Promotion of Access to Information Act (PAIA)

This manual was prepared in accordance with Section 51 of the Promotion of Access to  Information Act, 2000 (‘PAIA’) and to  

address requirements of the Protection of Personal Information Act 4 of 2013 (‘POPI’).  

This POPI/ PAIA manual applies to Octotel Pty Ltd  

Registration Number: CK 2015/051236/07  

(“OCTOTEL”)  

Registered Office Address:  

5th Floor, The Point, 76 Regent Road, Sea Point, Cape Town, South Africa    

No part of this document may be reproduced or transmitted in any form or by any means,  electronic or mechanical, for any purpose, without express written permission of:  OCTOTEL PTY Ltd  

4th Floor, The Point,  

76 Regent Road, Sea Point,  

Cape Town, South Africa  

OCTOTEL Pty Ltd is committed to on-going research and development to track technological  developments and customer needs in the market. Consequently, information contained in this  document may be subject to change without prior notice.  

  

1 Introduction 

PAIA  

The Promotion of Access to Information Act, 2000 (the “PAIA”) grants the public the right to  make a request to access records held by private bodies and the government, if such  information is required in the exercise and/or protection of any Constitutional rights. On request,  the private body or government is obliged to release such information unless the Act expressly  states that the records  

containing such information may or must not be released. This manual informs requestors of  procedural and other requirements  

which a request must meet as prescribed by the Act.  

POPI  

OCTOTEL processes personal information of its employees, members, clients and other data  subjects from time to time. As such, it is obliged to comply with the Protection of Personal  Information Act No. 4 of 2013 (“POPI”) as well as the Promotion of Access to Information Act  No. 2 of 2000 (“PAIA”). This manual, in addition to its privacy policy, is OCTOTEL’s commitment  to protecting its members’/clients’/supplier’s/employees’ and other data subjects’ privacy and  ensuring that their personal information is used appropriately, transparently, securely and in  accordance with applicable laws. 

Nature of Business  

OCTOTEL Pty Ltd (hereinafter, the ‘Company’) is an ICASA Registered Electronic  Communications Network Service Provider (ECNS licence holder).  

Information Officer details  

All PAIA requests should be submitted to:  

Octotel Chief Information Officer: Wian Heath  

Physical Address: Suite 401, 4th Floor  

The Point Office  

76 Regent Road  

Sea Point  

Western Cape, 8060  

Postal Address:  

PO BOX 12768,  

Mill Street,  

Cape Town,  

8010  

Telephone Number: 087 470 08 00  

Email Address: Wian@rampgroup.co.za  

  

3 Requesting Access To Records Held By OCTOTEL 

A requester can be a natural person/ juristic entity who submits a request for access to a record  held by OCTOTEL. In this regard, the Act distinguishes between two types of  requesters:  

3.1 Personal Requester 

A personal requester is a requester who is seeking access to a record containing personal  information about the requester. Subject to the provisions of PAIA/ the Act and applicable law,  OCTOTEL will provide the requested information, or  

give access to any record about the requester’s personal information. The prescribed fee for  reproduction of the information requested will be charged by OCTOTEL.  

3.2 Third party requester 

This requester (is someone other than a personal requester) and is entitled to request access to  information pertaining to a third party/ ies.  

However, OCTOTEL is not obliged to grant access prior to the requester fulfilling the  requirements for access in terms of PAIA/ the Act, which includes notifying the third party that  such a request has been made. The prescribed fee for reproduction of the information  requested will be charged by OCTOTEL. 

3.3 Request Procedure 

A requester must comply with all the procedural requirements contained in the Act relating to a  request for access to a record.  

For instance, OCTOTEL may only process your request once the requirements in terms of PAIA  have been met.  

A requester may submit a request in the prescribed Form and submit it to our Information  Officer. The prescribed request form must be filled in with enough information to at least enable  the information officer to identify:  

• The record or records requested  

• The identity of the requester  

• What form of access is required?  

• The postal address or email address of the requester.  

A requester must state that he or she requires the information to exercise or protect a right, and  clearly state what the nature of the right is, so to be exercised or protected. The requester must  also provide an explanation of why the requested record is required for the exercise or  protection of that right.  

OCTOTEL will process a request within 30 days, unless the requestor has stated special  reasons which would satisfy the information officer that circumstances dictate that this period  not be complied with.  

The requester shall be informed in writing whether access has been granted or denied. If, in  addition, the requester requires the reasons for the decision in any other manner, he or she  must state the way it is required. If a request is made on behalf of another person, the requester  must then submit proof of the capacity in which the requester is making the request to the  satisfaction of the information officer.  

If an individual is unable to complete the prescribed form because of illiteracy or disability, such  a person may make the request orally to the information officer.  

3.4 Decision 

3.4.1 The Information Officer will, within 30 days of receipt of the request, decide whether to  grant or decline the request.  

3.4.2 The 30-day period may be extended for a further period if the request is for a large amount  of information or the request requires a search for information held at another office of  OCTOTEL and the information  

cannot reasonably be obtained within the original 30-day period. The Information Officer will  notify the Requester in writing should an extension be sought.  

3.5 Grounds For Refusal Of Access To Records In Terms Of PAIA

The following are the grounds on which OCTOTEL may, subject to the exceptions contained in  Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:  

3.5.1 Mandatory protection of the privacy of a third party who is a natural person, including a  deceased person, where such disclosure of Personal Information would be unreasonable.  

3.5.2 Mandatory protection of the commercial information of a third party, if the Records contain:  a) Trade secrets of that third party  

b) Financial, commercial, scientific, or technical information of the third party, the disclosure of  which could likely cause harm to the financial or commercial interests of that third party; and/or  c) Information disclosed in confidence by a third party to OCTOTEL, the disclosure of which  could put that third-party at a disadvantage in contractual or other negotiations or prejudice the  third party in commercial competition  

3.5.3 Mandatory protection of confidential information of third parties if it is protected in terms of  any agreement.  

3.5.4 Mandatory protection of the safety of individuals and the protection of property.  

3.5.5 Mandatory protection of Records that would be regarded as privileged in legal  proceedings.  

3.5.6 Protection of the commercial information of OCTOTEL, which may include:  a) Trade secrets  

b) Financial/commercial, scientific, or technical information, the disclosure of which could likely  cause harm to the financial or commercial interests of OCTOTEL.  

c) Information which, if disclosed, could put OCTOTEL at a disadvantage in contractual or other  negotiations or prejudice OCTOTEL in commercial competition; and/or  

d) Propriety software which are developed and ow, and which are protected by copyright and  intellectual property laws.  

3.5.7 Research information of OCTOTEL or a third party, if such disclosure would place the  research or the researcher at a serious disadvantage, and  

3.5.8 Requests for Records that are clearly frivolous or vexatious, or which involve an  unreasonable diversion of resources.  

3.6 Remedies Available To The Requester Upon Refusal Of A Request For Access Of  PAIA 

After submitting a complaint in the prescribed form provided in this Manual, and where  OCTOTEL is unable to resolve your complaint within one month (or extended period), to your  satisfaction, you have the right to refer your complaint to the relevant Information Regulator.  

3.6.1 Internal remedies  

OCTOTEL does not have internal appeal procedures. As such, the decision made by the  Information Officer is final, and Requesters will have to exercise such external remedies at their  disposal if the Request for Access is refused. 

3.6.2 External remedies  

Any person wishing to lay a matter of concern or complaint may do so at the Information  Regulator of South Africa.  

Website: www.inforegulator.org.za.  

Email: enquiries@inforegulator.org.za  

In respect of European Data Subjects at:  

The supervisory authority, in the Member State of  

your habitual residence, place of work or place of the alleged GDPR infringement. See link that  provides details of the list of supervisory authority’s details  

https://edpb.europa.eu/aboutedpb/board/members_en  

3.7 Availability Of This Manual 

3.7.1. This Manual is available for inspection by the public, upon request, during office hours  and free of charge at OCTOTEL’s offices.  

3.7.2. This Manual is also published on OCTOTEL’s website www.octotel.co.za  

4 Fees 

The Act provides for two types of fees:  

1. A request fee, (which will be a standard fee) When a request is received by the  information  

officer of OCTOTEL, the information officer shall by notice require the requester, other  than a personal requester, to pay the  

prescribed request fee, if any, before further processing of the request can take place. If  a search for the information is necessary  

and the preparation and disclosure of the information for disclosure, requires more time  than prescribed in the regulations for  

this purpose, the information officer shall notify the requester to pay as a deposit if the  request is granted.  

The information officer shall withhold information until the requester has paid the fee or fees  indicated.  

2. Reproduction/ Access fee  

A requester whose request  

for access to information has been granted, must pay an access fee reproduction, for  search, preparation, and for any time in excess  of the prescribed hours to prepare the information for disclosure including making  arrangements to make it available in the request form. If a deposit has been paid in respect of a request for access, which is refused, then  the information officer shall repay the  

deposit to the requester.  

 Below is a guideline for reproduction fees:  1. Request fee, payable by every requeste R140.00 2. Photocopy or printed black & white copy for every A4 page R2.00 per page or part of the page 3. Printed copy of A4-size page R2.00 per page or part of the page 4.For a copy in a computer-readable form on: – a flash drive (provided by the requester) R40.00 – a compact disc (CD) if the requester provides the CD to usR40.00 – a compact disc (CD) if we give the CD to the requester R60.00 5. For a transcription of visual images, for an A4-size page or part of the page This service will be outsourced. The fee will depend on the quotation from the service provider. 6. For a copy of visual images This service will be outsourced. The fee will depend on the quotation from the service provider. 7. For a transcription of an audio record, per A4-size page R24.00 8. For a copy of an audio record on a flash drive (provided by the requester) R40.00 For a copy of an audio record on compact disc (CD) if the requester provides the CD to us For a copy of an audio record on compactdisc (CD) if we give the CD to the requester R60.00 9. For each hour or part of an hour (excluding the first hour) reasonably required to search for, and prepare the record for disclosure The search and preparation fee cannot exceed R145.00-R435.00 10. Deposit: if the search exceeds 6 hours One-third of the amount per request. It is calculated in terms of items 2 to 8 above. 11.Postage, email or any other electronic transfer Actual expense, if any. 

5 Categories Of Records Held By The Company: Section 51(1)(E) 

5.4 Companies Act Records 

5.4.1 Company Incorporation  

5.4.2 Names of Directors  

5.4.3 Salaries of Directors  

5.4.4 Minutes of Board Meetings  

5.4.5 Records relating to the appointment of directors / auditor / secretary / public officer and  other officers  

5.5 Financial Records 

5.5.1 Financial Statements  

5.5.2 Documents relating to taxation of the company  

5.5.3 Accounting Records  

5.5.4 Financial Agreements  

5.6 Agreements or Contract Records 

5.6.1 Standard Agreements 

5.6.2 Contracts concluded with Companies  

5.6.3 Contracts concluded with Customers  

5.6.4 Third Party Contracts (such as Service Level Agreements etc.)  

5.6.5 Suppliers Contracts  

5.7 Employees 

5.7.1 List of Employees  

5.7.2 Personal Information of Employees  

5.7.3 Employee Contracts of Employment  

5.7.4 Salaries of Employees  

5.7.5 Leave Records  

5.8 Company Policies and Directives 

5.8.1 Internal relating to employees and the company  

5.8.2 External relating to clients and other third parties.  

5.9 Regulatory 

5.9.1 Licenses or Authorities  

5.10 Customer Information 

5.10.1 Customer Details  

5.10.2 Contact details of individuals within Customers  

5.10.3 Communications with Customers  

5.11 Systems, Solutions, and Information Technology 

5.11.1 Intellectual property pertaining to solutions and products developed.  5.11.2 Usage of solutions and products.  

  

6 Protection of Personal Information (POPIA compliance) 

6.4 Conditions of Processing 

Chapter 3 of POPI provides for the minimum Conditions for Lawful Processing of Personal  Information by a Responsible Party. These conditions may not be derogated from unless  specific exclusions apply as outlined in POPI. Below is a description of the eight Conditions for  Lawful Processing as contained in POPI:  

a) Accountability – the Responsible Party has an obligation to ensure that there is compliance  with POPI in respect of the Processing of Personal Information.  

b) Processing limitation – Personal Information must be collected directly from a Data Subject to  the extent applicable; must only be processed with the consent of the Data Subject and must  only be used for the purposes for which it was obtained.  

c) Purpose specification – Personal Information must only be processed for the specific purpose  for which it was obtained and must not be retained for any longer than it is needed to achieve  such purpose. 

d) Further processing limitation – further processing of Personal Information must be compatible  with the initial purpose for which the information was collected.  

e) Information quality – the Responsible Party must ensure that Personal Information held is  accurate and updated regularly and that the integrity of the information is maintained by  appropriate security measures.  

f) Openness – there must be transparency between the Data Subject and the Responsible  Party.  

g) Security safeguards – a Responsible Party must take reasonable steps to ensure that  adequate safeguards are in place to ensure that Personal Information is being processed  responsibly and is not unlawfully accessed.  

h) Data Subject participation – the Data Subject must be made aware that their information is  being processed and must have provided their informed consent to such processing.  

6.5 Purpose of the Processing of Personal Information by OCTOTEL 

As outlined in paragraph 6.1(c), Personal Information may only be Processed for a specific  purpose. The purposes for which OCTOTEL processes or will process Personal Information is  in line with the Act and with the informed consent of all parties.  

6.6 Categories of Data Subjects and Personal Information/special Personal Information  relating thereto 

As per section 1 of POPI, a Data Subject may either be a natural or a juristic person (persons  who are deceased are not covered in terms of this definition). The Privacy Policy sets out the  various categories of Data Subjects that OCTOTEL Processes Personal Information on and the  types of Personal Information relating thereto.  

6.7 Recipients of Personal Information 

OCTOTEL uses safeguards both internal and external to maintain the integrity and safety of all  its data subjects. Further, OCTOTEL reinforces its responsibilities under POPIA by only  engaging with Operators who also subscribe to POPI requirements.  

6.8 Cross-Border Flows Of Personal Information 

Section 72 of POPI provides that Personal Information may only be transferred out of the  Republic of South Africa:  

a) If the recipient country can offer such data an “adequate level” of protection. This means that  its data privacy laws must be substantially like the Conditions for Lawful Processing as  contained in POPI; or  

b) If the Data Subject consents to the transfer of their Personal Information; or 

c) If the transfer is necessary for the performance of a contractual obligation between the Data  Subject and the Responsible Party; or  

d) If the transfer is necessary for the performance of a contractual obligation between the  Responsible Party and a third party, in the interests of the Data Subject; or  

e) If the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to  obtain the consent of the Data Subject, and if it were, the Data Subject, would likely provide  such consent.  

OCTOTEL has trans-border flows of Personal Information as described below:  

6.8.1 we make use of systems hosted in European territories and Personal Information may be  stored in European zones which would be subject to strict data protection laws in line with the  GDPR.  

6.8.2 Before signing an agreement with a third-party service provider that we are required to  share Personal Information with, we ensure that their data protection standards are in line with  those outlined in Information Protection Laws and request that this obligation is provided for in  writing.  

6.9 Description of information security measures to be implemented by OCTOTEL 

A preliminary assessment of the information security measures implemented or to be  implemented by OCTOTEL may be conducted to ensure that the Personal Information is  processed and is safeguarded in accordance with the Conditions for Lawful Processing.  

6.10 Objection to the Processing of Personal Information by a Data Subject 

Section 11 (3) of POPI and regulation 2 of the POPI Regulations provides that a Data Subject  may, at any time object to the Processing of Personal Information and should make such  objections in writing to the Information Officer.  

6.11 Request for correction or deletion of Personal Information 

Section 24 of POPI and regulation 3 of the POPI Regulations provides that a Data Subject may  request for their Personal Information to be corrected/deleted in the prescribed form on the  website of the Information Regulator.