PAIA Manual

All about our compliance

PAIA MANUAL of HyperParts Pty (Ltd) 

Prepared in accordance with section 51 of the Promotion of Access to Information Act 2 of 2000 (as amended)

TABLE OF CONTENTS

  1. Introduction
  2. List of acronyms and abbreviations
  3. Purpose of the PAIA manual
  4. Contact details for access of information
  5. Guide of the South African Human Rights Commission
  6. Automatic disclosure of records
  7. Records available in terms of any other legislation
  8. Categories of records held by HyperParts
  9. Categories of requestors
  10. Grounds for refusal of access to records in terms of PAIA
  11. Information or records not found
  12. Remedies available to the requestor upon refusal of a request for access
  13. Procedure for a request for access in terms of PAIA
  14. Fees
  15. Information available in terms of POPIA
  16. Availability of the manual
  1. INTRODUCTIONHyperParts is committed to the observance of and compliance with the directives of the South African Constitution and national legislation which endorse the key principles of good corporate governance, transparency and accountability.

The Promotion of Access to Information Act No. 2 of 2000 (PAIA) gives effect to carry out section 32 of the South African Constitution, which focuses on the right to access information i.e. everyone has the right of access to information held by the state or a private body to enforce a culture of transparency and accountability.

Section 51 of PAIA obliges private bodies (including HyperParts) to compile a manual to enable a person to obtain access to information held by such a private body and stipulates the minimum requirements that the manual has to comply with.

This manual constitutes HyperParts’s PAIA manual. This manual is compiled in accordance with section 51 of PAIA as amended by the Protection of Personal Information Act, 2013 (POPIA). POPIA promotes the protection of personal information processed by public and private bodies, including certain conditions so as to establish minimum requirements for the processing of personal information. POPIA amends certain provisions of PAIA, balancing the need for access to information against the need to ensure the protection of personal information.

This PAIA manual also includes information on the submission of objections to the processing of personal information and requests to delete or destroy personal information or records thereof in terms of POPIA.

  1. LIST OF ACRONYMS AND ABBREVIATIONS

Unless the context clearly indicates otherwise, the following terms shall have the meanings assigned to them hereunder, namely:-

2.1. ‘Company’ means Adeo South Africa Limited, trading as HyperParts (registration number 2016/044487/07), a company duly registered and incorporated with limited liability in accordance with the company laws of the Republic of South Africa and having its principal place of business situated at 35 Roos street, Witkoppen Ext 97, Sandton, Gauteng, Republic of South Africa;

2.2. ‘Conditions for Lawful Processing’ means the conditions for the lawful processing of Personal Information as fully set out in chapter 3 of POPIA;

2.3. ‘Constitution’ means the Constitution of the Republic of South Africa, 1996;

2.4 ‘Customer’ refers to any natural or juristic person that received or receives services from the Company;

2.5. Data Subject has the meaning ascribed thereto in section 1 of POPIA;

2.6. Information Officer means the Information Officer for HyperParts as referred to in clause 4;

2.7. Manual means this manual prepared in accordance with section 51 of PAIA and regulation 4(1) (d) of the POPIA Regulations;

2.8. PAIA means the Promotion of Access to Information Act, 2000;

2.9. Personal Information has the meaning ascribed thereto in section 1 of POPIA;

2.10. Personnel refers to any person who works for, or provides services to or on behalf of the Company, and receives or is entitled to receive remuneration and any other person who assists in carrying out or conducting the business of the Company, which includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff as well as contract workers;

2.11. POPIA means the Protection of Personal Information Act, 2013;

2.12. POPIA Regulations mean the regulations promulgated in terms of section 112(2) of POPIA;

2.13. Private Body has the meaning ascribed thereto in sections 1 of both PAIA and POPIA;

2.14. Processing has the meaning ascribed thereto in section 1 of POPIA;

2.15. Responsible Party has the meaning ascribed thereto in section 1 of POPIA;

2.16. Record has the meaning ascribed thereto in section 1 of PAIA and includes Personal Information;

2.17. Requestor has the meaning ascribed thereto in section 1 of PAIA;

2.18. Request has the meaning ascribed thereto in section 1 of PAIA;

2.19. SAHRC means the South African Human Rights Commission.

  1. PURPOSE OF PAIA MANUAL

This PAIA Manual is useful for the public to-

3.1. check the categories of records held by a body which are available without a person having to submit a formal PAIA request;

3.2. have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;

3.3. know the description of the records of the body which are available in accordance with any other legislation;

3.4. access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;

3.5. know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;

3.6. know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;

3.7. know the description of the categories of data subjects and of the information or categories of information relating thereto;

3.8. know the recipients or categories of recipients to whom the personal information may be supplied;

3.9. know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and

3.10. know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.

  1. KEY CONTACT DETAILS FOR ACCESS TO INFORMATION

The Information Officer is the person to whom Requests for access to Records should be addressed. All Requests for access to Records in terms of PAIA must be in writing.

The Information Officer’s contact details are as follows:

  1. GUIDE OF THE SOUTH AFRICAN HUMAN RIGHTS COMMISSION

The South African Human Rights Commission (“SAHRC”) is mandated under PAIA to promote the right of access to information, monitor the implementation of PAIA, make recommendations to strengthen PAIA and to report annually to Parliament. The SAHRC has compiled a guide that contains information which would be reasonably required of any person wishing to exercise any rights set out in the Act. The guide is available in all the country’s official languages and can be viewed at www.sahrc.org.za

Any enquiries regarding the above guide and its contents should be directed to:

The South African Human Rights Commission
PAIA Unit (the Research and Documentation Department)
Postal address: Private Bag 2700, Houghton, 2041
Telephone: +27 11 484-8300
Fax: +27 11 484-7146
Website: www.sahrc.org.za
Email: PAIA@sahrc.org.za

  1. AUTOMATIC DISCLOSURE OF RECORDS

Information that is obtainable via the HyperParts website about HyperParts is automatically available and need not be formally requested in terms of this manual.

The following categories of records are automatically available for inspection, purchase or photocopying:

9.1. brochures
9.2. press releases
9.3. publication; and
9.4. various other marketing and promotional material.

Although we have used our best endeavours to supply a list of applicable legislation, it is possible that this list may be incomplete. Whenever it comes to our attention that existing or new legislation allows a Requester access on a basis other than as set out in PAIA, we shall update the list accordingly. If a Requester believes that a right of access to a record exists in terms of other legislation listed above or any other legislation, the Requester is required to indicate what legislative right the request is based on, to allow the Information Officer the opportunity of considering the request in light thereof.

  1. CATEGORIES OF RECORDS HELD BY HYPERPARTS

Records maintained within the Company are outlined in Appendix A.

However, please note that recording a category or subject matter in this Manual does not imply that a Request for access to such Records would be honoured. In particular, certain grounds of refusal as set out in the Act may be applicable to a Request for such Records. All Requests for access will be evaluated on a case by case basis in accordance with the provisions of the Act.

  1. CATEGORIES OF REQUESTORS

The capacity under which a Requestor makes a request for records defines the category in which the Requestor will fall into. There are four categories of Requestors:

  1. A Data Subject who makes requests about themselves;
  2. A Representative who makes a request on behalf of the Data Subject(s);
  3. A Third Party who requests information about a Data Subject; or
  4. A Public Body who requests information in the public interest.
  1. GROUNDS FOR REFUSAL OF ACCESS TO RECORDS IN TERMS OF PAIA

The following are the grounds on which the Company may, subject to the exceptions contained in Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:

10.1 mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable;

10.2 mandatory protection of the commercial information of a third party, if the Records contain:

10.2.1 trade secrets of that third party;

10.2.2 financial, commercial, scientific or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or

10.2.3 information disclosed in confidence by a third party to the Company, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition;

10.3 mandatory protection of confidential information of third parties if it is protected in terms of any agreement;

10.4 mandatory protection of the safety of individuals and the protection of property;

10.5 mandatory protection of Records that would be regarded as privileged in legal proceedings;

10.6 protection of the commercial information of the Company, which may include:

10.6.1 trade secrets;

10.6.2 financial/commercial, scientific or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of the Company;

10.6.3 information which, if disclosed, could put the Company at a disadvantage in contractual or other negotiations or prejudice the Company in commercial competition; and/or

10.6.4 computer programs which are owned by the Company, and which are protected by copyright and intellectual property laws;

10.7 research information of the Company or a third party, if such disclosure would place the research or the researcher at a serious disadvantage; and

10.8 Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources

  1. INFORMATION OR RECORDS NOT FOUND

If the Company cannot find the records that the Requestor is looking for despite reasonable and diligent search and it believes either that the records are lost or that the records are in its possession but unattainable, the Requestor will receive a notice in this regard from the Information Officer in the form of an affidavit setting out the measures taken to locate the document and accordingly the inability to locate the document.

  1. REMEDIES AVAILABLE TO THE REQUESTOR UPON REFUSAL OF A REQUEST FOR ACCESS IN TERMS OF PAIA

12.1 The Company does not have internal appeal procedures. As such, the decision made by the Information Officer is final, and Requestors will have to exercise such external remedies at their disposal if the Request for Access is refused.

12.2 In accordance with sections 56(3) (c) and 78 of PAIA, a Requestor may apply to a court for relief within 180 days of notification of the decision for appropriate relief.

  1. PROCEDURE FOR A REQUEST FOR ACCESS IN TERMS OF PAIA

13.1 A Requestor must comply with all the procedural requirements as contained in section 53 of PAIA relating to a Request for Access to a Record.

13.2 A Requestor must complete the prescribed Request for Access form attached as Appendix B, and submit the completed Request for Access form as well as payment of a request fee (if applicable) and a deposit (if applicable), to the Information Officer at the postal or physical address, or electronic mail address stated in clause 4 above.

13.3 The Request for Access form must be completed with enough detail so as to enable the Information Officer to identify the following:

  1. the Record/s requested;
  2. the identity of the Requestor;
  3. the form of access that is required, if the request is granted;
  4. the postal address or fax number of the Requestor;
  5. and the right that the Requestor is seeking to protect and an explanation as to why the Record is necessary to exercise or protect such a right.

13.4 If a Request for Access is made on behalf of another person, the Requestor must submit proof of the capacity in which the Requestor is making the request to the reasonable satisfaction of the Information Officer.

13.5 The Company will voluntarily provide the requested Records to a Personal Requestor (as defined in section 1 of PAIA). The prescribed fee for reproduction of the Record requested by a Personal Requestor will be charged in accordance with section 54(6) of PAIA and paragraph 11 below.

  1. FEES

Prescribed fees were published by the Minister of Justice and Constitutional Development in the Government Gazette No. 23119, General Notice No. 187 of 15 February 2002. Please refer to Appendix C for HyperParts’s fee structure.

  1. INFORMATION AVAILABLE IN TERMS OF POPIA

In terms of POPIA, personal information must be processed for a specified purpose. The purpose for which data is processed by HyperParts’s will depend on the nature of the data and the particular data subject. This purpose is ordinarily disclosed, explicitly or implicitly, at the time the data is collected. Please also refer to HyperParts’s Privacy Policy for further information.

Categories of personal information collected by HyperParts

HyperParts may collect information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person; and
  • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

The purpose of processing personal information

In terms of POPIA, data must be processed for a specified purpose. The purpose for which data is processed by HyperParts will depend on the nature of the data and the particular data subject. This purpose is ordinarily disclosed, explicitly or implicitly, at the time the data is collected.

In general, personal information is processed for purposes of on-boarding clients and suppliers, service or product delivery, records management, security, employment and related matters. Please refer to the PnP Privacy Policy for further details.

Categories of data subjects

HyperParts holds information and records on the following categories of data subjects:

  • customers of HyperParts;
  • employees / personnel of HyperParts;
  • Independent contractors of HyperParts;
  • suppliers of HyperParts; and
  • any third party with whom HyperParts conducts business.

Categories of recipients to whom personal information may be supplied

  • Depending on the nature of the personal information, HyperParts may supply information or records to the following categories of recipients:
  • statutory oversight bodies, regulators or judicial commissions of enquiry making a request for data;
  • any court, administrative or judicial forum, arbitration, statutory commission, or ombudsman making a request for data or discovery in terms of the applicable rules;
  • South African Revenue Services, or another similar authority;
  • anyone making a successful application for access in terms of PAIA or POPIA; and
  • subject to the provisions of POPIA and other relevant legislation, HyperParts may share information about a client’s creditworthiness with any credit bureau or credit providers industry association or other association for an industry in which HyperParts operates.

Transborder flows of personal information

HyperParts may need to transfer a data subject’s information to service providers in countries outside South Africa, these countries may not have data-protection laws which are similar to those of South Africa. Where this is done, HyperParts does so in accordance with applicable laws.

  1. AVAILABILITY OF THE MANUAL

This manual will be updated as required or when the relevant legislation changes. This manual is available for inspection on https://www.hyperparts.co.za/ The manual is also available for viewing at HyperParts’s head office. Copies of the manual may be made available subject to the prescribed fees.