Table of
Contents
3. Principles Relating to Processing of Personal information
7. Contracts Involving the Processing of Personal information
8. International Transfers of Personal information
11. Addressing Compliance to the POPI Act
Updates to this privacy policy
1.
Introduction
In its everyday business operations Fundi Capital (Pty) Ltd
(Fundi) makes use of a variety of data about identifiable individuals, including
data about:
·
Current, past and prospective
employees
·
Customers
·
Students
·
Partners,
Merchants and Institutions
·
Users of its websites
·
Subscribers
·
Other stakeholders
In collecting and using this data,
the organisation is subject to the Protection of Personal Information
Act, 2013 (POPIA) controlling how such activities may be carried out and the
safeguards that must be put in place to protect it.
The purpose of this policy is to set out the requirements
of the legislation and to describe the steps Fundi is taking to ensure
that it complies.
This control applies to all systems, people and
processes that constitute the organisation’s information systems,
including board members, directors, employees, suppliers and other third
parties who have access to Fundi systems.
The following policies and procedures are relevant to
this document:
·
Information Security Incident Response Procedure
·
Procedure
for responding to data subject requests
·
Records Retention and Protection Policy
2.
Privacy Policy
2.1
The Protection of Personal
Information Act 2013
The Protection of Personal Information Act, 2013,
is one of the most significant pieces of legislation affecting the way
that Fundi carries out its information
processing activities. Significant fines are applicable if a breach is
deemed to have occurred under the POPI Act, which is designed to
protect the personal information of citizens of the Republic. It
is Fundi’s policy to ensure that our compliance with the POPI
Act and other relevant legislation is clear and demonstrable
at all times.
2.2
Definitions
There are many definitions listed within the
POPI Act and it is not appropriate to reproduce them all
here. However, the most fundamental definitions with
respect to this policy are as follows:
Personal Information is defined as:
any information relating
to an identified or identifiable natural person (‘data subject’); an
identifiable natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person;
‘processing’ means:
any operation or set of
operations which is performed on personal information or on sets of
personal data, whether or not by automated means, such as
collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination
or otherwise making available, alignment or combination, restriction,
erasure or destruction;
‘responsible
party’ means:
the natural or legal
person, public authority, agency or other body which,
alone or jointly with others, determines the purposes and means of the
processing of personal information; where the purposes and means of such
processing are determined by the POPI Act.
3.
Principles Relating to Processing of Personal information
There are a number of fundamental
principles upon which the POPI Act is based.
These are as follows:
3.1
Personal information shall be:
(a) processed lawfully, fairly and in a transparent manner
in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate
purposes and not further processed in a manner that is incompatible with those
purposes; further processing for archiving purposes in the public interest,
scientific or historical research purposes or statistical purposes shall not be
considered to be incompatible with the initial purposes (‘purpose
limitation’);
(c) adequate, relevant and limited to what is necessary in
relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every
reasonable step must be taken to ensure that personal information that are
inaccurate, having regard to the purposes for which they are processed, are
erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data
subjects for no longer than is necessary for the purposes for which the
personal information are processed; personal information may be stored for
longer periods insofar as the personal information will be processed solely for
archiving purposes in the public interest, scientific or historical
research purposes or statistical purposes subject to implementation of the
appropriate technical and organisational measures required by the POPI Act in
order to safeguard the rights and freedoms of the data subject (‘storage
limitation’);
(f) processed in a manner that ensures appropriate
security of the personal information, including protection against unauthorised
or unlawful processing and against accidental loss, destruction
or damage, using appropriate technical or organisational measures (‘integrity
and confidentiality’).
3.2
The responsible party shall be
responsible for, and be able to demonstrate compliance with, paragraph 1
(‘accountability’).
Fundi will ensure that it complies with all of these principles both in the processing it
currently carries out and as part of the introduction of new methods of
processing such as new IT systems.
4.
Rights of the Individual
The data subject also has rights under the POPI
Act. These consist of:
4.1
The right to be informed
4.2
The right of access
4.3
The right to rectification
4.4
The right to erasure
4.5
The right to restrict processing
4.6
The right to data portability
4.7
The right to object
4.8 Rights in relation to automated decision
making and profiling.
Each of these rights are supported by
appropriate procedures within Fundi that allow the required action to be taken
within the timescales stated in the POPI Act.
These timescales are shown in Table 1.
|
Data Subject Request |
Timescale |
|
The right to be informed |
When personal information is collected (if supplied
by data subject) or within one month (if not supplied by data subject) |
|
The right of access |
One month |
|
The right to rectification |
One month |
|
The right to erasure |
Without undue delay |
|
The right to restrict processing |
Without undue delay |
|
The right to data portability |
One month |
|
The right to object |
On receipt of objection |
|
Rights in relation to automated decision making and
profiling. |
Not specified |
Table 1 - Timescales for
data subject requests
5.
Lawfulness of Processing
There are various alternative ways in which the
lawfulness of a specific case of processing of personal information may be
established under the POPI Act. It is Fundi policy to identify
the appropriate basis for processing and to document it, in accordance with the
Regulation. The options are described in brief in the following sections.
5.1
Consent
Unless it is necessary for a reason allowable in the POPI
Act, Fundi will always obtain explicit consent from a
data subject to collect and process their personal information. In case of
children below the age of 16 parental consent will be
obtained. Transparent information about our usage of their personal information will be
provided to data subjects at the time that consent is obtained and their
rights with regard to their data explained,
such as the right to withdraw consent. This information will be
provided in an accessible form, written in clear language and free of charge.
If the personal information is not obtained
directly from the data subject then this
information will be provided to the data subject within a
reasonable period after the data are obtained and definitely within one month.
5.2
Performance of a Contract
Where the personal information collected and processed
are required to fulfil a contract with the data subject, explicit consent is
not required. This will often be the case where the contract cannot be
completed without the personal information in question e.g.
a delivery cannot be made without an address to deliver to.
5.3
Legal Obligation
If the personal information is required to be
collected and processed in order to comply
with the law, then explicit consent is not required. This may be the case
for some data related to employment and taxation for example, and for
many areas addressed by the public sector.
5.4
Vital Interests of the Data Subject
In a case where the personal information is
required to protect the vital interests of the data subject or of another
natural person, then this may be used as the lawful basis of the
processing. Fundi will retain reasonable,
documented evidence that this is the case, whenever this reason is used as
the lawful basis of the processing of personal data. As an example, this
may be used in aspects of social care, particularly in the public sector.
5.5
Task Carried Out in the Public Interest
Where Fundi needs to perform a task that it believes
is in the public interest or as part of an official duty then the
data subject’s consent will not be requested. The assessment of the public
interest or official duty will be documented and made available as evidence
where required.
5.6
Legitimate Interests
If the processing of specific personal information is
in the legitimate interests of Fundi and is judged not to affect the rights and
freedoms of the data subject in a significant way, then this may be defined as
the lawful reason for the processing. Again, the reasoning behind this view
will be documented.
6.
Privacy by Design
Fundi has adopted the principle of privacy by design
and will ensure that the definition and planning of all new or significantly
changed systems that collect or process personal
information will be subject to due consideration of privacy issues, including
the completion of one or more personal information impact
assessments.
The personal information impact assessment
will include:
·
Consideration of how personal information will be
processed and for what purposes.
·
Assessment of whether the proposed processing of personal
information is both necessary and proportionate to the purpose(s).
·
Assessment of the risks to individuals in processing
the personal information.
·
What controls are necessary to address the identified
risks and demonstrate compliance with legislation.
Use of techniques such as data minimization and
pseudonymisation will be considered where applicable and
appropriate.
7.
Contracts Involving the Processing of Personal information
Fundi will ensure that all relationships it enters into that involve the processing of personal
information are subject to a documented contract that includes the specific
information and terms required by the POPI Act.
8.
International Transfers of Personal information
Transfers of personal information outside the Republic will be
carefully reviewed prior to the transfer taking place to ensure that they fall
within the limits imposed by the POPI Act.
9.
Information Officer
A defined role of Information Officer (IO) is
required under the POPI Act. The IO is required to be the
most senior official in the organisation.
The Information Officer will be formally appointed and delegate to a
Deputy Information Officer. Both
Officers will be registered with the Information Regulator.
10.
Breach Notification
It is Fundi’s policy to be fair and proportionate when
considering the actions to be taken to inform affected parties regarding
breaches of personal information. In line with the POPI Act, where a breach is
known to have occurred which is likely to result in a risk to the rights
and freedoms of individuals, the relevant supervisory authority will
be informed without delay. This will be managed in accordance with our Information
Security Incident Response Procedure which sets out the
overall process of handling information security incidents.
Under the POPI Act the relevant Information Regulator
has the authority to impose a range of fines for infringements of the
regulations.
11.
Addressing Compliance to the POPI Act
The following actions are undertaken to ensure
that Fundi complies at all times with
the accountability principle of the POPI Act:
·
The legal basis for processing personal information is
clear and unambiguous
·
An Information Officer is appointed with specific
responsibility for personal information protection in
the organisation
·
All staff involved in handling personal information
understand their responsibilities for following good personal information
protection practice.
·
Training in personal information protection has been
provided to all staff.
·
Rules regarding consent are followed.
·
Routes are available to data
subjects wishing to exercise their rights regarding personal
information and such enquiries are handled effectively.
·
Regular reviews of procedures involving personal information
are carried out.
·
Privacy by design is adopted for all new or
changed systems and processes.
·
The following documentation of processing activities
is recorded:
o Organisation name
and relevant details.
o Purposes of the personal
information processing.
o Categories of
individuals and personal information processed.
o Categories of personal
information recipients.
o Agreements and mechanisms
for transfers of personal information to other countries including details
of controls in place.
o Personal information retention
schedules.
o Relevant technical and
organisational controls in place.
These actions are reviewed on a regular
basis as part of the management process concerned with data
protection.
12.
Website Privacy Policy
12.1
Privacy Notice
This
privacy notice advised you of the personal information we collect from you when
you use our website. In collecting this information, we are acting as
a Responsible Party and, by law, we are required to provide you with information
about us, about why and how we use your data, and about the rights you have
over your data.
We are Fundi Capital
(Pty) Ltd. Our address is Corner 14th Avenue and Hendrik
Potgieter Road, Constantia Office Park, Weltevreden Park. You
can contact us by post at the above address, by email at IO@fundi.co.za or
by telephone on 011 670 6100
You can also find out more
about the information we process by reviewing our PAIA Manual on this website.
Any information you provide
on the website will only be used for the purpose for which you provide it and
will be destroyed once that purpose is finished.
- Your
rights as a data subject
12.2 When you use our
website
When
you use our website to browse our products and services and view the
information, we make available a number of cookies
are used by us and by third parties to allow the website to function, to
collect useful information about visitors and to help to make your user
experience better.
12.3
When you submit an
enquiry via our website
When
you submit an enquiry via our website, we ask you for your name, contact
telephone number and email address.
We
use this information to respond to your query, including providing you
with any requested information about our products and services. We may
also email you several times after your enquiry in order
to follow up on your interest and ensure that we have answered your
it to your satisfaction. We will do this based on our legitimate interest in
providing accurate information prior to a sale.
We do
not use the information you provide to make any automated decisions that might
affect you.
12.4 When you purchase a
product from our website
When
you purchase products from us online, we ask you for your name, address,
contact telephone number, email address and credit card information. We also
record your IP (Internet Protocol) address, which is the address of your
computer on the Internet.
We
will use your information to verify your credit card details for your purchase,
process your order and to send you your products. We will also send you a
receipt via email and we may use your telephone number to contact you regarding
your purchase.
We
require this information in order to process
your payment, deliver your products or services and fulfil our contract with
you. We record your IP address in order to show
that the correct tax was applied to the sale, which we are required to do by
law.
Your
credit card details are passed to a third-party payment processor. We do not
retain your credit card information.
We do
not use the information you provide to make any automated decisions that might
affect you.
12.5 When you sign up to
receive our newsletter
When
you sign up to receive our newsletter, we ask for your name and your email
address. We
will ask for your consent to use your name and email address
to email you our newsletter which contains information
about our products and other information which we feel might be of interest to
you.
You
can withdraw your consent at any time, and we will stop sending you the
newsletter.
We do
not use the information you provide to make any automated decisions that might
affect you.
We
keep your personal data for as long as we produce and distribute our
newsletter. If you withdraw your consent, we will mark your details so that
they are not used and delete them after two years.
12.6
When
you
download
a
sample
document
When
you request to download a sample document, we ask for your name, company name
(which is optional) and your email address.
We
use this information to email you a link to download the requested
document. We may also email you after your download in order to follow up on your interest in our
products and services. We will do this based on our legitimate
interest in marketing to prospects for our products and services.
We do
not use the information you provide to make any automated decisions that might
affect you.
12.7 Your rights as a data
subject
By
law, you can ask us what information we hold about you, and you can ask us to
correct it if it is inaccurate. If we have asked for your consent to
process your personal information, you may withdraw that consent at any time.
If we
are processing your personal information for reasons of consent or to fulfil a
contract, you can ask us to give you a copy of the information in a
machine-readable format so that you can transfer it to another provider.
If we
are processing your personal information for reasons of consent
or legitimate interest, you can request that your data be erased.
You
have the right to ask us to stop using your information for if you
believe we are not doing so lawfully.
To
submit a request regarding your personal data by email, post
or telephone, please use the contact information provided above in
the Who Are We section of this policy.
12.8 Your right to complain
If
you have a complaint about our use of your personal information, we would
prefer you to raise in with us in the first instance to give us the opportunity
to put it right, but you can also contact the Information
Regulator’s Office via their website at www.justice.gov.za/inforeg/contact.html by email at inforeg@justice.gov.za or
write to them at:
The
Information Regulator (South Africa)
33 Hoofd Street
Forum
III
3rd
Floor Braampark
P.O
Box 31533
Braamfontein
Johannesburg,
2017
12.9 Updates to this
privacy policy
We regularly
review and, if appropriate, update this privacy policy from time to time,
and as our services and use of personal information evolves. If we want to
make use of your personal information in a way that we haven’t previously identified,
we will contact you to provide information about this and, if necessary, to ask
for your consent.
We
will update the version number and date of this document each time it is
changed.
13.
PAPIA Manual
13.1
Introduction
The Promotion of
Access to Information Act (the “Act”), together with all relevant legislation, provides for
the right of access to information held by public and private bodies when such
information is requested for the exercise of protection of any rights.
This manual is to
assist any potential requesters with the procedural and other requirements that
a request for information must meet as prescribed by the Act.
13.2
Overview of Fundi Capital
Fundi is South Africa’s leading education finance and Fund
Management Specialist. Positioned at the epicentre of technology, education and
financial services. Fundi is a specialist in B2B education finance for your
staff as well as cashless solutions for your business. We also provide fund
management services to institutions at all levels, as well as Fund Management
solutions for Corporate Bursary programmes. As its tailings business grew,
Fundi Capital added other core businesses to its portfolio of operations. The Fundi Capital Group of companies now
comprises four complementary businesses.
Construction, Tailings RSA, Tailings Africa & International and
Mineral Processing with centralised support services provided by Group
Services.
13.3
Information Required in Terms of
Section 51(1)(a) of the Act
Registered Office
Corner
Hendrik Potgieter Road & 14th Ave
Weltevreden
Park
1751
Bankers
Standard
Bank
Auditors
Nexia
SAB & T, KPMG
Legal Advisors
Waldeck
Attorneys, Webber Wentzel & Shultz- Demarthe Attorneys
13.4
Particulars in Terms of the
Section 51 Manual
The Information
Officer (Chief Executive Officer) of Fundi Capital Holdings has delegated his
powers in terms of the Act to the Deputy Information Officer, who will handle
all requests in terms of the Act on his behalf.
13.5
Contact Details
The
Chief Executive Officer is the Information Officer.
All
queries in terms of PAIA should be made to:
Information
Officer (Chief Executive Officer)
Fundi
Capital
Corner
Hendrik Potgieter Road & 14th Ave
Weltevreden
Park
1751
Telephone: +27 11 670 6100
Email: support@fundi.co.za
13.6
The Guide Referred to in Section
10 of the Act
In terms of Section 10
of the Act, the South African Human Rights Commission has compiled a guide to
help people who wish to exercise any rights granted in the Act. The Guide is available for inspection, inter alia, at the offices of the Human
Rights Commission:
PAIA Unit
The Research and Documentation Department
Physical
address: 29
Princess of Wales Terrace
cnr York and St Andrews Street
Parktown,
2193
Postal
address: Private
Bag X2700
Houghton,
2041
Telephone: +27
11 877 3600
Fax: +27
11 403 0625
Website: www.sahrc.org.za
Email: dmalesa@sahrc.org.za
All
queries relating to PAIA or POPIA may be directed to the Information Regulator,
at:
The
Information Regulator
Physical
address: JD
House,
27 Stiemens Street,
Braamfontein,
Johannesburg,
2001
Postal
address: P.O
Box 31533,
Braamfontein,
Johannesburg,
2017
Website: https://justice.gov.za/inforeg
Email: inforeg@justice.gov.za
13.7
Company Records – Classification
Key
|
Classification
No. |
Access |
Classification
(PAIA Section) |
|
1 |
May be disclosed |
Public Access Document |
|
2 |
May not be disclosed |
Request after commencement of
criminal or civil proceedings (s7) |
|
3 |
May be disclosed |
Subject to copyright |
|
4 |
Limited Disclosure |
Personal information that belongs to
the requester of that information {s61}. |
|
5 |
May not be disclosed |
Unreasonable disclosure {s63(1)} |
|
6 |
May not be disclosed |
Likely to harm the commercial or
financial interests of third party {s64(a), s64(b)} |
|
7 |
May not be disclosed |
Likely to harm the Company or third
party in contract or other negotiations {s64(c)} |
|
8 |
May not be disclosed |
Would breach a duty of confidence
owed to a third party in terms of an agreement {s65} |
|
9 |
May not be disclosed |
Likely to compromise the safety of individuals
or protection of property {s66} |
|
10 |
May not be disclosed |
Legally privileged document {s67)} |
|
11 |
May not be refused |
Environment testing / investigation
which reveals public safety/ environment risks {s64(2); s68(2)} |
|
12 |
May not be disclosed |
Commercial information of a private
body {s68} |
|
13 |
May not be disclosed |
Likely to prejudice research and
development information of the Company or a third party {s69} |
|
14 |
May not be refused |
Disclosure in public interest {s70} |
13.8
Applicable Legislation: Section
51(1)(d)
Records are available
in accordance with the following current South African legislation and any
amendments thereof and regulations thereto (only to the extent that the
relevant Act is applicable and which therefore makes disclosure of records
compulsory):
|
-
Auditing
Profession Act, No. 26 of 2005 |
|
-
Basic
Conditions of Employment Act, No. 75 of 1997 |
|
-
Broad-Based
Black Economic Empowerment Act, No. 53 of 2003 |
|
-
Companies
Act, No. 71 of 2008 |
|
-
Compensation
of Occupational Injuries and Diseases Act, No. 130 of 1993 |
|
-
Competition
Act, No. 89 of 1998 |
|
-
Consumer
Affairs Act, No. 23 of 1999 |
|
-
Consumer
Protection Act, No. 68 of 2008 |
|
-
Credit
Agreements Act, No. 75 of 1980 |
|
-
Criminal
Procedure Act, No. 51 of 1977 |
|
-
Customs
and Excise Act, No. 91 of 1964, Section 101 and Regulation 1.04 - Government
Gazette No 4040 R17770 dated 5 October 1973. |
|
-
Debt
Collectors Act, No. 114 of 1998 |
|
-
Education
Laws Amendment Act, 2007 |
|
-
Electronic
Communications and Transactions Act, No. 25 of 2002 |
|
-
Employment
Equity Act, No. 55 of 1998 |
|
-
Financial
Advisory and Intermediary Services Act, No. 37 of 2002 |
|
-
Financial
Intelligence Centre Act, No. 38 of 2001 |
|
-
Health
Act, No. 63 of 1977 (Amended) and regulations |
|
-
HPCSA
Booklet 14, Guidelines on the keeping of patient Records 2008 |
|
-
Income
Tax Act, No. 58 of 1962 |
|
-
Insolvency
Act, No. 24 of 1936 |
|
-
Intellectual
Property Laws Amendment Act, No. 38 of 1997 |
|
-
Labour
Relations Act, No. 66 of 1995 |
|
-
National
Student Financial Aid Scheme Act 56 of 1999 |
|
-
Occupational
Health and Safety Act, No. 85 of 1993 |
|
-
Pension
Fund Act, No. 24 of 1956, Section 30L |
|
-
Promotion
of Access to Information Act, No. 2 of 2000 |
|
-
Protection
of Personal Information Act, No. 4 of 2013 -
Public
Finance Management Act No. 1 of 1999 |
|
-
Regulation
of Interception of Communications and Provision of Communication-Related
Information Act, No. 70 of 2002 |
|
-
SARS
Notice 787 |
|
-
Securities
Transfer Tax Administration Act, No. 26 of 2007 |
|
-
Skills
Development Act, No. 97 of 1997 |
|
-
Skills
Development Levies Act, No. 9 of 1999 |
|
-
Tax
Administration Act, No. 28 of 2011 |
|
-
Transfer
Duty Act, No. 40 of 1949 |
|
-
Unemployment
Insurance Act, No. 63 of 2001 |
|
-
Value
Added Tax Act, No. 89 of 1991 |
Although we have
used our best endeavours to supply a complete list of applicable legislation,
the above list may be incomplete.
Wherever it comes to our attention that existing or new legislation
allows a requester access on a basis other than that set out in the Act, we
shall immediately update the list.
13.9
Schedule of Records Available:
Section 51(1)(d)
Statutory
· Memoranda of Incorporation
· Company Registers
· Statutory Records and Returns
· Agreements
· Trademarks and Patents
· Title Deeds
Finance
and Accounting
· Accounting Records
· Policies and Procedures
· Banking Details and Bank Statements
· Financial Statements
· Income Tax
· Loan records
· Balance sheets and income statements
Human
Resources
· Policies and Procedures
· Employment Equity Plans
· Pension and Provident Fund Scheme details
· Skills Development Plans
· Records and Reports
Operations
· Policies and procedures
· Reports and supporting documentation
· Contractor, merchant, institution, student, funders, bursars,
client and supplier agreements and information
· Student registration information
· Student funding records
· Student results and administration
· Debt management records
· Environmental, Health and Safety records
· Supplier onboarding and management records
· Project management
· Marketing campaigns
· Bursary support records
· Loan management records
Information
Technology
· System documentation and manuals
· Policies and procedures
· Project, disaster recovery and implementation plans
13.10
The categories of personal
information held by Fundi
· Names
· Addresses
· Identity numbers
· Contact details
· Student cell numbers, user names, passwords and PINs
· Company names
· VAT numbers
· Banking details
· Financial status
· ICT reports
· Employee information
· Student information
· BBEEE status
· Payslips
· Credit reports
· SARS compliance reports
· Certificates
13.11
The purpose of processing of
personal information by Fundi
We process personal information for a variety of purposes,
including but not limited to the following:
·
to provide or manage
any information, products and/or services requested by data subjects;
·
to help us identify
data subjects when they contact Fundi
·
to maintain customer
records;
·
for apprenticeship
purposes;
·
for general
administration, financial and tax purposes;
·
for legal or
contractual purposes;
·
for health and safety
purposes;
·
to monitor access,
secure and manage our premises and facilities;
·
to transact with our
suppliers and business partners;
·
to help us improve the
quality of our products and services;
·
to help us detect and
prevent fraud and money laundering;
·
to carry out analysis
and customer profiling; and
·
to identify other
products and services which might be of interest to data subjects and to inform
them about our products and services.
13.12
Procedure for Requests for Access:
Section 51(1)(e)
·
The requester must
complete Form C and submit this form together with a request fee, to the
Information Officer at his physical or postal address, or electronic mail
address.
·
The form must:
o
provide sufficient
particulars to enable the Information Officer to identify the record/s
requested and to identify the requester;
o
indicate which form of
access is required;
o
specify a postal
address or electronic mail address of the requester in the Republic;
o
identify the right
that the requester is seeking to exercise or protect, and provide an
explanation of why the requested record is required for the exercise or
protection of that right;
o
if, in addition to a
written reply, the requester wishes to be informed of the decision on the
request in any other manner, state that manner and the necessary particulars to
be informed in the other manner;
o
if the request is made
on behalf of another person, submit proof of the capacity in which the
requester is making the request, to the reasonable satisfaction of the
Information Officer.
·
The Information
Officer will process the request within 30 days after receiving the
request. The Information Officer may
request an extension for a period of no more than 30 additional days for
specific reasons, which include the request involving (1) a large volume of
documents, (2) consultation with other public or private entities, or (3) if
the requester has granted the extension in writing.
·
The Information
Officer will notify the requester in writing whether or not the application for
access has been denied or granted. In
the event that the application is refused, the requester will be given adequate
reasons for the refusal and will be informed that the requester may lodge an
application with a Court against the refusal of the application, as well as the
procedure (including the period) for lodging such an application.
·
Please note that the
correct completion and submission of a Request for Access form does not
automatically entitle or allow the requester access to the requested
record. An application for access to a
record is subject to certain limitations if the requested record falls within a
category as specified in Part 3 Chapter 4 of the Act.
·
Please further note
that if it is reasonably suspected that an applicant has obtained access to a
record on the basis of the submission of materially incorrect, false or
misleading information, legal proceedings may be instituted against such
applicant.
·
In the event that a
request for access is successful, an access fee will be payable for the search,
reproduction and/or preparation of records and will be calculated based on the
fee prescribed under the Act.
·
If the Information
Officer has searched for a record and it is believed that the record either
does not exist or cannot be found, the requester will be notified by way of an
affidavit or affirmation. This will
include the steps that were taken to locate the record.
·
If access is requested
to a record that contains information about a third party, the Information
Officer is obliged to attempt to contact the third party to inform them of the
request. This enables the third party
the opportunity to respond by either consenting to the access or by providing
reasons why the access should be denied.
In the event of the third-party furnishing reasons for the support or
denial of access, the Information Officer will consider these reasons in
determining whether access should be granted, or not.
13.13
Information security measures to
protect personal information
·
Reasonable technical
and organisational measures have been implemented for the protection of
personal information processed by Fundi and its operators. In terms of the POPI
Act, operators are third parties that process personal information on behalf of
Fundi.
·
We continuously
implement and monitor technical and organisational security measures to protect
the personal information we hold, against unauthorised access, as well as
accidental or wilful manipulation, loss or destruction.
·
We will take steps to
ensure that operators that process personal information on behalf of Fundi
apply adequate safeguards as outlined above.
13.14
Trans-border flows of personal
information
·
We will only transfer
personal information across South African borders if the relevant business
transactions or situation requires trans-border processing, and will do so only
in accordance with South African legislative requirements; or if the data
subject consents to transfer of their personal information to third parties in
foreign countries.
·
We will take steps to
ensure that operators are bound by laws, binding corporate rules or binding
agreements that provide an adequate level of protection and uphold principles
for reasonable and lawful processing of personal information, in terms of the
POPI Act.
·
We will take steps to
ensure that operators that process personal information in jurisdictions
outside of South Africa, apply adequate safeguards as outlined in Section 11.
13.15
Personal information received from
third parties
·
When we receive
personal information from a third party on behalf of a data subject, we require
confirmation that they have written consent from the data subject that they are
aware of the contents of this PAIA manual and the Fundi Privacy Policy, and do
not have any objection to our processing their information in accordance with
this policy.
13.16
Prescribed Fees: Section 51(1)(f)
The following applies to requests (other than personal requests):
·
A requester is
required to pay the prescribed fee of R50.00 (fifty rand) before a request will
be processed;
·
If the preparation of
the record requested requires more than the prescribed hours (six), a deposit
shall be paid (of not more than one third of the access fee that would be
payable if the request were granted);
·
A requester may lodge
an application with a court against the tender/payment of the request fee
and/or deposit;
·
Records may be
withheld until the fees have been paid.
·
The fees for accessing
records of a private body are as follows:
|
Activity |
Fee |
|
Copy per A4 Page |
R1.10 |
|
Printing per A4 page |
R0.75 |
|
Copy on a CD |
R70.00 |
|
Transcription of visual images per A4 page |
R40.00 |
|
Copy of a visual image |
R60.00 |
|
Transcription of an audio recording per A4
page |
R20.00 |
|
Copy of an audio recording |
R30.00 |
|
Search and preparation of the record for
disclosure |
R30 per hour or part thereof, excluding the
first hour, reasonably required for the search and preparation |
·
Postage fees have to
be paid by the requester for the delivery of their records.
·
The fee structure is
also available on the website of the South African Human Rights Commission at www.sahrc.org.za.
13.17
Grounds for Refusal of Access to
Records: Section 63 to 69 of the Act and the Protection of Personal Information
Act, No. 4 of 2013
Access to certain
records must be denied on the grounds set out in the Act. This includes:
·
Mandatory protection
of the privacy of a third party who is a natural person, including a deceased
individual;
·
Mandatory protection
of commercial information of a third part;
·
Mandatory protection
of certain confidential information and confidential information of a third
party;
·
Mandatory protection
of the safety of individuals, and protection of property;
·
Mandatory protection
of records privileged from production in legal proceedings;
·
Mandatory protection
of research information of a third
Access to records may
be denied in the case of
·
Commercial information
if the record:
o
contains trade secrets
o
contains financial,
commercial, scientific or technical information, the disclosure of which would
be likely to harm the commercial of financial interests of the company
o
contains information,
the disclosure of which would reasonably be expected to put the company at a
disadvantage in contractual or other negotiations, or to prejudice the company
in commercial competition; or
o
is a computer
programme owned by the Company?
·
“Manifestly frivolous
or vexatious requests or substantial and unreasonable diversion of resources”.
All the protections
afforded to information as detailed above falls away if the release of the
information is in the public interest.
In this way, the public interest test overrides all the other grounds of
refusal of access to information.
The following test
must be applied by the Information Officer before refusing to allow access to
information that falls within the categories for non-disclosure listed
above. If these conditions are met, then
the information must be disclosed on the grounds of public interest.
Does the information
demonstrate a serious breach of a law?
OR
Do the records in
question contain information relating to an imminent and serious public safety
or environmental risk?
AND
Does the public
interest in disclosing the information clearly outweigh the potential harm?
13.18
Remedies
The company does not
have internal appeal procedures regarding PAIA and POPI Act requests. As such,
the decision made by the duly authorised person in section 5, is final. If a
request is denied, the requestor is entitled to apply to a court with
appropriate jurisdiction, or the Information Regulator, for relief.
13.19
Availability of the Manual
Copies
of this manual are available for inspection at the offices of Fundi Capital
Holdings, free of charge. Copies are
also available from the Information Regulator, the South African Human Rights
Commission and from the website at www.fundi.co.za.
Updated on 28 July 2021