PAIA MANUAL
RICHTERS ACCESS TO INFORMATION MANUAL
1. BACKGROUND
1.1. THE PROMOTION OF ACCESS TO INFORMATION ACT 2 OF 2000 (“PAIA”) AND THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013 (“POPI”)
PAIA provides for the constitutional right of access to any information held by the State or another person, where any person requires such access to exercise or protect a legitimate right. POPI provides for inter alia the protection of personal information processed by public and private bodies and the regulation thereof. POPI has amended portions of PAIA and has established the Information Regulator, which has replaced the South African Human Rights Commission insofar as PAIA is concerned.
Should a request be made in terms of PAIA, the body to whom the request is made is obliged to release the information, subject to other applicable legislative and / or regulatory requirements, except where PAIA expressly provides that the information may or must not be released. Section 51 of PAIA requires that all private bodies compile a manual providing for the procedure to request information held by such private body, as well as certain information regarding the processing of personal information.
1.2. WHAT IS THE PURPOSE OF THIS MANUAL?
This manual has been prepared in terms of section 51 of PAIA and updated in the light of the POPI. (“the Manual”). This Manual applies to Richters and all its divisions, subsidiaries, affiliates and / or entities controlled by it (if applicable (collectively referred to in this document as “Richters”)).
This Manual is intended to:
- give a description of the records held by and on behalf of Richters; and
- to outline the procedure to be followed and the fees payable when requesting access to any of these records in the exercise of the right of access to information with a view of enabling requesters to obtain records which they are entitled to in a quick, easy and accessible manner.
This Manual is available for public inspection [i] at the physical address of Richters, recorded in paragraph 2 below, during office hours and free of charge; [ii] on Richters’ website, free of charge; and [iii] in hard copy, on request by any person (along with payment of a prescribed fee).
2. COMPANY OVERVIEW AND DETAILS
Richters is a specialist South African corporate, business and commercial law firm, based in Rosebank, Johannesburg, South Africa, being the commercial and financial hub of the African Continent.
Richters’ contact details are as follows:
Our Information Officer’s Contact Details
Name: Bernhard Richter
Contact Number: 011 880 6737
Email Address: bernhard@richterlaw.co.za
Richters
Second Floor, 8 Sturdee Avenue, Rosebank, 2196
084 442 8718
bernhard@richterlaw.co.za
3. INFORMATION REGULATOR’S GUIDE
The South African Human Rights Commission (the “SAHRC”) and / or the Information Regulator have compiled a guide, as contemplated in section 10 of PAIA, containing information to assist any person who wishes to exercise any right as contemplated in PAIA. This guide may be obtained by any person from the SAHRC website at www.sahrc.org.za and / or the Information Regulator website at www.justice.gov.za/inforeg/ and any enquiries regarding the guide may be directed to:
4. AUTOMATIC DISCLOSURES
A private body may, on a voluntary basis, make available a description of categories of records that are automatically available without a person having to request access in terms of PAIA. The only fee for access to these records may be a prescribed fee for reproduction. The following categories of records are automatically available for inspection, purchase or photocopying. You do not need to request this information in terms of PAIA.
You may request these categories of information from the Information Officer at bernhard@richterlaw.co.za:
- Newsletters / magazines intended for public viewing;
- Pamphlets / brochures intended for public viewing; and
- Other records of a public nature, typically those disclosed on Richters’ website.
5. TYPES AND CATEGORIES OF RECORDS
5.1. RECORDS HELD IN ACCORDANCE WITH OTHER LEGISLATION
To the extent applicable to its operations, Richters keeps information and documents as may be required in terms of legislation other than PAIA.
Certain legislation provides that private bodies shall allow access to specific records, upon request thereof. Unless disclosure of a record is prohibited in terms of PAIA, POPI, any other legislation, regulations, contractual agreements or otherwise and provided an interested party is entitled thereto, Richters shall make available for inspection such records requested by an interested party. Any disclosure will always be subject to meeting the requirements and conditions of PAIA, POPI, applicable legislation and Richters’ internal policies and procedures.
Below is a non-exhaustive list of legislation that may require Richters to keep records:
- Administration of Estates Act No. 66 of 1965;
- Value-Added Tax Act No. 89 of 1991;
- Basic Conditions of Employment Act No. 75 of 1997;
- Unemployment Insurance Act No. 63 of 2001;
- Broad Based Black Economic Empowerment Act No 53 of 2003;
- Unemployment Insurance Contributions Act No 4 of 2002;
- Companies Act No. 71 of 2008;
- Trust Property Control Act No. 57 of 1988;
- Compensation for Occupational Injuries and Diseases Act No. 130 of 1993;
- Trade Marks Act No. 194 of 1993;
- Competition Act No. 89 of 1998; and
- Skills Development Act No. 97 of 1998.
5.2. SUBJECT CATEGORIES OF RECORDS
This clause serves as a reference to the categories of information Richters holds. The information is classified and grouped according to records relating to the following subjects and categories:
5.2.1 PERSONNEL RECORDS
“Personnel” refers to any person who works for or provides services to, or on behalf of, Richters and receives, or is entitled to receive, remuneration and any other person who assists in carrying out or conducting the business of Richters. It includes, without limitation, directors (executive and non-executive), all permanent, temporary and parttime staff, as well as contract workers.
- Records provided by a third party relating to Richters personnel;
- Conditions of employment and other personnel-related contractual and quasilegal records, including job applications;
- Internal evaluation records and other internal records;
- Correspondence relating to, or emanating from, personnel (internal and external to the organization);
- Disciplinary records;
- Compensation or redundancy payments;
- Employee tax information;
- Training schedules, manuals and material; and
- Payment records (and beneficiary payments), including banking details.
5.2.2 CLIENT RELATED RECORDS
“Client” refers to any natural or juristic entity that receives legal or other services from Richters. This includes prospective clients who complete and submit an engagement form, fee and mandate form or otherwise engage Richters, but which or who ultimately do not become Richters’ clients. Client related records may include:
- Records provided by a client to a third party acting for or on behalf of Richters;
- Records provided by a third party (for example, records from a financial adviser);
- Records generated by or within Richters relating to its clients (whether regarding legal proceedings or otherwise);
- Research conducted on behalf of clients;
- Transactional records and recorded calls or meetings;
- Correspondence with a clients or third parties that is implicitly or explicitly of a private or confidential nature;
- Client documentation in terms of the Financial Intelligence Act 38 of 2001;
- Other information relating to, or held on behalf of Richters’ clients (viz. client files, agreements with clients, mandate and fee agreements and terms of engagement); and
- Records pertaining to a client retrieved from other sources, i.e. credit bureau.
5.2.3 PRIVATE BODY RECORDS
These records include, but are not limited to, the records which pertain to Richters’ own affairs. These include:
- Financial records (Richters’ tax returns, accounting records, banking records, audit reports, invoices in respect of creditors and debtors, Fidelity Fund certificates, banking facilities and accounting records);
- Operational records (such as Richters’documents of incorporation, Memorandum of Incorporation, share register and other statutory registers, agreements of lease or sale of movable and immovable property, records regarding insurance in respect of movable and immovable property, asset register);
- Information technology (such as records regarding computer systems and programmes held or used by Richters’, software licenses, records relating to domain names);
- Communication (such as electronic and hard copy publications of circulars and legislation);
- Administrative records (such as list of employees, contracts with employees other and service level agreements);
- Product records;
- Statutory records;
- Internal policies and procedures; and
- Miscellaneous (such as security agreements, guarantees and indemnities, internal correspondence, suretyship agreements, correspondence with the Legal Practice Council, correspondence of Richters’, including internal and external memoranda)
5.2.4 OTHER PARTY RECORDS
These records include:
- records held by Richters pertaining to other parties, including without limitation, legal records, financial records, correspondence, contractual records, records provided by the other party (for example third party beneficiaries or employees of a client), and records third parties have provided about Richters’ contractors / suppliers; and
- Richters may possess records pertaining to other parties including, but not limited to, contractors, suppliers, and service providers and such other parties may possess records that can be said to belong to Richters.
Important to note:
The accessibility of the records may be subject to the grounds of refusal as set out in paragraph 6 of this Manual. In addition, records deemed confidential on the part of a third party, will necessitate permission from such third party, before Richters will consider access and disclosure of the requested records.
6. ACCESS PROCEDURE
Any person requesting access to information in terms of PAIA and this Manual (a “requester”) must follow the procedure set out in this clause. It is important to note that:
- Access to a record can be refused based on the grounds set out in paragraph 7 below;
An application for access to a record is subject to certain limitations if the requested record falls within a certain category as specified within Chapter 4 of PAIA; and - If it is reasonably suspected that a person has obtained access to information and records through the submission of materially false or misleading information, legal proceedings may be instituted against such a person.
6.1 ACCESS REQUEST PROCEDURE
A requester must complete the prescribed form, and submit it to the Information Officer at the postal or physical address, fax number or electronic mail address recorded in paragraph 2. A fee or deposit may be payable. To facilitate a timely response:
- The access request form must be comprehensively and clearly completed in type or block letters;
- Proof of identity is required. Please enclose a copy of the requester’s identification document;
- Every applicable question must be answered. If a question does not apply “n/a” should be stated in response to that question. If there is nothing to disclose in reply to a particular question “nil” should be stated in response to that question. The Access Request Form must be completed with enough particularity to enable the Information Officer to identify:
- The record(s) requested;
- The identity number of the requester;
- The form of access required if the request is granted;
- The postal address, fax number or email address of the requester; and
- The requester must also state that he or she requires the information in order to exercise or protect a right, and clearly state the nature of the right to be exercised or protected. In addition, the requester must clearly specify why the record is necessary to exercise or protect such a right. If a request is made on behalf of another person, then the requester must submit proof of the capacity in which the requester is making the request to the reasonable satisfaction of the Information Officer. If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally. The requester will be informed in writing whether access has been granted or denied. If, in addition, the requester requires the reasons for the decision in any other manner, he must state the manner and the particulars so required.
6.2 PAYMENT OF FEES
Fees, if applicable, must be paid prior to access being given to the requested record. Payment details can be obtained from the Information Officer and can be made via a direct deposit. Proof of payment must accompany the Access Request Form submitted. The following fees are (or may be) payable:
- Request fee;
- Access fee;
- Reproduction fee;
- Request fee; and
- Deposit.
Note that the requester may lodge a complaint to the Information Regulator or an application with a court against the tender or payment of the deposit.
6.2.1 REQUEST FEE
An initial “request fee” is payable on submission of the Access Request Form. The prescribed fee is set out below in Schedule 2. This fee is not applicable to requesters (data subjects), seeking access to records that contain their personal information in terms of POPI.
6.2.2 ACCESS FEE
If the request for access is successful, an access fee must be paid. This fee is for the search, reproduction and / or preparation of the record(s). The access fee will be calculated based on the prescribed fees set out below in Schedule 2.
6.2.3 REPRODUCTION FEE
This fee is applicable in respect of documents/records which are voluntarily disclosed (see paragraph 4 (Automatic Disclosure) above). This is for reproduction, copying and transcribing the relevant documents / records. The reproduction fee will be calculated based on the prescribed fees set out below in Schedule 2.
6.2.4 DEPOSIT
If the search for and the preparation of the record for disclosure would, in the opinion of the Information Officer, require more than 6 hours, the requester may be required to pay as a deposit, equal to one third of the access fee (the fee which will be payable if the request is granted). Note that the requester may lodge a complaint to the Information Regulator or an application with a court against the tender or payment of the deposit. If a deposit has been paid in respect of a request for access which is subsequently refused, then the Information Officer must refund the deposit to the requester. The requester must pay the prescribed fee before any processing, or any further processing can take place.
6.3 NOTIFICATION OF DECISION
The Information Officer will, within 30 days of receipt of the request, decide whether to grant or decline the request and give notice with reasons (if required) to that effect. The 30-day period, within which Richters has to decide whether to grant or refuse the request, may be extended for a further period of not more than 30 days if the information cannot reasonably be obtained within the original 30 day period. (For example, the time period may be extended if the request is for a large amount of information, or the request requires Richters to search for information held at another office of Richters.) The Information Officer will notify the requester in writing should an extension be required. The requester may lodge a complaint to the Information Regulator or an application with a court against the extension.
6.4 THIRD PARTY NOTIFICATION
Richters must take all reasonable steps to inform a third party to whom or which a requested record relates if the disclosure of that records would:
- involve the disclosure of personal information about that third party;
- involve the disclosure of trade secrets of that third party; any other financial, commercial, scientific or technical information (other than trade secrets) of that third party;
- likely to cause harm to the commercial or financial interests of that third party;
- reasonably be expected to put that third party at a disadvantage in contractual or other negotiations; or
- prejudice that third party in commercial competition;
- constitute an action for breach of a duty of confidence owed to a third party in terms of an agreement or otherwise; or
- involve the disclosure of information about research being, or to be, carried out by or on behalf of a third party, the disclosure of which would be likely to expose the third party, a person that is or will be carrying out the research on behalf of the third party, or the subject matter of the research, to serious disadvantage. Richters will inform the third party as soon as reasonably possible, but in any event, within 21 days after that request is received. Within 21 days of being informed of the request, the third party may:
- make written or oral representations to the Information Officer why the request for access should be refused; or
- give written consent for the disclosure of the record to the requester; and
- Richters will notify the third party of the outcome of the request. If the request is granted, adequate reasons for granting the request will be given. The third party may lodge a complaint to the Information Regulator or an application with a court against the decision within 30 days after notice is given, after which the requester will be given access to the record after the expiry of the 30-day period.
7. GROUNDS FOR REFUSAL OF ACCESS TO RECORDS
Subject to the provisions of Chapter 4 of PAIA, Richters may refuse a request for information on the following basis:
7.1 PERSONAL INFORMATION OF A THIRD PARTY (NATURAL PERSON)
Mandatory protection of the privacy of a third party who is a natural person (including a deceased person) which would involve the unreasonable disclosure of personal information of that natural person.
7.2 SAFETY
Mandatory protection of the safety of individuals and the protection of property.
7.3 COMMERCIAL INFORMATION OF A THIRD PARTY
Mandatory protection of the commercial information of a third party, if the record contains:
- Trade secrets of that third party;
- Financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of that third party;
- Information disclosed in confidence by a third party to Richters or if the disclosure could put that third party at a disadvantage in business negotiations or commercial competition; and
- confidential information of third parties if it is protected in terms of any agreement or legislation.
7.4 COMMERCIAL INFORMATION OF RICHTERS
Information on the commercial activities of Richters, which may include:
- Trade secrets of Richters;
- Financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of Richters;
- Information, that if disclosed, it could put Richters at a disadvantage in any business negotiations or commercial competition; and
- A computer program which is owned by Richters and which is protected by copyright.
7.5 LEGAL PROCEEDINGS
Mandatory protection of records which would be regarded as privileged in legal proceedings.
7.6 RESEARCH
The research information of Richters or a third party, if its disclosure would disclose the identity of the institution, the researcher or the subject matter of the research and would place the research at a serious disadvantage.
8. REMEDIES
8.1 INTERNAL REMEDIES
Richters does not have internal appeal procedures. Therefore, the decision made by the Information or Deputy Information Officer is final. Requesters who are dissatisfied with a decision of the Information or Deputy Information Officer will have to exercise external remedies at their disposal.
8.2 EXTERNAL REMEDIES
All complaints, by a requester or a third party, can be made to the Information Regulator or a court, in the manner prescribed below.
9. COMPLAINTS TO THE INFORMATION REGULATOR
The requester or third party, as the case may be, may submit a complaint in writing to the Information Regulator, within 180 days of the decision, alleging that the decision was not in compliance with the provisions of PAIA. The Information Regulator will investigate the complaint and reach a decision – which may include a decision to investigate, to take no further action or to refer the complaint to the Enforcement Committee established in terms of POPI.
The Information Regulator may serve an enforcement notice confirming, amending or setting aside the impugned decision, which must be accompanied by reasons.
10. APPLICATION TO COURT
An application to court maybe brought in the ordinary course. For purposes of PAIA, any reference to an application to court includes an application to a Magistrates’ Court.
11. DETAILS ON THE PROCESSING OF PERSONAL INFORMATION
The following phrases, unless otherwise stated shall bear corresponding meanings as follows:
- “data subject” shall ascribe to the meaning as promulgated in section 1 of POPI; and
- “personal information” shall ascribe to the meaning as promulgated in section 1 of POPI.
11.1 PURPOSE OF PROCESSING PERSONAL INFORMATION
In terms of POPI, personal information must be processed for a specified purpose. The purpose for which data are processed by Richters will depend on the nature of the data and the particular data subject (as defined in POPI). This purpose is ordinarily disclosed, explicitly or implicitly, at the time the data are collected. It includes:
- to pursue our business objectives and strategies;
- to comply with lawful obligations;
- to carry out actions for the conclusion and performance of a contract;
- to pursue our own or a data subject’s legitimate interests, or that of a third party to whom the personal information is supplied;
- to obtain, by law or to protect the respective party’s legitimate interests, personal information from a credit bureau or credit provider or credit association information about a data subject’s credit record, including personal information about any judgement or default history;
- to provide as required by law or to protect the respective party’s legitimate interests personal information to credit bureaus, credit providers or credit associations, information about certain data subject’s credit record, including personal information about any judgement or default history;
- to communicate with a data subject and attending to enquiries and requests;
- to provide a data subject information pertaining to ourselves, our services and products;
- for the purposes of providing, maintaining, and improving Richters’s products and services, and to monitor and analyse various usage and activity trends pertaining thereto;
- for the purposes of performing internal operations, including management of employees, employee wellness programmes, the performance of all required HR functions (or similar), call centres, customer care lines and enquiries, attending to all financial matters including budgeting, planning, invoicing, facilitating and making payments, making deliveries, sending receipts, and generally providing commercial support, where needed, requested or required; and
- for the purpose of preventing fraud and abuse of our processes, systems, procedures and operations, including conducting internal and external investigations and disciplinary enquiries and hearings.
11.2 CATEGORIES OF DATA SUBJECTS
Richters holds information and records on the following category of data subjects:
- Employees / personnel of Richters;
- Clients of Richters;
- Any third party with whom Richters conducts its business services;
- Contractors of Richters;
- Suppliers of Richters; and
- Service providers of Richters.
This list of categories of data subjects is non-exhaustive.
11.3 RECIPIENTS TO WHOM PERSONAL INFORMATION WILL BE SUPPLIED
Depending on the nature of the data, Richters may supply information or records to the following categories of recipients:
- Statutory oversight bodies, regulators or judicial commissions of enquiry making a request for data (i.e., the National Credit Regulator in terms of the National Credit Act 34 of 2005);
- Any court, administrative or judicial forum, arbitration, statutory commission, or ombudsman making a request for data or discovery in terms of the applicable rules (i.e., the Competition Commission in terms of the Competition Act 89 of 1998);
- South African Revenue Service, or another similar authority;
- Third parties with whom Richters has a contractual relationship for the retention of data (for example, a third party archiving services/files);
- Research / academic institutions;
- Auditing and accounting bodies (internal and external); and
- Anyone making a successful application for access in terms of PAIA. Subject to the provisions of POPIA and the National Credit Act 34 of 2005, Richters may share information about a client’s creditworthiness with any credit bureau or credit providers industry association or other association for an industry in which Richters operates.
This list of recipients is non-exhaustive.
11.4 PLANNED TRANSBORDER FLOWS OF PERSONAL INFORMATION
- Richters may, and envisage to, transfer personal information to third parties who is in a foreign country in order to administer certain services, i.e., to any of our overseas subsidiaries, associate entities or third-party service providers, with whom we engage in business or whose services or products we elect to use, including cloud services hosted in international jurisdictions;
- We endeavour to enter into written agreements to ensure that other parties comply with our confidentiality and privacy requirements but remember personal information may also be disclosed where we have a legal duty or a legal right to do so; and
- Internal cross-border transfers, as well as external cross-border transfers of information are subject to the provisions of POPI.
11.5. SECURITY MEASURES
Richters takes extensive information security measures to ensure the confidentiality, integrity and availability of personal information in Richters’s possession. These measures include the implementation of:
- Firewalls;
- Virus protection software and update protocols;
- Logical and physical access control; and
- Secure setup of hardware and software making up our information technology infrastructure.
Richters takes appropriate technical and organisational measures designed to ensure that personal data remain confidential and secure against unauthorised or unlawful processing and against accidental loss, destruction or damage. Please note that notwithstanding the contents of this clause, no method of storage is 100% secure. Therefore, while we strive to use commercially acceptable measures designed to protect personal information, we cannot guarantee its absolute security.