GGA PAIA AND POPI MANUAL
1.INTRODUCTION
1.1 GGA Good Governance Africa NPC, a company duly incorporated in terms of the company laws of the Republic of South Africa with registration number 2014/177759/08 and with its registered address situated at The Mall Offices, 11 Cradock Avenue, Rosebank, 2196 (referred to as “GGA”) is a research and advocacy think tank.
1.2 As part of its operations and services, GGA holds certain records (information and documents), including personal information. The Promotion of Access to Information Act No2 of 2000 (“PAIA”) and the Protection of Personal Information Act No4 of2013 (“POPI”) provide for certain records and/or information to be accessed where certain circumstances are met and in accordance with certain procedures and at prescribed fees, giving effect to the right of access to information in terms of the Constitution of the Republic of South Africa.
1.3 This PAIA and POPI Manual (“the Manual”) (which includes all annexures and amendments thereto as made available by GGA from time to time) has been prepared in accordance with section 51 of PAIA as read with POPI. It provides an overview of the records (information and documents) held by GGA and details of how such records may be accessed, including in relation to giving effect to the rights granted under POPI terms of which a data subject may access its personal information, object to processing and request the correction of any of its personal information held by GGA.
1.4 GGA may amend this manual from time to time. It is available and accessible at www.gga.org or on request to GGA’s designated Information Officer (being the person duly authorised by the management of GGA and appointed by GGA to act in this capacity).
1.5 GGA has appointed an Information Officer in accordance with POPI. In addition to its obligations prescribed under POPI, the designated Information Officer is also responsible for assessing any requests to GGA for access to information in terms of PAIA as well as to oversee any other obligations which GGA may have under PAIA. The Information Officer may appoint Deputy Information Officers to assist it in the fulfillment of its obligations.
2.GGA DETAILS
(Information to be provided in terms of section 51(1)(a) of PAIA)
Name of Business: GGA Good Governance Africa NPC
Information Officer: Mr Tshepang Molefe
Position: Chief Technology Officer
Postal Address: 7th Floor, The Mall Offices, 11 Cradock Avenue, Rosebank 2196, South Africa
Physical Address: 7th Floor, The Mall Offices, 11 Cradock Avenue, Rosebank 2196, South Africa
Phone Number: +27 11268 0479
Fax Number: +27 11268 0478
Email Address: tsheapng@gga.org
Website: www.gga.org
3.GUIDE ON HOW TO USE PAIA
3.1 The South African Human Rights Commission (SAHRC) has issued a guide on how to use the Act (as prescribed by section 10 of PAIA) and is available on the SAHRC website (www.sahrc.org.za). This Manual complies with the requirements of the guide (defined below) and recognises that the Information Regulator established under POPI will be responsible for regulating compliance with PAIA, POPI and their regulations.
See contact details below:
PAIA
South African Human Rights Commission
Promotion of Access to Information Act Unit
Research and Documentation Department
Private Bag 2700
Houghton
Johannesburg
2041
Telephone: +27 11 887 3600
Email: paia@sahrc.org.za
POPI
Information Regulator
Physical address:
JD House
27 Stiemens Street
Braamfontein,
Johannesburg
2001
Postal address:
P.O Box 31533
Braamfontein
Johannesburg
2017
Email:
Complaints: complaints.IR@justice.gov.za
General enquiries: inforeg@justice.gov.za.
4. RECORDS HELD BY GGA
4.1 RECORDS WHICH ARE FREELY AVAILABLE(Section 51(1)(c) of PAIA)
4.1.1 The following records are automatically available to the general public and need not be requested in accordance with the procedure outlined in this Manual:
4.1.2 brochures;
4.1.3 information available on GGA’s website.
4.2 RECORDS HELD BY GGA IN TERMS OF OTHER LEGISLATION (Section 51(1)(d) of PAIA)
GGA retains a number of records in accordance with legislation which applies to it, including but not limited to:
- Basic Conditions of Employment Act No 75 of 1997;
- Companies Act No 71 of 2008;
- Compensation for Occupational Injuries and Diseases Act No 130 of 1993;
- Consumer Protection Act No 68 of 2008;
- Copyright Act No 98 of 1978;
- Electronic Communications and Transactions Act No 25 of 2002;
- Employment Equity Act No 55 of 1998;
- Financial Intelligence Centre Act No38 of 2001;
- Income Tax Act No 58 of 1962;
- Labour Relations Act No 66 of 1995;
- Medical Schemes Act No 131 of 1998;
- National Credit Act No 34 of 2005;
- Nonprofit Organisations Act 71 of 1997
- Occupational Health and Safety Act No 85 of 1993;
- Pension Funds Act No 24 of 1956;
- Protection of Personal Information Act No 4 of 2013;
- Regulation of Interception of Communications and Provision of Communication-Related Information Act No 70 of 2002;
- Skills Development Act No 97 of 1998;
- Skills Development Levies Act No 9 of 1999;
- Unemployment Insurance Act No 63 of 2001;
- B-BBEE Act No 53 of 2003; and
- Value Added Tax Act No 89 of 1991.
4.2.1 Where any information contained in any records retained by GGA in terms of the above legislation is of a public nature, such records may be available for inspection without a person having to request access thereto in terms of PAIA.
4.3 RECORDS HELD BY GGA (Section 51(1)(e) of PAIA)
The records held by GGA include but are not necessarily limited to:
4.3.1 HUMAN RESOURCES
- Employee information including personal information, employment history and health records that GGA may hold from time to time;
- Disciplinary records;
- Employment equity plan;
- Records of pension and provident funds;
- Training and development information;
- General files containing information on employee benefits and employee recruitment and selection information;
- List of employees;
- Employment contracts;
- Tax records;
- Training records;
- Payroll; and
- Applicable internal policies and procedures.
4.3.2 CLIENT RELATED RECORDS
- FICA records; and
- Correspondence.
4.3.3 PROPERTY
- Lease agreements;
- Insurance records; and
- Asset register.
4.3.4 OPERATIONS
- Function records and related costings;
- List of suppliers; and
- Supplier agreements.
4.3.5 INFORMATION TECHNOLOGY
- Licence agreements;
- Records relating to systems;
- Domain information;
- Usage statistics;
- Equipment details;
4.3.6 COMPANY INFORMATION
- GGA secretarial records; and
- Incorporation documents, including Memorandum and Articles of Association.
4.3.7 FINANCE/ACCOUNTS DEPARTMENT
- Accounting records;
- Annual financial statements;
- Tax returns;
- Creditors and debtors;
- Invoices;
- Salary information;
- Banking records;
- Bank account details;
- Fixed assets register;
- Audit reports;
4.3.8 MARKETING DEPARTMENT
- GGA brochures and publications;
- Documents relating to public relations events; and
- GGA media releases.
5. PROCESS FOR REQUESTS TO INFORMATION
5.1 Any requests for access to records of GGA are subject to PAIA and, in respect of personal information, POPI.
5.2 In terms of PAIA, a request for access is to be made on the prescribed form accessible at https://www.justice.gov.za/inforeg/docs2-f.html – FORM C REQUEST FOR ACCESS TO RECORD OF PRIVATE BODY – A copy is attached as Annexure A to this manual. The request is to be made to the Information Officer addressed to the contact details set out above (section 53(1) of PAIA).
5.3 The requester must provide sufficient detail on the form to enable the Information Officer to identify the record and the requester. The requester should also indicate which form of access is required and specify a postal address, fax number in the Republic or email address. The requester should also indicate if, in addition to a written reply, any other manner is to be used to inform the requester and state the necessary particulars to be so informed (section 53(2)(a) and (b) and (c) and (e) of PAIA).
5.4 The requester must identify the right that is sought to be exercised or protected and provide an explanation of why the requested record is required for the exercise or protection of that right (section 53(2)(d) of PAIA).
5.5 In circumstances where the request for access is being made on behalf of another person, the requestor is obliged to prove the capacity in which the request is being made, with any submissions in support thereof being subject to the satisfaction of GGA(section 53(2)(f) of PAIA). Section 71 of PAIA makes provision for a request for information or records about a third party. In considering such a request, GGA will adhere to the provisions of sections 71 to 74 of PAIA. The requestor is to note the provisions of Chapter 5 of Part 3 of PAIA in terms of which GGA is obliged, in certain circumstances, to advise third parties of requests lodged in respect of information applicable to or concerning such third parties. In addition, the provisions of Chapter 2 of Part 4 of PAIA entitle third parties to dispute the decisions of GGA by referring the matter to the High Court.
5.6 The Information Officer will decide on whether or not to grant the request as soon as is reasonably possible (but in any event within thirty days of the request having been submitted) and notify the requester accordingly.
5.7 The Information Officer may decide to extend the period of thirty days for another period of not more than thirty days if:
5.7.1 the request is for a large number of records;
5.7.2 the search for the records is to be conducted at premises not situated in the same town or city as the head office of GGA;
5.7.3 consultation among departments of GGAis required;
5.7.4the requester consents to such an extension in writing; or
5.7.5 the parties agree in any other manner to such an extension.Should GGA require an extension of time, the requester shall be informed in the manner stipulated in the prescribed form of the reasons for the extension.
5.8 If the Information Officer fails to respond (or extend the period within which the respond) within thirty days after a request has been received, it will, in terms of PAIA, be deemed to have refused the request (section 58 read together with section 56(1) of PAIA).
5.9 Where access is granted:
5.9.1 the Information Officer will advise the requester of:
5.9.1.1the access fee to be paid for the prior to GGA being able to process the request and grant the access (section 54(1) of PAIA);
5.9.1.2 the format in which access will be given;
5.9.1.3 the fact that the requester may lodge an appeal with a court of competent jurisdiction against the access fee charged or the format in which access is to be granted (section 56(2) of PAIA); and
5.9.2 access to the record requested will be given as soon as reasonably possible.
5.10 The following access and reproduction fees apply:
| No. | Description | Fees in Rands |
| 5.10.1 | The fee for a copy of the manual as contemplated in regulation 9(2)(c) for every photocopy of an A4-size page or part thereof | 1.10 |
| 5.10.2 | The fees for reproduction referred to in regulation 11(1) are as follows: | 1.10 |
| (a) For every photocopy of an A4-size page or part thereof | ||
| (b) For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine readable form | 0.75 | |
| (c) For a copy in a computer-readable form on – | ||
| (i) stiffy disc | 7.50 | |
| (ii) compact disc | 70.00 | |
| (d)(i) For a transcription of visual images, for an A4-size page or part thereof | 40.00 | |
| (ii) For a copy of visual images | 60.00 | |
| e)(i) For a transcription of an audio record, for an A4-size page or part thereof | 20.00 | |
| (ii) For a copy of an audio record | 30.00 | |
| 5.10.3 | The request fee payable by a requester, other than a personal requester, referred to in regulation 11(2) | 50.00 |
| 5.10.4 | The access fees payable by a requester referred to in regulation 11(3) are as follows: | |
| (1)(a) For every photocopy of an A4-size page or part thereof | 1.10 | |
| (b) For every printed copy of an A4-size page or part | 0.75 | |
|
thereof held on a computer or in electronic or machine readable form (c) For a copy in a computer-readable form on |
||
| (i) stiffy disc | 7.50 | |
| (ii) compact disc | 70.00 | |
| (d) (i) For a transcription of visual images, for an A4-size page or part thereof | 40.00 | |
| (ii) For a copy of visual images | 60.00 | |
| (e) (i) For a transcription of an audio record, for an A4-size page or part thereof | 20.00 | |
| (ii) For a copy of an audio record | 30.00 | |
| f) To search for and prepare the record for disclosure for each hour or part of an hour reasonably required for such search and preparation. | 30.00 |
5.11 If the request for access is refused, the Information Officer shall advise the requester in writing of the refusal, including adequate reasons for the refusal and that the requester may lodge an appeal with a court of competent jurisdiction against the refusal of the request (section 56(3) of PAIA).
5.12 Upon the refusal by the Information Officer, any deposit paid by the requester will be refunded.
5.13 The requester may lodge an appeal with a court of competent jurisdiction against any process set out in this paragraph 5.
6. RECORDS NOT FOUND
6.1 If a record cannot be found or if the records do not exist, the Information Officer shall notify the requester (providing full details of steps taken to find the record or determine its existence) that it is not possible to give access to the requested record.
6.2 If the record in question should later be found, the requester shall be given access to the record unless access is refused by GGA.
7. REFUSAL OF ACCESS
7.1 GGA may refuse to grant access on certain grounds, including the following (Part 3, Chapter 4 of the PAIA):
7.1.1that the record constitutes privileged information for the purposes of legal proceedings or is subject to professional privilege;
7.1.2 to protect the commercial information or the confidential information of a third party or GGA;
7.1.3 that it is necessary to protect the safety of individuals or property;
7.1.4 that it is necessary to protect the research information of a third party or GGA; or
7.1.5 that granting access would result in the unreasonable disclosure of personal information about a third party.
8.PROTECTION OF PERSONAL INFORMATION
8.1 INTRODUCTION
8.1.1 Chapter 3 of POPI provides for the minimum conditions for lawful “processing” of “personal information” by a “responsible party” (as such terms are defined under POPI). These conditions may not be derogated from unless specific exclusions apply as outlined in POPI.
8.1.2 GGA requires personal information relating to both natural and legal persons in order tocarry out its business and organisational functions.
8.1.3 The manner in which this information is processed and the purpose for which it is processed is determined by GGA. Accordingly, GGA is a responsible party for the purposes of POPI and will ensure that the personal information of a “data subject” (as defined in POPI), amongst other things as prescribed by POPI:
8.1.3.1 is processed lawfully, fairly and transparently. This includes the provision of appropriate information to data subjects when their data is collected by GGA, in the form of privacy or data
collection notices. GGA must also have a legal basis (for example, but not limited to, consent) to process personal information;
8.1.3.2 is processed only for the purposes for which it was collected;
8.1.3.3 will not be processed for a secondary purpose unless that processing is compatible with the original purpose;
8.1.3.4 is adequate, relevant and not excessive for the purposes for which it was collected;
8.1.3.5 is accurate and kept up to date;
8.1.3.6 will not be kept for longer than necessary;
8.1.3.7 is processed in accordance with integrity and confidentiality principles –this includes physical and organisational measures to ensure that personal information, in both physical and electronic form, is subject to an appropriate level of security when stored, used and communicated by GGA, in order to protect against access and acquisition by unauthorised persons and accidental loss, destruction or damage; and
8.1.3.8 is processed in accordance with the rights of data subjects, where applicable.
8.2 DATA SUBJECT RIGHTS
8.2.1 Data Subjects have the right to:
8.2.1.1 be notified that their personal information is being collected by GGA. The data subject also has the right to be notified in the event of a data breach;
8.2.1.2 know whether GGA holds personal information about them and to access that information. Any request for information must be handled in accordance with the provisions of thisPAIA Manual;
8.2.1.3 request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;
8.2.1.4 object to GGA’s use of their personal information and request the deletion of such personal information (deletion would be subject to GGA’s record-keeping requirements);
8.2.1.5 object to the processing of personal information for purposes of direct marketing by means of unsolicited electronic communications; and
8.2.1.6 complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPI and to institute civil proceedings regarding the alleged non-compliance with the protection of his, her or its personal information.
8.3 Purpose of the Processing of Personal Information by GGA
8.3.1 As noted above, personal information held by GGA can only be processed for a specific purpose. The purpose for which GGA processes or will process personal information is set out in section of A of Annexure B to this Manual, provided however that this is not an exhaustive list.
8.4 CATEGORIES OF DATA SUBJECTS AND PERSONAL INFORMATION RELATING THERETO
8.4.1 In terms of section 1 of POPI, a data subject may either be a natural or a juristic person. The various categories of Data Subjects that GGA processes personal information in respect of and the types of personal information relating thereto includes but is not limited to those detailed in section B of Annexure B to this Manual.
8.5 SHARING OF PERSONAL INFORMATION
8.5.1 GGA may share a data subject’s Personal Information in accordance with section C of Annexure B to this Manual.
8.6 CROSS-BORDER FLOWS OF PERSONAL INFORMATION
8.6.1 Section 72 of POPI provides that Personal Information may only be transferred out of the Republic of South Africa if the:
8.6.1.1 recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws must be substantially similar to the Conditions for Lawful Processing as contained in POPI; or
8.6.1.2 data subjects’ consent to the transfer of their personal information; or
8.6.1.3 transfer is necessary for the performance of a contractual obligation between the data subject and the responsible party; or
8.6.1.4 transfer is necessary for the performance of a contractual obligation between the responsible party and a third party, in the interests of the data subject; or
8.6.1.5 the transfer is for the benefit of the data subject, and it is not reasonably practicable to obtain the consent of the data subject, and if it were, the data subject, would in all likelihood provide such consent.
8.6.2 Planned cross-border transfers of personal information and the justifications therefor includes but is not limited to those detailed in section D of Annexure B to this Manual.
8.7 DESCRIPTION OF INFORMATION SECURITY MEASURES TO BE IMPLEMENTED BY GGA
8.7.1 Section E of Annexure B to this Manual sets out the types of security measures to be implemented by GGA in order to ensure that personal information is respected and protected. This is not an exhaustive list and is subject to change. A preliminary assessment of the suitability of the information security measures implemented or to be implemented by GGA may be conducted in order to ensure that the personal information that is processed by GGA is safeguarded and processed in accordance with the Conditions for Lawful Processing under POPI.
8.8 OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION BY A DATA SUBJECT
8.8.1 Section 11(3) of POPI and regulation 2 of the POPI Regulations provides that a Data Subject may, at any time object to the processing of his/her/its personal information in the prescribed form attached to this manual as Annexure C subject to exceptions contained in POPI.
8.9 REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION
8.9.1 Section 24 of POPI and regulation 3 of the POPI Regulations provides that a data subject may request for their personal information to be corrected/deleted in the prescribed form attached as Annexure D.
FOR OUR COMMENT AND MODERATION POLICY, CLICK HERE
