Manual Prepared in Terms of Section 51 of the Promotion of Access to Information Act, 2 of 2000 for Ciovita (Pty) Ltd (“Ciovita”) 

 

TABLE OF CONTENTS

  1. Definitions
  2. Introduction
  3. Purpose of PAIA Manual
  4. Company Details
  5. Duties of the Information Officer
  6. Contact Details of the Information Officer and Deputy Information Officer(s)
  7. Guide on How to Use PAIA and How to Obtain Access to the Guide
  8. Categories of Records of Ciovita Which Are Available Without a Person Having to Request Access
  9. Description of the Records of Ciovita which are Available in Accordance with any Other Legislation
  10. Description of the Subjects on Which the Body Holds Records and Categories of Records Held on Each Subject by Ciovita
  11. Access to Information or Records Held by Ciovita
  12. Request for Information Procedure
  13. Fees
  14. Grounds for Refusal
  15. Mandatory Disclosure of Records in Public Interest
  16. Third Party Notification Process
  17. Remedies
  18. Processing of Personal Information
  19. Availability of this Manual


1. DEFINITIONS

“Access Fee” means a fee paid by a requester to Ciovita to cover the costs of finding and copying records required by the requester.

“Authorised Person” means a person who makes a request on behalf of someone else, and who has been properly authorised in writing to do so.

“Automatically Available Records” means records that a public or private body will provide to a requester without them needing to file a request. These records are listed in a “voluntary disclosure notice”, which should be made public.

“Calendar Day” means the exclusion of the day on which a request is received, and the inclusion of every day thereafter, including weekends and public holidays, until the final day is counted. If the final day falls on a Sunday or public holiday, the following day is regarded as the final day.

“Consent” means any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information.

“Constitution” means the Constitution of the Republic of South Africa, 1996. “Data Subject” means the person to whom personal information relates.

“Days” means, unless specified as a “Working Day” in a section of the PAIA, a calendar day.

“Deemed Refusal” means an instance when a response to a request is not received within the prescribed time.

“Deputy Information Officer” means a person designated or delegated by the information officer to assist a requester with an information request, and to whom an information officer can delegate PAIA powers to.

“Information Officer” means the person authorised to handle PAIA requests as per the following categories: 

No. Type of Entity  Information 
1 Natural Person  Sole proprietor who carries on any trade business or profession, but only in such capacity and not in their personal capacity 
2 Partnership  Any partner of the partnership of any person duly authorised by the partnership. 
3.1 Juristic Person  The Chief Executive Officer or the Managing Director or equivalent officer of the juristic person or any person duly authorised by that officer or any person who is acting as such or any person duly authorised by such acting person. 

 

“Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-  

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or  social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

“Private Body” means-

(a) a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
(b) a partnership which carries or has carried on any trade, business, or profession; or
(c) any former or existing juristic person, but excludes a public body;

“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including-

(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; 
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure, or destruction of information.

“Promotion of Access to Information Act” means the Promotion of Access to Information Act, 2 of 2000 

“Record” means any recorded information-

(a) Regardless of form or medium, including any of the following:

(i) Writing on any material;
(ii) Information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
(iii) Label, marking or other writing that identifies or describes any thing of which it forms part, or to which it is attached by any means;
(iv) Book, map, plan, graph or drawing;
(v) Photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced; 

(b) In the possession or under the control of a responsible party;
(c) Whether or not it was created by a responsible party; and
(d) Regardless of when it came into existence;

“Regulator” means the Information Regulator established in terms of section 39 of PAIA

“Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

“Request for Access” means a request for access to a record of a private body in terms of section 50 of PAIA.  

“Requester”, in relation to-

(a) A private body, means

(i) Any person, including, but not limited to, a public body or an official           thereof, making a request for access to a record of that private body; or
(ii) A person acting on behalf of the person contemplated in subparagraph (i).

“Third Party”, in relation to a request for access to-

(a) A record of a private body, means any person (including, but not limited to, a public body) other than the requester.

LIST OF ACRONYMS AND ABBREVIATIONS 

 The Promotion of Access to Information Act, 2 of 2000  PAIA 
The Protection of Personal Information Act, 4 of 2013  POPIA 
The South African Human Rights Commission SAHRC

 

2. INTRODUCTION

PAIA gives effect to the right to access to information in terms of section 32 of the Constitution. This section provides everyone the right to access to information held by the state or any other person (or private body) when the information is required for the exercise or protection of any rights.

Section 51 of PAIA requires all private bodies to compile a PAIA Manual that provides information on both the types and categories of records held by the private body.

The purpose of PAIA is to:

  • Foster a culture of transparency and accountability in public and private bodies by giving effect to the right to access to information, and;
  • To actively promote a society in which the people of South Africa have effective access to information to enable them to exercise and protect all their rights more fully.

POPIA is South African data privacy Legislation that regulates the processing of personal information of data subjects (both personal and juristic) by responsible parties.

The purpose of the Act is to:

  • Give effect to the constitutional right to privacy, subject to justifiable limitations aimed at balancing the right to privacy against other rights.
  • Regulate the processing of personal information in harmony with international standards.
  • Provides minimum requirements for the lawful processing of personal information.
  • Provides rights and remedies to protect against abuses of personal information.

POPIA has amended the role of the SAHRC. In terms of POPIA the function of the SAHRC in terms of PAIA has been transferred to the Information Regulator who will be empowered to monitor both POPIA and PAIA and to handle complaints relating to access to information and the protection of personal information.

This Manual provides and outlines the types of records held by Ciovita and explains how requesters may submit requests to the records held in terms of PAIA. It further allows requesters to request access, object and request a correction of their personal information in terms of the requirements of POPIA.

Ciovita recognises everyone’s right to access to information and is committed to provide access to the organisation’s records where the proper procedural requirements set out by PAIA and POPIA have been met. 

3. PURPOSE OF PAIA MANUAL

This PAIA Manual is useful for the public to-

  • Check the nature of the records which may already be available without the need for submitting a formal PAIA request.
  • Have a sufficient understanding of how to make a request for access to a record of Ciovita, by providing a description of the subjects on which Ciovita holds records and the categories of records held on each subject.
  • Know the description of the records of Ciovita which are available in accordance with any other legislation.
  • Know the description of the services available to members of the public from Ciovita and how to gain access to those services.
  • Access all the relevant contact details of the Information Officer who will assist the public with the records they intend to access.
  • Know if Ciovita will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto.
  • Know the description of the categories of data subjects and of the information or categories of information relating thereto.
  • Know the recipients or categories of recipients to whom the personal information may be supplied.
  • Know if Ciovita has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and
  • Know whether Ciovita has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.

4. COMPANY DETAILS

 Company Name:  Ciovita South Africa (Pty) Ltd 
Registration Details:  2015/143960/07 
Registered Address: 

199 Albert Road
Woodstock
Cape Town 

Website: 

www.ciovita.co.za

 

5. DUTIES OF THE INFORMATION OFFICER

5.1 The Information Officer of Ciovita is responsible for:

  • Encouraging compliance with the conditions for the lawful processing of personal information
  • Facilitation of requests made Ciovita in terms of PAIA and POPIA
  • Providing adequate notice and feedback to the requester
  • Ensuring compliance with the provisions of PAIA and POPIA
  • Developing, monitoring, maintaining, and making this Manual available
  • Developing internal measures together with adequate systems to process requests for the information or access thereto.
  • Holding internal awareness sessions regarding the provisions of PAIA and POPIA, regulations in terms of PAIA and POPIA, Codes of Conduct or information obtained from the Regulator
  • When requested, providing copies of this Manual upon payment of a fee to be determined by the Regulator.
  • Determining whether to grant a request for access to a complete/full record or only part of a record.
  • Ensuring that access to a record, where so granted, is provided timeously and in the correct format
  • Reviewing this Manual for accuracy and communicating any amendments

5.2 The Information Officer may only provide access to any record held by Ciovita if:

  • The record is required for the exercise or protection of any right; and
  • The requester complies with the procedural requirements relating to a request for access to that record, and
  • Access to that record is not refused in terms of any of the listed grounds for refusal listed in this Manual.

6. CONTACT DETAILS OF THE INFORMATION OFFICER

Information Officer 

 Name:  Andrew Gold
Designation: CEO
Address:  199 Albert Road
Woodstock
Cape Town 
Telephone:  (021) 4613931
Email: andrew @ ciovita.com
Registration Number:  2024-035141 


Deputy Information Officer

 Name:  Richard De Villiers
Designation: Head of Finance
Address:  199 Albert Road
Woodstock
Cape Town 
Telephone:  (021) 4613931
Email: richard @ ciovita.com

7. GUIDE ON HOW TO USE PAIA AND HOW TO OBTAIN ACCESS TO THE GUIDE

7.1 The Regulator has, in terms of section 10(1) of PAIA, as amended, updated, and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.

7.2 The Guide is available in each of the official languages and in braille.

7.3 The Guide contains the description of- 

  • The objects of PAIA and POPIA
  • The manner and form of a request for- 
    • Access to a record of a public body contemplated in section 11 of PAIA; and
    • Access to a record of a private body contemplated in section 50 of PAIA
    • The assistance available from the Information Officer of a public body in terms of PAIA and POPIA
    • The assistance available from the Regulator in terms of PAIA and POPIA
    • All remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging -
      • An internal appeal
      • A complaint to the Regulator; and
      • An application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body
  • The provisions of sections 14 and 51 of PAIA requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual.
  • The provisions of sections 15 and 52 of PAIA providing for the voluntary disclosure of categories of records by a public body and private body, respectively.
  • The notices issued in terms of sections 22 and 54 of PAIA regarding fees to be paid in relation to requests for access; and
  • The regulations made in terms of section 92 of PAIA.

7.4 Members of the public can inspect or make copies of the Guide from the offices of Ciovita and the office of the Regulator, during normal working hours.  

7.5 The Guide can also be obtained-

7.6 A copy of the Guide is also available in the following two official languages, for public inspection during normal office hours-

  • English
  • Afrikaans

8. CATEGORIES OF RECORDS OF CIOVITA WHICH ARE AVAILABLE WITHOUT A PERSON HAVING TO REQUEST ACCESS

8.1 Currently, no notice(s) has/have been published by the Minister on the categories of information available without a person having to request access in terms of PAIA.  

8.2 There are however some records which are freely available to the public. These are mainly records which are available on our website which a person can download, request telephonically or by sending an email or letter. 

9. DESCRIPTION OF THE RECORDS OF CIOVITA WHICH ARE AVAILABLE IN ACCORDANCE WITH ANY OTHER LEGISLATION

Legislation Category of Records
Basic Conditions of Employment Act, 75 of 1997 Employee’s name, occupation, time worked by each employee, remuneration paid to each employee, date of birth for each employee and employment contracts, leave records
Companies Act, 71 of 2008 Certificate of incorporation, memorandum, and articles of association, CM25, CM26, resolutions passed in meetings, annual financial statements, annual accounts, directors reports, auditors reports, books of account, records of directors
Compensation for Occupational Injuries and Diseases Act, 130 of 1993 Salary and wages register (overtime), records of earnings and other prescribed particulars of employees
Income Tax Act, 58 of 1962 Remuneration paid or due to an employee, amount deducted from employee remuneration (or withheld), income tax reference number of employees, reconciliation returns
Insurance Act, 18 of 2017 Insurance policies
Labour Relations Act, 66 of 1995 Disciplinary records, records for each employee specifying the nature of any disciplinary transgressions, the actions taken by Ciovita and reasons for the actions
Occupational Health and Safety Act, 85 of 1993 Records of incidents, regulatory risk assessments, medical surveillance records, training records
Promotion of Access to Information Act, 2 of 2000 Records of all access for information requests and responses, PAIA manual
Protection of Personal Information Act, 4 of 2013 Records of processing activities, data subject request records
Tax Administration Act, 28 of 2011 Records, books of accounts or documents
Unemployment Insurance Act, 63 of 2002 Names, ID number, monthly remuneration and address of company
Value Added Tax Act, 89 of 1991 VAT records, list of suppliers, invoices and tax invoices, credit and debit notes, bank statements

10.DESCRIPTION OF THE SUBJECTS ON WHICH THE BODY HOLDS RECORDS AND CATEGORIES OF RECORDS HELD ON EACH SUBJECT BY CIOVITA

This section sets out the records and the categories of records held on each subject. 

Subjects on Which the Body Holds Records Categories of Records
Statutory Company Information Certificate of Incorporation, Memorandum and Articles of Association, CM25 and CM26, Financial Statements, Books of Account
Regarding Information Required by the Companies Act Supporting Schedules to Books of Account, Ancillary Books of Account, Records of Directors
Finance Records Asset Registers, Banking Records, Computer Software Details, Disaster Recovery Details, Financial Statements, Management Accounts
Tax Records VAT Records, General Correspondence
Statutory Employee Records Employees’ Names and Occupations, Time Worked by Each Employee, Remuneration Paid to Each Employee, Date of Birth of Each Employee, Salary and Wages Register
Other Employee Records Employee Contracts, Disciplinary Records, Leave Records
Intellectual Property Trademarks and Trade Names, Agreements with Suppliers
Taxation Copies of All Income Tax Returns and Other Tax Returns and Documents
Insurance Insurance Policies, Claim Records
Sales and Marketing Customer Records, Brochures, Newsletters and Advertising Materials, Product Information (eg: Pricing), Sales Statistics, Marketing Information, General Correspondence
Information Technology IT Policies and Procedures, Network Diagrams, User Manuals, General Correspondence, System Configuration, Source Code
Business Records Internal Correspondence, Internal Policies and Procedures, Contracts, Leases, Litigation
Environmental, Health and Safety Records Logistics, Stock, Location of Warehouse, Details of Service Providers, General Correspondence

11. ACCESS TO INFORMATION OR RECORDS HELD BY CIOVITA

Access to information can only be granted once the requirements for access have been met.

PAIA provides that a person may only request information from a Private Body if the requested information is required for the exercise or protection of a right. POPIA provides that a Data Subject may request a Responsible Party to confirm, free of charge, all the information it holds about the Data Subject and may request access to such information, including the information of third parties who have or have had access to such information. Where a Data Subject is required to pay a fee for any request for access services, the Responsible Party:

  • Must provide the Data Subject with a written estimate of the payable amount before providing the service
  • May require the requester to pay a deposit for all or part of the fee

If the Information Officer is unable to find the records requested or believe that the records do not exist, they will submit a detailed affidavit or affirmation to the requester giving notice that the records in question do not exist or cannot be found. The Information Officer will outline the steps they took to locate them. 

12. REQUEST FOR INFORMATION PROCEDURE

12.1 To facilitate a request for information, the following procedures apply:

  • The requester must complete Form 2 (Download here) Once completed, the requester must email or post it to the Information Officer at the addresses set out in this manual.
  • The Information Officer will notify the requester that the request has been received and if the request is granted or refused and an estimate of the costs associated with processing the request, if any.
  • The list of fees payable is set out in section 13 of this manual.

12.2 Ciovita will process the request within 30 days,

- unless the requester has stated special reasons which would satisfy the Information Officer that circumstances dictate that this period is not be complied with. 

12.3 Ciovita may request an extension to the time, but will only be able to do so if:

  • The request is for a large number of records or requires that a large number of records are searched, and, without an extension, the search would interfere with the normal activities of Ciovita.
  • The request requires a search through records in an office of Ciovita that is not in the same city or town and could thus not be completed within 30 days; and/or PAIA Manual: Ciovita
  • It requires a level of consultation to act on the request, which cannot reasonably be completed within 30 days.

Ciovita will notify the requester of an intention to extend the initial time, and indicate the period of extension, the reason for the extension, and advise the requester that they have the right to – 

  • Appeal to the relevant authority
  • Lodge a complaint with the regulator; or
  • Institute proceedings in court against the extension as the case may be.

Ciovita will also inform the requester of the process to be followed for each of the above-mentioned rights in the notice.

Once a request has been processed, the Information Officer will inform the requester of the outcome of the request and whether any additional information or fees are required.

If the requester does not use Form 2, we may:

  • Reject the request due to a lack of procedural compliance; or
  • Refuse the request if sufficient information is not provided.

12.4 Notes for Requesters

When requesting information, the following must  be followed:

  • Ensure the form is completed in as much detail as possible.
  • Provide an accurate description of the record(s) sought.
  • Identify the requester.
  • Specify the format in which the information is required.
  • Indicate the contact details of the person requiring information.
  • Indicate if any other manner is to be used to inform the requester and state the necessary particulars to be so informed.
  • The requester must identify the right that is sought to be exercised or to be protected and to provide an explanation of why the requested record is required.
  • If applicable, the requester must provide any other way in which they wish to be informed other than in writing.
  • Provide proof of capacity in which they are making the request if the request is being made on behalf of someone else.

13. FEES

PAIA prescribes certain fees that are payable for requests made in terms of the Act.

The requestor must request the banking details of Ciovita from the Information Officer and make payment if required.

The processing will not commence until the fees are paid. The following fees are applicable: 

Item Description Amount
1 The request fee payable by every requestor R140.00
2 Photocopy/printed black and white copy of A4-size page R2.00 per page or part thereof
3 Printed copy of A4-size page R2.00 per page or part thereof
4 For a copy in a computer-readable form on a flash drive (to be provided by the requestor) R40.00
5 For a copy in a computer-readable form on a compact disc if provided by the requestor R40.00
6 For a copy in a computer-readable form on a compact disc if provided to the requestor R60.00
7 For a transcription of visual images per A4-size page Service to be outsourced, will depend on quotation from service provider
8 Copy of visual images
9 Transcription of an audio record, per A4-size page R24.00
10 Copy of an audio record on a flash drive (to be provided by the requestor) R40.00
11 Copy of an audio record on a compact disc if provided by the requestor R40.00
12 Copy of an audio record on a compact disc if provided to the requestor R60.00
13 To search for and prepare the record for disclosure for each hour or part of an hour, excluding the first hour, reasonably required for such search and preparation. R145.00 (not to exceed R435.00)
14 Deposit – if search exceeds 6 hours One third of the amount per request calculated in terms of items 2 – 12 above.
15 Postage, email, or any other electronic transfer Actual expense if any
VAT: As a Private Body registered under the Value Added Tax Act, 1991, Ciovita will add VAT to all the abovementioned fees.

14. GROUNDS FOR REFUSAL

If a request for access is refused, Ciovita will advise the requester about the reason for refusal of access and may advise the requester to lodge an application with the court against the refusal for such request.

Chapter 4 of PAIA provides reasons for refusal. Note that these reasons do not mean that requests of such nature will be refused, it just means that access may be granted for such reasons.

The following may be reasons for refusal: 

14.1 Mandatory Grounds for Refusal

With mandatory grounds for refusal, Ciovita must refuse the request. The following are mandatory grounds for refusal:

  • The mandatory protection of privacy of a third party who is a natural person if the disclosure would involve the unreasonable disclosure of personal information about a third party, including a deceased individual.
  • The mandatory protection of commercial information of a third party if it contains:
    • Trade secrets of a third party
    • financial, commercial, scientific, or technical information, other than trade secrets, of a third party, the disclosure of which would be likely to cause harm to the commercial or financial interests of that third party; or
    • information supplied in confidence by a third party the disclosure of which could reasonably be expected -
      • to put that third party at a disadvantage in contractual or other negotiations; or
      • to prejudice that third party in commercial competition.
  • The mandatory protection of certain confidential information of third parties if the disclosure of the record would constitute an action for breach of confidence owed to a third party in terms of an agreement.
  • The mandatory protection of safety of individuals, and protection of property
  • Mandatory protection of records privileged from production in legal proceedings.
  • The mandatory protection of research information of a third party, and protection of research information of Ciovita if such disclosure would place the research or the researcher at a serious disadvantage.
  • A record of Ciovita if the record consists of information that was supplied in confidence by a third party if the disclosure of which could reasonably be expected to prejudice the future supply of similar information, or information from the same source and if it is in the public interest that similar information, or information from the same source, should continue to be supplied.

14.2 Discretionary Grounds of Refusal

With discretionary grounds of refusal, the Information Officer must apply their minds and consider whether to refuse a request because of the following reasons:

  • Economic, financial, and commercial interests of Ciovita, which may include:
    • trade secrets o financial, commercial, scientific, or technical information, other than trade secrets, the disclosure of which would be likely to cause harm to the commercial or financial interests of Ciovita.
    • contains information, the disclosure of which could reasonably be expected -
      • to put a public body at a disadvantage in contractual or other negotiations; or
      • to prejudice a public body in commercial competition; or
    • Computer programs owned by Ciovita which are protected by copyright and intellectual property laws.
  • Requests that are manifestly frivolous or vexatious, or which involves substantial and unreasonable diversion of resources.

Note that if only part of a record is linked to an exemption ground, Ciovita is obliged to consider whether partial disclosure or information is possible whenever they determine that full disclosure is not possible and Ciovita will take reasonable steps to sever or redacts the part or parts that cannot be released to the requester and grant access to the rest of the record. 

15. MANDATORY DISCLOSURE OF RECORDS IN THE PUBLIC INTEREST

Even if a discretionary or mandatory ground for refusal exists in relation to a request for access to records, there is the possibility that public interest in the disclosure of the record may be more important than the harm created by the release of the record.

Where the important of the public interest exists as stated above and the disclosure of the record would reveal:

  • Evidence of a substantial contravention of or failure to comply with the law; or
  • An imminent and serious public safety or environmental risk Then Ciovita must grant access to the record despite the existence of the exemption grounds. 

16. THIRD PARTY NOTIFICATION PROCESS

Ciovita is required, to take reasonable steps to inform a third party about a request for their record or records that might be a record that contains either:

  • Personal information
  • A SARS record
  • Trade secrets
  • Information, the release of which could constitute grounds for an action for breach of a duty of confidence; or research information that could expose someone or the subject matter to serious damage.

The third party will be requested to:

  • Make written or oral representation to the Information Officer why the request for access should be refused; or
  • Give written consent for the disclosure of the record to the requester. Ciovita will inform the requester that a notice has been sent to a third party. Once this notification has been sent, Ciovita must make a final decision on whether to release the records within 30 days. 

17. REMEDIES

Ciovita does not have an internal appeal procedure in relation to POPIA and PAIA. As such, the decision made by the Information Officer is final.

A requester may, amongst others, challenge the following decision of Ciovita:

  • The tender or payment of the request fee
  • The tender or payment of a deposit
  • The access fee to be paid is too excessive
  • The form of access granted
  • The refusal of a request
  • The procedure (including the period) for lodging the internal appeal
  • Inappropriate time extension taken to respond to request for access
  • Failure to disclose records
  • The granting of a request for access to a record
  • Refusal to grant a request to waive the fees

If a requester is unhappy with the decision, they may

  • apply to a court for relief
  • lodge a complaint with the information regulator

This must be done within 180 days of the decision from Ciovita.

A requester may lodge a complaint with the regulator, if they are not happy with a decision of Ciovita to:

  • Refuse a request for access
  • Demand payment of the request fee, or a deposit of the access fee
  • Extend a period to deal with a request
  • Grant access in a particular form

17.1 How to Complain to the Regulator

A complaint to the Regulator must be made in writing and a complaint form (Form 5) must be completed either manually or online. 

18. PROCESSING OF PERSONAL INFORMATION

18.1 Purpose of Processing Personal Information

Unless otherwise stated specifically the information may be used for the following purposes:

  • Rendering a service to clients
  • To transact with suppliers
  • Employee administration/management
  • To respond to enquiries and/or requests
  • Recruitment
  • For statistical or research purposes
  • Legal and regulatory purposes
  • To perform in terms of a contract
  • Data analysis for improved marketing
  • Social media posts
  • Collection of information for marketing purposes

Ciovita does not sell, re-sell or distribute your personal information for re-sale.

We may use your personal information to inform you of products or services available from us. When collecting information that might be used to contact you about our products and services, we give you the opportunity to “opt-out” from receiving such communications. Moreover, each email communication we send includes an unsubscribe link allowing you to stop delivery of that type of communication. If you elect to unsubscribe, we will remove you from the relevant list within 10 business days.

18.2 Description of the Categories of Data Subjects and of the Information or Categories of Information Relating Thereto

The following personal information of the categories mentioned in the table may be processed by Ciovita. 

 Data Subject  Personal Information Collected 
Clients  Name and surname, ID numbers, physical address, postal address, email address, contact details, bank details 
Suppliers/Service Providers  Bank details, address, contact details, email address, VAT number
Employees  Name and surname, bank details, address, contact details, tax number, payroll history, disciplinary records, email address, next of kin (emergency contact), gender, ID number, disability, age 
Visitors to Premises  Name and surname, contact details, email address, ID number (copy of ID) 
Retailers/Brands  Company name, name and surname, email address, physical address, phone number, language 
Prospective Employees  Information contained in CV’s 
Visitors to Website 

Contact Form

  • Name and surname
  • Email address
  • Information submitted as a query/comment

When Signing Up to Our Newsletter

  • Name and surname
  • Gender
  • Email address
  • Physical address
  • Birthday (optional)

When Creating and Instant Quote

  • Name and surname
  • Email address
  • Phone number
  • Company name
  • VAT number (optional)
  • Physical address
  • Name of referrer (if applicable)
  • Information provided as part of a comment

Creating an Account

  • Name and surname
  • Email address

When Ordering an Item

  • Email address
  • Name and surname
  • Company name (optional)
  • Physical address (shipping address)
  • Phone number
  • Billing details Managing Orders
  • Email address
  • Phone number

Chat Box

  • Email address
  • Phone number (for SMS)
  • Information provided when interacting on the platform

18.3 The Recipients or Categories of Recipients to Whom the Personal Information May be Supplied 

The table below specifies the person or category of persons to whom Ciovita may disseminate personal information to.  

Category of Personal Information Persons to Whom the Information May be Supplied
Invoices and accounting records Accountants
Bank details for payments Banking institutions, Shopify

18.4 Disclosure of Personal Information to Third Parties 

We will also not disclose any personal information without consent unless we reasonably believe that the disclosure is required in terms of an obligation imposed by law, if it is necessary for the proper performance of a public law duty by a public body or to protect your legitimate interest or the legitimate interest of us or a third party (for example, to prevent a threat to your or another’s health and safety).

Any third parties whom we share personal information with to process such information on our behalf, are subject to data protection agreements or data protection notifications.

18.5 Transborder Flows of Personal Information

In certain instances, we may disclose your personal information to third parties that are based in foreign countries.

The transfer of this information will only be completed if:

  • the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection.
  • The data subject consents to such transfer.
  • The transfer is necessary for the performance of a contract between a data subject and us, or for the implementation of pre-contractual measures taken in response to a request from a data subject.
  • the transfer is necessary for the conclusion or performance of a contract concluded between us and the third party that is in your interest; or
  • The transfer is for the benefit of a data subject and
    • it is not reasonably practicable to obtain the consent of the data subject to that transfer; and
    • if it were reasonably practicable to obtain such consent, the data subject would be likely to give it.

Although we will take every precaution, it is possible that personal information will be transferred to a third party in a foreign country that is in a jurisdiction where a data subject will not be able to seek redress under POPIA and does not have an equivalent level of data protection as in a data subject’s jurisdiction. We will not be held liable for how such third parties process the personal information. 

18.6 Security Measures

We are committed to protecting the security of personal information. While no security measures can guarantee against compromise, we use a variety of security technologies and procedures to help protect data from unauthorised access, use, or disclosure.  

We hold personal information in:

  • Computer systems
  • Electronic databases
  • In hard copy or paper files

We have implemented and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect personal information and prevent:

  • loss of, damage to or unauthorised destruction of personal information; and
  • unlawful access to or processing of personal information.

We use Shopify as our online platform to sell our products. Shopify provides robust security measures, including SSL encryption, protection against DDos attacks, and adherence to PCS DSS compliance standards throughout the platform. 

19. AVAILABILITY OF THE MANUAL

A copy of the Manual is available-

  • On the Ciovita website at www.ciovita.co.za
  • At the principal place of business for public inspection during normal business hours;
  • In hard copy to any person upon request and upon the payment of a reasonable prescribed fee; and
  • to the Information Regulator upon request.

A fee for a copy of the Manual, as contemplated in Annexure B of the Regulations, shall be payable per each A4-size photocopy made.