PAIA Manual

(This Manual pertains to Stellenbosch Academy of Sport (Pty) Ltd, hereinafter referred to as “SAS”)

THE PROMOTION OF ACCESS TO INFORMATION MANUAL (“MANUAL”)

1. PREAMBLE

   The Promotion of Access to Information Act, 2000 ("PAIA") came into operation on 9 March 2001. PAIA seeks, among other things, to give effect to the Constitutional right of access to any information held by the State or by any other person where such information is required for the exercise or protection of any right and gives natural and juristic persons the right of access to records held by either a private or public body, subject to certain limitations, in order to enable them to exercise or protect their rights. Where a request is made in terms of PAIA to a private body, that private body must disclose the information if the requester is able to show that the record is required for the exercise or protection of any rights, and provided that no grounds of refusal contained in PAIA are applicable. PAIA sets out the requisite procedural issues attached to information requests.

   Section 51 of PAIA obliges private bodies to compile a manual to enable a person to obtain access to information held by such private body and stipulates the minimum requirements that the manual has to comply with.

   This Manual constitutes SAS’s PAIA manual. This Manual is compiled in accordance with section 51 of PAIA as amended by the Protection of Personal Information Act, 2013 ("POPIA"), which gives effect to everyone’s Constitutional right to privacy. POPIA promotes the protection of personal information processed by public and private bodies, including certain conditions so as to establish minimum requirements for the processing of personal information. POPIA amends certain provisions of PAIA, balancing the need for access to information against the need to ensure the protection of personal information by providing for the establishment of an Information Regulator to exercise certain powers and perform certain duties and functions in terms of POPIA and PAIA, providing for the issuing of codes of conduct and providing for the rights of persons regarding unsolicited electronic communications and automated decision making in order to regulate the flow of personal information and to provide for matters concerned therewith.

   This PAIA manual also includes information on the submission of objections to the processing of personal information and requests to delete or destroy personal information or records thereof in terms of POPIA.

2. ABOUT SAS

   The Stellenbosch Academy of Sport seeks to provide the environment in which to develop and train, in order to attain that 'excellence of performance'. SAS offers an all-encompassing world-class facility, situated in the beautiful South African winelands of Stellenbosch. Facilities and services on-site include indoor and outdoor training fields, a state-of-the-art gym, access to leading sports scientists, doctors, coaches, physiotherapists and biokineticists, cutting-edge conference facilities, comfortable athlete accommodation and performance-nutrition catering.

3. CONTACT DETAILS

   Name of Body:	Stellenbosch Academy of Sport
   Designated Information Officer:	Robert Benadie
   Email address of Information Officer:	privacy@sastraining.co.za
   Postal address:	1 Krige Street, Stellenbosch 7600
   Street address:	1 Krige Street, Stellenbosch 7600
   Phone number:	+27 21 861 7800

4. INFORMATION REGULATORS GUIDE

   An official Guide has been compiled which contains information to assist a person wishing to exercise a right of access to information in terms of PAIA and POPIA. This Guide is made available by the Information Regulator (established in terms of POPIA). Copies of the updated Guide are available from Information Regulator in the manner prescribed. Any enquiries regarding the Guide should be directed to:

   • Postal Address:
     
     JD House
     
     27 Stiemens Street
     
     Braamfontein
     Johannesburg, 2001
   • Telephone Number:
     
     
   • E-mail Address:
     
     inforeg@justice.gov.za
   • Website:
     
     https://www.justice.gov.za/inforeg/

5. OBJECTIVES OF THIS MANUAL

   The objectives of this Manual are:

   • to provide a list of all records held by SAS;
   • to set out the requirements with regard to who may request information in terms of PAIA as well as the grounds on which a request may be denied;
   • to define the manner and form in which a request for information must be submitted; and
   • to comply with the additional requirements imposed by POPIA.

6. ENTRY POINT FOR REQUESTS

   PAIA provides that a person may only make a request for information, if the information is required for the exercise or protection of a legitimate right.

   Information will therefore not be furnished unless a person provides sufficient particulars to enable SAS to identify the right that the requester is seeking to protect as well as an explanation as to why the requested information is required for the exercise or protection of that right. The exercise of an individual’s rights is subject to justifiable limitations, including the reasonable protection of privacy, commercial confidentiality and effective, efficient and good governance. PAIA and the request procedure contained in this Manual may not be used for access to a record for criminal or civil proceedings, nor should information be requested after the commencement of such proceedings.

   The Information Officer has been delegated with the task of receiving and co-ordinating all requests for access to records in terms of PAIA, in order to ensure proper compliance with PAIA and POPIA.

   The Information Officer will facilitate the liaison with the internal legal team on all of these requests.

   All requests in terms of PAIA and this Manual must be addressed to the Information Officer using the details in paragraph 3 above.

7. AUTOMATICALLY AVAILABLE INFORMATION

   Information that is obtainable via the SAS website about SAS is automatically available and need not be formally requested in terms of this Manual.

   The following categories of records are automatically available for inspection, purchase or photocopying:

   • brochures
   • press releases
   • publication; and
   • various other marketing and promotional material.

8. INFORMATION AVAILABLE IN TERMS OF POPIA

   1. In terms of POPIA, personal information must be processed for a specified purpose. The purpose for which data is processed by SAS will depend on the nature of the data and the particular data subject. This purpose is ordinarily disclosed, explicitly or implicitly, at the time the data is collected. Please also refer to the SAS Website Privacy Policy for further information.

   2. Categories of personal information collected by SAS

      SAS may collect information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-

      1. 8.2.1. information relating to the gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
      2. 8.2.2. information relating to the education or the medical, financial, criminal or employment history of the person;
      3. 8.2.3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
      4. 8.2.4. the personal opinions, views or preferences of the person;
      5. 8.2.5. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
      6. 8.2.6. the views or opinions of another individual about the person; and
      7. 8.2.7. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
      8. 8.2.8. the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or
      9. 8.2.9. the criminal behaviour of a data subject to the extent that such information relates to-
         1. 8.2.9.1. the alleged commission by a data subject of any offence; or
         2. 8.2.9.2. any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.

   3. A description of the categories of data subjects and of the information or categories of information relating thereto

      SAS holds information and records on the following categories of data subjects:

      1. 8.3.1. Employees / personnel of SAS;
      2. 8.3.2. customers, players, participants and/or patients of SAS;
      3. 8.3.3. any third party with whom SAS conducts business;
      4. 8.3.4. contractors of SAS;
      5. 8.3.5. suppliers of SAS.
      6.  

      (This list of categories of data subjects is non-exhaustive.)

   4. The purpose of processing personal information

      Depending on the category of personal information which is collected, the purposes for processing may include:

      1. 8.4.1. to provide you with a service which you have requested from SAS;
      2. 8.4.2. communication with data subjects;
      3. 8.4.3. promoting and marketing our services;
      4. 8.4.4. to improve our services;
      5. 8.4.5. conducting research and compiling research reports;
      6. 8.4.6. provision of support services to data subjects;
      7. 8.4.7. preparing aggregated and anonymised reports;
      8. 8.4.8. to manage accounts, receive services and process payments;
      9. 8.4.9. to assess the suitability of job applicants for employment;
      10. 8.4.10. meeting legal obligations in respect of employment equity and to comply with other applicable laws.

   5. The recipients or categories of recipients to whom the personal information may be supplied

      Depending on the nature of the personal information, SAS may supply information or records to the following categories of recipients:

      1. 8.5.1. Companies in the Remgro group;
      2. 8.5.2. business partners;
      3. 8.5.3. statutory oversight bodies, regulators or judicial commissions of enquiry making a request for data;
      4. 8.5.4. any court, administrative or judicial forum, arbitration making a request for data or discovery in terms of the applicable rules (i.e. South African Revenue Services, or another similar authority and anyone making a successful application for access in terms of PAIA; and
      5. 8.5.5. any person who conducts business with the SAS, in the ordinary course of business;
      6. 8.5.6. companies or individuals that provide services to SAS or act on its behalf may have access to information about data subjects; and
      7. 8.5.7. third parties where the data subject provides consent.

      (This list of categories of data subjects is non-exhaustive. Also refer to our Privacy Policy)

   6. Planned transborder flows of personal information

      1. 8.6.1. SAS may need to transfer a data subject's information to service providers in countries outside South Africa, in which case SAS will fully comply with applicable data privacy and protection legislation. This may happen if the SAS's servers or suppliers and service providers are based outside South Africa, or if the SAS's services are hosted in systems or servers outside South Africa and/or if a data subject uses SAS's services while visiting countries outside this area. These countries may not have data-protection laws which are similar to those of South Africa.
      2. 8.6.2. If SAS transfers personal information outside of South Africa, SAS will make sure that the information is protected in the same way as if it was being used in South Africa. SAS will use one of the following safeguards:
         • transfer to another country whose privacy legislation ensures an adequate level of protection of personal information similar or equivalent to South Africa;  or
         • put in place a contract with the third-party that means they must protect personal information to the same standards as South Africa.

   7. A general description of information security measures to be implemented by SAS

      SAS takes appropriate technical and organisational measures designed to ensure that personal information remains confidential and secure against unauthorised or unlawful processing and against accidental loss, destruction or damage

9. INFORMATION AVAILABLE IN TERMS OF OTHER LEGISLATION

   Information is available in terms of certain provisions of the following legislation to the persons or entities specified in such legislation:

   • Administration of Estates Act 66 of 1965
   • Basic Conditions of Employment Act 75 of 1997
   • Close Corporations Act 69 of 1984
   • Companies Act 71 of 2008
   • Compensation for Occupational Injuries and Health Diseases Act 130 of 1993
   • Employment Equity Act 55 of 1998
   • Income Tax Act 58 of 1962
   • Insolvency Act No. 24 of 1936
   • Labour Relations Act 66 of 1995
   • Occupational Health & Safety Act 85 of 1993
   • Pension Funds Act 24 of 1956
   • Skills Development Act 97 of 1998
   • Skills Development Levies Act 9 of 1999
   • Unemployment Contributions Act 4 of 2002
   • Unemployment Insurance Act 63 of 2001
   • Value Added Tax Act 89 of 1991

10. CATEGORIES OF RECORDS AVAILABLE UPON REQUEST

    SAS maintains records on the categories and subject matters listed below. Please note that recording a category or subject matter in this Manual does not imply that a request for access to such records would be honoured. All requests for access will be evaluated on a case by case basis in accordance with the provisions of PAIA.

    Please note further that many of the records held by SAS are those of third parties, such as clients and employees, and SAS takes the protection of third party confidential information very seriously. In particular, where SAS acts as professional advisors to clients, many of the records held are confidential and others are the property of the client and not of SAS. For further information on the grounds of refusal of access to a record please see paragraph 11.5 below. Requests for access to these records will be considered very carefully. Please ensure that requests for such records are carefully motivated.

    Category of records	Records
    Internal records The records listed pertain to SAS's own affairs	Memoranda and Articles of Association Financial records Operational records Intellectual property Marketing records; Internal correspondence; Service records; Statutory records; Internal policies and procedures; Minutes of meetings;
    Personnel records For the purposes of this section, “personnel” means any person who works for or provides services to or on behalf of SAS and receives or is entitled to receive any remuneration and any other person who assists in carrying out or conducting the business of SAS. This includes partners, directors, all permanent, temporary and part-time staff as well as consultants and contract workers.	Any personal records provided to us by our personnel; Any records a third party has provided to us about any of their personnel; Conditions of employment and other personnel-related contractual and quasi legal records; Employment policies and procedures; Internal evaluation and disciplinary records; and Other internal records and correspondence.
    Client-related records	Contracts with the client and between the client and other persons;
    Other third party records Records are kept in respect of other parties, including without limitation joint ventures and consortia to which SAS is a party, contractors and sub-contractors, suppliers, service providers, and providers of information regarding general market conditions. In addition, such other parties may possess records which can be said to belong to SAS.	Personnel, client, or SAS records which are held by another party as opposed to being held by SAS; and Records held by SAS pertaining to other parties, including financial records, correspondence, contractual records, records provided by the other party, and records third parties have provided about the contractors or suppliers.
    Other records	Information relating to SAS; and Research information belonging to SAS or carried out on behalf of a third party.

11. REQUEST PROCEDURE

    1. Completion of the prescribed form

       Any request for access to a record in terms of PAIA must substantially correspond with Form C of Annexure B to Government Notice No. R.187 dated 15 February 2002 and should be specific in terms of the record requested. (See appendix C hereto.)

       A request for access to information which does not comply with the formalities as prescribed by PAIA will be returned to you.

       POPIA provides that a data subject may, upon proof of identity, request the SAS to confirm, free of charge, all the information it holds about the data subject and may request access to such information, including information about the identity of third parties who have or have had access to such information.

       POPIA also provides that where the data subject is required to pay a fee for services provided to him/her, SAS must provide the data subject with a written estimate of the payable amount before providing the service and may require that the data subject pays a deposit for all or part of the fee.

       Grounds for refusal of the data subject’s request are set out in PAIA and are discussed below.

       POPIA provides that a data subject may object, at any time, to the processing of personal information by SAS, on reasonable grounds relating to his/her particular situation, unless legislation provides for such processing. The data subject must complete the prescribed form attached hereto as Appendix 2 and submit it to the Information Officer at the postal or physical address, facsimile number or electronic mail address set out above.

       A data subject may also request SAS to correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or destroy or delete a record of personal information about the data subject that SAS is no longer authorised to retain records in terms of POPIA's retention and restriction of records provisions.

       A data subject that wishes to request a correction or deletion of personal information or the destruction or deletion of a record of personal information must submit a request to the Information Officer at the postal or physical address, facsimile number or electronic mail address set out above on the form attached hereto as Appendix D.

    2. Proof of identity

       Proof of identity is required to authenticate your identity and the request. You will, in addition to this prescribed form, be required to submit acceptable proof of identity such as a certified copy of your identity document or other legal forms of identity.

    3. Payment of the prescribed fees

       There are two categories of fees which are payable:

       • The request fee: R50
       • The access fee: This is calculated by taking into account reproduction costs, search and preparation costs, as well as postal costs. These fees are set out in Appendix B.

       Section 54 of PAIA entitles SAS to levy a charge or to request a fee to enable it to recover the cost of processing a request and providing access to records. The fees that may be charged are set out in Regulation 9(2)(c) promulgated under PAIA.

       Where a decision to grant a request has been taken, the record will not be disclosed until the necessary fees have been paid in full.

    4. Timelines for consideration of a request for access

       Requests will be processed within 30 (thirty) days, unless the request contains considerations that are of such a nature that an extension of the time limit is needed.

       Should an extension be required, you will be notified, together with reasons explaining why the extension is necessary.

    5. Grounds for refusal of access and protection of information

       There are various grounds upon which a request for access to a record may be refused. These grounds include:

       • the protection of personal information of a third person (who is a natural person) from unreasonable disclosure;
       • the protection of commercial information of a third party (for example: trade secrets; financial, commercial, scientific or technical information that may harm the commercial or financial interests of a third party);
       • if disclosure would result in the breach of a duty of confidence owed to a third party;
       • if disclosure would jeopardise the safety of an individual or prejudice or impair certain property rights of a third person;
       • if the record was produced during legal proceedings, unless that legal privilege has been waived;
       • if the record contains trade secrets, financial or sensitive information or any information that would put SAS (at a disadvantage in negotiations or prejudice it in commercial competition); and/or
       • if the record contains information about research being carried out or about to be carried out on behalf of a third party or by SAS.

       Section 70 PAIA contains an overriding provision. Disclosure of a record is compulsory if it would reveal (i) a substantial contravention of, or failure to comply with the law; or (ii) there is an imminent and serious public safety or environmental risk; and (iii) the public interest in the disclosure of the record in question clearly outweighs the harm contemplated by its disclosure.

       If the request for access to information affects a third party, then such third party must first be informed within 21 (twenty one) days of receipt of the request. The third party would then have a further 21 (twenty one) days to make representations and/or submissions regarding the granting of access to the record.

12. REMEDIES AVAILABLE TO A REQUESTER ON REFUSAL OF ACCESS

    If the Information Officer decides to grant you access to the particular record, such access must be granted within 30 (thirty) days of being informed of the decision.

    There is no internal appeal procedure that may be followed after a request to access information has been refused. The decision made by the Information Officer is final. In the event that you are not satisfied with the outcome of the request, you are entitled to apply to a court of competent jurisdiction to take the matter further.

    Where a third party is affected by the request for access and the Information Officer has decided to grant you access to the record, the third party has 30 (thirty) days in which to appeal the decision in a court of competent jurisdiction. If no appeal has been lodged by the third party within 30 (thirty) days, you must be granted access to the record.

    A person has the right to lodge a complaint to the Regulator and request the contact details of the Regulator from the Information Officer if they feel that this Manual does not comply with the applicable laws.

13. AVAILABILITY OF THIS MANUAL

    Copies of this Manual are available for inspection, free of charge, at the offices of SAS and at 1 Krige street, Stellenbosch, 7600.