iiDENTIFii Pty Ltd (“Company”) Manual to Accessing Information (“Manual”)
This Manual has been prepared in terms of section 51 of the Promotion of Access to Information Act 2 of 2000
(“PAIA”) and updated in the light of the Protection of Personal Information Act 4 of 2013 (“POPIA”).
1.1. This manual is for the Company.
- Purpose of PAIA
2.1. PAIA is an act that was passed to give effect to the constitutional right, held by everyone in South
African, of access to information which is held by the State or by another person and which is
required for the exercise or protection of any right. Where a request is made in terms of PAIA, the
body to which the request is made is obliged to give access to the requested information, except
where the Act expressly provides that the information may or must not be released.
2.2. It is important to note that PAIA recognises certain limitations to the right of access to information,
including, but not exclusively, limitations aimed at the reasonable protection of privacy, commercial
confidentiality, and effective, efficient and good governance, and in a manner which balances that
right with any other rights, including such rights contained in the Bill of Rights in the Constitution.
2.3. POPIA was enacted in November 2013, to promote the protection of personal information processed
by public and private bodies. POPIA amended certain provisions of PAIA, balancing the need for
access to information against the need to ensure the protection of personal information.
2.4. This PAIA Manual is useful for the public to-
2.4.1. check the categories of records held by a body which are available without a person having to
submit a formal PAIA request;
2.4.2. have a sufficient understanding of how to make a request for access to a record of the body, by
providing a description of the subjects on which the body holds records and the categories of
records held on each subject;
2.4.3. know the description of the records of the body which are available in accordance with any
2.4.4. access all the relevant contact details of the Information Officer and Deputy Information Officer
who will assist the public with the records they intend to access;
2.4.5. know the description of the guide on how to use PAIA, as updated by the Regulator and how to
obtain access to it;
2.4.6. know if the body will process personal information, the purpose of processing of personal
information and the description of the categories of data subjects and of the information or
categories of information relating thereto;
2.4.7. know the description of the categories of data subjects and of the information or categories of
information relating thereto;
2.4.8. know the recipients or categories of recipients to whom the personal information may be
2.4.9. know if the body has planned to transfer or process personal information outside the Republic
of South Africa and the recipients or categories of recipients to whom the personal information
may be supplied; and
2.4.10. know whether the body has appropriate security measures to ensure the confidentiality,
integrity and availability of the personal information which is to be processed.
- Guide to PAIA
3.1. The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the
revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may
reasonably be required by a person who wishes to exercise any right contemplated in PAIA and
3.2. The Guide is available from the Information Regulator in each of the official languages and in braille.
3.3. Members of the public can inspect or make copies of the Guide from the offices of the public and
private bodies, including the office of the Regulator, during normal working hours.
3.4. The Guide can also be obtained-
3.4.1. upon request to the Information Officer;
3.4.2. from the website of the Regulator (https://www.justice.gov.za/inforeg/).
3.5. A copy of the Guide is also available in the following two official languages, for public inspection
during normal office hours-
3.5.1. English; and
- Information manual
4.1. One of the main requirements specified in PAIA is the compilation of an information manual that
provides information on both the types and categories of records held by a private body. This
document serves as Company’s information manual. This Manual is compiled in accordance with
section 51 of PAIA and the Schedule to POPIA. It is intended to give a description of the records held
by and on behalf of Company; to outline the procedure to be followed and the fees payable when
requesting access to any of these records in the exercise of the right of access to information, with a
view of enabling requesters to obtain records which they are entitled to in a quick, easy and
4.2. This Manual is available for public inspection at the physical address of Company, recorded in
paragraph 4 below, free of charge; and on this website, free of charge; and on request by any person
(along with payment of a prescribed fee).
4.3. The Manual is available from the designated Information Officer, whose details appear below.
4.4. The responsibility for administration of, and compliance with, PAIA and POPIA have been delegated
to the Information Officer.
4.5. Requests pursuant to the provisions of PAIA and/or POPIA should be directed to the Information
Officer as follows:
Name: Gur Geva
Address: 2 Constant Close, Ruyteplaats Estate, Hout Bay,
Contact: 072 5315810
- Automatic disclosure
5.1. A private body may, on a voluntary basis, make available a description of categories of records that
are automatically available without a person having to request access in terms of PAIA.
5.2. The only fee for access to these records may be a prescribed fee for reproduction.
- Types and categories of records
6.1. A requester may also request information that is available in terms of other legislation, such as (the
below is not an exhaustive list):
6.1.1. Competition Act 89 of 1998;
6.1.2. The Companies Act 71 of 2008;
6.1.3. The Labour Relations Act 66 of 1995;
6.1.4. Employment Equity Act 55 of 1998;
6.1.5. Basic Conditions of Employment Act 75 of 1997;
6.1.6. Compensation for Occupational Injuries and Diseases Act 130 of 1993;
6.1.7. Electronic Communications and Transactions Act No. 25 of 2002
6.1.8. Financial Intelligence Centre Act 38 of 2001;
6.1.9. Income Tax Act 58 of 1962;
6.1.10. Protection of Personal Information Act of 2013
6.1.11. Skills development Levies Act No. 9 of 1999
6.1.12. Trademarks Act No. 194.of 1993
6.1.13. Occupational Health and Safety Act 85 of 1993;
6.1.14. Unemployment Insurance Act 63 of 2001;
6.1.15. Value-added Tax Act 89 of 1991; and
6.1.16. Consumer Protection Act 68 of 2008.
- Subject Categories of Records
The information is classified and grouped according to records relating to the following subjects and
7.1. Personnel Records: “Personnel” refers to any person who works for or provides services to or on
behalf of Company and receives, or is entitled to receive, remuneration and any other person who
assists in carrying out or conducting the business of Company. It includes, without limitation,
directors (executive and non-executive), all permanent, temporary and part-time staff, as well as
7.2. Personal records provided by personnel include:
7.2.1. Records provided by a third party relating to Personnel;
7.2.2. Conditions of employment and other Personnel-related contractual and quasi-legal records,
including job applications;
7.2.3. Internal evaluation records and other internal records;
7.2.4. Correspondence relating to, or emanating from, Personnel (internal and external to the
7.2.5. Training schedules and material;
7.2.6. Payment records (and beneficiary payments), including banking details.
7.3. Client Related Records: “Client” refers to any natural or juristic entity that receives services from
7.4. Client related records include:
7.4.1. Records provided by a client to a third party acting for or on behalf of Company;
7.4.2. Records provided by a third party (for example, records from a reseller);
7.4.3. Records generated by or within Company relating to its clients;
7.4.4. Transactional records;
7.4.5. Correspondence with a client that is implicitly or explicitly of a private or confidential nature
7.4.6. Records pertaining to a client retrieved from “other sources”, such as any credit bureau or credit
providers industry association.
7.5. Private Body Records which include but are not limited to records pertaining to Company’s own
7.5.1. Financial records;
7.5.2. Operational records;
7.5.3. Information technology;
7.5.5. Administrative records, such as contracts and service level agreements;
7.5.6. Product records;
7.5.7. Statutory records;
7.5.8. Internal Policies and procedures; and
7.5.9. Human resources records.
7.6. Other Party Records:
7.6.1. Records held by Company pertaining to other parties, including without limitation, financial
records, correspondence, contractual records, records provided by the other party (for example
third party beneficiaries or employees of a client), and records third parties have provided
about Company’s contractors / suppliers.
7.6.2. Company may possess records pertaining to other parties including, but not limited to,
contractors, suppliers, and service providers and such other parties may possess records that
can be said to belong to Company.
- Processing details
8.1. In terms of POPIA, data must be processed for a specified purpose. The purpose for which data are
processed by Company will depend on the nature of the data and the particular data subject. This
purpose is ordinarily disclosed, explicitly or implicitly, at the time the data are collected.
8.2. Purpose of Processing
8.2.1. Personnel data
126.96.36.199. Company processes personnel data for business administration purposes. For example,
personnel data are processed for payroll purposes. Personnel data are also processed to
the extent required by legislation and regulation. For example, Company discloses
employees’ financial information to the Commissioner for the South African Revenue
Service, in terms of the Income Tax Act 58 of 1962 and employee’s sensitive personal
information in terms of the Employment Equity Act 55 of 1998.
8.2.2. Client related data
188.8.131.52. Company processes client related records as an integral party of its commercial services.
For example Company processes client related records during the client application and
onboarding processes and for provision of a service.
184.108.40.206. This list of processing purposes is non-exhaustive.
- Third party data
9.1. Company processes third party records for business administration purposes.
- Other party data
10.1. Company processes “other party” records for business administration purposes. For example,
Personnel data may be processed in order to effect payment to contractors and / or suppliers.
10.2. In performing these various tasks, Company may, amongst others, collect, collate, process, store and
disclose personal information.
- Categories of Data Subjects. Company holds information and records on the following category of data
11.1. Employees / Personnel of Company;
11.2. Clients of Company;
11.3. Any third party with whom Company conducts its business services;
11.4. Contractors of Company;
11.5. Suppliers of Company;
11.6. Service providers of Company.
This list of categories of data subjects is non-exhaustive.
- Recipients To Whom Personal Information Will Be Supplied
12.1.Depending on the nature of the data, Company may supply information or records to the following
categories of recipients:
12.1.1. Statutory oversight bodies, regulators or judicial commissions of enquiry making a request for
data (i.e. the Information Regulator in terms of POPIA);
12.1.2. Any court, administrative or judicial forum, arbitration, statutory commission, or ombudsman
making a request for data or discovery in terms of the applicable rules (i.e. the Competition
Commission in terms of the Competition Act 89 of 1998);
12.1.3. South African Revenue Services, or another similar authority;
12.1.4. A contracted third party who requires this information to provide services;
12.1.5. Third parties with whom Company has a contractual relationship for the retention of data
(for example, a third party hosting services);
12.1.6. Research/ academic institutions;
12.1.7. Auditing and accounting bodies (internal and external);
12.1.8. Anyone making a successful application for access in terms of PAIA.
- Planned Transborder Flows Of Personal Information
13.1. Company may transfer personal information to a third party who is in a foreign country in order to
administer certain services, but may only do so subject to the provisions of POPIA. Thus internal
cross-border transfers, as well as external cross-border transfers of information are envisaged,
subject to the provisions of POPIA.
- Security Measures
14.1. Company takes extensive information security measures to ensure the confidentiality, integrity and
availability of personal information in Company’s possession. Company takes appropriate technical
and organizational measures designed to ensure that personal data remain confidential and secure
against unauthorized or unlawful processing and against accidental loss, destruction or damage.
- Grounds for Refusal of Access to Records
15.1. Company may refuse a request for information on the following basis:
15.1.1. Mandatory protection of the privacy of a third party who is a natural person, which would
involve the unreasonable disclosure of personal information of that natural person;
15.1.2. Mandatory protection of the commercial information of a third party, if the record contains:
220.127.116.11.Trade secrets of that third party;
18.104.22.168.Financial, commercial, scientific or technical information which disclosure could likely
cause harm to the financial or commercial interests of that third party; and
22.214.171.124.Information disclosed in confidence by a third party to Company, if the disclosure could
put that third party at a disadvantage in negotiations or commercial competition.
15.1.3. Mandatory protection of confidential information of third parties if it is protected in terms of
any agreement or legislation;
15.1.4. Mandatory protection of the safety of individuals and the protection of property;
15.1.5. Mandatory protection of records which would be regarded as privileged in legal proceedings;
15.1.6. The commercial activities of Company, which may include:
126.96.36.199.Trade secrets of Company;
188.8.131.52.Financial, which, if disclosed, could put Company at a disadvantage in negotiations or
184.108.40.206.A computer program which is owned by Company and which is protected by copyright.
15.1.7. Requests for information that are clearly frivolous or vexatious, or which involve an
unreasonable diversion of resources shall be refused.
- Access procedure
16.1. A requester is any person making a request for access to a record of, or held by, Company. The
requester is entitled to request access to information, including information pertaining to third
parties, but Company is not obliged to grant such access. Apart from the fact that access to a record
can be refused based on the grounds set out in paragraph 15 above, in order to successfully access
information, the requester must fulfil the prerequisite requirements for access in terms of PAIA,
including the payment of a request and access fee.
- Access Request Procedure
17.1. A requester requiring access to information held by Company must complete the prescribed Access
Request Form, available here: https://www.justice.gov.za/forms/paia/J752_paia_Form%20C.pdf,
submit it to the Information Officer at the physical address or electronic mail address recorded in
paragraph 3.5 and pay a request fee (and a deposit, if applicable).
17.2. In order to facilitate a timely response to requests for access, all requesters should take note of the
following when completing the Access Request Form:
17.2.1. The Access Request Form must be comprehensively completed.
17.2.2. Proof of identity is required to authenticate the identity of the requester. Therefore, in
addition to the access request form, requesters will be required to supply a copy of their
17.2.3. Every applicable question must be answered. If a question does not apply “N/A” should be
stated in response to that question. If there is nothing to disclose in reply to a particular
question “Nil” should be stated in response to that question.
17.2.4. The Access Request Form must be completed with enough particularity to enable the
Information Officer to identify:
220.127.116.11.The record(s) requested;
18.104.22.168.The identity number of the requester;
22.214.171.124.The form of access required if the request is granted;
126.96.36.199.The postal address or fax number of the requester.
17.3. The requester must also state that he or she requires the information in order to exercise or protect a
right, and clearly state the nature of the right to be exercised or protected. In addition, the requester
must clearly specify why the record is necessary to exercise or protect such a right.
17.4. If a request is made on behalf of another person, then the requester must submit proof of the
capacity in which the requester is making the request to the reasonable satisfaction of the
17.5. If an individual is unable to complete the prescribed form because of illiteracy or disability, such a
person may make the request orally.
17.6. The requester will be informed in writing whether access has been granted or denied. If, in addition,
the requester requires the reasons for the decision in any other manner, he must state the manner
and the particulars so required.
- Payment Of Fees for Copies of the PAIA Manual
18.1. A copy of the Manual is available-
18.1.1. on ( specify the website), if any;
18.1.2. head office of the ( name of the body) for public inspection during normal business hours;
18.1.3. to any person upon request and upon the payment of a reasonable prescribed fee; and
18.1.4. to the Information Regulator upon request.
18.2. A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be payable
per each A4-size photocopy made.
- Third Party Notification
19.1. Company must take all reasonable steps to inform a third party to whom or which a requested record
relates if the disclosure of that records would –
19.1.1. involve the disclosure of personal information about that third party;
19.1.2. involve the disclosure of trade secrets of that third party; financial, commercial, scientific or
technical information (other than trade secrets) of that third party, the disclosure of which
would be likely to cause harm to the commercial or financial interests of that third party; or
information supplied in confidence by a third party, the disclosure of which could reasonably be
expected to put that third party at a disadvantage in contractual or other negotiations; or to
prejudice that third party in commercial competition;
19.1.3. constitute an action for breach of a duty of confidence owed to a third party in terms of an
19.1.4. involve the disclosure of information about research being, or to be, carried out by or on
behalf of a third party, the disclosure of which would be likely to expose the third party, a
person that is or will be carrying out the research on behalf of the third party, or the subject
matter of the research, to serious disadvantage.
19.2. Company will inform the third party as soon as reasonably possible, but in any event, within 21 days
after that request is received.
19.3. Within 21 days of being informed of the request, the third party may-
19.3.1. make written or oral representations to the Information Officer why the request for access
should be refused; or
19.3.2. give written consent for the disclosure of the record to the requester.
19.4. Company will notify the third party of the outcome of the request. If the request is granted,
adequate reasons for granting the request will be given.
19.5. The third party may lodge a complaint to the Information Regulator or an application with a court
against the decision within 30 days after notice is given, after which the requester will be given
access to the record after the expiry of the 30 day period.
- Notification of Decision
20.1. The Information Officer will, within 30 days of receipt of the request, decide whether to grant or
decline the request and give notice with reasons (if required) to that effect.
20.2. The 30 day period, within which Company has to decide whether to grant or refuse the request, may
be extended for a further period of not more than 30 days if the information cannot reasonably be
obtained within the original 30 day period. For example, the time period may be extended if the
request is for a large amount of information, or the request requires Company to search for
information held at another office of Company.
20.3. The Information Officer will notify the requester in writing should an extension be required. The
requester may lodge a complaint to the Information Regulator or an application with a court against
- Remedies Available for Refusals for a Request for Information
21.1. All complaints, by a requester or a third party, can be made to the Information Regulator or a court,
in the manner prescribed below.
21.2. The requester or third party, as the case may be, may submit a complaint in writing to the
Information Regulator, within 180 days of the decision, alleging that the decision was not in
compliance with the provisions of PAIA.
21.3. The Information Regulator will investigate the complaint and reach a decision – which may include a
decision to investigate, to take no further action or to refer the complaint to the Enforcement
Committee established in terms of POPIA. The Information Regulator may serve an enforcement
notice confirming, amending or setting aside the impugned decision, which must be accompanied by
21.4. An application to court maybe brought in the ordinary course. For purposes of PAIA, any reference to
an application to court includes an application to a Magistrates’ Court.