TYCHOFLASH (PTY) LTDRegistration Number: 2013/174452/07For purposes of this PAIA Manual, “the Company,” “we,” “us,” and “our” TYCHOFLASH (PTY) LTD (Registration Number: 2013/174452/07) only.PAIA Manual |
Prepared in terms of section 51 of the Promotion of Access to Information Act, No. 2 of 2000, as amended.
Version 3.0
Date of compilation : 09/06/2021
Date of revision : 05/01/2026
Table of Contents
1 Definitions. 4
2 Purpose of the PAIA Manual 5
3 Contact Details for Access to Information Requests. 5
4 Guide on how to use PAIA and how to Obtain Access to the Guide. 6
5 Latest Notices in terms of Section 52(2) of PAIA.. 7
6 Availability of Certain Records in terms of PAIA.. 7
7 Request Process. 9
8 Grounds for Refusal 11
9 Remedies Should a Request be Refused. 12
10 Fees. 12
11 Processing of Personal Information. 13
12 The Recipients or Categories of Recipients to whom the Personal Information may be Supplied. 14
13 Planned Transborder Flows of Personal Information. 14
14 Availability of the PAIA Manual 14
15 Objection to the Processing of Personal Information by a Data Subject. 15
16 Request for Correction/Deletion of Personal Information or Destruction/Deletion of Record of Personal Information. 15
17 Applicable Forms. 15
PAIA Forms. 15
Form 01: Request for a Copy of the Guide from an Information Officer [Regulation 3]. 15
Form 02: Request for Access to Record [Regulation 7]. 15
Form 03: Outcome of Request and of Fees Payable [Regulation 8]. 15
Form 05: Complaint Form [Regulation 10]. 15
Form 13: PAIA Request for Compliance Assessment Form [Regulation 14(1)]. 15
POPIA Forms. 15
Form 1: Objection to the Processing of Personal Information. 15
Form 2: Request for Correction of Deletion of Personal Information or Deletion of Record of Personal Information. 15
Form 3: Application for the Issue of a Code of Conduct. 15
Form 4: Application for the Consent of a Data Subject for the Processing of Personal Information for the Purpose of Direct Marketing. 15
Form 5: Complaint Regarding Interference with the Protection of Personal Information for the Purpose of Direct Marketing. 15
18 Updating of the Manual 16
1 Definitions
Term |
Definition |
TYCHOFLASH (PTY) LTD / the Company |
TYCHOFLASH (PTY) LTD, registration number 2013/174452/07, a private company incorporated in the Republic of South Africa, operating within the mining, quarrying, and related industrial sectors. |
CEO |
Chief Executive Officer of TYCHOFLASH (PTY) LTD. |
Client |
Any natural or juristic person, including mining houses, quarry operators, contractors, or industrial customers, who receive or have received products and/or services from TYCHOFLASH (PTY) LTD. |
Complainant |
Any person who lodges a complaint with the Information Regulator. |
Complaint |
(a) A matter reported to the Information Regulator in terms of section 74(1) or 74(2) of POPIA; (b) A complaint referred to in section 76(1)(e) or section 92(1) of POPIA; or (c) A matter reported or referred to the Information Regulator in terms of any other legislation regulating the mandate of the Information Regulator. |
Conditions for Lawful Processing |
Conditions for lawful processing of personal information as set out in Chapter 3 of POPIA and in section 12 of this Manual. |
Data Subject |
The identifiable, living natural person or existing juristic person to whom personal information relates, including employees, contractors, clients, suppliers, visitors, and regulatory contacts. |
Day |
A calendar day. If the last day of a specified period falls on a Sunday or public holiday, such day is excluded, in accordance with the Interpretation Act, 1957 (Act No. 33 of 1957). |
DIO |
Deputy Information Officer appointed for TYCHOFLASH (PTY) LTD in terms of POPIA and PAIA. |
Information Officer / IO |
The individual appointed by TYCHOFLASH (PTY) LTD in accordance with POPIA and PAIA, responsible for ensuring compliance with data protection, access to information obligations, and engagement with the Information Regulator. |
Manual |
This PAIA Manual of TYCHOFLASH (PTY) LTD, prepared in terms of section 51 of PAIA and section 17 of POPIA. |
Minister |
Minister of Justice and Correctional Services of the Republic of South Africa. |
Office Hours |
(a) For the Information Regulator: 08:00 to 16:00, Monday to Friday, excluding public holidays. (b) For TYCHOFLASH (PTY) LTD offices, sites, or operational facilities: normal business hours applicable to the mining and quarrying industry. |
PAIA |
Promotion of Access to Information Act, No. 2 of 2000, as amended. |
Personal Information |
Information relating to an identifiable, living natural person or an identifiable, existing juristic person, including but not limited to identity numbers, contact details, employment and contractor records, licensing and permit information, financial and banking details, health and safety records, training and competency records, access control data, CCTV footage, correspondence, and any information relating to mining, quarrying, blasting, explosives handling, or regulated site access that identifies or relates to a person. |
Personnel |
Any person employed by, contracted to, or rendering services to or on behalf of TYCHOFLASH (PTY) LTD, including permanent, temporary, part-time employees, directors, contractors, subcontractors, and consultants. |
POPI / POPIA |
Protection of Personal Information Act, No. 4 of 2013, as amended. |
POPI Regulations |
Regulations issued in terms of section 112(2) of POPIA. |
Private Body |
(a) A natural person carrying on a trade, business, or profession; (b) A partnership carrying on a trade, business, or profession; or (c) A juristic person that is not a public body. For purposes of this Manual, TYCHOFLASH (PTY) LTD qualifies as a private body. |
Processing |
Any operation or activity concerning personal information, including collection, receipt, recording, organisation, storage, updating, modification, retrieval, consultation, use, dissemination, merging, linking, restriction, erasure, or destruction of personal information |
Regulator |
Information Regulator established in terms of section 39 of POPIA. |
Republic |
Republic of South Africa. |
Signature |
Any legally accepted form of signature, including electronic signature where law permits such use. |
Writing |
Writing as contemplated in section 12 of the Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002), including data generated, sent, received, or stored electronically where legal requirements are satisfied. |
2 Purpose of the PAIA Manual
This PAIA Manual is useful for the public to:
This PAIA Manual serves as a public guide to the records held by TYCHOFLASH (PTY) LTD and the way requests for access to such records are processed. It identifies the categories of records that are available without the need to submit a formal PAIA request, as well as operational, commercial, technical, and corporate records generated during TYCHOFLASH (PTY) LTD conducting business within the mining and quarrying industry.
These records include, but are not limited to, records relating to:
-
Ownership, shareholding, and funding structures.
-
Corporate governance, board oversight, and statutory compliance.
-
Mining, quarrying, blasting, and explosives-related operations where applicable.
-
Health, safety, environmental, and risk management systems.
-
Contractor, supplier, and client engagement.
-
Licensing, permits, and regulatory approvals.
-
Asset, fleet, logistics, and site access management.
-
High-level performance, audit, compliance, and reporting activities; and
-
Records made available in terms of other applicable legislation.
The Manual further records the official contact details of the Information Officer and any Deputy Information Officer appointed for TYCHOFLASH (PTY) LTD. These officials are available to assist requesters who wish to exercise their right of access to information in terms of PAIA.
This Manual explains the procedures followed by TYCHOFLASH (PTY) LTD when processing requests for access to information in terms of PAIA and directs requesters to the PAIA Guide issued by the Information Regulator.
In addition, the Manual sets out how personal information is processed during TYCHOFLASH (PTY) LTD’s business activities, including but not limited to:
· Employment, contractor and site-based workforce management.
· Health, safety, training, induction, and competency management.
· Client, supplier, and vendor management.
· Procurement, logistics, and fleet operations.
· Legal, risk, compliance, and regulatory reporting.
· Environmental, safety, and incident reporting.
· Financial, accounting, and statutory reporting obligations; and
· Data protection governance and records management.
The Manual outlines the purposes for which personal information is processed, the categories of data subjects and personal information involved, and the categories of recipients within the Republic of South Africa and, where applicable, outside the Republic in the ordinary course of business.
TYCHOFLASH (PTY) LTD confirms that it has implemented appropriate technical and organisational measures to safeguard the confidentiality, integrity, and availability of personal information in accordance with POPIA
Contact Details for Access to Information Requests
2.1 Information Officer
Name |
Thabo Matthews Nzimande |
Contact number |
|
Email address |
|
2.2 Deputy Information Officer
Name |
Lungile Ishmael Vetshe |
Contact number |
|
Email address |
|
2.3 National or head office
Postal address |
PO BOX 2741, Klerksdorp, 2570 |
Physical address |
Unit 1 Block B, 15 Van Hoof Street, Willovale office park, Roodepoort, 1724, Gauteng |
Contact number |
0101572766 |
|
|
admin@tychoflash.co.za |
Website |
www.tychoflash.co.za |
3 Guide on how to use PAIA and how to Obtain Access to the Guide
3.1 The Information Regulator has published a revised PAIA Guide in terms of section 10(1) of PAIA (as amended). This guide is designed to help any person who wishes to exercise rights under PAIA or POPIA, and it is available in all official languages as well as in braille to ensure accessibility.
3.2 The Guide serves two key purposes:
4.2.1. Access to Personal Information (POPIA): It explains how individuals (data subjects) can exercise their rights to request confirmation of whether personal information is held about them, to access that information (including details of third-party recipients), and to request correction, deletion, or destruction of personal information that is inaccurate, outdated, excessive, or unlawfully obtained.
4.2.2. Access to Records (PAIA): It provides step-by-step guidance on how to request records from public or private bodies, including the required forms, the process for appeals or complaints, and how to approach a court if necessary.
3.3 In addition, the Guide offers:
4.3.1. An overview of the objectives of PAIA and POPIA.
4.3.2. Contact details of Information Officers (IOs) and Deputy Information Officers (DIOs). [1]
4.3.3. Manner and form of a request for access to a record of a public body and private body.[2]
4.3.4. Guidance on compiling or accessing PAIA Manuals.[3]
4.3.5. Information on voluntary disclosures of records, prescribed access fees, and applicable regulations.[4]
3.3.1.1 How to lodge an internal appeal, a complaint with the Regulator or apply to court for a against a decision by the IO of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body.
4.3.6. Insight into how PAIA has been amended following the implementation of POPIA.
3.4 The guide can also be obtained:
3.4.1 Upon request to the IO: Request for a Copy of the Guide from an Information Officer [Regulation 3]
3.4.2 From the website of the Regulator: www.inforegulator.org.za
3.4.3 From the offices of the Regulator: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg OR by email: enquiries@inforegulator.org.za
3.5 A copy of the guide is also available in the following three official languages, for public inspection during normal office hours:
3.5.1 English.
3.5.2 Afrikaans.
3.5.3 Zulu.
4 Latest Notices in terms of Section 52(2) of PAIA
At this stage, no notice(s) has/have been published on the categories of records that are available without having to request access to them in terms of PAIA.
5 Availability of Certain Records in terms of PAIA
5.1 Categories of records of the company which are available without a person having to request access:
Category of Records |
Types of the Record |
Available on Website |
Available on Request |
PAIA Manual |
Current PAIA Manual for TYCHOFLASH (PTY) LTD, including version reference and effective date |
– |
X |
Company overview |
High-level overview of TYCHOFLASH (PTY) LTD as a mining, quarrying, and industrial services company, including nature of operations, geographic footprint, operational focus areas, and head office contact details |
– |
X |
Operational footprint overview |
High-level summary of operational regions, sites or project areas by province or region, without site-specific security, personnel, or asset details |
X |
X |
Services and capabilities |
Description of mining, quarrying, blasting, explosives-related or industrial support services provided by TYCHOFLASH (PTY) LTD, including technical capabilities and operational scope (excluding sensitive or security-restricted details) |
X |
X |
Health, Safety, Environment and Quality (HSEQ) statements |
Public HSEQ commitments, safety culture statements, environmental stewardship principles, quality and compliance commitments applicable to mining and quarrying operations |
– |
X |
Policies public facing |
Privacy Policy, PAIA summary, data protection notices, website terms and conditions, cookie notices and legal disclaimers |
X |
X |
Legal disclosures |
POPIA and PAIA compliance statements, statutory disclosures, regulatory references and legal notices made publicly available |
X |
X |
Public marketing materials |
Corporate profiles, capability statements, non-confidential presentations, brochures, media releases, public announcements and industry communications |
X |
X |
Sector and quality credentials |
High-level descriptions of compliance with mining, quarrying, explosives, environmental, and occupational health and safety standards, without disclosure of sensitive permits or security information |
X |
X |
Tender or supplier onboarding info |
Generic supplier onboarding information, compliance document checklists, BBBEE certificate copy, banking confirmation letters where shared for commercial onboarding |
– |
X |
Corporate identifiers |
Registered name, registration number, registered address, VAT number and statutory identifiers of TYCHOFLASH (PTY) LTD |
– |
X |
Information Officer contacts |
Information Officer and Deputy Information Officer names, roles, contact numbers and email addresses |
– |
X |
Training attestations aggregated |
Aggregated and anonymised training and induction completion summaries for health and safety, explosives awareness, site induction, POPIA, PAIA and compliance training |
– |
X |
Health and safety statements |
General safety commitments applicable to offices, operational sites, contractors and visitors, including PPE principles and safe work practices |
– |
X |
Data and reporting descriptions |
High-level description of categories of personal and operational information processed, storage locations and retention frameworks, without identifying individuals |
– |
X |
Whistleblowing and complaints |
Ethics and whistleblowing procedures, PAIA and POPIA complaint mechanisms, Information Regulator contact details |
X |
X |
IO registration proof |
Information Officer and Deputy Information Officer registration confirmation and reference numbers |
– |
X |
Company secretarial snapshot |
Names of directors, principal place of business and statutory filings as lodged with CIPC |
– |
X |
Tax and compliance attestations |
SARS Tax Compliance Status (TCS) PIN, UIF registration proof, COID Letter of Good Standing, Workmen’s Compensation confirmations |
– |
X |
Insurance confirmations |
High-level confirmation of insurance cover relevant to mining and quarrying operations, including public liability, employer’s liability and professional indemnity (excluding policy schedules) |
– |
X |
Supplier Code of Conduct |
Code of conduct covering ethics, anti-bribery, conflicts of interest, safety, environmental and social responsibility expectations for suppliers and contractors |
– |
X |
Standard procurement info |
High-level overview of procurement processes, onboarding steps, required documentation and payment terms |
– |
X |
Careers and recruitment |
Vacancy advertisements, application channels, overview of recruitment processes and applicant privacy notices |
X |
X |
Corporate social responsibility (CSR) |
Community development initiatives, local employment, skills development, environmental stewardship and social investment projects |
X |
X |
5.2 Description of the records/subjects of the company which are available in accordance with any other legislation:
Category of Records |
Applicable Legislation |
Memorandum of Incorporation, CIPC filings, share register, director appointments and resignations |
Companies Act 71 of 2008 |
Beneficial ownership registers and filings |
Companies Act 71 of 2008; Companies Regulations 2011 as amended on Beneficial Ownership 2023 |
Board and committee minutes, conflict registers, delegated authority framework |
Companies Act 71 of 2008 |
Employment contracts for head office staff, site employees, operators, artisans, supervisors, drivers, safety officers and support personnel; attendance, overtime, payroll and leave records |
Basic Conditions of Employment Act 75 of 1997 |
Wage schedules, allowances, shift and overtime structures applicable to mining and quarrying operations |
National Minimum Wage Act 9 of 2018, Basic Conditions of Employment Act 75 of 1997 |
Disciplinary and grievance files, union correspondence, CCMA and bargaining council records |
Labour Relations Act 66 of 1995 |
Employment Equity Plans, numerical goals, annual submissions and committee records |
Employment Equity Act 55 of 1998 |
Recruitment adverts, screening and appointment records for mining, quarrying, engineering, operational, safety and support roles |
Employment Services Act 4 of 2014 |
Work permits and employment records for foreign nationals |
Immigration Act 13 of 2002 |
UIF declarations, contribution records, benefit claim support |
Unemployment Insurance Act 63 of 2001 |
Workplace Skills Plans, Annual Training Reports, learnerships, apprenticeships and training agreements |
Skills Development Act 97 of 1998 |
Skills development levies, SETA registrations and grant documentation |
Skills Development Levies Act 9 of 1999 |
PAYE records, IRP5 certificates, EMP201 and EMP501 reconciliations |
Income Tax Act 58 of 1962 |
VAT returns, input/output schedules and SARS correspondence |
Value Added Tax Act 89 of 1991 |
COIDA registration, Return of Earnings, Letters of Good Standing and injury on duty claims |
Compensation for Occupational Injuries and Diseases Act 130 of 1993 |
Occupational health and safety policies, risk assessments, safety files, incident and accident reports, safety meeting minutes, PPE records |
Occupational Health and Safety Act 85 of 1993 and regulations |
Mine health and safety management systems, codes of practice, audits and compliance reports (where applicable |
Mine Health and Safety Act 29 of 1996 |
B BBEE certificate and supporting ownership, skills, enterprise and supplier development records |
Broad Based Black Economic Empowerment Act 53 of 2003, Codes of Good Practice |
Environmental management plans, waste management records, rehabilitation plans and monitoring reports |
National Environmental Management Act 107 of 1998; National Environmental Management: Waste Act 59 of 2008 |
Mining permits, quarry permits, blasting permits and regulatory correspondence (high-level, non-sensitive records only |
Mineral and Petroleum Resources Development Act 28 of 2002 |
Explosives handling, storage and transport records (restricted access) |
Explosives Act 15 of 2003 |
Client and contractor agreements, mining services contracts, service level agreements and dispute records |
Common law of contract |
Security policies, user access records, incident and breach register, notifications to the Regulator and affected data subjects |
Protection of Personal Information Act 4 of 2013 |
PAIA access request register, decisions, fee records and PAIA training evidence |
Promotion of Access to Information Act 2 of 2000 |
Bid submissions, tender documentation and award letters for public sector work |
Public Finance Management Act 1 of 1999; Municipal Finance Management Act 56 of 2003 |
Call recording records and interception consents |
Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002 |
Cyber incident registers, forensic investigation reports and takedown notices |
Cybercrimes Act 19 of 2020 |
Records control schedules, archive registers, disposal certificates |
National Archives and Records Service of South Africa Act 43 of 1996 |
Registered trademarks, trade names, designs, patents and copyright held or used by TYCHOFLASH (PTY) LTD |
Trademarks Act 194 of 1993, Copyright Act 98 of 1978, Designs Act 195 of 1993, Patents Act 57 of 1978 |
Fleet and asset files for local delivery vehicles where applicable, trailers, in store equipment, point of sale equipment, fridges, stands, branding and other retail execution assets used in stores and limited local deliveries, including serial numbers, locations, maintenance and incident records |
National Road Traffic Act 93 of 1996, Road Accident Fund Act 56 of 1996, where relevant |
AARTO infringement register and representations for vehicles owned or leased for TYCHOFLASH (PTY) LTD operations |
Administrative Adjudication of Road Traffic Offences Act 46 of 1998 |
Telematics and GPS records for any company vehicles used for deliveries, route optimisation, access control logs at offices, stores, storage and staging locations |
Protection of Personal Information Act 4 of 2013, National Road Traffic Act 93 of 1996 |
Corporate Social Responsibility (CSR) and community development project records |
Common law of contract |
CCTV footage at offices, stores, storage and staging areas, back of house, yards and loading bays, visitor registers |
Protection of Personal Information Act 4 of 2013, Private Security Industry Regulation Act 56 of 2001 |
Environmental and waste related records for packaging, bottles, damaged stock, promotional materials, samples, branded equipment and other retail assets, including decommissioning or disposal documentation |
National Environmental Management: Waste Act 59 of 2008 |
Gifts and hospitality registers, conflict of interest logs, third party risk assessments |
Prevention and Combating of Corrupt Activities Act 12 of 2004 |
Supplier contracts for store operations, cleaning, security, point of sale systems, refrigeration, local logistics where applicable, marketing and promotional services, IT and other operational services, procurement policy and due diligence packs |
Preferential Procurement Policy Framework Act 5 of 2000 where relevant, Consumer Protection Act 68 of 2008, common law of contract |
Bid submissions, declarations and award letters where TYCHOFLASH (PTY) LTD tenders to public bodies |
Preferential Procurement Policy Framework Act 5 of 2000, Public Finance Management Act 1 of 1999 or Municipal Finance Management Act 56 of 2003 where applicable |
Whistleblowing and ethics reports, hotline outcomes and investigation records |
Protected Disclosures Act 26 of 2000 |
CSR and sponsorship files where TYCHOFLASH (PTY) LTD is referenced as retail, community or execution partner or sponsor, community projects, employment initiatives, road safety or water related initiatives, partnership MOUs |
Consumer Protection Act 68 of 2008, common law of contract |
Third-party privacy and security due diligence records, data processing agreements |
Protection of Personal Information Act 4 of 2013, common law of contract |
IT asset and device registers, MDM logs and remote wipe records |
Protection of Personal Information Act 4 of 2013 |
Training matrices and compliance evidence for POPIA, PAIA, OHS, MHSA, site inductions and safety training |
Basic Conditions of Employment Act 75 of 1997, Protection of Personal Information Act 4 of 2013, Occupational Health and Safety Act 85 of 1993 |
Email retention policies, journaling and legal hold records |
Protection of Personal Information Act 4 of 2013, applicable Rules of Court on discovery and preservation |
5.3 The company keeps certain records as required by PAIA and POPIA:
5.3.1 PAIA records: PAIA Manual, official guides, submission records, and awareness training materials.
5.3.2 POPIA records: Information Officer registration certificate, data breach records, retention records, and awareness training materials.
5.3.3 Other relevant information may also be made available on request.
5.4 The tabulated records may be requested; however, it should be noted that there is no guarantee that the request will be honoured. Each request will be evaluated in terms of PAIA and any other applicable legislation.
6 Request Process
An individual who wishes to place a request must comply with all the procedures laid down in PAIA:
-
Initiating the request
7.1.1. Use the prescribed form
§ All requests must be made on the prescribed form (Form 2 – Request for Access to Record [Regulation 7]) – Request for Access to Record [Regulation 7]
§ Additional prescribed forms include:
– Form 2 – Request for Correction or Deletion (section 24 of POPIA). This form is used by a data subject to request the correction of inaccurate, outdated, incomplete, irrelevant, or misleading personal information, and/or the deletion or destruction of personal information that is no longer necessary or unlawfully obtained, in accordance with Section 24(1) of POPIA. It ensures that responsible parties maintain accurate and lawful records of personal data. – Request for Correction of Deletion of Personal Information or Deletion of Record of Personal Information
– Form 3 – Application for a Code of Conduct (section 61 of POPIA). This form is used by an industry body, profession, or class of entities to apply for the issuance of a Code of Conduct under Section 61(1)(b) of POPIA. It allows industries to self-regulate how personal information is processed within their sector, in line with the conditions for lawful processing. – Application for the Issue of a Code of Conduct
– Form 4 – Request for Consent for Direct Marketing (section 69 of POPIA). This form enables a responsible party to formally request a data subject’s consent to receive direct marketing communications via unsolicited electronic means (e.g., SMS, email), as required under Section 69(2) of POPIA. It ensures that individuals have control over whether and how they are marketed to. – Application for the Consent of a Data Subject for the Processing of Personal Information for the Purpose of Direct Marketing
– Form 5 – Complaint Regarding Interference with Personal Information. This form Information) allows a data subject or complainant to submit a complaint to the Regulator concerning unlawful interference with personal information; or a determination made by an adjudicator under POPIA. It provides an avenue for recourse and investigation in cases of non-compliance with data protection obligations. – Complaint Regarding Interference with the Protection of Personal Information for the Purpose of Direct Marketing
7.1.2. Requests not submitted on the prescribed form may be rejected.
7.1.3. Assistance in the request process:
§ If a requester is illiterate or disabled, they may make the request orally to the IO, who must complete the prescribed form on their behalf and provide them with a copy (section 18(3) of PAIA).
§ The IO must provide reasonable assistance to any requester who requires help in completing the form or understanding the procedure.
-
Particulars of the Request
7.2.1. The request must provide sufficient detail to enable the IO to identify and process it. This includes:
§ A clear description of the record(s) requested.
§ Full identity of the requester, with proof of identity where required.
§ The preferred form of access (inspection, copy, electronic copy, etc.).
§ The requester’s contact details (postal, physical, fax or email).
§ A statement that the record is required to exercise or protect a right, specifying the nature of that right and explaining why the record is necessary.
§ If a request is made on behalf of another person, proof of authorisation must be attached.
-
Submission of Requests
7.3.1. The completed form, together with proof of payment of the prescribed request fee (if applicable), must be submitted to the Information Officer (IO) at the Company.
7.3.2. Requests may be lodged by:
§ Hand delivery to the physical address provided in this Manual.
§ Postal delivery to the Company’s registered address.
§ Fax; or
§ Email to the address of the IO or DIO.
7.3.3. Where applicable, the IO may require a deposit in terms of section 22(2) of PAIA where search and preparation is expected to be time-consuming.
-
Fees and Timeframes for Response
7.4.1. Requests will be processed and responded to within 30 (thirty) calendar days of receipt.
7.4.2. In terms of section 26 of PAIA, the IO may extend this period once, by up to 30 additional days, if:
§ The request involves many records.
§ Consultation with third parties is required; or
§ The records are in another office and cannot reasonably be obtained within 30 days.
7.4.3. If an extension is required, the requester will be notified in writing, with reasons for the extension.
7.4.4. A request fee may be charged for non-personal requests.
7.4.5. If the search and preparation of the record will exceed six (6) hours, the requester may be required to pay a deposit of up to one-third of the estimated fee.
7.4.6. Access will only be granted once all required fees have been paid.
-
Outcome of Request
7.5.1. The IO will notify the requester in writing, using Form 3 – Outcome of Request and of Fees Payable [Regulation 8], of the decision to grant or refuse access.
7.5.2. If access is granted, the notice will:
§ Specify the form of access; and
§ State the applicable access fees payable before access is given.
7.5.3. If access is refused, the notice will set out the grounds for refusal as provided in Chapter 4 of PAIA.
-
Appeals and Complaints
7.6.1. If access is refused or deemed refused (i.e. no decision within the prescribed period), the requester may:
§ Lodge an internal appeal (for public bodies); or
§ Refer the matter to the Information Regulator or approach a court of law (for private bodies).
7.6.2. The Regulator can be contacted using the details provided in this Manual.
7 Grounds for Refusal
In terms of Chapter 4 of PAIA, the company may refuse a request for access to records on the following grounds (unless an exception applies):
7.1 Privacy of individuals – To protect the personal information of a third party (including deceased persons) where disclosure would be unreasonable.
7.2 Commercial interests of third parties – Records may be refused if they contain:
§ Trade secrets.
§ Financial, commercial, scientific, or technical information, where disclosure could cause harm; or
§ Information provided in confidence, where disclosure could disadvantage or prejudice the third party in negotiations or competition.
7.3 Confidentiality agreements – Information that is protected under a contract or agreement with a third party.
7.4 Safety and security – Records that could endanger the life, health, or safety of a person, or the protection of property.
7.5 Legal privilege – Records that would be privileged from disclosure in legal proceedings.
7.6 Commercial interests of the company – Records may be refused if they contain:
§ Trade secrets.
§ Financial, commercial, scientific, or technical information that could harm the company’s interests.
§ Information that could prejudice the company in negotiations or competition; or
§ Proprietary computer programs protected by copyright or intellectual property law.
7.7 Research information – Where disclosure would place ongoing research or a researcher at a serious disadvantage.
7.8 Frivolous or unreasonable requests – Requests that are clearly frivolous, vexatious, or that would cause an unreasonable burden on company resources.
8 Remedies Should a Request be Refused
8.1 If the company does not have an internal appeal procedure considering a denial of a request, decisions made by the IO is final.
8.2 The requestor may in accordance with sections 56(3) (c) and 78 of PAIA, apply to a court for relief within 180 (one-hundred-and-eighty) days of notification of the decision for appropriate relief.
9 Fees
The following fees shall be payable upon request by a requestor:
Details |
Fee |
Request fee (payable on every request) |
R140.00 once-off |
Photocopy of an A4 page or part thereof |
R2.00 per page |
Printed copy of an A4 page or part thereof |
R2.00 per page |
Hard copy on flash drive (flash drive to be provided by requestor) |
R40.00 once-off |
Hard copy on a compact disc (compact disc to be provided by requestor) |
R40.00 once-off |
Hard copy on a compact disc (compact disc to be provided by the company) |
R60.00 once-off |
Transcription of visual images per A4 page |
As per quotation of service provider |
Copy of visual images |
As per quotation of service provider |
Transcription of an audio record |
R24.00 per A4 page |
Copy of an audio record on flash drive (flash drive to be provided by requestor) |
R40.00 once-off |
Copy of an audio on a compact disc (compact disc to be provided by requestor) |
R40.00 once-off |
Copy of an audio on a compact disc (compact disc to be provided by the company) |
R60.00 once-off |
Base/starting rate to search for and prepare the record for disclosure |
R145.00 per hour for each hour or part thereof, excluding the first hour, reasonably required for such search and preparation (cannot exceed R435.00 per request) |
Rate to search for and prepare the record for disclosure |
R435.00 per hour for each hour or part thereof, excluding the first hour, reasonably required for such search and preparation (cannot exceed total cost) |
Postage, email or any other electronic transfer |
Actual expense, if any |
10 Processing of Personal Information
10.1 The company processes personal information in accordance with the conditions for lawful processing as set out in the Protection of Personal Information Act, 4 of 2013 (“POPIA”). Personal information is processed only for legitimate business purposes, which may include (but are not limited to):
10.1.1 Employment-related purposes: Recruitment, administration of employment contracts, payroll, benefits, training, and compliance with labour laws.
10.1.2 Client and supplier management: Entering and performing contracts, maintaining relationships, processing payments, and responding to queries or complaints.
10.1.3 Legal and compliance obligations: Compliance with statutory and regulatory requirements, record keeping, audits, and reporting.
10.1.4 Security and risk management: Protecting company property, monitoring access, preventing fraud, and ensuring the safety of staff, clients, and visitors.
10.1.5 Marketing and communication: Providing information about products or services, subject to obtaining the necessary consent under POPIA.
10.2 The company ensures that personal information is processed lawfully, reasonably, and only for the purposes for which it was collected and takes appropriate steps to protect the confidentiality and integrity of such information.
10.3 Description of the categories of data subjects and of the information or categories of information relating thereto:
11.3.1. The company processes personal information relating to various categories of data subjects. The categories of data subjects, and the types of personal information that may be processed in respect of each, include (but are not limited to) the following:
11 The Recipients or Categories of Recipients to whom the Personal Information may be Supplied
11.1 Personal information held by the company may be disseminated to third parties only when lawful and necessary for business, contractual, or regulatory purposes. Categories of personal information and possible recipients include (but are not limited to):
Category of Personal Information |
Recipients or Categories of Recipients |
Identity numbers, names, business and personal contact details |
Government departments and regulatory authorities (including the Department of Mineral Resources and Energy, Department of Employment and Labour, Department of Forestry, Fisheries and the Environment), law enforcement agencies, the Information Regulator, auditors, banks and financial institutions for KYC and compliance purposes, clients and project principals, mine owners and landowners, insurers, contracted service providers and professional advisors where required. |
Qualifications, licenses and professional history |
SAQA, professional and statutory bodies, licensing authorities, background screening and vetting service providers, recruitment agencies, clients or principals where proof of competency, certification or statutory compliance is required for site access or work performance. |
Credit and payment history |
Banks and financial institutions, registered credit bureaus, payment processors, external accountants, auditors, debt collection agencies where enforcement action is required, insurers and client finance teams for reconciliation or contractual credit control. |
Tax and payroll records |
South African Revenue Service (SARS), payroll administrators, pension and provident fund administrators, medical aid and benefit providers, UIF and COID administrators, auditors and statutory authorities. |
Health and safety information |
Occupational health practitioners, medical service providers, medical aid schemes, Compensation Commissioner, insurers and loss adjusters, mine health and safety officers, emergency response services, external OHS and MHSA consultants, regulators where required by law. |
Contractual and business information |
Clients, project owners and principals, mine owners, insurers, legal advisors, auditors, consultants, subcontractors and joint venture partners where necessary for project execution, risk management, dispute resolution, reporting or compliance. |
B BBEE credentials and supplier data |
B-BBEE verification agencies, procurement departments of clients and principals, funders, investors, public sector entities, industry and tender portals and verification bodies where disclosure is required for procurement, funding or compliance purposes |
Training and induction records |
Regulatory authorities, SETA bodies, clients and principals, mine owners, auditors and inspectors where evidence of MHSA, OHS, explosives handling, environmental, POPIA or PAIA training is required for site access, audits or statutory reporting |
CCTV footage, access control logs and visitor registers |
Contracted security service providers, site and property owners, insurers, law enforcement agencies on lawful requests, forensic investigators, legal advisors and regulators were required for investigations or compliance. |
Fleet, equipment, telematics and incident data |
Telematics and tracking service providers, fleet insurers, accident investigators, AARTO and traffic authorities, panel beaters, towing and recovery services, legal advisors, regulators and clients where incident reporting is required in terms of contract or law. |
Financial records, invoices, bank details |
Banks and financial institutions, external accountants, auditors, payment processors, clients, suppliers and internal finance and compliance functions. |
Digital and IT records including user IDs, device IDs, logs and backups |
Cloud hosting providers, managed IT service providers, cybersecurity and monitoring vendors, SaaS providers used for HR, payroll, fleet management, safety reporting, finance and document management, incident response partners and backup and disaster recovery service providers. |
Data protection governance records including ROPA, operator agreements and breach logs |
The Information Regulator, regulators and authorities, clients and principals where the Company acts as an operator, legal counsel, cyber and liability insurers, external auditors and compliance consultants. |
Procurement and vendor onboarding packs |
Due diligence and screening providers, client and principal procurement teams, funders and investors performing counterparty checks, internal legal, risk and finance functions. |
Shareholder, director and beneficial ownership details |
Companies and Intellectual Property Commission (CIPC), banks and financial institutions for KYC, auditors, B-BBEE verification agencies, funders, regulators and other verification bodies where disclosure is required by law, tender conditions or governance standards |
12 Planned Transborder Flows of Personal Information
12.1 The company may, where necessary and lawful, transfer or store personal information outside the Republic of South Africa. This could include, for example, the use of secure cloud-based service providers or international business partners. Where no transborder transfer is required, personal information will continue to be stored and processed within South Africa.
12.2 Any cross-border transfer of personal information will only take place in accordance with section 72 of POPIA, which requires that:
12.2.1 The recipient country, organisation, or international organisation is subject to a law, binding agreement, or corporate rules that provide an adequate level of protection; or
12.2.2 The transfer is necessary for the performance of a contract, with the consent of the data subject, or for another lawful reason recognised by POPIA.
13 Availability of the PAIA Manual at the Company
13.1 A copy of the manual is available:
13.1.1 On the website or at any head office for public inspection during normal business hours;
13.1.2 To any person upon request and upon the payment of a reasonable prescribed fee; and
13.1.3 To the Information Regulator upon request.
13.2 A fee for a copy of the manual, as contemplated in the Regulations, shall be payable per each A4-size photocopy made.
14 Objection to the Processing of Personal Information by a Data Subject
14.1 Any person (“data subject”) has the right to object to the processing of their personal information in terms of section 11(3) of POPIA.
14.2 An objection must be made on Form 1 – Objection to the Processing of Personal Information or a similar form. This is free of charge and can be sent by hand, post, fax, email, SMS, WhatsApp, or any other convenient method.
14.3 When personal information is collected, the company must inform the data subject of their right to object.
14.4 If an objection is made by phone, the company must record it electronically and provide a copy or written transcript to the data subject on request, at no cost.
15 Request for Correction/Deletion of Personal Information or Destruction/Deletion of Record of Personal Information
15.1 A data subject has the right, under section 24 of POPIA, to request the correction, destruction, or deletion of their personal information at any time and free of charge.
15.2 Correction or deletion may be requested if the personal information is:
15.2.1 Inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained; or
15.2.2 No longer lawfully permitted to be kept by the company.
15.3 Requests must be made using Form 2 – Request for Correction of Deletion of Personal Information or Deletion of Record of Personal Information or a similar form. This can be submitted free of charge by hand, post, fax, email, SMS, WhatsApp, or any other convenient method.
15.4 If a request is made by phone, the company must record it electronically and provide a copy or written transcript to the data subject on request, at no cost.
15.5 The company must respond within 30 days of receiving the request and notify the data subject in writing of the outcome and any action taken.
16 Applicable Forms
PAIA Forms
Form 01: Request for a Copy of the Guide from an Information Officer [Regulation 3]
Form 02: Request for Access to Record [Regulation 7]
Form 03: Outcome of Request and of Fees Payable [Regulation 8]
Form 05: Complaint Form [Regulation 10]
Form 13: PAIA Request for Compliance Assessment Form [Regulation 14(1)]
POPIA Forms
Form 1: Objection to the Processing of Personal Information
Form 2: Request for Correction of Deletion of Personal Information or Deletion of Record of Personal Information
Form 3: Application for the Issue of a Code of Conduct
Form 4: Application for the Consent of a Data Subject for the Processing of Personal Information for the Purpose of Direct Marketing
Form 5: Complaint Regarding Interference with the Protection of Personal Information for the Purpose of Direct Marketing
17 Updating of the Manual
The head of the company will update this manual on a regular basis.
Name of Information Officer |
Thabo Matthews Nzimande |
Title of the head of the body |
Chief Executive Officer |
Signature |
|
Date |
|