PAIA Manual, amended by POPIA

for Good Shepherd Toys (Pty) Ltd

REGISTRATION NUMBER: 2023/791798/07

(“Good Shepherd Toys” or the “company”)

Prepared and published in accordance with Section 51 of the he Promotion of Access to Information Act 2 of 2000 (“PAIA”) and to address the requirements of the Protection of Personal Information Act 4 of 2013 (“POPIA”).

Introduction and purpose of manual

The purpose of this manual is:

• To facilitate the requests for access to records of the business as provided for in PAIA;
• To serve as a manual for the business, as required in terms of Section 51 of PAIA, to promote the access to information;
• To set out the responsibilities of the Information Officer whose responsibility it will be to ensure compliance with PAIA and POPIA; and
• To provide and outline of the type of records and the personal information the business holds and explains how to submit requests for access to these records in terms of PAIA.

PAIA provides that a person may only request information in terms of the Act, if the information is required for the exercise or the protection of a right.

PAIA gives effect to Section 32 of the Constitution, which provides that everyone has the right to access information held by a private body or public body, if the record or personal information held is required to exercise of protect a right.

PAIA, provides that a person requesting information must be given access to any record of a private body, if that record is required for the exercise or the protection of a right. However, such request has to comply with the procedural requirements and PAIA makes provision for the refusal of access to records.

INDEX

1. The business and business details [Section 51(1)(a)]
2. Availability of this PAIA Manual
3. The Act [Section 51(1)(b)]
4. Availability of guides to PAIA and POPIA
5. Applicable legislation [Section 51(1)(c)]
6. Schedule of records [Section 51(1)(d)]
7. Request for access to records
8. Prescribed fees [Section 51(1)(f)]
9. Grounds for refusal
10. Remedies & Appeal
11. Records that cannot be found or do not exist
12. Appeal
13. Protection of Personal Information Act (“POPIA”)
14. Annexures

1. The business and business details [Section 51(1)(a)]

1.1. Good Shepherd Toys (Pty) Ltd is a private company conducting business as a wooden toy manufacturer and online retailer of these toys.

1.2. Details:

Physical Address	125 Horseshoe Crescent, Theescombe, Port Elizabeth, 6070
Postal Address	PO Box 10641, Linton Grange, Port Elizabeth, 6015
Principal Address of Business Activities	125 Horseshoe Crescent, Theescombe, Port Elizabeth, 6070
Telephone Number	072 800 8672
Fax Number	None
Director and Head of the Company	Dominique Lodewijks
Designated Information Officer	Dominique Lodewijks
Email Address of Information Officer	info@goodshepherdtoys.com
Website	https://www.goodshepherdtoys.com

1.3. Requests shall be made in accordance with the prescribed procedures, at the rates provided. The forms and tariff are dealt with in paragraph 5 hereto.

2. Availability of this Manual

2.1 This manual is published on the business’ website, or, alternatively, a copy can be requested from the business by sending a request for a copy to the Information Officer by email (see contact details above).

2.2 This manual will also be available at the business’ registered address (see address details above).

3. PAIA [Section 51(1)(b)]

3.1 The Act grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights. If a public body lodges a request, the public body must be acting in the public interest.

3.2 Requests in terms of PAIA shall be made in accordance with the prescribed procedures, at the rates provided. The forms and tariff are dealt with in paragraphs 6 and 7 of the Act.

3.3 Requesters are referred to the Guide in terms of Section 10 of PAIA which has been compiled by the South African Human Rights Commission, which will contain information for the purposes of exercising Constitutional Rights. The Guide is available from the SAHRC.

3.4 The PAIA guide is available in all official South African languages at no cost, and any person may request a copy of the guide. A copy of the guide may be obtained by contacting the South African Human Rights Commission at:

The South African Human Rights Commission
PAIA Unit – The Research and Documentation Department
Private Bag X2700
Houghton
2041
Telephone: +27 (0) 11 877 3600
Facsimile: +27 (0) 11 403 0625
Website: www.sahrc.org.za

4. Availability of guides to the PAIA and POPI Acts

4.1 In addition to the above, guides to PAIA and POPIA can be obtained from and queries directed to:

The Information Regulator (South Africa)
33 Hoofd Street, Forum III, 3rd Floor Braampark
P.O Box 31533, Braamfontein, Johannesburg, 2017
Mr Marks Thibela
Chief Executive Officer
Tel No. +27 (0) 10 023 5200, Cell No. +27 (0) 82 746 4173
Complaints email: complaints.IR@justice.gov.za
General enquiries email: inforeg@justice.gov.za
Website: https://www.justice.gov.za/inforeg/

5. Applicable legislation [PAIA Section 51(1)(c)]

5.1 Where applicable to the business’s business and operations, information is also available in terms of certain provisions of applicable legislation, which include but not limited to:

• Basic Conditions of Employment Act 75 of 1997;
• Broad Based Black Economic Empowerment Act 53 of 2003;
• Companies Act 71 of 2008;
• Compensation for Occupational Injuries and Health Diseases Act 130 of 1993;
• Competition Act No. 89 of 1998;
• Consumer Protection Act 68 of 2008;
• Customs and Excise Act No. 91 of 1964;
• Electronic Communication and Transactions Act 25 of 2002;
• Employment Equity Act No. 55 of 1998;
• Income Tax Act 58 of 1962;
• Labour Relations Act 66 of 1995;
• Occupational Health & Safety Act 85 of 1993;
• Promotion of Access of Information Act 2 of 2000;
• Protection of Personal Information Act 4 of 2013;
• Skills Development Act 97 of 1998;
• Skills Development Levies Act 9 of 1999;
• Trade Marks Act No. 194 of 1993;
• Unemployment Insurance Act 4 of 2002;
• Value Added Tax Act 89 of 1991.

6. Schedule of records [Section 51(1)(d)]

6.1 The business maintains certain records, which include, but are not limited to, the categories listed below.

6.2 Recording a category or document and/or record in this Manual does not imply that a request for access to such records would be successful. The accessibility of the documents and/or records may be subject to the grounds of refusal.

Employees and personnel:

• Any personal records provided to the business employees
• Employment contracts
• Employment policies and procedures
• Internal evaluation and disciplinary records
• Occupational Health and Safety
• Training schedules and material
• Personnel files

Customer, prospective customer, and user related records:

• Customer contact details
• Records generated by or within the business pertaining to the customer, including transactional records
• Information collected in terms of website cookie policy

Financial & Banking and Tax Records

• Accounting records, books and documents
• Interim and annual financial reports
• Details of auditors
• Bank facilities and account details
• Bank statements
• Tax return
• PAYE records
• UIF records

Other records (business related records):

• Marketing records;
• Insurance records;
• Operational records;
• Databases;
• Information Technology;
• Internal correspondence;
• Product records;
• Statutory records;
• Internal Policies and Procedures;
• Supplier information and records

6.3 The business does make certain information freely available by publication on its website which is available without a person having to request access.

7. Request for access to records

7.1 In terms of Section 50 of PAIA, any person who requires information for the exercise or protection of any rights, may request information from a private body.

7.2 The categories of records and/or information which are held by the business are listed above. A requester will not automatically be allowed access to these records, and access to records may be refused in accordance with the Act.

Form of request [PAIA Section 51(1)(e)]:

7.3 The requester must comply with all the procedural requirements contained in PAIA and the request must be made on the correct form (Form C for private bodies can be found on www.justice.gov.za and/or www.sahrc.org.za).

7.4 The completed prescribed request form must be addressed to the owner of the business and/or the Information Officer of the business, and delivered (hand-delivered, posted or sent via email), together with the proof of payment of a request fee and a deposit, if applicable.

A requester needs to provide sufficient details, and the prescribed form needs to contain sufficient information, to enable the business to identify:

• The record(s) requested;
• The identity of the requester (and if an agent is lodging the request, proof of capacity);
• Which form of access is required, if the request is granted;
• The postal address or fax number of the requester within South Africa;
• If the requester wishes to be informed of the decision relating to the request for access in any manner (in addition to written) the manner and particulars thereof;
• The right which the requester is seeking to exercise or protect with an explanation of the reason the record is required to exercise or protect the right.

7.5 The business will not consider a request unless it is contained in the correct and prescribed Form C (link in annex below).

Procedure:

7.6 The business will, within 30 days of receipt of the request, decide whether to grant or decline the request. Whatever decision is taken, the requester will be given notice of the decision in writing. If a request is refused, the notification will include the reasons for the refusal.

7.7 The 30 day notice period may be extended if the request is for a large number of information, it is necessary due to the nature of the request and the amount of time required to gather the requested information. The requester will however be given notice of the extension prior to the 30 day period’s expiry.

7.8 The business will not process a request until the prescribed fees have been paid. Where a decision to grant a request has been taken, the record will not be disclosed until the necessary fees have been paid in full.

8. Prescribed fees [PAIA Section 51(1)(f)]

8.1 Request Fee (not applicable to a personal requester)

The requester needs to pay the request fee as prescribed by the Minister for Justice and Constitutional Development, before the request will be processed.

This non-refundable fee is payable on submission of any request for access to any record. No fee is payable if the request is for personal records of the person requesting it.

8.2 Deposit (not applicable to a personal requester)

If the preparation of the record requested requires more than the prescribed hours (six), a deposit shall be paid (of not more than one third of the access fee which would be payable if the request were granted).

8.3 Access Fee

The requester needs to pay an access fee as prescribed by the Minister for Justice and Constitutional Development fee to enable the business to recover the cost of processing a request and giving access to records in terms of the Act. The access fee is payable prior to being granted access to the records.

8.4 A request will not be processed until the prescribed fees have been paid and where a decision to grant a request has been taken, the record will not be disclosed until the necessary fees have been paid in full.

8.5 A requester may lodge an application with a court against the tender and/or payment of the request fee and/or deposit.

9. Grounds for refusal of request

The request may be declined in accordance with one of the prescribed grounds in terms of the Act, namely:

9.1 Section 63 of PAIA stipulates that a request for access to a record must be refused if its disclosure would involve the unreasonable disclosure of personal information about a third party, including a deceased individual. However, Section 63(2) does provide exceptions to this.

9.2 Section 64 of PAIA states that a request must be refused if it relates to records containing third party information pertaining to:

9.2.1 Trade secrets;

9.2.2 Financial, commercial, scientific or technical information where disclosure would be likely to cause harm to the commercial or financial interests of that third party; or

9.2.3 Information, supplied in confidence by the third party, the disclosure of which could reasonably be expected to put the third party at a disadvantage in contractual or other negotiations, or prejudice the third party in commercial competition.

9.3 Section 65 of PAIA prohibits disclosure of information if such disclosure would constitute a breach of any duty of confidentiality owed to a third party in terms of an agreement.

9.4. In terms of Section 66 of PAIA, the business must refuse disclosure of the record could reasonably be expected to compromise the safety of an individual or property.

9.5. Section 67 of PAIA mandates the refusal of a request if the record is privileged from production in legal proceedings, unless the person entitled to the privilege has waived the privilege.

9.6. Section 68 of PAIA pertains to records containing information about the business itself and may refuse access to a record if the record:

9.6.1. Contains trade secrets of the business;

9.6.2. Contains financial, commercial, scientific or technical information, the disclosure of which would be likely to cause harm to the commercial or financial interests of the business;

9.6.3. Contains information which, if disclosed, could reasonably be expected to put the business at a disadvantage in contractual or other negotiations, or prejudice the business in commercial competition; or

9.6.4. Consists of a computer programme owned by the business.

9.7. Section 69 of PAIA prohibits the disclosure of information about research where disclosure is likely to expose the third party, the person conducting the research on behalf of the third party, or the subject matter of the research to serious disadvantage. Disclosure is discretionary if such research pertains to the business itself.

9.8. Notwithstanding any of the above-mentioned provisions, Section 70 of PAIA provides that a record must be disclosed if its disclosure would:

9.8.1. Reveal evidence of a substantial contravention of or failure to comply with the law, imminent and serious public safety or environmental risk; and

9.8.2. If the public interest in the disclosure clearly outweighs the harm.

10. Remedies & Appeal

10.1 The business does not have internal appeal procedures regarding PAIA requests. As such, the decision made by the duly authorised persons is final. If a request is denied, the requestor is entitled to apply to a court with appropriate jurisdiction, or the Information Regulator, for relief.

11. Records that cannot be found or do not exist

11.1 If the business has searched for a record and it is believed that the record either does not exist or cannot be found, the requester will be notified accordingly, which notification will include an explanation of the steps that were taken to attempt to locate the record. by way of an affidavit or affirmation. This will include the steps that were taken to try and locate the record.

12. Records and information relating to a third party

12.1 If access is requested to a record that contains information about a third party, the business must first contact such third party to inform him/her/it of the request to access the record and / or information and enquire if the third party consents to the business providing the requester access to the record and / or information, as provided in Chapter 5 (Sections 71 to 73) – third party notification and intervention – of PAIA.

12.2 If the third party does not consent, the business will request the third party to provide the business with reasons why he/she/it does not consent to provide the requester access.

12.3 Upon receipt of the reasons for the support or denial of access, the business’s Information Officer will consider these in determining whether access should be granted, or not.

13. POPIA

13.1 Purpose of processing personal information

The business processes personal information for the following purposes:

• Complying with legal and statutory obligations in terms of applicable legislation;
• Staff administration, including management of employees;
• Human resources purposes such as job applications and interviews with potential or prospective employees;
• Keeping of accounts and records
• Obtaining information necessary to provide the contractually agreed services and / or products to a customer;
• Obtaining information necessary to provide customers with the purchased product(s);
• Marketing and advertising purposes;
• Monitoring, maintaining and managing the business’s contractual obligations with and to customers, clients, suppliers, service providers, employees, directors and other third parties;
• Responding to enquiries and resolving complaints;
• To fulfill obligations (contractual or in terms of legislation) to clients and / or customers; and
• To comply with the business’s delivery and return policies.

13.2 Categories of Data Subjects

The business may possess records relating to personal information of the following data subjects:

• Clients / customers (natural persons and/or juristic persons);
• Service providers;
• Employees;
• Visitors to the business’s premises; and/or
• Individuals who have indicated and interest in the business’s products or services and / or who have completed the “contact us” fill in form on the business’s website.

13.3 Types of personal information being processed by the business may include:

• Client and / or customer’s (individual) details (such as name and surname; physical address; billing address; postal address; ID number; Tax related information; email address, telephone number, etc.);
• Client and / or customer’s (juristic) details (such as name of entity, registration number, physical address, billing address, postal address, telephone number, email address, information of authorised representatives, etc.)
• Employee and / or director’s details (such as name and surname, gender, age, national origin, email address, telephone number, education and qualification information, employment history, ID number, tax number, medical history, etc.)
• Service providers’ details (such as name of entity, registration number, physical address, billing address, postal address, telephone number, email address, information of authorised representatives, tax related information, etc.)

13.4 The business may provide personal information to other recipients

It is sometimes necessary for the business to share personal information with other organisations and/or recipients. Where necessary or required, the business shares personal information with:

• Employees of the business;
• Regulatory and statutory bodies and government;
• Service providers and suppliers;
• Representatives of the business;
• Employment and recruitment agencies;
• Banks or other financial institutions;
• SARS;
• Auditors;
• CIPC.

13.5 Cross border flow of personal information

The business may from time to time need to share personal information with third parties (suppliers and / or service providers) in other countries and transmit personal information transborder, which personal information may be stored in data servers hosted outside South Africa.

The business will endeavour to ensure that these third parties make all reasonable efforts to secure the personal information.

13.6 General Description of Information Security Measures

The business makes use of technology and safeguarding measures to ensure the protection of personal information, such as:

• Organisational privacy policy;
• Firewalls and Anti-Virus software;
• Physical access control;
• Information Systems access control;
• Physical security of devices;
• Passwords

13.7 Data subject’s rights

In terms of Section 11(3) the data subject has the right to objection to the processing of personal information in accordance with Form 1 of the Regulations.

In terms of Section 23(1) & (2) the data subject has the right to establish whether a responsible party holds personal information of data subject and to request access to his/her/its personal information, subject to the provisions of Section 23.

In terms of Section 24 the data subject has the right to request, where necessary, the correction, destruction or deletion of his/her/its personal information in accordance with Form 2 of the Regulations.

14. Annexes

PAIA Form C: Request for Access to Record of Private Body
PAIA Prescribed fees
POPIA Form 1: Objection to the Processing of Personal Information
POPIA Form 2: Request for Correction or Deletion of Personal Information