POPIA Manual

POPIA Compliance Management Framework and Information Access Guide

Intelligent Safe Technologies (Pty) Ltd

Registration No: 2016/189796/07

Version 1.0 - Updated: 01 February 2023 | Effective: 04 February 2023

This manual was prepared in accordance with section 51 of the Promotion of Access to Information Act, 2000 ("PAIA") to address requirements of the Protection of Personal Information Act, 2013 ("POPIA").

1. Introduction

1.1 Purpose of this Manual

Under the Promotion of Access to Information Act 2000 ("PAIA"), Intelligent Safe Technologies (Pty) Ltd ("IST" or "the Company") is required to grant individuals access to records held by IST if that record is required by the individual to exercise or protect any legal right that individual enjoys under the law.

Additionally, under the Protection of Personal Information Act 2013 ("POPIA"), the Company is required to be open and transparent about how the Company handles personal information and allow individuals to access and correct their personal information.

The purpose of this Manual is to set out the information which the Company is legally required to disclose under PAIA and POPIA, and to explain how you can exercise your statutory rights under PAIA and POPIA with respect to records and personal information handled by the Company.

2. Status and Scope of This Manual

This Manual (version 1.0) was last updated on 01 February 2023 and will become effective on 04 February 2023. This Manual may be revised from time to time to reflect changes in laws and regulations, or changes in the Company's business operations.

3. The Company

Intelligent Safe Technologies (Pty) Ltd is a private company with limited liability duly registered in terms of South African company laws with:

  • Registration No: 2016/189796/07
  • Registered Address: Unit S14/S15 Spearhead Business Park, Montague Drive, Montague Gardens, Cape Town, 7441

The Company conducts the business of a private security and safe technology company specializing in smart safes.

4. Rights of the Data Subject in Terms of PAIA

PAIA gives effect to the constitutional right of access to any information held by the State and any information that is held by another person and that is required for the exercise or protection of any rights; and to provide for matters connected therewith.

  • Records that the Company makes available under PAIA are described in clause 6 of this Manual.
  • A Data subject that wishes to make a request for information shall follow the procedure set out in clauses 8 & 9 of this Manual.
  • Any request contemplated above shall be subject to the applicable charges set out in clause 11.
  • The South African Human Rights Commission ("SAHRC") produced detailed guidance to be followed by any person wishing to enforce the rights under PAIA and can be accessed on the SAHRC's website: www.sahrc.org.za.

5. Availability of This Manual

A copy of this manual is available to the public for inspection on the Company's website and/or registered offices as listed above or on request from the Designated Contact Person.

5.1 Designated Information Officer

The Designated Information Officer is responsible for the administration of and compliance with PAIA in a fair and objective manner.

Information Officer: Louis Du Toit

Tel No: +27 82 385 6111

Email: louis@intelligentsafe.co.za

Address: Unit S14/S15 Spearhead Business Park, Montague Drive, Montague Gardens, Cape Town, 7441

6. Access to Records

PAIA grants a person access to the records of a private body, if such record is required for the exercise or protection of any rights. If a public body lodges a request for access, the public body must be acting in the public interest.

Requests in terms of PAIA shall be made in accordance with the prescribed procedures and at the rates provided. The forms and tariff are dealt with in paragraphs 6 and 7 of PAIA.

6.1 Guide in Terms of Section 10 of PAIA

Persons seeking access to the records of the Company are referred to the Guide compiled by the SAHRC:

Postal Address: Private Bag 2700, Houghton, 2041

Tel No: +27 11 877 3600

Website: www.sahrc.org.za

7. Records Accessible in Terms of Other Legislation

Records are kept in accordance with the following legislation (this list is not exhaustive):

  • Companies Act 71 of 2008
  • Basic Conditions of Employment Act 75 of 1997
  • Occupational Health and Safety Act 85 of 1993
  • Compensation for Occupational Injuries and Diseases Act 130 of 1993
  • Employment Equity Act 55 of 1998
  • Income Tax Act 58 of 1962
  • Labour Relations Act 66 of 1995
  • Unemployment Insurance Act 30 of 1966
  • Unemployment Contributions Act 4 of 2002
  • Value Added Tax Act 58 of 1962
  • Promotion of Access to Information Act 2 of 2000
  • Protection of Personal Information Act 4 of 2013
  • Consumer Protection Act 68 of 2008
  • Financial Intelligence Centre Act 38 of 2001
  • Prevention of Organised Crime Act 121 of 1998
  • Protection of Constitutional Democracy Act 33 of 2004

7.2 Types of Records Held

The Company holds records on the following subjects:

  • Personal information
  • Biometric data
  • Financial records
  • Employment records
  • Customer and client information
  • Service provider information
  • Trade secrets and confidential commercial information

Note: A person is not automatically allowed access to such records and access thereto may be refused in accordance with Section 62 of PAIA.

8. Requests Made in Terms of PAIA

Records held by the Company may be accessed on request, and subject to fulfillment of the access requirements. PAIA distinguishes between the following two categories of persons requesting records:

8.1 Personal Requester

A person seeking access to a record containing personal information about the requester. The Company will, subject to the provisions of PAIA and other legislation, allow access to any record pertaining to the requester's personal information. The Company shall charge the prescribed fee for reproduction of the requested information.

8.2 Other Requester

A person other than a Personal Requester is, subject to the provisions of PAIA and any other legislation, entitled to access information pertaining to third parties. However, the Company is not obliged to grant access to the Other Requester prior to fulfilling the requirements of PAIA. The Company shall charge the prescribed fee for reproduction of the information requested.

9. Processing of Requests

9.1 Submission Requirements

A requester must complete the request form and make payment of the request fee and submit both the form and the proof of payment, if applicable, to the Information Officer at the physical address, or electronic mail address as stated herein.

9.2 Required Information

The request form must be filled in with enough information to at least enable the Information Officer to identify:

  • The record or records requested
  • The identity of the requester
  • The form of access required
  • The postal address, fax number or email address of the requester

9.3 Nature of Right

A requester must state that he or she requires the information to exercise or protect a right, and clearly state what the nature of the right is, so to be exercised or protected.

9.4 Processing Timeline

The Company shall process a request within 30 days, unless the requestor has stated special reasons to the satisfaction of the Information Officer that justifies a deviation from this period.

9.5 Decision Notice

The requester shall be informed in writing whether access has been granted or denied. If, in addition, the requester requires the reasons for the decision in any other manner, it must be sufficiently indicated.

10. Grounds for Refusal of Access

The Company may refuse a request for personal information in the event that a request is made for access to:

  • Personal Information that would be unreasonable with regard to protection of privacy
  • Commercial information of a third party (trade secrets, financial information)
  • Confidential information of third parties protected in terms of any agreement
  • Safety and property records
  • Privileged documents
  • Research information that would place the research at a serious disadvantage
  • Frivolous or vexatious requests
  • Attorney/client privilege records
  • Information relating to minors
  • Court orders determining confidentiality

11. Charges Applicable to a PAIA/POPIA Request

11.1 Types of Fees

There are two types of fees which are payable under PAIA:

  • Request Fee – payable upon making a request to access records/personal information
  • Access Fee – payable in respect of records/personal information which are produced in response to your request

11.2 Request Fee

R57.00 (inclusive of VAT) is charged for each request.

11.3 Request Fee Exemptions

The Request Fee is not applicable in the event of:

  • A private individual requesting access to his or her own records/personal information
  • The requester being a single person earning less than R14,812 per annum
  • A married requester earning less than R27,192 per annum

11.4 Access Fee Schedule

Type of Activity Rate (inc. VAT)
Photocopy of an A4-size page R1.25
Printed copy from computer R0.86
Copy on floppy disk R8.55
Copy on CD R79.80
Transcription of visual images (A4) R45.60
Copy of visual images R68.40
Transcription of audio record (A4) R22.80
Copy of audio record R34.20
Search and preparation (per hour after first hour) R34.20
Postage Actual cost

12. Categories of Data Subjects and Personal Information

Category Personal Information Processed
Customers / Clients Name, address, registration numbers or identity numbers, employment status and bank details, biometric information, trade secrets
Service Providers Names, registration number, VAT numbers, address, trade secrets and bank details
Employees Address, qualifications, gender and race

13. Security Measures

The Company undertakes to institute and maintain data protection measures including:

  • Access Control of Persons – Preventing unauthorized access to data processing systems
  • Data Media Control – Preventing unauthorized reading, copying, modification or removal
  • Data Memory Control – Preventing unauthorized input, reading, modification or deletion
  • User Control – Preventing unauthorized use of data processing systems
  • Access Control to Data – Ensuring authorized users can only access their permitted data
  • Transmission Control – Ensuring verification of where personal data has been transmitted
  • Transport Control – Preventing unauthorized data access during transport
  • Organization Control – Ensuring internal organization meets data protection requirements

14. Binding Nature of This Manual

This manual is binding on all employees of the Company and all such employees agree to abide by its provisions and to protect the personal information of the clients and its employees in accordance with POPIA.

For questions or concerns regarding this manual, please contact the Information Officer at the details provided in Section 5.1.

Get In Touch

Interested in becoming a partner,
learning more, or sharing your expertise?

Contact Us