We will give you a written estimate of the fee for providing you with your personal information, before providing you with the services. We may also require you to provide us with a deposit for all or part of the fee prior to giving you the requested personal information.
7.5 Purpose of processing:
7.5.1 POPIA provides that personal information may only be processed lawfully and in a reasonable manner that
does not infringe on the data subject’s privacy.
7.5.2 The type of personal information that we process will depend on the purpose for which it is collected.
7.5.3 We may use, transfer, share and disclose your personal information for the purposes of:
7.6 Personal information that is processed includes;
7.6.1 Categories of data subjects include;
7.6.2 Categories of personal information includes personal information and special personal information
7.7 Categories of recipients for purposes of processing personal information
7.7.1 Personal information may be shared with other entities in the group, our agents and sub-contractors, partners, vendors and selected third parties, including credit providers, credit bureaus, debt collectors, and service providers who process the information on our behalf for the purposes set-out in 8.5.3 above.
7.8.1 The Company may need to transfer a Data Subject’s information to service providers in countries outside South Africa, in which case it will fully comply with applicable South African data protection legislation.
7.9 General description of information security measures
7.9.1 The Company employs appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of personal information and unlawful access to or processing of personal information.
7.9.1.1 The following policies have been put in place to govern the way the Company treats personal information;
7.9.1.2 The following protocols have been put in place to control the way the Company treats personal information;
7.9.1.3 The Company’s IT Security Control environment includes controls such as ;
8.1 Completion of the prescribed form
8.1.1 Any request for access to a record from a private body in terms of PAIA must substantially correspond with the form attached hereto marked Appendix A
8.1.2 A request for access to information which does not comply with the formalities as prescribed by PAIA will be set-aside.
8.2 Payment of the prescribed fees
8.2.1 A fee may be payable, depending on the type of information requested, as described under Appendix B – Fees in respect of private bodies.
8.2.2 There are two categories of fees which are payable:
8.2.2.1 The request fee: R140
8.2.2.2 The access fee: This is calculated by taking into account reproduction costs, search and preparation costs, as well as postal costs.
8.2.3 Section 54 of PAIA entitles the Company to levy a charge or to request a fee to enable it to recover the cost of processing a request and providing access to records. The fees that may be charged are set out in Regulations promulgated under PAIA.
8.2.4 Where a decision to grant a request has been taken, the record will not be disclosed until the necessary fees have been paid in full.
8.2.5 POPIA provides that a data subject may, upon proof of identity, request the Company to confirm, free of charge, all the information it holds about the data subject and may request access to such information, including information about the identity of third parties who have or have had access to such information.
8.2.6 POPIA also provides that where the data subject is required to pay a fee for services provided to him / her, the Company must provide the data subject with a written estimate of the payable amount before providing the service and may require that the data subject pays a deposit for all or part of the fee.
9.1 POPIA provides that a data subject may object, at any time, to the processing of personal information by the Company, on reasonable grounds relating to his/her particular situation, unless legislation provides for such processing. The data subject must complete the prescribed form attached hereto as Appendix C – FORM 1 – Objection to the processing of personal information in terms of section 11(3) of POPIA Regulations relating to the protection of personal information, 2018 [Regulation 2] and submit it to the Information Officer at the postal or physical address or electronic mail address set out above.
10.1 A data subject may also request the Company to correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or destroy or delete a record of personal information about the data subject that the Company is no longer authorised to retain records in terms of POPIA’s retention and restriction of records provisions.
10.2 A data subject that wishes to request a correction or deletion of personal information or the destruction or deletion of a record of personal information must submit a request to the Information Officer at the postal or physical address or electronic mail address set out above on the form attached hereto as Appendix D – FORM 2 – Request for correction or deletion of personal information or destroying or deletion of record of personal information in terms of section 24(1) of POPIA’s Regulations relating to the protection of personal information, 2018 [Regulation 3]
11.1 Proof of identity is required to authenticate your identity and the request. You will, in addition to this prescribed form, be required to submit acceptable proof of identity such as a certified copy of your identity document or other legal forms of identity.
12.1 Requests will be processed within 30 (thirty) days, unless the request contains considerations that are of such a nature that an extension of the time limit is needed.
12.2 Should an extension be required, you will be notified, together with reasons explaining why the extension is necessary.
13.1 There are various grounds upon which a request for access to a record may be refused. These grounds include:
13.1.1 the protection of personal information of a third person (who is a natural person) from unreasonable disclosure;
13.1.2 the protection of commercial information of a third party (for example: trade secrets; financial, commercial, scientific or technical information that may harm the commercial or financial interests of a third party);
13.1.3 if disclosure would result in the breach of a duty of confidence owed to a third party;
13.1.4 if disclosure would jeopardise the safety of an individual or prejudice or impair certain property rights of a third person;
13.1.5 if the record was produced during legal proceedings, unless that legal privilege has been waived;
13.1.6 if the record contains trade secrets, financial or sensitive information or any information that would put The Company at a disadvantage in negotiations or prejudice it in commercial competition; and/or
13.1.7 if the record contains information about research being carried out or about to be carried out on behalf of a third party or by The Company.
13.2 Section 70 of PAIA contains an overriding provision. Disclosure of a record is compulsory if it would reveal (i) a substantial contravention of, or failure to comply with the law; or (ii) there is an imminent and serious public safety or environmental risk; and (iii) the public interest in the disclosure of the record in question clearly outweighs the harm contemplated by its disclosure.
13.3 If the request for access to information affects a third party, then such third party must first be informed within 21 (twenty one) days of receipt of the request. The third party would then have a
further 21 (twenty one) days to make representations and/or submissions regarding the granting of access to the record.
14.1 If the Information Officer decides to grant a requester access to the particular record, such access must be granted within 30 (thirty) days of being informed of the decision.
14.2 There is an appeal procedure that may be followed after a request to access information has been refused, which will be described in the correspondence addressed to you by the Information Officer.
14.3 In the event that you are not satisfied with the outcome of the appeal, you are entitled to apply to the Information Regulator or a court of competent jurisdiction to take the matter further.
14.4 Where a third party is affected by the request for access and the Information Officer has decided to grant you access to the record, the third party has 30 (thirty) days in which to appeal the decision in a court of competent jurisdiction. If no appeal has been lodged by the third party within 30 (thirty) days, you must be granted access to the record.
15.1 Copies of this Manual are available for inspection, free of charge, at the registered offices of the Company at the address listed above.
15.2 Copies will also be made available on the Company website/s.