1 INTRODUCTION
1.1 This Manual has been prepared in accordance with section 51 of the Promotion of Access to Information Act No.2 of 2000 ("PAIA").
1.2 The aim of the Manual is to assist potential Requesters to request access to information (documents, records and/or Personal Information) from SA Digital Villages (Pty) Ltd ("SADV") as contemplated under PAIA.
1.3 The Manual may be amended from time to time and as soon as any amendments have been affected, the latest version of the Manual will be published and distributed in accordance with PAIA.
1.4 A Requester is invited to contact the Information Officer should he or she require any assistance in respect of the use or content of this Manual.
1.5 The definitions provided in this Manual are solely for the purpose of this Manual and are not to be taken as applicable to PAIA.
2 DEFINITIONS
The following words or expressions will bear the following meanings in this Manual –
2.1 "Customer" means a natural or juristic person who or which receives services and/or products from SADV;
2.2 "Data Subject" means the natural or juristic person to whom Personal Information relates;
2.3 "Employee" means any person who works for, or provides services to, or on behalf of SADV, and receives or is entitled to receive remuneration;
2.4 "Information Officer" means SADV's designated information officer described in paragraph 6 of this Manual;
2.5 "Information Regulator" shall bear the meaning ascribed thereto in POPIA;
2.6 "Manual" means this manual, together with all annexures thereto as amended and made available on the website of SADV and at the offices of SADV from time to time;
2.7 "PAIA" means the Promotion of Access to Information Act No. 2 of 2000, together with any regulations published thereunder;
2.8 "POPIA" means the Protection of Personal Information Act No. 4 of 2013, together with any regulations published thereunder;
2.9 "Personal Information" has the meaning ascribed thereto under POPIA;
2.10 "Processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including –
2.10.1 the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
2.10.2 dissemination by means of transmission, distribution or making available in any other form by electronic communications or other means; or
2.10.3 merging, linking, blocking, degradation, erasure or destruction. For the purposes of this definition, "Process" has a corresponding meaning;
2.11 "Requester" means any person or entity (including any Data Subject) requesting access to a record that is under the control of SADV; and
2.12 "Third-Party" means any independent contractor, agent, consultant, sub-contractor or other representative of SADV.
3 SCOPE OF THE MANUAL
This Manual has been prepared in respect of, and applies to, SADV.
4 HOW TO USE PAIA TO ACCESS INFORMATION
(Information provided in terms of section 51(1) of PAIA)
4.1 PAIA grants a Requester access to records of a private body if the record is required for the exercise or protection of any rights. If a public body lodges a request in terms of PAIA, the public body must be acting in the public interest.
4.2 Requests in terms of PAIA shall be made in accordance with the prescribed procedures, and at the prescribed fees.
4.3 A guide on how to use PAIA is required to be compiled by the Information Regulator and when same is available, will be accessible (in various official languages) on the Information Regulator's website and on our website or you may request a copy of the guide from us by contacting our Information Officer. You may also direct any queries to:
The Information Regulator of South Africa
Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal Address: P.O Box 31533, Braamfontein, Johannesburg, 2017
E-mail: inforeg@justice.gov.za / complaints.IR@justice.gov.za
Website: https://www.justice.gov.za/inforeg/index.html
Tel: 012 406 4818
Fax: 086 500 3351
5 OVERVIEW OF THE STRUCTURE AND FUNCTIONS OF SADV
5.1 SADV is incorporated and registered in the Republic of South Africa under registration number 2007/008930/07.
5.2 SADV is a wholesale open-access last-mile-connectivity provider. Besides focusing on the installation, operation and maintenance of last-mile fibre optic networks, they also provide a comprehensive range of business and residential services, such as highspeed broadband, IP PBX voice solutions, hosting and cloud services, and video-ondemand.
6 CLIENT’S CONTACT DETAILS
(Information required under section 51(1)(a) of PAIA)
| Name of Body: | SA Digital Villages (Pty) Ltd |
| Physical & Postal Addresses: | Physical: 1st Floor, 23 Melrose Boulevard, Melrose Arch Precinct, Johannesburg Postal: 1st Floor, 23 Melrose Boulevard, Melrose Arch Precinct, Johannesburg |
| Head of Body | Name: Muhammed Junaid Munshi T: 011 390 7700 E: Junaid.munshi@sadv.co.za |
| Information Officer | Name: Robert Andre Lubbe T: 011 390 7700 E: robert@sadv.co.za |
| Deputy Information Officer | Name: Tiaan Ludick T: 011 390 7700 E: popi@sadv.co.za |
7 SADV'S PROCESSING OF PERSONAL INFORMATION IN TERMS OF POPIA
(Information required under section 51(1)(c) of PAIA)
7.1 Purpose of SADV's Processing of Personal Information -
7.1.1 SADV will process Personal Information only in ways that are for, or compatible with, the business purposes for which the data was collected or that are subsequently authorised by the relevant Data Subject.
7.1.2 SADV will retain Personal Information only for as long as is necessary to accomplish SADV's legitimate business purposes or for as long as may be permitted or required by applicable law.
7.1.3 We use the Personal Information we collect:
7.1.3.1 for the purposes of providing business and home fibre products or services to customers and where relevant, for purposes of doing appropriate customer onboarding and credit vetting;
7.1.3.2 for purposes of onboarding suppliers as approved suppliers of SADV. For this purpose, SADV will also Process a supplier's Personal Information for purposes of performing credit checks, and this may include engaging third party credit vetting agencies;
7.1.3.3 for purposes of monitoring the use of SADV's electronic systems and online platforms by consumers. SADV will, from time to time, engage third party service providers (who will Process the Data Subject's Personal Information on behalf of SADV) to facilitate this;
7.1.3.4 for purposes of preventing, discovering and investigating non-compliance with this Policy and other SADV policies, and investigating fraud, or other related matters;
7.1.3.5 in connection with the execution of payment processing functions, including payment of SADV's suppliers' invoices;
7.1.3.6 to provide a service to SADV customers in terms of relevant services agreements;
7.1.3.7 for employment-related purposes such as recruitment, administering payroll and carrying out background checks;
7.1.3.8 in connection with internal audit purposes (i.e. ensuring that the appropriate internal controls are in place in order to mitigate the relevant risks, as well as to carry out any investigations where this is required);
7.1.3.9 in connection with external audit purposes. For this purpose, SADV engages external service providers and, in so doing, shares Personal Information of the Data Subjects with third parties;
7.1.3.10 to respond to any correspondence that SADV commercial customer may send to SADV, including via email or by telephone;
7.1.3.11 to contact the Data Subject for direct marketing purposes;
7.1.3.12 in order to address customer complaints in respect of SADV's products and services;
7.1.3.13 for such other purposes to which the Data Subject may consent from time to time; and
7.1.3.14 for such other purposes as authorised and in compliance with the applicable law.
7.2 SADV will not use the Personal Information which we collect for any purposes other than those purposes specified in paragraph 7.1.3 above.
7.3 Categories of Data Subjects and of the Personal Information relating thereto
7.3.1 SADV collects Personal Information directly from the Data Subject and/or from Third Parties, and where SADV obtains Personal Information from Third Parties, SADV will ensure that it obtains the consent of the Data Subject to do so or will only Process the Personal Information without the Data Subject's consent where SADV is permitted to do so in terms of the applicable laws.
7.3.2 Data Subjects in respect of which Personal Information is Processed include Customers of SADV.
7.3.3 Examples of Third Parties from whom Personal Information is collected include; our Customers when SADV handles Personal Information on their behalf; regulatory bodies; other companies providing services to SADV and where SADV makes use of publicly available sources of information.
7.4 Recipients or categories of recipients to whom Personal Information may be supplied
7.4.1 SADV may be required to disclose Personal Information in response to a court order, subpoena, civil discovery request, other legal process, or as otherwise required by law as per statutory authorities and/or the lawful order of any Court or Tribunal. We may disclose Personal Information when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of SADV, our Customers, or others.
7.4.2 SADV will comply with POPIA before transferring Personal Information to a ThirdParty who is a contractor of SADV. Before transferring Personal Information to a Third-Party contractor, such as an authorised service provider, SADV will obtain assurances from the Third-Party that it will process Personal Information in a manner consistent with POPIA. Where SADV learns that a Third-Party contractor is using or disclosing Personal Information in a manner contrary to POPIA, SADV will take reasonable steps to prevent such use or disclosure.
7.4.3 We reserve the right to disclose and transfer a Data Subject's information, including their Personal Information in connection with a corporate merger, consolidation, the sale of substantially all of our membership interests and/or assets or other corporate change, including to any prospective purchasers.
7.5 Planned Transborder Flows of Personal Information
In carrying out any cross-border transfers, SADV shall adhere to the provisions of POPIA and any applicable laws.
8 INFORMATION SECURITY MEASURES
8.1.1 The security and confidentiality of Personal Information is important to SADV. We have implemented reasonable technical, administrative, and physical security measures to protect Personal Information from unauthorised access or disclosure and improper use.
8.1.2 We are committed to ensuring that our security measures which protect your Personal Information are continuously reviewed and updated where necessary.
8.1.3 In Processing any Personal Information, SADV shall comply with the following minimum technical and organisational security requirements:
8.1.3.1 Physical Access – Access to Personal Information is restricted in our offices and only to those Employees who need the Personal Information to perform a specific job / task.
8.1.3.2 Employee Training – All Employees with access to Personal Information are kept up-to-date on our security and privacy practices. After a new policy is added, these Employees are notified and/or reminded about the importance we place on privacy, and what they can do to enhance protection for the Personal Information of all Data Subjects.
8.1.3.3 Unique User Identification – Employees each have a unique user ID assigned to them, subject to strict confidentiality undertakings in terms of SADV's password and confidentiality policy.
8.1.3.4 Passwords – SADV shall ensure that there are passwords required for any access to Personal Information in line with its password policy.
8.1.3.5 Physical access and privileges – SADV ensures that access to Personal Information is limited to Employees on a "need to know" basis, and SADV Employees are required to strictly utilise their unique user ID and applicable passwords to access same. The access to such Personal Information shall be subject to a two-step authorization/authentication process.
8.1.3.6 Back-ups – SADV ensures that all Personal Information is backed-up regularly, based on operational or legal requirements, and that back up testing is conducted regularly in order to ensure that Personal Information can be recovered in the event that such Personal Information is lost, damaged or destroyed.
8.1.3.7 Malware protection – SADV ensures that its environment has comprehensive malware protection software employed, which software is specifically designed to protect SADV from the most recent malware infections.
8.1.3.8 Vulnerability scanning – SADV frequently conducts vulnerability scanning in order to assess whether Personal Information is adequately protected from external threats.
8.1.3.9 Network configuration – SADV continuously monitors all designated networks, employs intrusiondetection systems and/or intrusion prevention systems, and records any security incidents.
8.1.3.10 Systems Review – SADV conducts regular reviews of its technical and organisational security measure system in order to ensure that all of the above security measures are functioning effectively and applied consistently.
9 INFORMATION HELD BY SADV IN TERMS OF PAIA
(Information required under section 51(1)(e) of PAIA)
This section of the Manual sets out the categories and descriptions of records held by SADV. The inclusion of any category of records should not be taken to mean that records falling within that category will be made available under PAIA. In particular, certain grounds of refusal as set out in PAIA may be applicable to a request for such records.
9.1 Internal records
The following are records pertaining to SADV’s own affairs and those of its divisions and associated companies -
9.1.1 Memorandum and Articles of Association;
9.1.2 Financial records;
9.1.3 Operational records;
9.1.4 Intellectual property;
9.1.5 Marketing records;
9.1.6 Internal correspondence;
9.1.7 Product records;
9.1.8 Statutory records;
9.1.9 Banking Records;
9.1.10 Logos;
9.1.11 Internet Website;
9.1.12 Internal policies and procedures; and
9.1.13 Records held by officials of SADV.
9.2 Personnel records
Personnel refers to any person who works for or provides services to or on behalf of SADV and receives or is entitled to receive any remuneration and any other person who assists in carrying out or conducting the business of SADV. This includes, without limitation, members, all permanent, temporary and part-time staff as well as contract workers. Personnel records include the following -
9.2.1 Any personal records provided to SADV by their personnel;
9.2.2 Any records a third party has provided to SADV about any of their personnel;
9.2.3 Conditions of employment and other personnel-related contractual and quasi legal records
9.2.4 Internal evaluation records; and
9.2.5 Other internal records and correspondence
9.2.6 Training schedules and material.
9.3 Customer records
Please be aware that SADV is very concerned about protecting the confidential information of its customers. Please motivate any request for customer information very carefully, having regard to Sections 63 to 67 of the Act. Customer information includes the following -
9.3.1 Any records a customer has provided to SADV or a third party acting for or on behalf of SADV;
9.3.2 Contractual information;
9.3.3 Customer needs assessments;
9.3.4 Personal records of customers;
9.3.5 Credit information and other research conducted in respect of customers;
9.3.6 Any records a third party has provided to SADV about customers;
9.3.7 Confidential, privileged, contractual and quasi legal records of customers;
9.3.8 Customer evaluation records;
9.3.9 Customer profiling;
9.3.10 Performance research conducted on behalf of customers or about customers;
9.3.11 Any records a third party has provided to SADV either directly or indirectly; and
9.3.12 Records generated by or within SADV pertaining to customers, including transactional records.
9.4 Other Parties
Records are kept in respect of other parties, including without limitation contractors, suppliers, joint ventures and service providers. In addition, such other parties may possess records, which can be said to belong to SADV . The following records fall under this category:
9.4.1 Personnel, customer or SADV records which are held by another party as opposed to being held by SADV ; and
9.4.2 Records held by SADV pertaining to other parties, including financial records, correspondence, contractual records, electronic mail, logs, cached information, records provided by the other party, and records third parties have provided about the contractors/suppliers or customer.
9.5 Other Records
Further records are held including:
9.5.1 Information relating to SADV’s own commercial activities
9.5.2 Research carried out on behalf of a client by SADV or commissioned from a third party for a customer
9.5.3 Research information belonging to SADV, whether carried out itself or commissioned from a third party
9.5.4 Contracts and agreements.
10 INFORMATION KEPT BY SADV IN ACCORDANCE WITH OTHER LEGISLATION
(Information required under section 51(1)(b)(iii) of PAIA)
10.1 Records are kept in accordance with legislation applicable to SADV, which includes but is not limited to, the following:
10.1.1 Basic Conditions of Employment Act 75 of 1997
10.1.2 Companies Act 71 of 2008
10.1.3 Compensation for Occupational Injuries and Diseases Act 130 of 1993
10.1.4 Competition Act 89 of 1998
10.1.5 Constitution of the Republic of South Africa, 1996 10.1.6 Consumer Protection Act 68 of 2008
10.1.7 Electronic Communications and Transactions Act 25 of 2002
10.1.8 Electronic Communications Act of 2005
10.1.9 Employment Equity Act 55 of 1998
10.1.10 Income Tax Act 58 of 1962 (Section 75)
10.1.11 Insolvency Act 24 of 1936
10.1.12 Labour Relations Act 66 of 1995
10.1.13 National Credit Act 34 of 2005
10.1.14 Occupational Health and Safety Act 85 of 1993
10.1.15 Promotion of Access to Information Act 2 of 2000
10.1.16 Pension Funds Act 24 of 1956
10.1.17 Protection of Personal Information Act 4 of 2013
10.1.18 Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002
10.1.19 Skills Development Act 97 of 1998
10.1.20 Tax Administration Act 28 of 2011
10.1.21 Tax on Retirement Funds Act 38 of 1996
10.1.22 Trademarks Act 194 of 1993
10.1.23 Value Added Tax Act 89 of 1991
10.2 Records kept in terms of the above legislation may, in certain instances (and insofar as the information contained therein is of a public nature) be available for inspection without a person having to request access thereto in terms of PAIA
11 REQUEST PROCEDURES
11.1 Records, whether specifically listed in this Manual or not, will only be made available subject to the provisions of PAIA.
11.2 Form of request
11.2.1 The Requester must use the prescribed form to make the request for access to a record, which form is attached hereto as Annexure "A". This must be made to the Information Officer at the address or electronic mail address of the body concerned (see s 53(1) of PAIA).
11.2.2 The Requester must provide sufficient detail on the request form to enable the Information Officer to identify the record and the Requester. The Requester should also indicate which form of access is required and specify a postal address, fax number in the Republic or email address. The Requester should also indicate if, in addition to a written reply, any other manner is to be used to inform the Requester
and state the necessary particulars to be so informed (see s 53(2)(a) and (b) and (c) and (e) of PAIA).
11.2.3 The Requester must identify the right that is sought to be exercised or protected and provide an explanation of why the requested record is required for the exercise or protection of that right (see s 53(2)(d) of PAIA).
11.2.4 If a request is made on behalf of another person, the Requester must submit proof of the capacity in which the Requester is making the request to the satisfaction of the head of the private body (See s 53(2)(f) of PAIA).
11.3 Fees
11.3.1 Request fees:
11.3.1.1 The Information Officer must by notice require the Requester to pay the prescribed request fee (if any) before further processing the request (see s 54(1) of PAIA).
11.3.1.2 The fee that the Requester must pay to a private body is [R50]. The Requester may lodge an application to the court against the tender or payment of the request fee (See section 54(3)(b) of PAIA).
11.3.2 Access fees and fees for reproduction:
11.3.2.1 If access to a record/s is granted by SADV, the Requester may be required to pay an access fee for the search for and preparation of the records and for reproduction of the record/s.
11.3.2.2 The access fees which apply are set out below. SADV can refuse access until such access fees have been paid.
| Reproduction | Fee | |
| (1) | The fee for a copy of the manual as contemplated in regulation 9 (2) (c) for every photocopy of an A4-size page or part thereof. | R1.10 |
| (2) | The fees for reproduction referred to in regulation 11 (1) are as follows: | |
| (a) | For every photocopy of an A4-size page or part thereof | R1.10 |
| (b) | For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine-readable form | R0.75 |
| (c) | For a copy in a computer-readable form on compact disc (i) Stiffy disk (ii) compact disk |
R7.50 R70.00 |
| (d) | (i) For a transcription of visual images, for an A4-size page or part thereof (ii) For a copy of visual images |
R40.00 R60.00 |
| (e) | (i) For a transcription of an audio record, for an A4-size page or part thereof (ii) For a copy of an audio record |
R20.00 R30.00 |
| (f) | To search for and prepare the record for disclosure or part thereof for each hour or part thereof reasonably required for such search and preparation | R30.00 |
| (3) | The request fee payable by a requester, other than a personal requester, referred to in regulation 11 (2) | R50.00 |
| (4) | For purposes of section 54 (2) of PAIA, the following applies: | |
| (a) | Six hours of searching to be exceeded before a deposit is payable | |
| (b) | One third of the access fee is payable as a deposit by the requester | |
| (5) | The actual postage fee is payable when a copy of a record must be posted to a requester |
11.4 Decision on request
11.4.1 After the Information Officer has made a decision on the request, the Requester will be notified using the required form.
11.4.2 If the request is granted then a further access fee must be paid for reproduction and for search and preparation and for any time that has exceeded the prescribed hours to search and prepare the record for disclosure (see s 54(6) of PAIA).
12 TIMELINES FOR CONSIDERATION OF A REQUEST
12.1 Requests for access by a Requestor will be processed within 30 days, unless the request contains considerations that are of such a nature that an extension of the 30- day time limit is necessary. Such considerations include –
12.1.1 where the request is for a large number of records or requires a search through a large number of records (including where records that have been archived electronically need to be restored);
12.1.2 where the request requires a search for records in, or collection of such records from, an office of SADV located far away from any of SADV regional offices;
12.1.3 consultation among divisions of SADV or with another private body is necessary or desirable to decide upon the request that cannot reasonably be completed within the original 30-day period;
12.1.4 more than one of the circumstances contemplated in paragraphs 12.1.1, 12.1.2 and 12.1.3, exist in respect of the request making compliance with the original period not reasonably possible; or
12.1.5 the Requester consents in writing to such extension.
12.2 If an extension is necessary, you will be notified with reasons for the extension. If the Information Officer fails to communicate a decision on a request, such a request is then deemed to have been refused.
13 GROUNDS FOR REFUSAL OF ACCESS TO RECORDS
13.1 Requests for access by a Requestor must be refused by the Information Officer if –
13.1.1 the disclosure would involve the unreasonable disclosure of personal information about a third party (natural person), including a deceased individual (see section 63 of PAIA);
13.1.2 the record contains (a) trade secrets of a third party, (b) financial, commercial, scientific or technical information, other than trade secrets, of a third party, the disclosure of which would be likely to cause harm to the commercial or financial interests of that third party, or (c) information supplied in confidence by a third party the disclosure of which could reasonably be expected to put that third party at a disadvantage in contractual or other negotiations; or to prejudice that third party in commercial competition (see section 64 of PAIA);
13.1.3 the disclosure of the record would constitute an action for breach of a duty of confidence owed to a third party in terms of an agreement (see section 65 of PAIA);
13.1.4 the disclosure could reasonably be expected to endanger the life or physical safety of an individual (see section 66(a) of PAIA);
13.1.5 the record is privileged from production in legal proceedings unless the person entitled to the privilege has waived the privilege (see section 67 of PAIA); or
13.1.6 the record contains information about research being or to be carried out by or on behalf of a third party, the disclosure of which would be likely to expose: (a) the third party; (b) a person that is or will be carrying out the research on behalf of the third party; or (c) the subject matter of the research, to serious disadvantage (see section 69 of PAIA).
13.2 Requests for access by a Requestor may be refused by the Information Officer if –
13.2.1 the disclosure would be likely to prejudice or impair: (i) the security of: (aa) a building, structure or system, including, but not limited to, a computer or communication system; (bb) a means of transport; or (cc) any other property; or (ii) methods, systems, plans or procedures for the protection of: (aa) an individual in accordance with a witness protection scheme; (bb) the safety of the public, or any part of the public; or (cc) the security of property contemplated in subparagraph (i) (aa), (bb) or (cc) (see section 66(b));
13.2.2 the record:
(a) contains trade secrets of SADV;
(b) contains financial, commercial, scientific or technical information, other than trade secrets, the disclosure of which would be likely to cause harm to the commercial or financial interests of SADV;
(c) contains information, the disclosure of which could reasonably be expected:
(i) to put SADV at a disadvantage in contractual or other negotiations; or
(ii) to prejudice SADV in commercial competition; or
(d) is a computer program, as defined in section 1(1) of the Copyright Act No. 98 of 1978, owned by SADV, except insofar as it is required to give access to a record to which access is granted in terms of PAIA; or
13.2.3 the record contains information about research being or to be carried out by or on behalf of SADV, the disclosure of which would be likely to expose: (a) SADV; (b) a person that is or will be carrying out the research on behalf of SADV; or (c) the subject matter of the research, to serious disadvantage.
14 REMEDIES AVAILABLE TO A REQUESTOR ON REFUSAL OF ACCESS
14.1 SADV does not have any internal appeal procedures that may be followed once a request to access information has been refused.
14.2 The decision of the Information Officer or deputy information officer is final.
14.3 If you are not satisfied with the outcome of your request, you are entitled to apply to a court of competent jurisdiction to take the matter further.
15 OTHER INFORMATION HELD BY SADV AS PRESCRIBED
(Other information as may be prescribed under section 51(1)(a)(ii))
The Minister of Justice and Constitutional Development has to date not made any regulations regarding disclosure of other information.
16 AVAILABILITY OF THE MANUAL
(Availability of Manual under section 51(3))
16.1 This Manual is available for inspection by the general public upon request, during office hours and free of charge, at the offices of SADV. Copies of the Manual may be made, subject to the prescribed fees.
16.2 Copies may also be requested from the Information Regulator.
16.3 The Manual is also posted on SADV's website referred to above, and can be found HERE.
17 PRESCRIBED FORMS AND FEE STRUCTURE
(Prescribed forms and fee structure in respect of private bodies)
The forms and fee structure prescribed under PAIA are available from the Government Gazette, or at the website of the Department of Justice and Constitutional Development (www.doj.gov.za), under the 'regulations' section as well as the Information Regulator's website (www.justice.gov.za/inforeg/legal.html)