PAIA AND POPI MANUAL

THIS MANUAL WAS PREPARED IN ACCORDANCE WITH SECTION 51 OF THE PROMOTION OF ACCESS TO
INFORMATION ACT, 2000 (“The Act”) AND TO ADDRESS REQUIREMENTS OF THE PROTECTION OF PERSONAL
INFORMATION ACT, 2013 (“POPI”)

This manual applies to PCN IT MANAGEMENT (PTY) LIMITED
Registration number: 2017/526083/07
(the “Company”)
Registered office address: 75 Roeland Street, Gardens, Cape Town, 8001

1 Introduction
The Promotion of Access to Information Act, 2000 (the “Act”) gives third parties the right to approach private bodies and the government to request information held by them, which is required in the exercise and/or protection of any rights.

On request, the private body or government is obliged to release such information unless the Act expressly states that the records containing such information may or must not be released. This manual informs requestors of procedural and other requirements which a request must meet as prescribed by the Act.

Nature Of Business
The Company offers an automated business intelligence software and solutions for use by its clients.

Contact Details
Name of body: PCN IT MANAGEMENT (Pty) Limited
Head of body: David van Rensburg
Information Officer: Jean le Roux
Physical Address: 75 Roeland Street, Gardens, Cape Town, 8001
Postal Address: PO Box 1875,
Cape Town, 8000
Telephone Number: 021 286 1111
Email address: info@pcn.co.za

2 Guide Of Human Rights Commission / Information Regulator

A guide to the Act (as contemplated under section 10 of the Act) is available from the South African Human Rights
Commission. The guide contains such information as may reasonably be required by a person who wishes to exercise any right contemplated in the Act.
Any enquiries regarding this guide and its contents should be directed to:

The South African Human Rights Commission:
PAIA Unit (the Research and Documentation Department)
Postal address: Private Bag 2700, Houghton, 2041
Telephone: +27 11 484-8300
Fax: +27 11 484-7146
Website: www.sahrc.org.za

E-mail: PAIA@sahrc.org.za
Alternatively, its successor:

The Information Regulator (South Africa)
SALU Building, 316 Thabo Sehume Street, Pretoria
Ms. Mmamoroke Mphelo
Tel: 012 406 4818
Fax: 086 500 3351
inforeg@justice.gov.za

3 Access To Records Held By The Company
Records held by the Company may be accessed on request only once the requirements for access have been met. A requester is any person making a request for access to a record of the Company and in this regard, the Act distinguishes between two types of requesters:

Personal Requester
A personal requester is a requester who is seeking access to a record containing personal information about the requester. Subject to the provisions of the Act and applicable law, the Company will provide the requested information, or give access to any record with regard to the requester’s personal information. The prescribed fee for reproduction of the information requested will be charged by the Company.
Other Requester
This requester (other than a personal requester) is entitled to request access to information pertaining to third parties. However, the Company is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of the Act. The prescribed fee for reproduction of the information requested will be charged
by the Company.

Request Procedure
A requester must comply with all the procedural requirements contained in the Act relating to a request for access to a record. A requester must email the company, using the companies email address with the following details:

– The record or records requested;
– The identity of the requester;
– What form of access is required; and
– The postal address or fax number of the requester.

A requester must state that he or she requires the information in order to exercise or protect a right, and clearly state what the nature of the right is so to be exercised or protected. The requester must also provide an explanation of why the requested record is required for the exercise or protection of that right. The Company will process a request within 30 (thirty) days, unless the requestor has stated special reasons which would satisfy the information officer that circumstances dictate that the this time period not be complied with. The requester shall be informed in writing whether access has been granted or denied. If, in addition, the
requester requires the reasons for the decision in any other manner, he or she must state the manner and the particulars so required. If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is making the request to the satisfaction of the information officer.

If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally to the information officer.

Decision
The Company will, within 30 (thirty) days of receipt of a request, decide whether to grant or decline a request and give notice with reasons (if required) to that effect. The 30 (thirty) day period within which the Company has to decide whether to grant or refuse a request, may be extended for a further period of not more than 30 (thirty) days if the request is for a large quantity of information, or the request requires a search for information held at another office of the Company (other than the head office) and the information cannot reasonably be obtained within the original 30 (thirty) day period. The information officer will notify the requester in writing should an extension be necessary.

Fees
The Act provides for two types of fees:
A request fee, (which will be a standard fee) and an access fee, which must be calculated by taking into account reproduction costs, search and preparation time and cost, as well as postal costs where applicable. When a request is received by the information officer of the Company, the information officer shall by notice require the requester, other than a personal requester, to pay the prescribed request fee (if any), before further processing of the request. If a search for the record is necessary and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the information officer shall notify the requester to pay as a
deposit the prescribed portion of the access fee which would be payable if the request is granted.
The information officer shall withhold a record until the requester has paid the fee or fees as indicated. A requester whose request for access to a record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available is the request form. If a deposit has been paid in respect of a request for access, which is refused, then the information officer shall repay the deposit to the requester.

5 Categories Of Records Held By The Company: Section 51(1)(E)

Companies Act Records
– Documents of incorporation
– Memorandum of Incorporation
– Minutes of Board of Directors meetings
– Records relating to the appointment of directors / auditor / secretary / public officer and other
officers
– Share Register and other statutory registers

Financial Records

– Annual Financial Statements
– Tax Returns
– Accounting Records
– Banking Records
– Bank Statements
– Electronic banking records
– Asset Register
– Rental Agreements
– Invoices

Tax Records

– PAYE Records
– Documents issued to employees for income tax purposes
– Records of payments made to SARS on behalf of employees
– All other statutory compliances:
o VAT
o Skills Development Levies
o UIF
o Workmen’s Compensation

Personnel Documents and Records

– Employment contracts
– Employment Equity Plan (if applicable)

– Disciplinary records
– Salary records
– Disciplinary code
– Leave records
– Training records
– Training Manuals

6 Processing Of Personal Information

Purpose of Processing:

The Company uses the Personal Information under its care in the following ways:
– Rendering service according to instructions given by clients
– Staff administration
– Keeping of accounts and records
– Complying with tax laws

Categories of Data Subjects and their Personal Information

The Company may possess records relating to suppliers, shareholders, contractors service providers, staff and clients:

Clients – Juristic Persons / Entities:

Names of contact persons; Name of Legal Entity;
Physical and Postal address and contact details;
Financial information; Registration Number; Founding
documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners

Clients:

Names; registration number; contact details; physical and postal addresses; Tax related information; confidential correspondence

Intermediary / Advisor:

Names of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners

Contracted Service Providers:

Names of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners

Employees / Directors:

Gender, Pregnancy; Marital Status; Colour, Age, Language, Education information; Financial Information; Employment History; ID number; Physical and Postal address; Contact details; Opinions, Criminal behaviour; Well-being;

Categories of Recipients for Processing the Personal Information

The Company may supply the Personal Information to service providers who render the following services:
– Capturing and organising of data;
– Storing of data;
– Sending of emails and other correspondence to clients
– Conducting due diligence checks;
– Administration of the Collective Investment Schemes;

Actual or Planned Trans border Flows of Personal Information

The Company may transfer data trans-border in order to store data with third party cloud storage providers.

General Description of Information Security Measures

The Company employs up to date technology to ensure the confidentiality, integrity and availability of the Personal Information under its care. Measures include:

– Firewalls
– Virus protection software and update protocols
– Logical and physical access control;
– Secure setup of hardware and software making up the IT infrastructure;
– Outsourced Service Providers who process Personal Information on behalf of the Company are
contracted to implement security controls.

7 Remedies Available If Request for Information Is Refused

Internal Remedies
The Company does not have internal appeal procedures. As such, the decision made by the information officer pertaining to a request is final, and requestors will have to exercise such external remedies at their disposal if a request is refused, and the requestor is not satisfied with the response provided by the information officer.

External Remedies
A requestor that is dissatisfied with the information officer’s refusal to disclose information, may within 30
(thirty) days of notification of the decision, apply to a court for relief. Likewise, a third party dissatisfied with the information officer’s decision to grant a request for information, may within 30 (thirty) days of notification of the decision, apply to a court for relief. For purposes of the Act, courts that have jurisdiction over these applications are the Constitutional Court, the High Court or another court of similar status.

8 List of Applicable Legislation

Records of the Company’s and other legal entities in which the Company has a direct controlling interest or an
indirect controlling interest through its subsidiaries) may be kept by or on behalf of the Company in accordance
with the following legislation (some of which legislation may not be applicable to the Company), as well as
with other legislation that may apply to the Company and/or its subsidiaries from time to time:
• Basic Conditions of Employment Act 57 of 1997;
• Broad-based Black Economic Empowerment Act 53 of 2003 Companies Act 71 of 2008;
• Compensation for Occupational Injuries and Diseases Act 130 of 1993 Copyright Act 98 of 1978;
• Currencies and Exchanges Act 9 of 1993;• Electronic Communications and Transactions Act 25 of 2002 Employment Equity Act 55 of 1998;
• Financial Intelligence Centre Act 38 of 2001;
• Financial Institutions (Protection of Funds) Act 28 of 2001 Financial Services Board Act 97 of
1990;
• Income Tax Act 58 of 1962;
• Inspection of Financial Institutions Act 80 of 1998 Labour Relations Act 66 of 1995;
• Occupational Health and Safety Act 85 of 1993;
• Regulation of Interception of Communications and Provision of Communication-Related
Information Act 70 of 2002;
• Prevention of Organised Crime Act 121 of 1998;
• Prevention and Combating of Corrupt Activities Act 12 of 2004 Promotion of Access to
Information Act 2 of 2000;
• Protected Disclosures Act 26 of 2000;
• Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004
Skills Development Act 97 of 1998;
• Skills Development Levy Act 9 of 1999 Securities Transfer Tax Act 25 of 2007;
• Securities Transfer Tax Administration Act 26 of 2007 Trade Marks Act 194 of 1993;
• Trust Property Control Act 57 of 1988 Unemployment Insurance Act 30 of 1966;
• Unemployment Insurance Contributions Act 4 of 2002 Value Added Tax Act 89 of 1991

9 Availability Of The Manual
The manual is available for inspection, on reasonable prior notice, at the office of the company free of charge.