PAIA Manual

Unless otherwise indicated, or where the context implies otherwise, the following terms shall have the following definitions, namely -

1. "Act" means the Promotion of Access to Information Act, Act 2 of 2000, as amended from time to time;
2. "Affiliates" means any connected party within the same group of companies, employees, sub-contractors, contractors and assigns;
3. "Company" means Teruza and its Affiliates;
4. "Information Officer" means the person acting on behalf of Teruza and discharging the duties and responsibilities assigned to the head of Teruza by the Act. The Information Officer is duly authorised to act as such and such authorisation has been confirmed by the “head” of Teruza in writing;
5. "Manual" means this manual published in compliance with Section 51 of the Act;
6. "PAIA" means Promotion of Access to Information;
7. "Record" means any recorded information, regardless of form or medium, which is in the Possession or under the control of Teruza, irrespective of whether it was created by Teruza;
8. "Request" means a request for access to a Record of Teruza;
9. "Requestor" means any person, individual or juristic persons, including a public body or an official thereof, making a Request for access to a Record of Teruza and includes any person acting on behalf of that person; and
10. "SAHRC" means the South African Human Rights Commission.
11. Unless a contrary intention clearly appears, words signifying -
    1. the singular includes the plural and vice versa;
    2. any one gender includes the other genders and vice versa; and
    3. natural persons include juristic persons.
12. Unless otherwise stated, terms defined in the Act shall have the same meaning in this Manual.

Table of Contents

1. This Manual is published on Teruza's website and is available on request from the Information Officer. The details of the Information Officer are:

   Name of Private Body:	Teruza Pty Ltd
   Designated Information Officer:	Ardi Coetzee
   Email address of Information Officer:	ardi@teruza.com
   Postal address:	24 Black Eagle Rd, Hermanus, 7210, RSA
   Street address:	24 Black Eagle Rd, Hermanus, 7210, RSA
   Phone number:	+27 72 994 8745

2. This Manual is available at www.teruza.com/paia.

Table of Contents

1. An official guide has been prepared to assist individuals seeking to exercise their rights to access information as provided by the Act. and POPIA. This guide is available from the Information Regulator, which was established under POPIA. Copies can be obtained from the Information Regulator or the Information Officer at no cost. Requests to inspect the guide at Teruza's office or to obtain a copy from the Information Officer should align with Form 1 of Annexure A to Government Notice No. R.757 dated 27 August 2021, issued under the PAIA Regulations. Please refer to Annexure C.
2. In addition, the Information Regulator of South Africa can be approached at the following address:

   Physical Address:	JD House 27 Stiemens Street Braamfontein Johannesburg 2001
   Postal Address:	PO Box 31533 Braamfontein Johannesburg 2017
   General enquiries:	enquiries@inforegulator.org.za
   Complaints:	PAIAComplaints@inforegulator.org.za
   Compliance:	PAIACompliance@inforegulator.org.za

Table of Contents

The objectives of this Manual are:

1. to compile an inventory of all records maintained by Teruza;
2. to outline the criteria for individuals who are eligible to request information under the Act, as well as the justifications for which a request may be refused;
3. to specify the procedures and format for submitting a request for information; and
4. to adhere to the supplementary requirements mandated by POPIA.

Table of Contents

1. According to the Act, an individual may request information only if it is necessary for the exercise or protection of a legitimate right, subject to the provisions in the Act.
2. Consequently, information will not be provided unless the Requester gives sufficient details to enable Teruza to identify the right being protected and explains why the information is necessary for exercising or protecting that right. The exercise of an individual's rights is subject to reasonable limitations, including the protection of privacy, commercial confidentiality, and effective, efficient, and good governance. The Act and the procedures outlined in this Manual are not intended for accessing records for criminal or civil proceedings, nor should information be requested once such proceedings have begun.
3. The Information Officer is responsible for receiving and coordinating all requests for access to records under the Act, ensuring compliance with the Act and POPIA.
4. The Information Officer will liaise with Teruza's management / directors regarding these requests.
5. All requests in terms of the Act and this Manual must be addressed to the Information Officer using the details in paragraph 3.1 above.

Table of Contents

1. Information available on Teruza's website can be accessed openly and by the public, without the need for a formal request as outlined in this Manual.
2. Teruza's website is publicly accessible to anyone with internet access, and the following types of information are available for download, inspection, purchase, or photocopying (at the Requestor's own cost):
   1. Marketing templates;
   2. media releases;
   3. public newsletters and/or publications; and
   4. various other marketing and promotional material.

Table of Contents

1. In terms of POPIA, personal information must be processed for a specified purpose and subject to the limitations in POPIA. The purpose for which data is processed by Teruza will depend on the nature of the data and the data subject. This purpose is ordinarily disclosed, explicitly or implicitly, at the time the data is collected.
2. Categories of personal information that may be collected by Teruza includes (without limitation):
   1. name and surname;
   2. contact number and email address;
   3. physical address;
   4. identity or passport number;
   5. date of birth;
   6. bank details;
   7. DoubleClick DART Cookies;
   8. log files;
   9. cookies and web beacons;
   10. information Teruza infers about the data subject based on such user's interaction with products and services;
   11. device information (for example the type of device you're using, how you access platforms, the user's browser or operating system and user's Internet Protocol ("IP address")); and
   12. location information.
3. The purpose of processing personal information is:
   1. to provide you with information, products or services you request from Teruza;
   2. to refer you to an appropriate third-party service provider;
   3. to communicate with you;
   4. to provide you with support; and
   5. to provide effective advertising (for example to provide you with news, special offers and general information about other services and events which Teruza offers, that are similar to those that you have already procured or enquired about).
4. A description of the categories of data subjects and of the information or categories of information relating thereto:
   1. visitors of the website;
   2. people who make use of Teruza's platform and/or services; and
   3. all data subjects whose personal information is processed by Teruza.
5. The recipients or categories of recipients to whom Teruza may share personal information which is as follows:
   1. Teruza may disclose a data subject's personal information to a limited number of our employees and third-party service providers (other than those who Teruza refer persons to), who interact with such data subjects our behalf;
   2. other parties in response to a legal or regulatory obligation Teruza may have;
   3. other parties when Teruza performs an obligation toward its data subjects;
   4. other parties in response to legal process or when necessary to conduct or protect our legal rights;
   5. companies and/or contractors which provide services to us. Companies that provide services to us or act on our behalf may have access to information about you. These companies and contractors are limited in their ability to use information they receive while providing services to us or you;
   6. third parties where you provide consent. In some cases, third parties (often advertisers) may wish to attain information about you to promote their products to you, or for whatever other reason. Teruza may share information with third parties where you provide consent in the form of an explicit opt-in. Before Teruza asks a user to opt-in, Teruza will endeavour to provide the user with a clear description of what data would be shared with the third-party. Remember that once a person has opted in to allow Teruza to send information to the third-party, Teruza cannot control what they do with such data; therefore, be sure to investigate their privacy policies before providing permission for Teruza to share information to such party; and
   7. third parties during a business transfer. Where all or a part of our business is merged, sold or reorganised, personal information about you may be shared with the successor entity. Teruza will use reasonable measures to help ensure that any successor entity processes personal information in accordance with this manual and our Privacy Policy.
6. Planned transborder flows of personal information: Teruza might transfer personal information to places outside of South Africa, including but not limited to the Republic of Namibia, and store it there, where Teruza's suppliers might process it. If this is required, Teruza will comply with applicable data privacy laws and its Privacy Policy before effecting the transfer of Personal Information.
7. A general description of information security measures to be implemented by Teruza: Teruza takes extensive information security measures to ensure the confidentiality, integrity and availability of personal information in our possession. Teruza takes appropriate technical and organisational measures designed to ensure that personal information and data remains confidential and secure against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Table of Contents

1. Records are kept in accordance with the following legislation to the persons or entities specified in such legislation (including but not limited to the below):
   1. Basic Conditions of Employment Act, 1997;
   2. Broad Based Black Economic Empowerment Act, 2003;
   3. Close Corporations Act, 1984;
   4. Companies Act, 2008;
   5. Compensation for Occupational Injuries and Health Diseases Act, 1993;
   6. Consumer Protection Act, 2008;
   7. Copyright Act, 1978;
   8. Electronic Communications and Transactions Act, 2002;
   9. Employment Equity Act, 1998;
   10. Financial Markets Act, 2012;
   11. Income Tax Act, 1962;
   12. Labour Relations Act, 1995;
   13. National Payment Systems Act, 1998;
   14. Occupational Health and Safety Act, 1993;
   15. Skills Development Act, 1998;
   16. Skills Development Levies Act, 1999;
   17. Trademarks Act, 1993;
   18. Unemployment Contributions Act, 2002;
   19. Unemployment Insurance Act, 2001; and
   20. Value Added Tax Act, 1991.

Table of Contents

1. General information held by Teruza, which is public in nature, may be accessed on Teruza's website without a formal request as contemplated by this PAIA Manual. The records which Teruza holds and the categories within which the records fall are listed below, as required by section 51(2)(e) of the Act. While Teruza holds such records, it is entitled to refuse access in terms of sections 62 and 69 of the Act.
2. Statutory and Legal (which is not an exhaustive list):
   1. Statutory registers;
   2. Annual reports;
   3. Statutory records and returns, including incorporation documents, memorandum of incorporation and share register;
   4. Records relating to the appointment of directors/ auditors/ secretary/ and other officers;
   5. Minutes of meetings relating to:
      1. the board;
      2. the board and statutory committees;
      3. the management committees;
      4. shareholder's meetings;
   6. Resolutions taken by the board and/or shareholders;
   7. Proxy documentation;
   8. Contractual and legal agreements;
   9. Intellectual property relating to:
      1. trademarks certificates;
      2. licenses;
      3. copyrights and designs; and
      4. health and safety records.
   10. Human Resources:
       1. HR policies & procedures;
       2. Skills development plans and reports;
       3. Employee records;
       4. Benefits and payroll records;
       5. Leave Records;
       6. IR disciplinary and grievance procedures and hearings, including CCMA records;
       7. Training Manuals; and
       8. Training records.
   11. Administration, Finance and Accounting:
       1. Accounting records;
       2. Financial reports and statements;
       3. Management accounts;
       4. Banking Account details and Statements;
       5. Tax returns;
       6. VAT returns;
       7. Skills Development Levies UIF;
       8. Workmen's Compensation;
       9. Policies and procedures; and
       10. Supplier records;
   12. Insurance:
       1. Policies, including coverage, limits and insurers; and
       2. Claim records.
   13. Information technology:
       1. Hardware;
       2. Software packages;
       3. Licences;
       4. IT policies and procedures; and
       5. Operating systems.
   14. Sales, Marketing and Communication Records:
       1. Customer records (inclusive but not limited to data, domain data, billing records);
       2. Statements of account; and
       3. Terms & conditions;
   15. Marketing material and media releases: brochures, newsletters and advertising materials;
   16. Public communication records;
   17. Internal communication;
   18. Performance records;
   19. Interested party records;
   20. Assets:
       1. Land and building register;
       2. Fixed assets register;
       3. Title deeds; and
       4. Leases.
   21. Operations information:
       1. This information can be defined as information needed in the day-to-day running of the organisation. Examples include (without limitation) internal telephone lists, address lists, company policies, company procedures, human resource manual, administration manual, industry related statistical data, guest database, historical guest histories, guest reservation data, management information reports, property development information such as title deeds, lease agreements, construction contracts and architectural drawings.

Table of Contents

1. On request, access of Teruza's records listed above may be granted or refused based on the following considerations:
   1. Disclosure and/or access granted:
      1. information which forms part of a public access document; and
      2. information which is subject to any intellectual property rights and copyright.
   2. Limited disclosure and/or access granted: Personal information of natural persons that belong to the requestor of that information, or personal information of juristic persons represented by the requestor of that information, as contemplated by section 61 of the Act.
   3. Information which may not be disclosed:
      1. information relating to a request after the commencement of criminal or civil proceedings, as contemplated by section 7 of the Act;
      2. unreasonable disclosure of personal information of a natural person or a juristic person, as contemplated by section 63(2) of the Act and the POPIA;
      3. information which is likely to harm the commercial or financial interests of a third party, as contemplated by section 64(1)(a) and (b) of the Act;
      4. information which is likely to harm Teruza or a third party in contract negotiations, as contemplated by section 64(1)(c) of the Act;
      5. information which would breach a duty of confidence owed to a third party in terms of an agreement, as contemplated by section 65 of the Act;
      6. information which should instead be requested from a Registry Operator;
      7. information which is likely to compromise the safety of individuals or protection of property, as contemplated in section 66 of the Act;
      8. legally privileged information, as contemplated by section 67 of the Act;
      9. commercial information of a private body, as contemplated by section 68 of the Act; and
      10. information which is likely to prejudice research and development information of Teruza or a third party, as contemplated by section 69 of the Act.
   4. Information which may not be refused:
      1. disclosure of information, which is in the public interest, as contemplated by section 70 of the Act.

Table of Contents

1. Completion of the prescribed form
   1. Any request for access to a record under PAIA must closely align with Form 2 of Annexure A to Government Notice No. R.757 dated 27 August 2021, as issued under the PAIA Regulations, and must specify the record being requested. Refer to Annexure A for details.
   2. Requests that do not meet the formal requirements set out by the Act will be returned and not processed.
   3. Under POPIA, a data subject can, upon proving their identity, request Teruza to confirm, at no cost, all the information it holds about them and may request access to this information, including details about third parties who have accessed it.
   4. If the data subject must pay a fee for services provided, POPIA requires Teruza to provide a written estimate of the costs before delivering the service and may ask for a deposit for part or all the fee.
   5. The grounds for refusing a data subject's request are detailed in the Act and outlined in this Manual.
   6. POPIA allows a data subject to object at any time to the processing of their personal information by Teruza on reasonable grounds related to their situation, unless the processing is mandated by law. The data subject must complete the prescribed form, Annexure E, and submit it to the Information Officer at the provided postal or physical address, fax number, or email address.
   7. A data subject may also request Teruza to correct or delete personal information that is inaccurate, irrelevant, excessive, outdated, incomplete, misleading, or unlawfully obtained; or to destroy or delete a record of personal information that Teruza is no longer authorised to retain under POPIA's provisions on the retention and restriction of records.
   8. Requests for the correction or deletion of personal information, or the destruction or deletion of a record, must be submitted to the Information Officer at the specified postal or physical address, fax number, or email address using the form attached as Annexure F.
   9. Proof of identity is required to authenticate the Requestor's identity and the Request. The Requestor will, in addition to this prescribed form, be required to submit acceptable proof of identity such as a certified copy of the Requestor's identity document or other legal forms of identity.
   10. If the Request is made on behalf of another person, the requester must submit proof of their capacity to make the request on behalf of another person, as set out in section 53(2)(f) of the Act.
2. Payment of the Prescribed Fees
   1. The fees payable in respect of a Request are reflected per Annexure B.
   2. Section 54 of the Act entitles Teruza to levy a charge or to request a fee to enable it to recover the cost of processing a request and providing access to records. The fees that may be charged are set out in Annexure B of Government Notice No. R.757 dated 27 August 2021, promulgated under the PAIA Regulations. Please refer to Annexure D.
   3. Where a decision to grant a request has been made, the record will not be disclosed until the necessary fees have been paid in full by the Requestor.
3. Timelines for processing a request for access.
   1. Requests will be addressed within 30 (thirty) days, unless there are special circumstances that necessitate extending the time frame.
   2. The Information Officer will notify the requester of the decision and any applicable fees using a form like Form 3 of Annexure A to Government Notice No. R.757 dated 27 August 2021, issued under the PAIA Regulations.
   3. If an extension is needed, the requester will be informed, along with an explanation of why more time is required.
4. Remedies where a Request is refused:
   1. If Teruza denies a request for information, the requester has the following options:
   2. Internal remedies: Teruza does not offer an internal appeal process. The decision made by the Information Officer is final. If the request is rejected, the requester can pursue the external remedies outlined below.
   3. External remedies: The requester may seek relief by applying to a court of competent jurisdiction or by approaching the Information Regulator.

Table of Contents

Copies of this Manual are available for inspection, free of charge, at the offices of Teruza and at https://www.teruza.com/site/Teruza-PAIA_Manual.pdf

Table of Contents