Manual Prepared in Terms of Section 51 of the Promotion of Access to Information Act, 2 of 2000 for Ciovita (Pty) Ltd (“Ciovita”)
TABLE OF CONTENTS
- Definitions
- Introduction
- Purpose of PAIA Manual
- Company Details
- Duties of the Information Officer
- Contact Details of the Information Officer and Deputy Information Officer(s)
- Guide on How to Use PAIA and How to Obtain Access to the Guide
- Categories of Records of Ciovita Which Are Available Without a Person Having to Request Access
- Description of the Records of Ciovita which are Available in Accordance with any Other Legislation
- Description of the Subjects on Which the Body Holds Records and Categories of Records Held on Each Subject by Ciovita
- Access to Information or Records Held by Ciovita
- Request for Information Procedure
- Fees
- Grounds for Refusal
- Mandatory Disclosure of Records in Public Interest
- Third Party Notification Process
- Remedies
- Processing of Personal Information
- Availability of this Manual
1. DEFINITIONS
“Access Fee” means a fee paid by a requester to Ciovita to cover the costs of finding and copying records required by the requester.
“Authorised Person” means a person who makes a request on behalf of someone else, and who has been properly authorised in writing to do so.
“Automatically Available Records” means records that a public or private body will provide to a requester without them needing to file a request. These records are listed in a “voluntary disclosure notice”, which should be made public.
“Calendar Day” means the exclusion of the day on which a request is received, and the inclusion of every day thereafter, including weekends and public holidays, until the final day is counted. If the final day falls on a Sunday or public holiday, the following day is regarded as the final day.
“Consent” means any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information.
“Constitution” means the Constitution of the Republic of South Africa, 1996. “Data Subject” means the person to whom personal information relates.
“Days” means, unless specified as a “Working Day” in a section of the PAIA, a calendar day.
“Deemed Refusal” means an instance when a response to a request is not received within the prescribed time.
“Deputy Information Officer” means a person designated or delegated by the information officer to assist a requester with an information request, and to whom an information officer can delegate PAIA powers to.
“Information Officer” means the person authorised to handle PAIA requests as per the following categories:
No. | Type of Entity | Information |
1 | Natural Person | Sole proprietor who carries on any trade business or profession, but only in such capacity and not in their personal capacity |
2 | Partnership | Any partner of the partnership of any person duly authorised by the partnership. |
3.1 | Juristic Person | The Chief Executive Officer or the Managing Director or equivalent officer of the juristic person or any person duly authorised by that officer or any person who is acting as such or any person duly authorised by such acting person. |
“Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
“Private Body” means-
(a) a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
(b) a partnership which carries or has carried on any trade, business, or profession; or
(c) any former or existing juristic person, but excludes a public body;
“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including-
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure, or destruction of information.
“Promotion of Access to Information Act” means the Promotion of Access to Information Act, 2 of 2000
“Record” means any recorded information-
(a) Regardless of form or medium, including any of the following:
(i) Writing on any material;
(ii) Information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
(iii) Label, marking or other writing that identifies or describes any thing of which it forms part, or to which it is attached by any means;
(iv) Book, map, plan, graph or drawing;
(v) Photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
(b) In the possession or under the control of a responsible party;
(c) Whether or not it was created by a responsible party; and
(d) Regardless of when it came into existence;
“Regulator” means the Information Regulator established in terms of section 39 of PAIA
“Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.
“Request for Access” means a request for access to a record of a private body in terms of section 50 of PAIA.
“Requester”, in relation to-
(a) A private body, means
(i) Any person, including, but not limited to, a public body or an official thereof, making a request for access to a record of that private body; or
(ii) A person acting on behalf of the person contemplated in subparagraph (i).
“Third Party”, in relation to a request for access to-
(a) A record of a private body, means any person (including, but not limited to, a public body) other than the requester.
LIST OF ACRONYMS AND ABBREVIATIONS
The Promotion of Access to Information Act, 2 of 2000 | PAIA |
The Protection of Personal Information Act, 4 of 2013 | POPIA |
The South African Human Rights Commission | SAHRC |
2. INTRODUCTION
PAIA gives effect to the right to access to information in terms of section 32 of the Constitution. This section provides everyone the right to access to information held by the state or any other person (or private body) when the information is required for the exercise or protection of any rights.
Section 51 of PAIA requires all private bodies to compile a PAIA Manual that provides information on both the types and categories of records held by the private body.
The purpose of PAIA is to:
- Foster a culture of transparency and accountability in public and private bodies by giving effect to the right to access to information, and;
- To actively promote a society in which the people of South Africa have effective access to information to enable them to exercise and protect all their rights more fully.
POPIA is South African data privacy Legislation that regulates the processing of personal information of data subjects (both personal and juristic) by responsible parties.
The purpose of the Act is to:
- Give effect to the constitutional right to privacy, subject to justifiable limitations aimed at balancing the right to privacy against other rights.
- Regulate the processing of personal information in harmony with international standards.
- Provides minimum requirements for the lawful processing of personal information.
- Provides rights and remedies to protect against abuses of personal information.
POPIA has amended the role of the SAHRC. In terms of POPIA the function of the SAHRC in terms of PAIA has been transferred to the Information Regulator who will be empowered to monitor both POPIA and PAIA and to handle complaints relating to access to information and the protection of personal information.
This Manual provides and outlines the types of records held by Ciovita and explains how requesters may submit requests to the records held in terms of PAIA. It further allows requesters to request access, object and request a correction of their personal information in terms of the requirements of POPIA.
Ciovita recognises everyone’s right to access to information and is committed to provide access to the organisation’s records where the proper procedural requirements set out by PAIA and POPIA have been met.
3. PURPOSE OF PAIA MANUAL
This PAIA Manual is useful for the public to-
- Check the nature of the records which may already be available without the need for submitting a formal PAIA request.
- Have a sufficient understanding of how to make a request for access to a record of Ciovita, by providing a description of the subjects on which Ciovita holds records and the categories of records held on each subject.
- Know the description of the records of Ciovita which are available in accordance with any other legislation.
- Know the description of the services available to members of the public from Ciovita and how to gain access to those services.
- Access all the relevant contact details of the Information Officer who will assist the public with the records they intend to access.
- Know if Ciovita will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto.
- Know the description of the categories of data subjects and of the information or categories of information relating thereto.
- Know the recipients or categories of recipients to whom the personal information may be supplied.
- Know if Ciovita has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and
- Know whether Ciovita has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.
4. COMPANY DETAILS
Company Name: | Ciovita South Africa (Pty) Ltd |
Registration Details: | 2015/143960/07 |
Registered Address: |
199 Albert Road |
Website: |
www.ciovita.co.za |
5. DUTIES OF THE INFORMATION OFFICER
5.1 The Information Officer of Ciovita is responsible for:
- Encouraging compliance with the conditions for the lawful processing of personal information
- Facilitation of requests made Ciovita in terms of PAIA and POPIA
- Providing adequate notice and feedback to the requester
- Ensuring compliance with the provisions of PAIA and POPIA
- Developing, monitoring, maintaining, and making this Manual available
- Developing internal measures together with adequate systems to process requests for the information or access thereto.
- Holding internal awareness sessions regarding the provisions of PAIA and POPIA, regulations in terms of PAIA and POPIA, Codes of Conduct or information obtained from the Regulator
- When requested, providing copies of this Manual upon payment of a fee to be determined by the Regulator.
- Determining whether to grant a request for access to a complete/full record or only part of a record.
- Ensuring that access to a record, where so granted, is provided timeously and in the correct format
- Reviewing this Manual for accuracy and communicating any amendments
5.2 The Information Officer may only provide access to any record held by Ciovita if:
- The record is required for the exercise or protection of any right; and
- The requester complies with the procedural requirements relating to a request for access to that record, and
- Access to that record is not refused in terms of any of the listed grounds for refusal listed in this Manual.
6. CONTACT DETAILS OF THE INFORMATION OFFICER
Information Officer
Name: | Andrew Gold |
Designation: | CEO |
Address: | 199 Albert Road Woodstock Cape Town |
Telephone: | (021) 4613931 |
Email: | andrew @ ciovita.com |
Registration Number: | 2024-035141 |
Deputy Information Officer
Name: | Richard De Villiers |
Designation: | Head of Finance |
Address: | 199 Albert Road Woodstock Cape Town |
Telephone: | (021) 4613931 |
Email: | richard @ ciovita.com |
7. GUIDE ON HOW TO USE PAIA AND HOW TO OBTAIN ACCESS TO THE GUIDE
7.1 The Regulator has, in terms of section 10(1) of PAIA, as amended, updated, and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.
7.2 The Guide is available in each of the official languages and in braille.
7.3 The Guide contains the description of-
- The objects of PAIA and POPIA
- The manner and form of a request for-
- Access to a record of a public body contemplated in section 11 of PAIA; and
- Access to a record of a private body contemplated in section 50 of PAIA
- The assistance available from the Information Officer of a public body in terms of PAIA and POPIA
- The assistance available from the Regulator in terms of PAIA and POPIA
- All remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging -
- An internal appeal
- A complaint to the Regulator; and
- An application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body
- The provisions of sections 14 and 51 of PAIA requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual.
- The provisions of sections 15 and 52 of PAIA providing for the voluntary disclosure of categories of records by a public body and private body, respectively.
- The notices issued in terms of sections 22 and 54 of PAIA regarding fees to be paid in relation to requests for access; and
- The regulations made in terms of section 92 of PAIA.
7.4 Members of the public can inspect or make copies of the Guide from the offices of Ciovita and the office of the Regulator, during normal working hours.
7.5 The Guide can also be obtained-
- Upon request to the Information Officer of Ciovita
- From the website of the Regulator ( www.inforegulator.org.za )
7.6 A copy of the Guide is also available in the following two official languages, for public inspection during normal office hours-
- English
- Afrikaans
8. CATEGORIES OF RECORDS OF CIOVITA WHICH ARE AVAILABLE WITHOUT A PERSON HAVING TO REQUEST ACCESS
8.1 Currently, no notice(s) has/have been published by the Minister on the categories of information available without a person having to request access in terms of PAIA.
8.2 There are however some records which are freely available to the public. These are mainly records which are available on our website which a person can download, request telephonically or by sending an email or letter.
9. DESCRIPTION OF THE RECORDS OF CIOVITA WHICH ARE AVAILABLE IN ACCORDANCE WITH ANY OTHER LEGISLATION
Legislation | Category of Records |
---|---|
Basic Conditions of Employment Act, 75 of 1997 | Employee’s name, occupation, time worked by each employee, remuneration paid to each employee, date of birth for each employee and employment contracts, leave records |
Companies Act, 71 of 2008 | Certificate of incorporation, memorandum, and articles of association, CM25, CM26, resolutions passed in meetings, annual financial statements, annual accounts, directors reports, auditors reports, books of account, records of directors |
Compensation for Occupational Injuries and Diseases Act, 130 of 1993 | Salary and wages register (overtime), records of earnings and other prescribed particulars of employees |
Income Tax Act, 58 of 1962 | Remuneration paid or due to an employee, amount deducted from employee remuneration (or withheld), income tax reference number of employees, reconciliation returns |
Insurance Act, 18 of 2017 | Insurance policies |
Labour Relations Act, 66 of 1995 | Disciplinary records, records for each employee specifying the nature of any disciplinary transgressions, the actions taken by Ciovita and reasons for the actions |
Occupational Health and Safety Act, 85 of 1993 | Records of incidents, regulatory risk assessments, medical surveillance records, training records |
Promotion of Access to Information Act, 2 of 2000 | Records of all access for information requests and responses, PAIA manual |
Protection of Personal Information Act, 4 of 2013 | Records of processing activities, data subject request records |
Tax Administration Act, 28 of 2011 | Records, books of accounts or documents |
Unemployment Insurance Act, 63 of 2002 | Names, ID number, monthly remuneration and address of company |
Value Added Tax Act, 89 of 1991 | VAT records, list of suppliers, invoices and tax invoices, credit and debit notes, bank statements |
10.DESCRIPTION OF THE SUBJECTS ON WHICH THE BODY HOLDS RECORDS AND CATEGORIES OF RECORDS HELD ON EACH SUBJECT BY CIOVITA
This section sets out the records and the categories of records held on each subject.
Subjects on Which the Body Holds Records | Categories of Records |
---|---|
Statutory Company Information | Certificate of Incorporation, Memorandum and Articles of Association, CM25 and CM26, Financial Statements, Books of Account |
Regarding Information Required by the Companies Act | Supporting Schedules to Books of Account, Ancillary Books of Account, Records of Directors |
Finance Records | Asset Registers, Banking Records, Computer Software Details, Disaster Recovery Details, Financial Statements, Management Accounts |
Tax Records | VAT Records, General Correspondence |
Statutory Employee Records | Employees’ Names and Occupations, Time Worked by Each Employee, Remuneration Paid to Each Employee, Date of Birth of Each Employee, Salary and Wages Register |
Other Employee Records | Employee Contracts, Disciplinary Records, Leave Records |
Intellectual Property | Trademarks and Trade Names, Agreements with Suppliers |
Taxation | Copies of All Income Tax Returns and Other Tax Returns and Documents |
Insurance | Insurance Policies, Claim Records |
Sales and Marketing | Customer Records, Brochures, Newsletters and Advertising Materials, Product Information (eg: Pricing), Sales Statistics, Marketing Information, General Correspondence |
Information Technology | IT Policies and Procedures, Network Diagrams, User Manuals, General Correspondence, System Configuration, Source Code |
Business Records | Internal Correspondence, Internal Policies and Procedures, Contracts, Leases, Litigation |
Environmental, Health and Safety Records | Logistics, Stock, Location of Warehouse, Details of Service Providers, General Correspondence |
11. ACCESS TO INFORMATION OR RECORDS HELD BY CIOVITA
Access to information can only be granted once the requirements for access have been met.
PAIA provides that a person may only request information from a Private Body if the requested information is required for the exercise or protection of a right. POPIA provides that a Data Subject may request a Responsible Party to confirm, free of charge, all the information it holds about the Data Subject and may request access to such information, including the information of third parties who have or have had access to such information. Where a Data Subject is required to pay a fee for any request for access services, the Responsible Party:
- Must provide the Data Subject with a written estimate of the payable amount before providing the service
- May require the requester to pay a deposit for all or part of the fee
If the Information Officer is unable to find the records requested or believe that the records do not exist, they will submit a detailed affidavit or affirmation to the requester giving notice that the records in question do not exist or cannot be found. The Information Officer will outline the steps they took to locate them.
12. REQUEST FOR INFORMATION PROCEDURE
12.1 To facilitate a request for information, the following procedures apply:
- The requester must complete Form 2 (Download here) Once completed, the requester must email or post it to the Information Officer at the addresses set out in this manual.
- The Information Officer will notify the requester that the request has been received and if the request is granted or refused and an estimate of the costs associated with processing the request, if any.
- The list of fees payable is set out in section 13 of this manual.
12.2 Ciovita will process the request within 30 days,
- unless the requester has stated special reasons which would satisfy the Information Officer that circumstances dictate that this period is not be complied with.
12.3 Ciovita may request an extension to the time, but will only be able to do so if:
- The request is for a large number of records or requires that a large number of records are searched, and, without an extension, the search would interfere with the normal activities of Ciovita.
- The request requires a search through records in an office of Ciovita that is not in the same city or town and could thus not be completed within 30 days; and/or PAIA Manual: Ciovita
- It requires a level of consultation to act on the request, which cannot reasonably be completed within 30 days.
Ciovita will notify the requester of an intention to extend the initial time, and indicate the period of extension, the reason for the extension, and advise the requester that they have the right to –
- Appeal to the relevant authority
- Lodge a complaint with the regulator; or
- Institute proceedings in court against the extension as the case may be.
Ciovita will also inform the requester of the process to be followed for each of the above-mentioned rights in the notice.
Once a request has been processed, the Information Officer will inform the requester of the outcome of the request and whether any additional information or fees are required.
If the requester does not use Form 2, we may:
- Reject the request due to a lack of procedural compliance; or
- Refuse the request if sufficient information is not provided.
12.4 Notes for Requesters
When requesting information, the following must be followed:
- Ensure the form is completed in as much detail as possible.
- Provide an accurate description of the record(s) sought.
- Identify the requester.
- Specify the format in which the information is required.
- Indicate the contact details of the person requiring information.
- Indicate if any other manner is to be used to inform the requester and state the necessary particulars to be so informed.
- The requester must identify the right that is sought to be exercised or to be protected and to provide an explanation of why the requested record is required.
- If applicable, the requester must provide any other way in which they wish to be informed other than in writing.
- Provide proof of capacity in which they are making the request if the request is being made on behalf of someone else.
13. FEES
PAIA prescribes certain fees that are payable for requests made in terms of the Act.
The requestor must request the banking details of Ciovita from the Information Officer and make payment if required.
The processing will not commence until the fees are paid. The following fees are applicable:
Item | Description | Amount |
---|---|---|
1 | The request fee payable by every requestor | R140.00 |
2 | Photocopy/printed black and white copy of A4-size page | R2.00 per page or part thereof |
3 | Printed copy of A4-size page | R2.00 per page or part thereof |
4 | For a copy in a computer-readable form on a flash drive (to be provided by the requestor) | R40.00 |
5 | For a copy in a computer-readable form on a compact disc if provided by the requestor | R40.00 |
6 | For a copy in a computer-readable form on a compact disc if provided to the requestor | R60.00 |
7 | For a transcription of visual images per A4-size page | Service to be outsourced, will depend on quotation from service provider |
8 | Copy of visual images | |
9 | Transcription of an audio record, per A4-size page | R24.00 |
10 | Copy of an audio record on a flash drive (to be provided by the requestor) | R40.00 |
11 | Copy of an audio record on a compact disc if provided by the requestor | R40.00 |
12 | Copy of an audio record on a compact disc if provided to the requestor | R60.00 |
13 | To search for and prepare the record for disclosure for each hour or part of an hour, excluding the first hour, reasonably required for such search and preparation. | R145.00 (not to exceed R435.00) |
14 | Deposit – if search exceeds 6 hours | One third of the amount per request calculated in terms of items 2 – 12 above. |
15 | Postage, email, or any other electronic transfer | Actual expense if any |
VAT: As a Private Body registered under the Value Added Tax Act, 1991, Ciovita will add VAT to all the abovementioned fees. |
14. GROUNDS FOR REFUSAL
If a request for access is refused, Ciovita will advise the requester about the reason for refusal of access and may advise the requester to lodge an application with the court against the refusal for such request.
Chapter 4 of PAIA provides reasons for refusal. Note that these reasons do not mean that requests of such nature will be refused, it just means that access may be granted for such reasons.
The following may be reasons for refusal:
14.1 Mandatory Grounds for Refusal
With mandatory grounds for refusal, Ciovita must refuse the request. The following are mandatory grounds for refusal:
- The mandatory protection of privacy of a third party who is a natural person if the disclosure would involve the unreasonable disclosure of personal information about a third party, including a deceased individual.
- The mandatory protection of commercial information of a third party if it contains:
- Trade secrets of a third party
- financial, commercial, scientific, or technical information, other than trade secrets, of a third party, the disclosure of which would be likely to cause harm to the commercial or financial interests of that third party; or
- information supplied in confidence by a third party the disclosure of which could reasonably be expected -
- to put that third party at a disadvantage in contractual or other negotiations; or
- to prejudice that third party in commercial competition.
- The mandatory protection of certain confidential information of third parties if the disclosure of the record would constitute an action for breach of confidence owed to a third party in terms of an agreement.
- The mandatory protection of safety of individuals, and protection of property
- Mandatory protection of records privileged from production in legal proceedings.
- The mandatory protection of research information of a third party, and protection of research information of Ciovita if such disclosure would place the research or the researcher at a serious disadvantage.
- A record of Ciovita if the record consists of information that was supplied in confidence by a third party if the disclosure of which could reasonably be expected to prejudice the future supply of similar information, or information from the same source and if it is in the public interest that similar information, or information from the same source, should continue to be supplied.
14.2 Discretionary Grounds of Refusal
With discretionary grounds of refusal, the Information Officer must apply their minds and consider whether to refuse a request because of the following reasons:
- Economic, financial, and commercial interests of Ciovita, which may include:
- trade secrets o financial, commercial, scientific, or technical information, other than trade secrets, the disclosure of which would be likely to cause harm to the commercial or financial interests of Ciovita.
- contains information, the disclosure of which could reasonably be expected -
- to put a public body at a disadvantage in contractual or other negotiations; or
- to prejudice a public body in commercial competition; or
- Computer programs owned by Ciovita which are protected by copyright and intellectual property laws.
- Requests that are manifestly frivolous or vexatious, or which involves substantial and unreasonable diversion of resources.
Note that if only part of a record is linked to an exemption ground, Ciovita is obliged to consider whether partial disclosure or information is possible whenever they determine that full disclosure is not possible and Ciovita will take reasonable steps to sever or redacts the part or parts that cannot be released to the requester and grant access to the rest of the record.
15. MANDATORY DISCLOSURE OF RECORDS IN THE PUBLIC INTEREST
Even if a discretionary or mandatory ground for refusal exists in relation to a request for access to records, there is the possibility that public interest in the disclosure of the record may be more important than the harm created by the release of the record.
Where the important of the public interest exists as stated above and the disclosure of the record would reveal:
- Evidence of a substantial contravention of or failure to comply with the law; or
- An imminent and serious public safety or environmental risk Then Ciovita must grant access to the record despite the existence of the exemption grounds.
16. THIRD PARTY NOTIFICATION PROCESS
Ciovita is required, to take reasonable steps to inform a third party about a request for their record or records that might be a record that contains either:
- Personal information
- A SARS record
- Trade secrets
- Information, the release of which could constitute grounds for an action for breach of a duty of confidence; or research information that could expose someone or the subject matter to serious damage.
The third party will be requested to:
- Make written or oral representation to the Information Officer why the request for access should be refused; or
- Give written consent for the disclosure of the record to the requester. Ciovita will inform the requester that a notice has been sent to a third party. Once this notification has been sent, Ciovita must make a final decision on whether to release the records within 30 days.
17. REMEDIES
Ciovita does not have an internal appeal procedure in relation to POPIA and PAIA. As such, the decision made by the Information Officer is final.
A requester may, amongst others, challenge the following decision of Ciovita:
- The tender or payment of the request fee
- The tender or payment of a deposit
- The access fee to be paid is too excessive
- The form of access granted
- The refusal of a request
- The procedure (including the period) for lodging the internal appeal
- Inappropriate time extension taken to respond to request for access
- Failure to disclose records
- The granting of a request for access to a record
- Refusal to grant a request to waive the fees
If a requester is unhappy with the decision, they may
- apply to a court for relief
- lodge a complaint with the information regulator
This must be done within 180 days of the decision from Ciovita.
A requester may lodge a complaint with the regulator, if they are not happy with a decision of Ciovita to:
- Refuse a request for access
- Demand payment of the request fee, or a deposit of the access fee
- Extend a period to deal with a request
- Grant access in a particular form
17.1 How to Complain to the Regulator
A complaint to the Regulator must be made in writing and a complaint form (Form 5) must be completed either manually or online.
18. PROCESSING OF PERSONAL INFORMATION
18.1 Purpose of Processing Personal Information
Unless otherwise stated specifically the information may be used for the following purposes:
- Rendering a service to clients
- To transact with suppliers
- Employee administration/management
- To respond to enquiries and/or requests
- Recruitment
- For statistical or research purposes
- Legal and regulatory purposes
- To perform in terms of a contract
- Data analysis for improved marketing
- Social media posts
- Collection of information for marketing purposes
Ciovita does not sell, re-sell or distribute your personal information for re-sale.
We may use your personal information to inform you of products or services available from us. When collecting information that might be used to contact you about our products and services, we give you the opportunity to “opt-out” from receiving such communications. Moreover, each email communication we send includes an unsubscribe link allowing you to stop delivery of that type of communication. If you elect to unsubscribe, we will remove you from the relevant list within 10 business days.
18.2 Description of the Categories of Data Subjects and of the Information or Categories of Information Relating Thereto
The following personal information of the categories mentioned in the table may be processed by Ciovita.
Data Subject | Personal Information Collected |
Clients | Name and surname, ID numbers, physical address, postal address, email address, contact details, bank details |
Suppliers/Service Providers | Bank details, address, contact details, email address, VAT number |
Employees | Name and surname, bank details, address, contact details, tax number, payroll history, disciplinary records, email address, next of kin (emergency contact), gender, ID number, disability, age |
Visitors to Premises | Name and surname, contact details, email address, ID number (copy of ID) |
Retailers/Brands | Company name, name and surname, email address, physical address, phone number, language |
Prospective Employees | Information contained in CV’s |
Visitors to Website |
Contact Form
When Signing Up to Our Newsletter
When Creating and Instant Quote
Creating an Account
When Ordering an Item
Chat Box
|
18.3 The Recipients or Categories of Recipients to Whom the Personal Information May be Supplied
The table below specifies the person or category of persons to whom Ciovita may disseminate personal information to.
Category of Personal Information | Persons to Whom the Information May be Supplied |
---|---|
Invoices and accounting records | Accountants |
Bank details for payments | Banking institutions, Shopify |
18.4 Disclosure of Personal Information to Third Parties
We will also not disclose any personal information without consent unless we reasonably believe that the disclosure is required in terms of an obligation imposed by law, if it is necessary for the proper performance of a public law duty by a public body or to protect your legitimate interest or the legitimate interest of us or a third party (for example, to prevent a threat to your or another’s health and safety).
Any third parties whom we share personal information with to process such information on our behalf, are subject to data protection agreements or data protection notifications.
18.5 Transborder Flows of Personal Information
In certain instances, we may disclose your personal information to third parties that are based in foreign countries.
The transfer of this information will only be completed if:
- the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection.
- The data subject consents to such transfer.
- The transfer is necessary for the performance of a contract between a data subject and us, or for the implementation of pre-contractual measures taken in response to a request from a data subject.
- the transfer is necessary for the conclusion or performance of a contract concluded between us and the third party that is in your interest; or
- The transfer is for the benefit of a data subject and
- it is not reasonably practicable to obtain the consent of the data subject to that transfer; and
- if it were reasonably practicable to obtain such consent, the data subject would be likely to give it.
Although we will take every precaution, it is possible that personal information will be transferred to a third party in a foreign country that is in a jurisdiction where a data subject will not be able to seek redress under POPIA and does not have an equivalent level of data protection as in a data subject’s jurisdiction. We will not be held liable for how such third parties process the personal information.
18.6 Security Measures
We are committed to protecting the security of personal information. While no security measures can guarantee against compromise, we use a variety of security technologies and procedures to help protect data from unauthorised access, use, or disclosure.
We hold personal information in:
- Computer systems
- Electronic databases
- In hard copy or paper files
We have implemented and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect personal information and prevent:
- loss of, damage to or unauthorised destruction of personal information; and
- unlawful access to or processing of personal information.
We use Shopify as our online platform to sell our products. Shopify provides robust security measures, including SSL encryption, protection against DDos attacks, and adherence to PCS DSS compliance standards throughout the platform.
19. AVAILABILITY OF THE MANUAL
A copy of the Manual is available-
- On the Ciovita website at www.ciovita.co.za
- At the principal place of business for public inspection during normal business hours;
- In hard copy to any person upon request and upon the payment of a reasonable prescribed fee; and
- to the Information Regulator upon request.
A fee for a copy of the Manual, as contemplated in Annexure B of the Regulations, shall be payable per each A4-size photocopy made.