top of page
A man pointing at his laptop screen

Company Documents

PAIA Manual First Tech Investment

1. INTRODUCTION

The Company is a non-trading holding company for various entities and subsidiaries that form part of the First Technology Group.
This PAIA Manual applies to all wholly owned subsidiaries of the Company

 

2.    COMPANY CONTACT DETAILS: SECTION Sl(l)(A)

 

Group CEO    : Mr. Arnold Sharp Head of Group Legal    : Mr Richard Hammond
Postal Address    : P.O Box 76014, Wendywood, 2144

Street Address    : First Technology Building, 26 Augrabies Road,

Waterfall Office Park, Midrand, Gauteng, 1682.

 
Telephone Number E-mail
 
: (+27)11 790 4400

: ArnoldS@firsttech.co.za; Richardh@firsttech.co.za;  legal@firsttech.co.za
 
Contact details of directors may be requested by submitting a written request for such details to legal@firsttech.co.za

 

3. THE ACT: SECTION Sl(l)(B)

3.1    The Act grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights that the requester may have. If a public body lodges a request, the public body must be acting in the public interest.

3.2    Requests in terms of the Act shall be made in accordance with the prescribed procedures and be subject to the prescribed rates. The forms and tariff are dealt with in paragraphs 6 and 7 of the Act.

3.3    Requesters are referred to the PAIA Guide compiled by the South African Human Rights Commission. Section 10 of the PAIA Guide will contain information for the purpose of exercising Constitutional Rights. The PAIA Guide is available from the South African Human Rights Commission.

3.4    The contact details of the South African Human Rights Commission are as follows:


Postal Address    : Private Bag 2700, Houghton, Johannesburg, 2041
 

Telephone Number Fax Number Website
 

: (+27)11 877 3600

: (+27)11403 0625

: www.sahrc.org.za

 

4. S52(2) NOTICE: Section Sl(l)(C)

At date of signature of this manual no notices relevant to the Company have been published by the Minister of Justice and Constitutional Development under section 52(2) of the Act.

 

5.    APPLICABLE LEGISLATION: SECTION Sl(l)(D)

paia.jpg

6.    SCHEDULE OF RECORDS HELD BY THE COMPANY: SECTION Sl(l){E)

paia_2.jpg
paia_3.jpg

7. PROCEDURE TO FOLLOW WHEN SUBMITTING A REQUEST FOR ACCESS: SECTION 53(1)


7.1    The requester must complete Form C and submit this form together with request fee, to the Group CEO of the Company;

7.2    The form must be submitted to the Group CEO of the Company at the street address and via the electronic mail addresses, as outlined in clause 2 above;

7.3    The form must provide sufficient particulars to enable the Group CEO of the Company to identify the record(s) requested and to identify the requester;

7.4    The requester must:


7.4.1    indicate which form of access is required;


7.4.2    specify his/her postal address or fax number which must be in the Republic of South Africa;

7.4.3    identify the right that the requester is seeking to exercise or protect, and provide an explanation of why the requested record is required for the exercise or protection of that right;

7.5    If, in addition to a written reply, the requester wishes to be informed of the decision on the request in any other manner, the requester must state that manner and the necessary particulars to be informed in such other manner;
 

 

7.6    If the requester is made on behalf of another person, to submit proof of the capacity in which the requester is making the request, to the reasonable satisfaction of the Group CEO of the Company.

 

8. PRESCRIBED FEES: SECTION Sl(l)(E)

8.1    The following applies to requests that are not personal requests (a personal request is where a requester seeks information about himself or herself or his/her next of kin. Personal requests are exempted from paying fees. In addition, if the information is about a deceased individual, then the requester will also be exempted from paying fees.

8.2    Every other request which is not a personal request is subject to payment of the prescribed fees set out in section Sl(l)(f) of the Act ("the Fees"). The access fee of RS0.00 must be paid before a request will be processed. The Fees must be paid to the Company by way of electronic funds transfer into the Company's bank account, the details of which are available on request:

Please note that proof of payment must be submitted to the following email addresses: ArnoldS@firsttech.co.za; RichardH@firsttech.co.za

8.3    If the preparation of the requested record(s) requires more than the prescribed hours (six hours), a deposit shall be paid equal to not more than one third of the Fees which would be payable if the request were granted ("the Deposit").

8.4    Should the Company fail to provide the requester record(s) after approving the request, a requester may lodge an application to court against the payment of the Fee and/or the Deposit.

8.5    Records may be withheld until the Fees and/or Deposit have been paid.


8.6    The Fees structure is available on the website of the South African Human Rights Commission at www.sahrc.org.za.

 

9. REMEDIES AVAILABLE TO REQUESTERS IF THEIR REQUEST FOR INFORMATION HAS BEEN REFUSED


9.1    The Act provides for an internal appeal procedure in terms of sections 74 and 75 of the Act. The Minister, as defined in the Act, is the relevant authority to review any decision taken on appeal.

9.2    An aggrieved party still has an opportunity to approach the courts if dissatisfied with the decision of the relevant authority.

 

10.    PROTECTION OF PERSONAL INFORMATION THAT IS PROCESSED BY THE COMPANY

Chapter 3 of the Protection of Personal Information Act (hereinafter referred to as "POPI") provides for the minimum Conditions for lawful Processing of Personal Information by a Responsible Party. These Conditions may not be derogated from unless specific exclusions apply as outlined in POPI. Below is a description of the eight Conditions for Lawful Processing as contained in POPI, of which The Company ensures adherence:


a)    Accountability - the Responsible Party has an obligation to ensure that there is compliancewith POPI in respect of the processing of Personal Information.
b)    Processing limitation - Personal Information must be collected directly from a Data Subject to the extent applicable; must only be processed with the consent of the Data Subject and must only be used for the purposes for which it was obtained.
c)    Purpose specification - Personal Information must only be processed for the specific purpose for which it was obtained and must not be retained for any longer than it is needed to achieve such purpose.
d)    Further processing limitation - further processing of Personal Information must be compatible with the initial purpose for which the information was collected.
e)    Information quality - the Responsible Party must ensure that Personal Information held is accurate and updated regularly and that the integrity of the information is maintained by appropriate security measures.
f)    Openness - there must be transparency between the Data Subject and the Responsible Party.
g)    Security safeguards - a Responsible Party must take reasonable steps to ensure that adequate safeguards are in place to ensure that Personal Information is being processed responsibly and is not unlawfully accessed.
h)    Data Subject participation - the Data Subject must be made aware that their information is being processed and must have provided their informed consent to such processing.

 

11.    PURPOSE OF THE PROCESSING


Personal Information may only be Processed for a specific purpose. The Company uses personal information under its care in the following manner:
I.    Administration
II.    Rendering services according to contractual agreements Ill.    Staff administration
IV.    Complying with Tax Laws
V.    Keeping accounts of records

12. CATEGORIES OF DATA SUBJECTS

 

As per section 1 of POPI, a Data Subject may either be a natural or a juristic person. The table below sets out the various categories of Data Subjects that the Company processes.

 

The Company may process records relating to:

paia_4.jpg

13. RECIPIENTS OF PERSONAL INFORMATION

The below mentioned outlines the recipients to whom the Company may provide a Data Subjects Personal Information to:

a)    Any firm, organisation or person that the Company uses to collect payments and recover debts or to provide a service on its behalf;
b)    Any firm, organisation or person that/who provides the Company with products or services;
c)    Any payment system the Company uses;
 

 

d)    Regulatory and governmental authorities or ombudsmen, or other authorities, including tax authorities, where he Company has a legal duty to share information;
e)    Third parties to whom payments are made on behalf of employees;
f)    Financial institutions from whom payments are received on behalf of data subjects; and

g)    Employees, contractors and temporary staff;


14.    CROSS-BORDER FLOWS OF PERSONAL INFORMATION

Section 72 of POPI provides that Personal Information may only be transferred out of the Republic of South Africa:

a)    If the recipient country can offer such data an 11adequate level" of protection. This means that its data privacy laws must be substantially like the Conditions for Lawful Processing as contained in POPI; or
b)    If the Data Subject consents to the transfer of their Personal Information; or
c)    If the transfer is necessary for the performance of a contractual obligation between the Data Subject and the Responsible Party; or
d)    If the transfer is necessary for the performance of a contractual obligation between the Responsible Party and a third party, in the interests of the Data Subject; or
e)    If the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to obtain the consent of the Data Subject, and if it were, the Data Subject, would likely provide such consent

Personal Information may be transmitted cross- border to the Company's suppliers in other countries, and Personal Information may be stored in data servers hosted outside South Africa, which may not have adequate data protection laws. The Company will endeavour to ensure that its dealers and suppliers will make all reasonable efforts to secure such data and Personal Information.

15.    DESCRIPTION OF INFORMATION SECURITY MEASURES TO BE IMPLEMENTED


The Company undertakes to institute and maintain the data protection measures to accomplish the following objectives outlined below. The details given are to be interpreted as examples of how to achieve an adequate data protection level for each objective. The Company may use alternative measures and adapt to technological security development, as needed, provided that the objectives are achieved

a)    Access Control of Persons
The Company shall implement suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the data is processed.
 

 

b)    Data Memory Control
The Company undertakes to implement suitable measures to prevent unauthorized input into data memory and the unauthorised reading, alteration or deletion of stored data.

c)    User Control
The Company shall implement suitable measures to prevent its data processing systems from being used by unauthorised persons by means of data transmission equipment.

d)    Access Control to Data
The Company represents that the persons entitled to use the Company's data processing system are only able to access the data within the scope and to the extent covered by their respective access permissions (authorisation).

e)    Transport Control
The Company shall implement suitable measures to prevent data from being read, copied, altered or deleted by unauthorized persons during the transmission thereof or during the transport of the data media.

16.    OBJECTION TO THE PROCESSING


Section 11 (3) of POPI and regulation 2 of the POPIA Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its Personal Information in the prescribed form attached to this manual (Annexure A)

17.    REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION

Section 24 of POPI and regulation 3 of the POPI Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form as per Annexure B

 

ACCEPTANCE

paia_8.jpg

Prescribed Form for the Objection to the Processing of Personal Information


(Section 11(3), Protection of Personal Information Act,2013 (Act No. 4 Of 2013)) Please Note:

a.    Affidavits or other documentary evidence in support of the object needs to be attached to this form.
b.    If more space is required add additional pages as appendices to this form.
 

paia_5.jpg

Prescribed Form for a Request for Correction or Deletion of Personal Information or Destroying or Deletion of Record of Personal Information in terms of Section 24(1) of the Protection of
Personal Information Act, 2013

Regulations Relating to the Protection of Personal Information, 2018 [Regulation 3)

Note:
1.    Affidavits or other documentary evidence as applicable in support of the request may be attached.
2.    If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.
3.    Complete as is applicable.
4.    Mark the appropriate box with an "x".
I.    Correction or deletion of the personal information about the data subject    which is in possession or under the control of the responsible party
III.    Destroying or deletion of a record of personal information about the data subject
which is in possession or under the control of the responsible party and who is no
longer authorised to retain the record of information
 

paia_6.jpg
PAIA_7.jpg
Introduction
Company Contact
The Act
S52
LEGISLATION
Schedule of records
Procedure
Prescribe
Remedis
Protection
Purpose
Catagoories
Recipients
Cross-border
Descriptions
Objection
Acceptance
bottom of page