INTRODUCTION

The Promotion of Access to Information Act, No 2 of 2000 (PAIA) came into effect on 9 March 2001. The purpose of PAIA is to (1) foster a culture of transparency and accountability in public and private bodies by giving effect to the right of access to information and to (2) promote a society in which the people of South Africa have effective access to information to enable them to exercise and protect all of their rights more fully.

This manual has been prepared and published in accordance with the requirements of section 51 of the PAIA and takes into consideration the requirements of the Protection of Personal Information Act, 2013 (POPIA). The purpose of POPIA is to respect the constitutional right to privacy, ensuring that personal information is lawfully processed, and when processed by a responsible person, is adequately safeguarded. POPIA further provides rights and remedies to protect personal information from processing not in accordance with the Act.

The purpose of this manual is to facilitate access to records held by Seartec Trading Proprietary Limited (“Seartec”). It provides reference to the records held and processed by Seartec, the reasons therefore and the process to request access to such records.

The manual is available to the public for inspection on the Seartec website at www.seartec.co.za or on request from the delegated official referred to in this manual.

SEARTEC TRADING PROPRIETARY LIMITED (“Seartec”)

Seartec Trading Proprietary Limited is involved in the sale and rental of office automation equipment and consumables in Southern Africa. The company is a wholly owned subsidiary of Deneb Investments Limited, which is listed on the Johannesburg Stock Exchange.

CONTACT DETAILS. PAIA 51(1)(a).

The responsibility for administration of, and compliance with, the PAIA has been delegated by the Chief Executive Officer (CEO) of Seartec to the Information Officer. The Information Officer also oversees the duties and responsibilities in terms of section 55 of the POPIA.

PAIA GUIDANCE. PAIA 51(1)(b)(i).

PAIA grants a requestor access to records of a private body, if the record is required for the exercise of protection of any rights. If a public body lodges a request, the public body must be acting in the public interest.

Requests in terms of the PAIA shall be made in accordance with prescribed procedures, at the rates provided. The forms and tariff are dealt with in paragraphs 6 and 7 of the PAIA.

AUTO DISCLOSURE. PAIA 51 (1)(b)(ii).

A section 52(2) notice regarding the categories of records, which are available without having to request access in terms of the PAIA, has to date not been published.

LEGISLATION. PAIA 51 (1)(b)(iii).

Where applicable to its operations, Seartec retains records and documents as prescribed by the following pieces of legislation. This list is not exhaustive.

• Basic Conditions of Employment Act, No. 75 of 1997
• Broad Based Black Economic Empowerment Act, No 53 of 2003
• Companies Act, No 71 of 2008
• Compensation for Occupational Injuries and Diseases Act, No 130 of 1993
• Constitution of South Africa Act, No 108 of 1996
• Electronic Communications and Transactions Act, No 2 of 2000
• Employment Equity Act, No 55 of 1998
• Income Tax Act, No 58 of 1962
• Labour Relations Act, No 66 of 1995
• Occupational Health and Safety Act, No 85 of 1993
• Promotional of Access to Information Act, No 2 of 2000
• Skills Development Act, No 97 of 1997
• Skills Development Levies Act, No 9 of 1999
• Unemployment Insurance Act, No 63 of 2001
• Value-added Tax Act, No 89 of 1991

RECORDS HELD. PAIA 51 (1)(b)(iv).

Categories of information held by Seartec include:

▪ Subsidiary and Associate Company Records

o Annual financial statements

o Correspondence

o Audit files

o Fees

o Contacts

o Statutory and tax records

o Business information

o Finding and recommendation reports

o Investigative information and material

o Legal documentation

o Proposal and tender documents

o Project plans and risk management

o Working papers

▪ Corporate Governance

o Codes of conduct

o Minutes of meetings

o Minutes of executive committee meetings

o Enterprise-wide risk management records

o Legal compliance records

▪ Finance and Administration

o Accounting records

o Annual financial statements

o Asset registers

o Accounting and banking records

o Supplier invoices and statements

o Management reports

o VAT, Tax and PAYE records and returns

▪ Human Resources

o Accounting and payroll records

o BEE statistics

o Career development records

o Personnel information

o Employment equity reports

o General terms of employment

o Letters of employment

o Leave records

o PAYE records and returns

o Performance management records

o Policies and procedures

o UIF returns

o Company director information

o Workplace Skills Development Plans

▪ Information Technology

o Contracts and agreements

o Equipment registers

o IT governance records

o Information policies and procedures

▪ Learning and Development

o Training material

▪ Training records and statistics

o Marketing

o Media releases

o Client proposals

o New business development

o Brand information

o Marketing strategies

o Communication strategies

o Client relationship information

o Marketing brochures

o Conferencing advertising and branding

▪ Operations

o General correspondence

o Insurance documentation

o Service level agreements

o Travel documentation

o Operational planning and resourcing

▪ Secretarial Services

o Applicable statutory documents

o Corporate structure diagrams

o Share certificates

o Shareholder agreements

o Minutes of meetings

o Records relating to appointment of directors and auditors

ACCESS REQUESTS. PAIA 51 (1)(b)(iv).

To facilitate the processing of your request, kindly:

▪ Use the prescribed form attached to this manual as PAIA Form 2 (Schedule 1).

▪ Address your request to the Information Officer

▪ Provide sufficient details as to enable Seartec to identify:

o The records requested

o The requestor (and if an agent is lodging the request, proof of capacity)

o The form of access required

o The postal address or fax number of the requester in the Republic

o If the requestor wishes to be informed of the decision in any manner (in addition to written) the manner and particulars thereof

o The right which the requestor is seeking to exercise or protect with an explanation of the reason the record is required to exercise or protect the right.

The following applies to requests, other than personal requests:

▪ A requestor is required to pay the prescribed fees before a request will be processed.

▪ If the preparation of the record requested requires more than the prescribed hours, a deposit shall be paid of not more than one third of the access fee which would be payable if the request were granted.

▪ A requestor may lodge an application with a court against the tender / payment of the request fee and / or deposit.

▪ Records may be withheld until the fees have been paid.

Requests complying with the requirements set out above, will be processed and considered expeditiously. If the request for access is refused, Seartec will advise the requestor about the reasons for refusal of access and may, in the absence of an internal appeal process, advise the requestor to lodge an application with the court against the refusal of the request.

Requests for information may be refused on the following grounds:

▪ Protection of the privacy of a third party who is a natural person

▪ Protection of commercial information of a third party

▪ Protection of certain confidential information of a third party

▪ Protection of safety of individuals and protection of property▪

▪ Protection of records privileged from production in legal proceedings

▪ Commercial information of the private body

▪ Protection of research information of a third party and of the private body.

Seartec will give the requestor a written notice of the decision within 30 days after a decision is made on their request to access information. In case of a request being refused, the notification will include the reasons for the refusal.

Seartec may extend the 30 days’ notice period for a further period not exceeding 30 days after receiving the request, due to the nature of the request and the amount of time required to gather the requested information. The requestor will be notified of the extension prior to the expiry of the 30-day notice period.

PROTECTION OF PERSONAL INFORMATION THAT IS PROCESSED BY SEARTEC

Seartec requires personal information relating to both individual and juristic persons in order to carry out its business and operational functions. Seartec determines the purpose of and means for processing personal information, and as such, is considered a responsible party.

Seartec will ensure that personal information of data subjects is processed in line with the following conditions:

▪ Accountability

▪ Processing limitation

o Personal information is lawfully processed, including data subject consent to processing of personal information and legal basis for processing.

o Personal information is adequate, relevant and not excessive for the purposes for which it was collected.

o Data subjects have the right to object to Seartec’s use of their personal information and request deletion of such personal information (subject to Seartec’s record keeping requirements) using the prescribed form attached to this manual as POPIA Form 1 – Schedule 1).

o Data subjects have the right to object to the processing of personal information for purposes of direct marketing by means of unsolicited electronic communications.

▪ Purpose specification

o Personal information is processed for only the purpose for which it was collected.

o Personal information will not be kept for longer than is necessary.

▪ Further processing limitation

o Personal information will not be processed for a secondary purpose unless that processing is compatible with the original purpose.

▪ Information quality

o Reasonable practical steps will be taken to ensure that personal information is complete, accurate, not misleading and updated where necessary.

▪ Openness

o Data subjects have the right to be notified that their personal information is being collected by Seartec.

▪ Security safeguards

o Data will be processed in accordance with integrity and confidentiality principles, this includes physical and organisational measures to ensure that personal information, in both physical and electronic form, are subject to appropriate level of security when stored, used and communicated by Seartec, in order to protect against access and acquisition by unauthorised person and accidental loss, destruction or damage.

▪ Data subjects have the right to be notified of security compromises.

▪ Data subject participation

o Data subjects have the right to know whether Seartec holds personal information about them, and to access that information.

o Data subjects have the right to request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information using the prescribed form attached to this manual as POPIA Form 2 – Schedule 1.

CATEGORIES OF DATA SUBJECTS AND PERSONAL INFORMATION AND PURPOSE FOR PROCESSING. PAIA 51(1)(c)(i)(ii).

Personal information may only be processed for a specific purpose. The purposes for which Seartec processes or will process personal information, as well as the categories of personal information, is set out below.

▪

▪ Directors

o Category of personal information

▪ CIPC information

▪ Tax compliance information

▪ Postal / street address

▪ Title and name

▪ Contact number and / or email address

▪ Financial and business or operational information

o Purpose

▪ Communicate with directors via email, SMS, letter, telephone or any other way about Seartec’s services, unless clients indicate otherwise

▪ Perform other administrative and operational purposes

▪ Comply with Seartec’s regulatory and other obligations

▪ Verify and updating information

▪ Any other reasonably required purpose relating to the Seartec business.

▪ Employees

o Category of personal information

▪ Name and contact details

▪ Identify number and identify documents, including passports

▪ Ethnic group

▪ Age

▪ Gender

▪ Marital status

▪ Nationality

▪ Language

▪ Employment history and references

▪ Banking and financial details

▪ Details of payments to third parties (salary deductions)

▪ Employment contracts

▪ Employment equity plans

▪ Medical aid records

▪ Pension fund records

▪ Remuneration / salary records

▪ Performance appraisals

▪ Disciplinary records

▪ Leave records

▪ Learnership agreements

▪ Training records

o Purpose

▪ Verification of applicant / employees’ information during recruitment process

▪ General matters relating to employees’ pension, medical aid, payroll, disciplinary action and training

▪ Comply with Seartec’s regulatory and other obligations

▪ Any other reasonably required purpose for relating to the employment or possible employment relationship.

▪ Suppliers

o Category of personal information

▪ Name and contact details

▪ Identity and / or company information and director information

▪ B-BBEE Certificates

▪ Banking and financial information

▪ Information about products and services

▪ Other information not specified, reasonably acquired to be processed for busines purposes.

o Purpose

▪ Verifying information and performing checks

▪ Purpose relating to the agreement of business relationship or possible agreement or business relationships between the parties

▪ Payment of invoices

▪ Complying with Seartec regulatory and other obligations

▪ Any other reasonably required purpose relating to the Seartec business.

RECIPIENTS OF PERSONAL INFORMATION. PAIA 51(1)(c)(iii).

Recipients of personal information include inter alia:

• Professional advisors, such as law firms, tax advisors or auditors
• Insurers
• Tax and customs, and excise authorities
• Regulatory and other professional bodies
• Public registries of company directors and shareholdings
• Providers of identity verification services
• Credit reference agencies
• The courts, police and law enforcement agencies
• Government departments and agencies
• Service providers
• Support providers.

TRANSBORDER FLOWS. PAIA 51(1)(c)(iv).

Personal information may be transmitted transborder to Seartec suppliers in other countries, and personal information may be stored in data servers hosted outside South Africa, which have data privacy laws consistent or aligned with the requirements of the POPIA.

Comprehensive service level agreements are established with all outsourced IT service providers that provide IT support or software solutions. The Service Level Agreements of the service providers, which deals with, inter alia, key deliverables such as system and user support, system availability, cyber-risk management, virus protection, data protection, telephony and other general controls, is reviewed annually and its compliance monitored.

SECURITY MEASURES. PAIA 51(1)(c)(v).

Seartec undertakes to implement and maintain data protection measures to accomplish confidentiality, availability and integrity of personal information that is processed and stored.

Seartec has aligned its information security practices to best practice frameworks to ensure adequate organizational and technological measures are in place to protect any personal information stored and processed; and may use alternative practices to adapt to technological security developments, as needed, provided that the above objectives are achieved. Information security policies are in place throughout Seartec regulating, inter alia, the processing and protection of own and third-party information. When required, specialist skills are insourced to assist with information technology services.