5. Records we hold to function

We hold the following subjects and categories of records in electronic or physical format, which we do not make automatically available. You may request access to them. 

Establishment records

Our records related to the establishment, registration, incorporation, or administration of our organisation. Some of them may be available from BizPortal, via BizProfile, a search tool for all companies registered on the Companies and Intellectual Property Commission (CIPC).

• Minutes of board or director meetings
• Written resolutions
• Records relating to appointment of directors, auditor, secretary, public officer, or other officers
• Share register and other statutory registers
• Other statutory records

Company records include our memorandum of incorporation and directors’ names.

Business records

Documents that have economic value to the business.

• Operational records
• Databases
• Published works
• Internal correspondence
• Product records

Financial records

Our records related to our finances.

• Financial statements  
• Tax returns
• Other documents relating to tax
• Accounting records
• Auditor reports
• Banking records
  • Bank statements
  • Electronic banking records
  • Paid cheques
• Asset register
• Invoices
• Financial agreements

Financial records include our financial statements and banking details.

Insurance records

Our records related to our insurable assets.

• Insurance policies we hold
• Records of insurance claims
• Register of all immovable property owned by the company

Income tax records

Our records related to our income tax obligations.

• PAYE Records
• Corporate tax records
• Customs tax
• Documents issued to employees for income tax purposes
• Records of payments made to SARS on behalf of employees
• VAT records
• Skills Development Levies
• UIF
• Workmen’s Compensation

Personnel records

Our records about anyone who works for us, provides services to us, or provides services on our behalf and who we remunerate. This includes our employees, contractors, and other personnel.

• List of employees
• Employee personal information
• Employee employment contracts
• Employment applications and appointment letters
• Employment policies and procedures
• Employment Equity Plan
• Health and safety records
• Medical aid records
• Pension and provident fund records
• Salaries or wages of employees
• Leave records
• Internal evaluations and performance records
• Disciplinary records
• Disciplinary codes
• Training records
• Operating manuals
• Personal records provided by personnel
• Other statutory records
• Related correspondence

Personnel records include records about our employees and contractors.

Policies and directives

Both internal and external documents.

• Internal: relating to employees and the organisation
• External: relating to customers and other third parties
• Information technology systems and documents

Agreements or contracts

Both the documents themselves and all related documents.

• Standard agreements
• Contracts concluded with customers
• NDAs
• Letters of intent, MOUs
• Third party contracts (such as JV agreements, VAR agreements, etc.)
• Office management contracts
• Bond agreements
• Rental agreements
• Supplier or service contracts

Regulatory documents

Any documents we need to comply with any laws.

• Permits
• Licences
• Authorities

Published information

Any document that we prepare and produce.

• Internal newsletters and circulars
• Information on the company published by third parties

Customer information

Any information about anyone that we provide goods or services to, including our customers, leads, or prospects.

• Customer details
• Contact details of individuals within customers
• Communications with customers
• Sales records
• Transactional information
• Marketing records

Reference materials

Any sources of information that we contribute to.

• Books
• Newsletters and journals articles
• Magazines
• Newspaper articles

Artificial Intelligence (AI) system records 

As a provider of AI-powered solutions, we maintain records specific to our AI operations.

• AI algorithms and models:

• • • Documentation on AI models and algorithms used.
    • Proprietary AI models developed or utilized by our organization.

• Training data records:

• • • Data sets used to train AI systems, subject to data protection compliance.
    • Records ensuring data anonymization or pseudonymisation.

• AI operations logs:

• • • Logs of AI system operations, outputs, and decision-making processes where applicable.

• Third-Party AI service records:

• • • Agreements and contracts with our AI developers and providers.
    • Compliance documentation from third-party AI providers.

• AI impact assessments:

• • Assessments conducted to understand AI's impact on data subjects.
  • Ethical considerations and mitigation strategies.

AI system records include documentation and data-related to our AI technologies and their usage.

6. Records we hold to comply with the law

We hold records that all organisations are required by law to hold. We also hold records that the law specifically requires organisations like ours to retain. Please ask our information officer for details.

 

Relevant legislation includes:

• Promotion of Access to Information Act, 2000 (PAIA)
• Protection of Personal Information Act, 2013 (POPIA)
• Electronic Communications and Transactions Act, 2002
• Regulations and guidelines issued by South African authorities on Artificial Intelligence and data processing
• International regulations if our AI services operate across borders

 

Please ask our information officer for details.

7. How you can request access

We have appointed our information officer to deal with all matters relating to PAIA so we can comply with our PAIA obligations. To request access to a record, please complete Form 2. 

Please submit the completed form (together with the relevant request fee we explain below) to our information officer’s email address, our physical address, or by fax using the details we provide. Please ensure that the completed form:

• has enough information for the information officer to identify you, the requested records, and the form of access you require,
• specifies your email address, postal address, or fax number,
• describes the right that you seek to exercise or protect,
• explains why you need the requested record to exercise or protect that right,
• provides any other way you would like to be informed of our decision other than in writing, and
• provides proof of the capacity in which you are making the request if you are making it on behalf of someone else (we will decide whether this proof is satisfactory).

If you do not use the standard form, we may:

• reject the request due to lack of procedural compliance,
• refuse it if you do not provide sufficient information, or
• delay it.

If you do not use the standard form, we may reject the request due to lack of procedural compliance, refuse it if you do not provide sufficient information, or delay it. You may request information by completing a request for access form and submitting it to our information officer together with a request fee.

8. How we will give you access

We will evaluate and consider all requests we receive. If we approve your request, we will decide how to provide access to you – unless you have asked for access in a specific form. Publication of this manual does not give rise to any rights to access information records, except in terms of PAIA.

9. How much it will cost you

Request fees

When submitting your request, you must pay us a request fee as the law prescribes. You must pay us the prescribed fees before we give you access. You will receive a notice from our information officer upon your request, setting out the application procedure.  

Access fees

If we grant the request, you will have to pay us a further access fee the law prescribes that includes a fee for the time it takes us to handle your request, or if the time has exceeded the prescribed hours to search and prepare the record for disclosure. Our information officer will notify you if you need to pay a deposit for the access fee. The deposit may be up to one third of the prescribed access fee. The access fee will provide for:

• the costs of making the record, or transcribing the record, 
• a postal fee (if applicable), and 
• the reasonable time we need to search for the record and prepare the record for you.

If you paid the deposit and we refused your request, we will refund you the deposit amount. Until you have paid the fees, we may withhold the record you requested. 

10. Grounds for us to refuse access

We may have to refuse you access to certain records in terms of PAIA to protect:

• someone else’s privacy,
• another company’s commercial information,
• someone else’s confidential information,
• research information,
• the safety of individuals and property,
• records privileged from production in legal proceedings,
• proprietary information (which includes proprietary information on our AI systems).

Some of these grounds are explained in further detail below.

Protection of someone else’s privacy (a natural person)

We may refuse to give you access to a record if access would unreasonably disclose a natural person’s personal information, including a deceased person.

We will not refuse access in certain circumstances. 

• The person who the information pertains to, has given consent. 
• The information is publicly available. 
• The information belongs to a class of information, and the private body notified the individual upfront that the specific class of information might be made public. 
• The record is physical or mental health information or information about someone’s well-being who is:
  • under the requester’s (your) care and below 18 years, or  
  • incapable of understanding the nature of the request and giving access would be in the individual’s best interests. 
• The information is about a deceased person and:
  • you are the next of kin, or 
  • the request is made with the written consent of the individual’s next of kin. 
• The information is about a person who is, or was an executive at your organisation, and the information relates to their position or functions, for example:
  • that the person was an official at our organisation,  
  • the title, work address, work phone number and other similar details, 
  • the classification, salary scale or remuneration and responsibilities of the position or services, and
  • the name of the person on a record prepared by them while employed. 

Protection of another organisation’s commercial information

We may refuse to give you access to a record if the record contains another organisation’s:

• trade secrets, 
• financial, commercial, scientific, or technical information and the disclosure could cause harm to the financial or commercial interests of that company, 
• information and the disclosure could put that company at a disadvantage in negotiations or commercial competition, or
• information on a computer programme owned by us, protected by copyright.

Protection of the safety of individuals and property

We may refuse access if it could reasonably be expected to endanger someone’s life or physical safety. We may refuse access to a record if disclosing it would be likely to prejudice or impair the security of: 

• a building, structure, or system, including a computer or communication system,
• a means of transport, 
• any other property, 
• methods, systems, plans or procedures for the protection of someone in a witness protection scheme, 
• the public, or a part of the public, or 
• the property contemplated above. 

Protection of research information

We may refuse you access to a record that contains research done by us or someone else, if disclosing it would disclose our identity, the researcher’s or the subject matter of the research and would place the research at a serious disadvantage.

Our decision on giving you access

We will notify you in writing whether your request has been approved or denied within 30 calendar days after receiving your request. If we cannot find the record you asked for or it does not exist, we will notify you by way of affidavit that it is not possible to give access to that record.

We may have to refuse you access to a record to protect others.

11. Remedies available if we refuse to give you access

If we deny your request for access, you may:

• apply to a court with appropriate jurisdiction, or 
• complain to the Information Regulator, 

for the necessary relief within 180 calendar days of us notifying you of our decision.

12. How we process and protect personal information 

We process the personal information of various categories of people for various purposes. 

Categories of people

We process the personal information of the following categories of people:

• customers or organisations,
• prospects or leads,
• employees,
• recruiters and medical practitioners providing services related to employees,
• contractors, vendors, or suppliers,
• debtors and creditors,
• dealers, and
• directors and shareholders.

Purposes

We process the personal information to:

• provide our goods or supply our services,
• better understand our data subjects’ needs when doing so,
• keep our data subject records up to date,
• manage employees in general,
• manage supplier contracts in general,
• manage dealer relationships in general,
• manage customers in general,
• manage customer credit in general,
• market to customers in various countries,
• enforce debts,
• market goods and services to prospects,
• run promotional competitions for businesses,
• process customer requests or complaints, and
• process personal information of employees for forensic purposes.

Categories of personal information

We process many different categories of personal information, including:

• contact details, such as phone numbers, physical and postal addresses, and email addresses,
• personal details, such as names and ages,
• demographic details, such as races and age groups,
• health information,
• biometric information,
• information about behaviour and beliefs,
• account numbers,
• background information,
• contract information,
• credit information,
• market intelligence information, and
• debt and debtor information.

Third-party disclosures

We give the following people personal information that we process in the ordinary course of business to fulfil our obligations to our customers or clients:

• Contractors, vendors, or suppliers.
• Agents, distributors, or other resellers.
• Other customers.
• Operators, other responsible parties, or co-responsible parties. 
• Third party vendors (such as software developers) to help us maintain our services.

Cross-border transfers

We send personal information outside of South Africa to various countries. We will only transfer data to other countries who have similar privacy laws to South Africa’s that provide an adequate level of protection, or recipients who can guarantee the protection of personal information to the same standard we must protect it.

 

Security

We secure data by maintaining reasonable measures to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We also take reasonable steps to keep personal information accurate, current, complete, confidential, and reliable for its intended use.

We do our best to keep all data in our possession secure and up to date.

13. Availability of this Manual

This manual is available in English in electronic format on our website and in physical format at the reception of our company offices. 

14. Updates to this Manual

We will update this manual whenever we make material changes to it.