INFORMATION AND PRIVACY STANDARD

as prescribed in terms of the

PROMOTION OF ACCESS TO INFORMATION ACT 2 OF 2000 AND PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013

  1. Introduction
    Section 32 of the Constitution of the Republic of South Africa, No. 108 of 1996 (“the
    Constitution”) provides:
    (1) Everyone has the right of access to – Any information held by the state; and Any information that is held by another person and that is required for the exercise or protection of any rights.
    (2) National legislation must be enacted to give effect to this right and may provide for reasonable measures to alleviate the administrative and financial burden on the state.

    Section 32 of the Constitution affords everyone the right to access information held by the State or any other person. The Constitution requires that national legislation be enhanced to give effect to this right. The Promotion of Access to Information Act, 2 of 2000 (PAIA), gives effect to this constitutional right of access as required in terms of sub-section (2). PAIA provides that a person must be given access to any record of a private body if the record is required for the exercise of any right and the procedural requirements relating to a request have been complied with. PAIA applies to any recorded information, regardless of form or medium, under the control of the private body, and whether or not the private body created it.

    Where a request is made in terms of PAIA, the private or public body to which the request is made is obliged to release the information, except where PAIA expressly provides that the information must not be released. PAIA sets out the requisite procedural issues attached to such request.

    APEX SCIENTIFIC (PTY) LTD (‘the company’), has confirmed its status as a private body in terms of the definition in PAIA as well as a responsible party in terms of the definition in the Protection of Personal Information Act, 4 of 2013 (POPIA). The company respects and values data privacy rights, and ensures that all personal data collected from you is processed in adherence to the general principles of transparency, legitimate purpose, and proportionality.
  2. Key definitions
    Biometrics” means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprint, DNA analysis, retinal scanning and voice recognition;
    Conditions for Lawful Processing” means the conditions for the lawful processing of Personal Information as fully set out in chapter 3 of POPIA;
    Consent” means any voluntary, specific and informed expression of will in terms of which permission is given for the processing personal information;
    Constitution” means the Constitution of the Republic of South Africa, 1996;
    Customer” refers to any natural or juristic person that received or receives services from the company,
    Data Subject” means the natural or juristic person to whom personal information relates, such as an individual client, employee or an entity that provides the company with products or services;
    Information Officer” means the head of a private body. Once appointed the Information Officer must be registered with the South African Information Regulator established under POPIA prior to performing his or her duties which include handling requests for information amongst others. Deputy Information Officers can also be appointed to assist the Information Officer;
    Deputy Information Officer” means the person to whom any power or duty conferred or imposed on an Information Officer in terms of POPIA has been delegated to assist the requester in their information request. PAIA does not provide for private bodies to designate a Deputy Information Officer, however it is recommended by the Information Regulator that they do so for efficiency and convenience;
    Information Regulator” means the Regulator established in terms of section 39 of POPIA;
    Standard” means this Information and Privacy Standard prepared in accordance with section 51 of PAIA and regulation 4(1) (d) of the POPIA Regulations; “Person” means a natural person or a juristic person;
    Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
    a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, wellbeing,
    disability, religion, conscience, belief, culture, language and birth of the person;
    b) information relating to the education or the medical, financial, criminal or employment history of the person;
    c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other assignment to the person;
    d) the biometric information of the person;
    e) the personal opinions, views or preferences of the person;
    f) correspondence sent by the person that is implicitly or explicitly of a private or
    confidential nature or further correspondence that would reveal the contents of the
    original correspondence;
    g) the views or opinions of another individual about the person and;
    h) the name of the person if it appears with other personal information relating to the
    person or if the disclosure of the name itself would reveal information about the person;
    Personal Requester” means a requester seeking access to a record containing personal information about the requester;
    Personnel” refers to any person who provides services to or on behalf of the company and any other person who assists in carrying out or conducting the business of the company. This includes, without limitation, the directors, employees and contractors of the company;
    POPIA Regulations” mean the regulations promulgated in terms of section 112(2) of POPIA;

    Processing” means any operation or activity or any set of operations, whether by automatic means or not, concerning personal information, including-
    a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
    b) dissemination by means of transmission, distribution or making available in any other form; or products and legal matters relating to those products; or
    c) merging, linking, as well as restriction, degradation, erasure or destruction of
    information;
    Responsible Party” means a public or private body or any other person which, alone or in conjunction with others determines the purpose of and means for processing personal information;
    Record” means any recorded information regardless of the form, including, for example, written documents, video materials etc. A record requested from a public or private body would refer to a record that was in that body’s possession regardless of whether that body created the record;
    Request Fee” means the cost to be paid for making an access to information request;
    Requester” means the natural or juristic person making an access to information request. A requester also refers to the person who is making the information request on behalf of somebody else;
    Request for Access” in relation to a private body, means a request for access to a record of a private body in terms of section 50 of PAIA; and
    Third Party” refers to any natural or juristic person who is not the requester of the
    information, nor the body to whom the information request is made. Capitalised terms used in this Standard have the meanings ascribed thereto in section 1 of POPIA and section 1 of PAIA as the context specifically requires, unless otherwise defined herein.

  1. Purpose
    The purpose of the Standard is to provide an outline of the types of records held by the company, inform you of our data protection and security measures, serve as a guide in exercising rights in terms of POPIA and explain how one may submit requests for access to these records in terms of PAIA. POPIA and PAIA give effect to everyone’s constitutional rights to privacy and access to information held by private sector bodies (e.g. companies) or public bodies (i.e. Government institutions) that is required for the exercise and/or protection of the requester’s rights.

  2. Contact details
    Information Officer: LARENDRA MAHARAJ
    Physical address: 1 TROON PLACE, DURBAN NORTH, 4051
    Postal address: 1 TROON PLACE, DURBAN NORTH, 4051
    E-mail: laren@apexscientific.co.za
    Telephone: 083 783 7437

  3. A guide on how to access information via PAIA
    The South African Human Rights Commission has compiled a guide as required in terms of section 10 of the South African Human Rights Commission Act, 2013 on how to access information. This guide is available to the public at no cost and contains information on:
    – understanding and how to use the Act,
    – the objectives of the Act,
    – particulars of every public and private body,
    – the manner and form for requests, and
    – contents of the Regulations promulgated under the Act.

    Any queries regarding this guide should be directed to:
    The South African Information Regulator:

Postal Address

PO Box 31533,
Braamfontein,
Johannesburg, 2017.

Website

www.justice.gov.za/inforeg/

Complaints Email Address

complaints.IR@justice.gov.za

General Enquiries Email

inforeg@justice.gov.za

  1. Records available in terms of other legislation
    Certain legislation mandates the company to allow any person access to specified information, upon request, irrespective of who that person may be. Access to information may be granted in terms of such other legislation if the manner of request is not more onerous than a request under PAIA and POPIA.

    This would include the following legislation, amongst others:

  2. Companies Act 71 of 2008
  1. Income Tax Act 58 of 1962;
  2. Value-Added Tax Act 89 of 1991
  3. Unemployment Insurance Act 63 of 2001
  4. Workmen’s Compensation Act 30 of 1941
  5. Prevention of Organised Crime Act 121 of 1998;
  6. Financial Intelligence Centre Act 38 of 2001;
  7. Constitution of South Africa 108 of 1996.
  8. National credit Act 34 0f 2005
  1. Access to records held by private body in question

    Records/information which are automatically available to a person without the
    requirement of a formal request or the person having to request access in terms of this Act:
    Address, email and telephone details of the company’s registered office;
    – Names of board of directors, employees and other company officials:

    II. List of records per subject:
    Information in the categories below is not available without a formal request as per the instructions of the request procedure, and may be declined by the Company to protect the body’s own, commercial or research information.

Category

Description of record kept

Client records

Client details:
o personal details (indicative details);
o financial details (banking details);
o application and transaction forms completed by customers

Company’s
financial
records

o Financial statements of the company;
o Financial documents compiled by the accountants;
o Banking facilities, bank account numbers;
o Tax details.

Company records

o SARS Registration details;
o Policies and procedures;
o Products;
o Strategy;
o Business directives;
o Suppliers’ contracts;
o Minutes of meetings of board of directors;
o Resolutions passed by the board of directors.

Legal records

o Documents compiled by attorneys;
o Records of any legal cases;

Company
official
records

o Any personal records provided to the company by its officials and
employees;
o Employment contracts
o Any records a third party has provided to the company about any of its
officials and employees
o Other internal records and correspondence.

Client-related
records

o Any records a customer has provided to a third party
o Any records a third party has provided to the company;
o Records generated by or within the company pertaining to customers,
including transactional records.

Private body
records

o Financial records;
o Operational records;
o Databases;
o Information technology;
o Marketing records;
o Internal correspondence;
o Statutory records;
o Internal policies and procedures;
o Records held by officials of the
private body and
o Product records.

Records in the
possession of
or pertaining to
other parties

o Personnel, customer or private body records which are held by another
party as opposed to being held by the company; and
o Records held by the company pertaining to other parties, including without
limitation financial records, correspondence, contractual records, records
provided by the other party, and records third parties have provided about
the contractors / suppliers.

The following details are available without a formal request, but must be accompanied by
written consent from the customer:

– Customer personal and financial details;
– Customer Address details;
– Customer Telephone details;
– Customer email details

Granting/declining of information: Within 30 days (normal calendar days) after receipt of a request, the company will advise the requester whether the request has been granted or declined. If declined, reasons will be given. Furthermore, if the record pertains to a third party, the Act requires the company to notify the third party of the request and be given an opportunity to either consent to the release or make representations in favour of or declining the request. A dissatisfied requester or third party is entitled to an appeal process by way of application to court.

  1. Compulsory declining of requests for information
    A request for a record must be declined to protect:
    – The privacy of a third party;
    – Commercial information of a third party;
    – Confidential information of a third party;
    – The safety of individuals and the protection of property;
    – Records privileged from production in legal proceedings;
    – Research information of a third party.
    – Discretionary declining of requests:

    A request may be refused to protect the commercial or research information of the


  2. Request procedure Details of submitting a formal request:
    Submit Request Form (Annexure A) for the attention of the appropriate Information Officer to the address, fax number or electronic mail address provided in this Standard. Ensure that the right you wish to protect or exercise is fully described in the Request Form. If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is making the request.The Information Officer will assess the request and advise the requestor within 30 calendar days of the decision made. The information, if granted, will be supplied to the requester in a format applicable to the request. If declined the requestor will be notified in writing and will be provided with the reasons for the decision. If you have any questions about our use of your Personal Information you can contact the
    appropriate Information Officer of the Fund in accordance with the contact details provided in this Standard.

  3. Fees
    A requester who seeks access to a record containing personal information about that requester is not required to pay the request fee. Every other requester, who is not a personal requester, must pay the required request fee:
    – The Information Officer must notify the requester (other than a personal requester) by notice, requiring the requester to pay the prescribed fee (if any) before further processing the request

 

.
 The fees (if any) that the requester must pay to a private body will depend on the format
of the information being requested (The requester may lodge an internal appeal or an
application to the court against the tender or payment of the request fee

. For a complete fee schedule please visit the Information Regulator at
www.justice.gov.za/inforeg/.
 After the Information Officer has decided on the request, the requester must be notified
in the required form.

If the request is granted then a further access fee must be paid for the search, reproduction,
preparation and for any time that has exceeded the prescribed hours to search and prepare
the record for disclosure

.