iiDENTIFii Pty Ltd (“Company”) Manual to Accessing Information (“Manual”)
This Manual has been prepared in terms of section 51 of the Promotion of Access to Information Act 2 of 2000
(“PAIA”) and updated in the light of the Protection of Personal Information Act 4 of 2013 (“POPIA”).

  1. Introduction
    1.1. This manual is for the Company.
  2. Purpose of PAIA
    2.1. PAIA is an act that was passed to give effect to the constitutional right, held by everyone in South
    African, of access to information which is held by the State or by another person and which is
    required for the exercise or protection of any right. Where a request is made in terms of PAIA, the
    body to which the request is made is obliged to give access to the requested information, except
    where the Act expressly provides that the information may or must not be released.
    2.2. It is important to note that PAIA recognises certain limitations to the right of access to information,
    including, but not exclusively, limitations aimed at the reasonable protection of privacy, commercial
    confidentiality, and effective, efficient and good governance, and in a manner which balances that
    right with any other rights, including such rights contained in the Bill of Rights in the Constitution.
    2.3. POPIA was enacted in November 2013, to promote the protection of personal information processed
    by public and private bodies. POPIA amended certain provisions of PAIA, balancing the need for
    access to information against the need to ensure the protection of personal information.

2.4. This PAIA Manual is useful for the public to-
2.4.1. check the categories of records held by a body which are available without a person having to

submit a formal PAIA request;
2.4.2. have a sufficient understanding of how to make a request for access to a record of the body, by
providing a description of the subjects on which the body holds records and the categories of
records held on each subject;
2.4.3. know the description of the records of the body which are available in accordance with any
other legislation;
2.4.4. access all the relevant contact details of the Information Officer and Deputy Information Officer
who will assist the public with the records they intend to access;
2.4.5. know the description of the guide on how to use PAIA, as updated by the Regulator and how to
obtain access to it;
2.4.6. know if the body will process personal information, the purpose of processing of personal
information and the description of the categories of data subjects and of the information or
categories of information relating thereto;
2.4.7. know the description of the categories of data subjects and of the information or categories of
information relating thereto;
2.4.8. know the recipients or categories of recipients to whom the personal information may be
supplied;
2.4.9. know if the body has planned to transfer or process personal information outside the Republic
of South Africa and the recipients or categories of recipients to whom the personal information
may be supplied; and
2.4.10. know whether the body has appropriate security measures to ensure the confidentiality,
integrity and availability of the personal information which is to be processed.

  1. Guide to PAIA
    3.1. The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the
    revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may
    reasonably be required by a person who wishes to exercise any right contemplated in PAIA and
    POPIA.
    3.2. The Guide is available from the Information Regulator in each of the official languages and in braille.
    3.3. Members of the public can inspect or make copies of the Guide from the offices of the public and
    private bodies, including the office of the Regulator, during normal working hours.

3.4. The Guide can also be obtained-
3.4.1. upon request to the Information Officer;

3.4.2. from the website of the Regulator (https://www.justice.gov.za/inforeg/).
3.5. A copy of the Guide is also available in the following two official languages, for public inspection

during normal office hours-
3.5.1. English; and

3.5.2. Afrikaans.

  1. Information manual
    4.1. One of the main requirements specified in PAIA is the compilation of an information manual that
    provides information on both the types and categories of records held by a private body. This
    document serves as Company’s information manual. This Manual is compiled in accordance with
    section 51 of PAIA and the Schedule to POPIA. It is intended to give a description of the records held
    by and on behalf of Company; to outline the procedure to be followed and the fees payable when
    requesting access to any of these records in the exercise of the right of access to information, with a
    view of enabling requesters to obtain records which they are entitled to in a quick, easy and
    accessible manner.
    4.2. This Manual is available for public inspection at the physical address of Company, recorded in
    paragraph 4 below, free of charge; and on this website, free of charge; and on request by any person
    (along with payment of a prescribed fee).
    4.3. The Manual is available from the designated Information Officer, whose details appear below.
    4.4. The responsibility for administration of, and compliance with, PAIA and POPIA have been delegated
    to the Information Officer.
    4.5. Requests pursuant to the provisions of PAIA and/or POPIA should be directed to the Information
    Officer as follows:
    Name: Gur Geva
    Address: 2 Constant Close, Ruyteplaats Estate, Hout Bay,
    Email: gur@iidentifii.com
    Contact: 072 5315810
  2. Automatic disclosure
    5.1. A private body may, on a voluntary basis, make available a description of categories of records that
    are automatically available without a person having to request access in terms of PAIA.
    5.2. The only fee for access to these records may be a prescribed fee for reproduction.
  3. Types and categories of records
    6.1. A requester may also request information that is available in terms of other legislation, such as (the
    below is not an exhaustive list):
    6.1.1. Competition Act 89 of 1998;
    6.1.2. The Companies Act 71 of 2008;
    6.1.3. The Labour Relations Act 66 of 1995;
    6.1.4. Employment Equity Act 55 of 1998;
    6.1.5. Basic Conditions of Employment Act 75 of 1997;
    6.1.6. Compensation for Occupational Injuries and Diseases Act 130 of 1993;
    6.1.7. Electronic Communications and Transactions Act No. 25 of 2002
    6.1.8. Financial Intelligence Centre Act 38 of 2001;
    6.1.9. Income Tax Act 58 of 1962;
    6.1.10. Protection of Personal Information Act of 2013
    6.1.11. Skills development Levies Act No. 9 of 1999
    6.1.12. Trademarks Act No. 194.of 1993
    6.1.13. Occupational Health and Safety Act 85 of 1993;
    6.1.14. Unemployment Insurance Act 63 of 2001;
    6.1.15. Value-added Tax Act 89 of 1991; and
    6.1.16. Consumer Protection Act 68 of 2008.
    6.1.17.
  4. Subject Categories of Records
    The information is classified and grouped according to records relating to the following subjects and
    categories:
    7.1. Personnel Records: “Personnel” refers to any person who works for or provides services to or on
    behalf of Company and receives, or is entitled to receive, remuneration and any other person who
    assists in carrying out or conducting the business of Company. It includes, without limitation,

directors (executive and non-executive), all permanent, temporary and part-time staff, as well as
contract workers.
7.2. Personal records provided by personnel include:
7.2.1. Records provided by a third party relating to Personnel;
7.2.2. Conditions of employment and other Personnel-related contractual and quasi-legal records,
including job applications;
7.2.3. Internal evaluation records and other internal records;
7.2.4. Correspondence relating to, or emanating from, Personnel (internal and external to the
organization); and
7.2.5. Training schedules and material;
7.2.6. Payment records (and beneficiary payments), including banking details.
7.3. Client Related Records: “Client” refers to any natural or juristic entity that receives services from
Company.
7.4. Client related records include:
7.4.1. Records provided by a client to a third party acting for or on behalf of Company;
7.4.2. Records provided by a third party (for example, records from a reseller);
7.4.3. Records generated by or within Company relating to its clients;
7.4.4. Transactional records;
7.4.5. Correspondence with a client that is implicitly or explicitly of a private or confidential nature
7.4.6. Records pertaining to a client retrieved from “other sources”, such as any credit bureau or credit
providers industry association.
7.5. Private Body Records which include but are not limited to records pertaining to Company’s own
internal affairs:
7.5.1. Financial records;
7.5.2. Operational records;
7.5.3. Information technology;
7.5.4. Communication;
7.5.5. Administrative records, such as contracts and service level agreements;
7.5.6. Product records;
7.5.7. Statutory records;
7.5.8. Internal Policies and procedures; and
7.5.9. Human resources records.
7.6. Other Party Records:
7.6.1. Records held by Company pertaining to other parties, including without limitation, financial
records, correspondence, contractual records, records provided by the other party (for example
third party beneficiaries or employees of a client), and records third parties have provided
about Company’s contractors / suppliers.
7.6.2. Company may possess records pertaining to other parties including, but not limited to,
contractors, suppliers, and service providers and such other parties may possess records that
can be said to belong to Company.

  1. Processing details
    8.1. In terms of POPIA, data must be processed for a specified purpose. The purpose for which data are
    processed by Company will depend on the nature of the data and the particular data subject. This
    purpose is ordinarily disclosed, explicitly or implicitly, at the time the data are collected.
    8.2. Purpose of Processing
    8.2.1. Personnel data
    8.2.1.1. Company processes personnel data for business administration purposes. For example,
    personnel data are processed for payroll purposes. Personnel data are also processed to
    the extent required by legislation and regulation. For example, Company discloses
    employees’ financial information to the Commissioner for the South African Revenue
    Service, in terms of the Income Tax Act 58 of 1962 and employee’s sensitive personal
    information in terms of the Employment Equity Act 55 of 1998.

8.2.2. Client related data
8.2.2.1. Company processes client related records as an integral party of its commercial services.
For example Company processes client related records during the client application and
onboarding processes and for provision of a service.
8.2.2.2. This list of processing purposes is non-exhaustive.

  1. Third party data
    9.1. Company processes third party records for business administration purposes.
  2. Other party data
    10.1. Company processes “other party” records for business administration purposes. For example,
    Personnel data may be processed in order to effect payment to contractors and / or suppliers.
    10.2. In performing these various tasks, Company may, amongst others, collect, collate, process, store and
    disclose personal information.
  3. Categories of Data Subjects. Company holds information and records on the following category of data
    subject:
    11.1. Employees / Personnel of Company;
    11.2. Clients of Company;
    11.3. Any third party with whom Company conducts its business services;
    11.4. Contractors of Company;
    11.5. Suppliers of Company;
    11.6. Service providers of Company.
    This list of categories of data subjects is non-exhaustive.
  4. Recipients To Whom Personal Information Will Be Supplied
    12.1.Depending on the nature of the data, Company may supply information or records to the following
    categories of recipients:
    12.1.1. Statutory oversight bodies, regulators or judicial commissions of enquiry making a request for
    data (i.e. the Information Regulator in terms of POPIA);
    12.1.2. Any court, administrative or judicial forum, arbitration, statutory commission, or ombudsman
    making a request for data or discovery in terms of the applicable rules (i.e. the Competition
    Commission in terms of the Competition Act 89 of 1998);
    12.1.3. South African Revenue Services, or another similar authority;
    12.1.4. A contracted third party who requires this information to provide services;
    12.1.5. Third parties with whom Company has a contractual relationship for the retention of data
    (for example, a third party hosting services);
    12.1.6. Research/ academic institutions;
    12.1.7. Auditing and accounting bodies (internal and external);
    12.1.8. Anyone making a successful application for access in terms of PAIA.
  5. Planned Transborder Flows Of Personal Information
    13.1. Company may transfer personal information to a third party who is in a foreign country in order to
    administer certain services, but may only do so subject to the provisions of POPIA. Thus internal
    cross-border transfers, as well as external cross-border transfers of information are envisaged,
    subject to the provisions of POPIA.
  6. Security Measures
    14.1. Company takes extensive information security measures to ensure the confidentiality, integrity and
    availability of personal information in Company’s possession. Company takes appropriate technical
    and organizational measures designed to ensure that personal data remain confidential and secure
    against unauthorized or unlawful processing and against accidental loss, destruction or damage.
  7. Grounds for Refusal of Access to Records
    15.1. Company may refuse a request for information on the following basis:
    15.1.1. Mandatory protection of the privacy of a third party who is a natural person, which would
    involve the unreasonable disclosure of personal information of that natural person;
    15.1.2. Mandatory protection of the commercial information of a third party, if the record contains:
    15.1.2.1.Trade secrets of that third party;
    15.1.2.2.Financial, commercial, scientific or technical information which disclosure could likely
    cause harm to the financial or commercial interests of that third party; and
    15.1.2.3.Information disclosed in confidence by a third party to Company, if the disclosure could
    put that third party at a disadvantage in negotiations or commercial competition.
    15.1.3. Mandatory protection of confidential information of third parties if it is protected in terms of
    any agreement or legislation;
    15.1.4. Mandatory protection of the safety of individuals and the protection of property;
    15.1.5. Mandatory protection of records which would be regarded as privileged in legal proceedings;
    15.1.6. The commercial activities of Company, which may include:
    15.1.6.1.Trade secrets of Company;

15.1.6.2.Financial, which, if disclosed, could put Company at a disadvantage in negotiations or
commercial competition;
15.1.6.3.A computer program which is owned by Company and which is protected by copyright.
15.1.7. Requests for information that are clearly frivolous or vexatious, or which involve an
unreasonable diversion of resources shall be refused.

  1. Access procedure
    16.1. A requester is any person making a request for access to a record of, or held by, Company. The
    requester is entitled to request access to information, including information pertaining to third
    parties, but Company is not obliged to grant such access. Apart from the fact that access to a record
    can be refused based on the grounds set out in paragraph 15 above, in order to successfully access
    information, the requester must fulfil the prerequisite requirements for access in terms of PAIA,
    including the payment of a request and access fee.
  2. Access Request Procedure
    17.1. A requester requiring access to information held by Company must complete the prescribed Access
    Request Form, available here: https://www.justice.gov.za/forms/paia/J752_paia_Form%20C.pdf,
    submit it to the Information Officer at the physical address or electronic mail address recorded in
    paragraph 3.5 and pay a request fee (and a deposit, if applicable).
    17.2. In order to facilitate a timely response to requests for access, all requesters should take note of the
    following when completing the Access Request Form:
    17.2.1. The Access Request Form must be comprehensively completed.
    17.2.2. Proof of identity is required to authenticate the identity of the requester. Therefore, in
    addition to the access request form, requesters will be required to supply a copy of their
    identification document.
    17.2.3. Every applicable question must be answered. If a question does not apply “N/A” should be
    stated in response to that question. If there is nothing to disclose in reply to a particular
    question “Nil” should be stated in response to that question.
    17.2.4. The Access Request Form must be completed with enough particularity to enable the
    Information Officer to identify:
    17.2.4.1.The record(s) requested;
    17.2.4.2.The identity number of the requester;
    17.2.4.3.The form of access required if the request is granted;
    17.2.4.4.The postal address or fax number of the requester.
    17.3. The requester must also state that he or she requires the information in order to exercise or protect a
    right, and clearly state the nature of the right to be exercised or protected. In addition, the requester
    must clearly specify why the record is necessary to exercise or protect such a right.
    17.4. If a request is made on behalf of another person, then the requester must submit proof of the
    capacity in which the requester is making the request to the reasonable satisfaction of the
    Information Officer.
    17.5. If an individual is unable to complete the prescribed form because of illiteracy or disability, such a
    person may make the request orally.
    17.6. The requester will be informed in writing whether access has been granted or denied. If, in addition,
    the requester requires the reasons for the decision in any other manner, he must state the manner
    and the particulars so required.
  3. Payment Of Fees for Copies of the PAIA Manual

18.1. A copy of the Manual is available-
18.1.1. on ( specify the website), if any;

18.1.2. head office of the ( name of the body) for public inspection during normal business hours;
18.1.3. to any person upon request and upon the payment of a reasonable prescribed fee; and
18.1.4. to the Information Regulator upon request.
18.2. A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be payable
per each A4-size photocopy made.

  1. Third Party Notification
    19.1. Company must take all reasonable steps to inform a third party to whom or which a requested record
    relates if the disclosure of that records would –
    19.1.1. involve the disclosure of personal information about that third party;

19.1.2. involve the disclosure of trade secrets of that third party; financial, commercial, scientific or
technical information (other than trade secrets) of that third party, the disclosure of which
would be likely to cause harm to the commercial or financial interests of that third party; or
information supplied in confidence by a third party, the disclosure of which could reasonably be
expected to put that third party at a disadvantage in contractual or other negotiations; or to
prejudice that third party in commercial competition;
19.1.3. constitute an action for breach of a duty of confidence owed to a third party in terms of an
agreement; or
19.1.4. involve the disclosure of information about research being, or to be, carried out by or on
behalf of a third party, the disclosure of which would be likely to expose the third party, a
person that is or will be carrying out the research on behalf of the third party, or the subject
matter of the research, to serious disadvantage.
19.2. Company will inform the third party as soon as reasonably possible, but in any event, within 21 days
after that request is received.

19.3. Within 21 days of being informed of the request, the third party may-
19.3.1. make written or oral representations to the Information Officer why the request for access

should be refused; or
19.3.2. give written consent for the disclosure of the record to the requester.
19.4. Company will notify the third party of the outcome of the request. If the request is granted,
adequate reasons for granting the request will be given.
19.5. The third party may lodge a complaint to the Information Regulator or an application with a court
against the decision within 30 days after notice is given, after which the requester will be given
access to the record after the expiry of the 30 day period.

  1. Notification of Decision
    20.1. The Information Officer will, within 30 days of receipt of the request, decide whether to grant or
    decline the request and give notice with reasons (if required) to that effect.
    20.2. The 30 day period, within which Company has to decide whether to grant or refuse the request, may
    be extended for a further period of not more than 30 days if the information cannot reasonably be
    obtained within the original 30 day period. For example, the time period may be extended if the
    request is for a large amount of information, or the request requires Company to search for
    information held at another office of Company.
    20.3. The Information Officer will notify the requester in writing should an extension be required. The
    requester may lodge a complaint to the Information Regulator or an application with a court against
    the extension.
  2. Remedies Available for Refusals for a Request for Information
    21.1. All complaints, by a requester or a third party, can be made to the Information Regulator or a court,
    in the manner prescribed below.
    21.2. The requester or third party, as the case may be, may submit a complaint in writing to the
    Information Regulator, within 180 days of the decision, alleging that the decision was not in
    compliance with the provisions of PAIA.
    21.3. The Information Regulator will investigate the complaint and reach a decision – which may include a
    decision to investigate, to take no further action or to refer the complaint to the Enforcement
    Committee established in terms of POPIA. The Information Regulator may serve an enforcement
    notice confirming, amending or setting aside the impugned decision, which must be accompanied by
    reasons.
    21.4. An application to court maybe brought in the ordinary course. For purposes of PAIA, any reference to
    an application to court includes an application to a Magistrates’ Court.