Promotion of Access to Information.

Document
This manual has been prepared in terms of the section 51 of the Promotion of Access to Information Act 2/2000 and to address the requirements of the Protection of Personal Information Act 4/2014.

The reference to any information in addition to that specifically required in terms of Section 51 of the Act does not create any right or entitlement (contractual or otherwise) to receive such information, other than in terms of the Act.

1.   Introduction

  1. For the purpose of POPI and PAIA, the Company is defined as a private body. In accordance with the Company’s obligations in terms of POPI and PAIA, the Company has produced this manual.
  2. This manual sets out all information required by both PAIA and POPI.
  3. This manual also deals with how requests are to be made in terms of PAIA.
  4. This manual also establishes how compliance with POPI is to be achieved.

2.   Overview

  1. “Client” – refers to any natural or juristic person that received or receives services from the Company;
  2. “the Company” – shall mean Insert Company Name;
  3. “Conditions for Lawful Processing” – the conditions for the lawful processing of Personal Information as fully set out in chapter 3 of POPI and in paragraph 11 of this Manual;
  4. “Data Subject” – as ascribed thereto in section 1 of POPI;
  5. “Information Officer” – the duly authorised Head as defined in section 1 of PAIA;
  6. “Manual” – this manual prepared in accordance with section 51 of PAIA and regulation 4(1) (d) of the POPI Regulations;
  7. “PAIA” – the Promotion of Access to Information Act 2 of 2000;
  8. “Personal Information” – as ascribed thereto in section 1 of POPI;
  9. “Personnel” – any person who works for, or provides services to or on behalf of the Company, and receives or is entitled to receive remuneration and any other person who assists in carrying out or conducting the business of the Company, which includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff as well as contract workers;
  10. “POPI” – the Protection of Personal Information Act 4 of 2013;
  11. “POPI Regulations”– the regulations promulgated in terms of section 112(2) of POPI;
  12. “Private Body” – as ascribed thereto in sections 1 of both PAIA and POPI;
  13. “Processing” – as ascribed thereto in section 1 of POPI;
  14. “Requestor” – as ascribed thereto in section 1 of PAIA;
  15. “Request for Access” – as ascribed thereto in section 1 of PAIA;
  16. “SAHRC” – the South African Human Rights Commission;
  17. “Any other terms not described herein” will have the meaning as ascribed to it in terms of PAIA or POPI.

3.   Contact

Business Name Blue Bean Software (Pty) Ltd
Registration Number 2012/115616/07
Registered Office Block B. Infinity Business Park, 4 Pieter Wenning Road, Fourways, Johannesburg, 2191
Postal Address Block B. Infinity Business Park, 4 Pieter Wenning Road, Fourways, Johannesburg, 2191
Contact Number +27 10 822 3570
Information Officer Name Wouter Nigrini
Email Address popi@bluebeansoftware.com

4.   Voluntary Disclosure

At this stage no Notice(s) has / have been published on the categories of records that are available without having to request access to them in terms of PAIA.

5.   Availability and publication of certain records in terms of PAIA

The Company hold and/or process the following records for the purposes of PAIA and POPI.

Information pertaining to products and/or services Freely available on website at web.bluebeansoftware.com
Employment Contracts On request in terms of PAIA
Personal records provided by personal and third parties On request in terms of PAIA
Internal records, including internal evaluation of personal On request in terms of PAIA
Correspondence relation to personal On request in terms of PAIA
Training of personal On request in terms of PAIA
Records relating to the Company’s clients On request in terms of PAIA
Records generated by the Company for its clients On request in terms of PAIA
Operational records On request in terms of PAIA
Database On request in terms of PAIA
Information technology On request in terms of PAIA
Marketing records On request in terms of PAIA
Internal Correspondence On request in terms of PAIA
Internal Policies On request in terms of PAIA
Financial records On request in terms of PAIA
Trade Secrets On request in terms of PAIA
Domain Name Registrations On request in terms of PAIA
Tradename Registrations On request in terms of PAIA
Trademark Registrations On request in terms of PAIA
Company Documentation On request in terms of PAIA
Agreements With Suppliers On request in terms of PAIA
Supplier Agreements On request in terms of PAIA
Customer Agreements On request in terms of PAIA
Website Information On request in terms of PAIA

Information is available in terms of the following legislation, if and where applicable:

  1. Basic Conditions of Employment Act, No. 75 of 1997
  2. Companies Act, No. 71 of 2008
  3. Compensation for Occupational Injuries and Diseases Act, No. 130 of 1993
  4. Competition Act, No. 89 of 1998
  5. Employment Equity Act, No. 55 of 1998
  6. The Labour Relations Act, No. 66 of 1995
  7. Skills Development Levies Act, No. 9 of 1999
  8. Unemployment Insurance Act, No. 63 of 2001
  9. Value Added Tax Act, No. 89 of 1991
  10. Electronic Communication and Transactions Act, No. 25 of 2002
  11. Patents, Designs and Copyright Merchandise Marks Act, No. 17 of 1941
  12. Income Tax Act, No. 58 of 1962
  13. Intellectual Property Laws Amendment Act No.38 of 1997

6.   Registers and Records

Inspection of the company registers and records pertaining to:

  1. Directors and officers
  2. Interests of directors
  3. Shareholders
  4. Allotments
  5. Minutes of meetings of members (only shareholders)
  6. Trademarks and commodity brochures and relevant information
  7. Annual reports
  8. Interim reports

7.   Subjects and Records held by the Company

  1. Incorporation documents
  2. Secretarial records
  3. Financial records of the Company
  4. Human resources / employment records
  5. Immovable and movable property
  6. Client agreements
  7. Miscellaneous agreements of the Company
  8. Correspondence

8.   Request Process

  1. An individual who wishes to place a request must comply with all the procedures laid down in PAIA. The requester must complete the prescribed form. The prescribed form must be submitted as well as payment of a request fee and a deposit, if applicable to the information officer at the postal or physical address, fax number or electronic mail as is stated herein.
  2. The prescribed form must be completed with enough particularity to enable the information officer to determine:
    1. The record(s) requested;
    2. The identity of the requestor;
    3. What form of access is required; and
    4. The Postal address or fax number of the requestor.
  3. The requestor must state that the records are required for the requestor to exercise or protect a right, and clearly state what the nature of the right is so to be exercised or protected. An explanation of why the records requested is required to exercise or protect the right.
  4. The request for access will be dealt with within 30 days from date of receipt, unless the requestor has set out special grounds that satisfy the information officer that the request be dealt with sooner.
  5. The period of 30 days may be extended by not more than 30 additional days, if the request is for a large quantity of information, or the request requires a search for information held at another office of the Company and the information cannot be reasonably obtained within 30 days. The information officer will notify the requestor in writing should an extension be necessary.
  6. The requestor will be informed in writing whether access to the records has been granted or denied. If the requestor requires a reason for the decision, the request must be expressed in the prescribed form, the requestor must further state what particulars of the reasoning the requestor requires.
  7. If a requestor has requested the records on another individual’s behalf, the requestor must submit proof of the capacity the requestor submits the request in, to the satisfaction of the information officer.
  8. If the requestor is unable to complete the prescribed form due to illiteracy or disability, the requestor may request it orally from the information officer.

9.   Grounds for refusal

The following are grounds upon which the Company may, subject to the exceptions in Chapter 4 of PAIA, refuse a request for access in accordance with Chapter 4 of PAIA:

  1. Mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable
  2. Mandatory protection of the commercial information of a third party, if the Records contain:
    1. Trade secrets of that third party;
    2. Financial, commercial, scientific or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or
    3. Information disclosed in confidence by a third party to The Company, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition;
  3. Mandatory protection of confidential information of third parties if it is protected in terms of any agreement;
  4. Mandatory protection of the safety of individuals and the protection of property;
  5. Mandatory protection of Records that would be regarded as privileged in legal proceedings;
  6. Protection of the commercial information of the Company, which may include:
    1. Trade secrets;
    2. Financial/commercial, scientific or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of the Company;
    3. Information which, if disclosed, could put the Company at a disadvantage in contractual or other negotiations or prejudice the Company in commercial competition; and/or
    4. Computer programs which are owned by the Company, and which are protected by copyright and intellectual property laws;
  7. Research information of the Company or a third party, if such disclosure would place the research or the researcher at a serious disadvantage; and
  8. Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.

10.   Remedies should a request be refused

  1. The Company does not have an internal appeal procedure in light of a denial of a request, decisions made by the information officer are final;
  2. The requestor may in accordance with sections 56(3) (c) and 78 of PAIA, apply to a court for relief within 180 days of notification of the decision for appropriate relief.

11.   Fees

  1. The fee for a copy of the manual as contemplated in regulation 9(2)(c) is R1,10 for every photocopy of an A4-size page or part thereof.
  2. The fees for reproduction referred to in regulation 11(1) are as follows:
    1. For every photocopy of an A4-sized page or part thereof: R1,10
    2. For every printed copy of an A4-sized page or part thereof held on a computer or in electronic or machine-readable form: R0,75
    3. For a copy in a computer-readable form on:
      1. stiffy disc R7,50
      2. compact disc R70,00
      3. For visual images:
        1. a transcription of visual images, for an A4-size page or part thereof 40,00
        2. For a copy of visual images R60,00
      4. For an audio record:
        1. For a transcription of an audio record, for an A4-size page or part thereof R20,00
        2. For a copy on an audio record R30,00
  3. The request fee payable by a requester, other than a personal requester, referred to in regulation 11(2) is R50,00.
  4. The access fees payable by a requester referred to in regulation 11(3) are as follows:
    1. Fees are:
      1. For every photocopy of an A4-size page or part thereof R1,10
      2. For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine-readable form R0,75
      3. For a copy in a computer-readable form on:
        1. stiffy disc R7,50
        2. compact disc R70,00
      4. For a transcription of visual images:
        1. for an A4-sized page or part thereof R40,00
        2. For a copy of visual images R60,00
      5. For a transcription of an audio record:
        1. For an A4-size page or part thereof R20,00
        2. For a copy of an audio record R30,00
      6. To search for and prepare the record for disclosure, R30,00 for each hour or part of an hour reasonably required for such search and preparation.
    2. For purposes of section 54(2) of the Act, the following applies:
      1. Six hours as the hours to be exceeded before a deposit is payable; and
      2. one third of the access fee is payable as a deposit by the requester.
    3. The actual postage is payable when a copy of a record must be posted to a requester.

12.   POPI

  1. Conditions for lawful processing
    1. POPI has eight conditions for lawful processing, which include:
      1. Accountability
      2. Processing limitation
      3. Purpose specification
      4. Further processing limitation
      5. Information quality
      6. Openness
      7. Security safeguards
      8. Data subject participation
    2. The Company is involved in the following types of processing:
      1. Collection
      2. Recording
      3. Organization
      4. Structuring
      5. Storage
      6. Adaptation or alteration
      7. Retrieval
      8. Consultation
      9. Use
      10. Disclosure by transmission
      11. Dissemination or otherwise making available
      12. Alignment or combination
      13. Restriction
      14. Erasure
      15. Destruction
    3. The Company processes information for the following purposes:
      1. to provide services to its Clients in accordance with terms agreed to by the Clients;
      2. to undertake activities related to the provision of services, such as
        1. to fulfil domestic legal, regulatory and compliance requirements
        2. to verify the identity of Customer representatives who contact the Company or may be contacted by The Company;
        3. for risk assessment, information security management, statistical, trend analysis and planning purposes;
        4. to monitor and record calls and electronic communications with the Client for quality, training, investigation and fraud prevention purposes;
        5. to enforce or defend the Company or the Company affiliates’ rights;
        6. to manage the Company’s relationship with its clients, which may include providing information to its clients and its clients’ affiliates about the Company’s and the Company affiliates’ products and services;
      3. the purposes related to any authorised disclosure made in terms of agreement, law or regulation;
      4. any additional purposes expressly authorised by The Company’s client;
      5. any additional purposes as may be notified to the Client or Data Subjects in any notice provided by the Company.
  2. The Company processes personal information from the following categories of Data Subjects:
    1. Juristic persons –
      1. Corporate clients
      2. Suppliers
    2. Natural persons –
      1. Individuals
      2. Staff
      3. Clients
      4. Suppliers
  3. The Company process the following categories of personal information:
    1. Client profile information;
    2. Bank account details;
    3. Payment information;
    4. Client representatives;
    5. Names;
    6. Email Addresses;
    7. Telephone numbers;
    8. Facsimile numbers;
    9. Physical addresses;
    10. Tax numbers;
    11. Identity Numbers;
    12. Passport Numbers;
  4. Recipients of Personal Information:
    1. The Company, the Company’s affiliates, and their respective representatives
  5. When making authorised disclosures or transfers of personal information in terms of Section 72 of POPI, personal information may be disclosed to recipients in countries that do not have the same level of protection for personal information as South Africa does.
  6. The following Security measures are implemented by the Company:
  7. The Company implements numerous Security measures to protect personal information that is stored electronically and physically.
    1. Security Methods:
      1. Encryption
      2. Data access restrictions
      3. Two-Factor Authentication
    2. The Company have also implemented various policies for additional security.
      1. Data first touch Policy
      2. Acceptable Use Policy
      3. Backup and Restore Policy
      4. Change management and control Policy
      5. Clean Desk Policy
      6. Database Credentials Policy
      7. Direct Marketing Policy
      8. Disposal and Destruction Policy
      9. Exceptions Policy
      10. Information Classification Policy
      11. Information Security Incident Response Policy
      12. Information Security Policy
      13. Minimum Access Policy
      14. Password Policy
      15. Physical Security Policy
      16. Privacy Policy
      17. Removable Media Policy
      18. Risk Assessment and Risk Treatment Methodology Policy
      19. Social Media Policy
      20. Technology Disposal Policy
    3. The personal information that is stored physically is protected as follows:
      1. Where physical records of the data exist, such records will be stored in a secure area that can be ‘locked-away’ as to avoid a breach of the personal information.
      2. Such physical data records will be ‘locked-away’ and secured when not in use.
  8. The Company may share personal information with third parties and in certain instances this may result in cross border flow of the personal information. The personal information will always be subject to protection, not less than the protection it is afforded under the Protection of Personal Information Act No.4 of 2013.
  9. Objection to the processing of personal information by a data subject:
    1. Section 11(3) of POPI and regulation 2 of the POPI regulations provides that a data subject may, at any time object to the processing of their personal information in the prescribed form attached to this manual as annexure “B”.
  10. Request for correction or deletion of personal information:
    1. Section 24 of POPI and regulation 3 of the POPI regulations provides that a data subject may request for their personal information to be corrected and/or deleted in the prescribed form attached hereto as annexure “C”.

About Us

Our Work

Privacy Policy

PAIA Manual

Latest Insights

Careers

Block B Infinity Office Park
4 Pieter Wenning Road
Fourways, Johannesburg
South Africa

Phone: +27 10 822 3570
Contact us

Linkedin-in Instagram Youtube
© 2024 Blue Bean Software. All rights reserved