And in a manner that balances that right with any other rights, including such rights contained in the Bill of Rights in the Constitution.

This PAIA Manual assist you to-

4. CONTACT DETAILS

Casper van Eck

(Commercial Legal Officer)

Postal Address:

666 KLIPBANK STREET

WINGATE PARK

WINGATE PARK

GAUTENG

0153

Physical Address:

666 KLIPBANK STREET

WINGATE PARK

WINGATE PARK

GAUTENG

0153

Telephone No:

+27 12 640 0147

E-mail:

IRC Company E-mail- [email protected]

Information officer E-mail – [email protected]

Deputy Information Officer:

N.A.

GENERAL INFORMATION:

Name of Private Body:

IRC  Pty Ltd

Registration No:

2017 / 106999 / 07

5. GUIDE ON HOW TO USE PAIA AND HOW TO OBTAIN ACCESS TO THE GUID

5.1	The Regulator has, in terms of Section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.
5.2	The Guide is available in each of the official languages and in braille.
5.3	The aforesaid Guide contains the description of-

	5.3.1	the objects of PAIA and POPIA;
	5.3.2	the postal and street address, phone and fax number and, if
	5.3.3	available, electronic mail address of-

		5.3.3.1	the Information Officer of every public body, and
		5.3.3.2	every Deputy Information Officer of every public and private body designated in terms of Section 17(1) of PAIA and Section 56 of POPIA;

	5.3.4	the assistance available from the Information Officer of a public body in terms of PAIA and POPIA;
	5.3.5	the assistance from the Regulator in terms of PAIA and POPIA;
	5.3.6	all remedies in law available regarding an act of failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging-

		5.3.6.1	an internal appeal;
		5.3.6.2	a complaint to the Regulator; and
		5.3.6.3	an application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the regulator or a decision of the head of a private body;

	5.3.7	the provisions of Sections 15 and 51 of PAIA requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual;
	5.3.8	the provisions of Sections 15 and 52 of PAIA providing for the voluntary disclosure of categories of records by a public body and private body, respectively;
	5.3.9	the notices issued in terms of Section 22 and 54 of PAIA regarding fees to be paid in relation to requests for access; and
	5.3.10	the regulations made in terms of Section 92 of PAIA

5.4	Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours
5.5	the Guide can also be obtained –

	5.5.1	upon request to the Information Officer;
	5.5.2	from the website of the Information Regulator (https://inforegulator.org.za/).

5.6	A copy of the Guide is also available in two official languages, for public inspection during normal office hours.

6. RECORDS AUTOMATICALLY AVAILABLE TO THE PUBLIC

Policies and Procedures:

• Organizational policies and procedures
• Codes of conduct and ethics
• Governance documents
• Regulations and guidelines

7. RECORDS OF THE PRIVACY BODY

This clause serves as a reference to the records that IRC Pty Ltd holds in order to facilitate a request in terms of the Act.

It is recorded that the accessibility of the documents listed herein below, may be subject to the grounds of refusal set out hereinafter.

Finance:

Financial statements and reports

Invoices, receipts, and payment records

Tax records and returns.

Budgets and financial planning documents

Banking and transaction records Payroll records

Human Resources (HR):

Employee records, including personal information, contracts, and performance evaluations

Job applications, resumes, and employment history

Training and development records

Disciplinary and grievance records

Leave and attendance records Compensation and benefits information

Operations:

Operational policies, procedures, and manuals

Project documentation and reports

Operational performance records

Incident and accident reports Health and safety records

8. RECORDS REQUIRED IN TERMS OF LEGISLATION

Records are kept in accordance with legislation applicable to IRC  Pty Ltd, which includes but is not limited to, the following –

• Memorandum of Incorporation – Companies Act 71 of 2008: The Companies Act requires companies to have a Memorandum of Incorporation (MOI), which sets out the rights, duties, and responsibilities of shareholders, directors, and other company officials.
• BCEA (Basic Conditions of Employment Act): The BCEA is a South African labor law that sets out the basic conditions of employment for employees, including working hours, leave entitlements, and minimum wage.
• Cybercrimes Act: The Cybercrimes Act is a legislation that addresses cybercrime and provides for offenses related to cybersecurity, data breaches, and electronic communication.
• ECTA (Electronic Communications and Transactions Act): The ECTA is a law that regulates electronic transactions and communications in South Africa. It covers various aspects such as electronic signatures, data messages, and the facilitation of electronic commerce.
• Income Tax Act: The Income Tax Act governs the taxation of individuals and entities in South Africa. It outlines the rules and regulations regarding income tax, tax deductions, and tax obligations.
• LRA (Labour Relations Act): The LRA is a labor law that regulates collective bargaining, dispute resolution, and the rights and obligations of employers and employees in South Africa.
• OPI (Protection of Personal Information Act): The POPI Act is a data protection law that aims to safeguard personal information and regulate its processing by public and private bodies.
• VAT Act of 1991: The Value Added Tax (VAT) Act establishes the framework for the implementation and administration of value-added tax in South Africa. It sets out the rules regarding VAT registration, compliance, and tax liability.

Reference to the above-mentioned legislation shall include subsequent amendments and secondary legislation to such legislation.

9. PROCESSING OF PERSONAL INFORMATION

9.1 Purpose of Processing Personal Information

We only process personal information:

• to provide our services to you.
• to conduct IRC’ recruitment exercises, including referrals, and hiring processes, including the capturing of a job applicant’s details and the providing of status updates to such a job applicant. In this context IRC will conduct criminal record and credit checks;
• to provide you with marketing that is relevant to you, or to direct information concerning IRC;
• maintain and update our customer, or potential customer databases;
• to protect our rights in any litigation;
• communicate with you and keep a record of our communications with you and your communications with us;
• inform you about any changes to the Website, the Privacy Notice or other changes which are relevant;
• for any other purposes relevant to our business activities, provided they are lawful. IRC will restrict its processing of your Personal Information to the original purposes for which it was collected, unless IRC reasonably considers that it is required to be processed for another purpose and that purpose is compatible with the original purpose. If you would like us to explain how the further processing for the new purpose is compatible with the original purpose, please contact us.

9.2 Description of the categories of Data Subjects and of the information or categories of information relating thereto

Categories of Data Subjects	Personal Information that may be processed
Customers / Clients	• Identity Data, which includes information concerning your name, username or similar identifier, marital status, title, date of birth, gender, race and legal status, as well as copies of your identity documents, photographs, identity number, registration number and qualifications. • Contact Data, which includes billing addresses, delivery addresses, email addresses and telephone numbers. • Financial Data, which includes bank account and payment card details, insurance information, and financial statements. • Transaction Data, which includes details about payments to and from you. • Service Data, which includes information concerning your interactions with IRC. • Marketing and Communications Data, which includes your preferences in receiving marketing from and your communication preferences.
Service Providers	• Identity Data, which includes information concerning your name, username or similar identifier, marital status, title, date of birth, gender, race and legal status, as well as copies of your identity documents, photographs, identity number, registration number and qualifications. • Contact Data, which includes billing addresses, delivery addresses, email addresses and telephone numbers. • Financial Data, which includes bank account and payment card details, insurance information, and financial statements. • Transaction Data, which includes details about payments to and from you. • Service Data, which includes information concerning your interactions with IRC. • Marketing and Communications Data, which includes your preferences in receiving marketing from and your communication preferences.
Employees	• Identity Data, which includes information concerning your name, username or similar identifier, marital status, title, date of birth, gender, race and legal status, as well as copies of your identity documents, photographs, identity number, registration number and qualifications. • Contact Data, which includes billing addresses, delivery addresses, email addresses and telephone numbers. • Financial Data, which includes bank account and payment card details, insurance information, and financial statements. • Transaction Data, which includes details about payments to and from you. • Service Data, which includes information concerning your interactions with IRC. • Marketing and Communications Data, which includes your preferences in receiving marketing from and your communication preferences.

9.3 The recipients or categories of recipients to whom the personal information may be supplied

Category of personal information	Recipients of Categories of Recipients to whom the personal information may be supplied
Identity number, Fingerprint data and full names, for criminal checks.	South African Police Service and The MIE

9.4 Planned transborder flows of personal information

We transfer information to the following countries:

• UAE

The following categories of information is transferred outside the borders of South Africa:

• Identity Data
• Contact Data
• Financial Data
• Transaction Data
• Service Data
• Marketing and Communications Data

9.5 General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information

The organisation will ensure that the filing system’s security is managed effectively to protect personal information from loss, unauthorized access, disclosure, interference, modification, or destruction. Security measures will be context-specific, and the organisation will continuously review its security controls and conduct regular testing to combat cyber-attacks.

The organisation will store all paper and electronic records containing personal information securely and limit access to authorized individuals only. New employees will sign employment contracts containing terms for using and storing employee information, including confidentiality clauses to reduce the risk of unauthorized disclosures.

Existing employees will sign an addendum to their employment agreement containing the relevant consent and confidentiality clauses after the required consultation process. Operators and third-party service providers will be required to enter into service level agreements with the organisation, pledging mutual commitment to POPIA and the lawful processing of any personal information under the agreement.

Personal Information will be protected by means of physical measures including but not limited to locked filing cabinets, restricting access to offices and premises and an alarm system with active response team. the utilization of up-to-date technological tools such as passwords Protection, File encryption and up to date firewalls. The organization will implement organizational controls such as background checks on all employees with the MIE System, limiting access, staff training and non-disclosure agreements.

10. REQUEST PROCEDURE FOR OBTAINING INFORMATION

Access to the records held by IRC Pty Ltd

Records held by IRC  Pty Ltd may be accessed by request only once the prerequisites for access have been met.

The requester must fulfil the prerequisites for access in terms of The Act, including the payment of a requested access fee.

The requester must comply with all the procedural requirements contained in The Act relating to the request for access to a record.

The requester must complete the prescribed Form 2 (Annexure B) and submit same as well as payment of a request fee and a deposit, if applicable, to the Information Officer at the postal or physical address, fax number or electronic mail address as stated herein.

The prescribed form must be filled in with enough particulars to at least enable the Information Officer to identify –

• The record or records requested
• The identity of the requester
• Which form of access is required, if the request is granted
• The postal address or fax number or email address of the requester

The requester must state that they require the information in order to exercise or protect a right, and clearly state what the nature of the right to be exercised or protected is. In addition, the requester must clearly specify why the record is necessary to exercise or protect such a right.

IRC  Pty Ltd will process the request within 30 days, unless the requester has stated a special reason that would satisfy the Information Officer that circumstances dictate that the above time periods are not complied with.

The requester shall be informed whether access has been granted or denied in the form of Form 3 (Annexure C). If, in addition, the requester requires the reason for the decision in any other manner, they must state the manner and the particulars so required.

If a request is made on behalf of another person, then the requester must submit proof of the capacity in which the requester is making the request, to the reasonable satisfaction of the Information Officer.

If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.

11. FEES

When the Information Officer receives the request, such Officer shall, by notice, require the requester to pay the prescribed request fee (if any), before any further processing of the request.

If the search for the record has been made in the preparation of the record for disclosure, including arrangements to make it available in the requested form, and it requires more than the hours prescribed in the regulation for this purpose, the Information Officer shall notify the requester to pay as a deposit the prescribed portion of the access fee which would be payable if the request is granted.

The Information Officer shall withhold a record until the requester has paid the Fees as indicated.

A requester, whose request for access to a record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure, including making arrangements to make it available in the requested form.

If a deposit has been paid in respect of a request for access, which is refused, then the Information Officer concerned must repay the deposit to the requester.

The fees applicable to a request for information are set out in Annexure A hereto.

The requester must pay the prescribed fee before any further processing can take place.

12. GROUNDS FOR REFUSAL OF ACCESS TO INFORMATION

The main grounds for IRC Pty Ltd to refuse a request for information relates to the:

• Mandatory protection of the privacy of a third party that is a natural person would involve the unreasonable disclosure of personal information of the natural person
• Mandatory protection of the commercial information of a third party, if the record contains:
  • Trade secrets of that third party;
  • Financial, commercial, scientific or technical information, disclosure of which would likely cause harm to the financial or commercial interests of that third party;
  • Information disclosed in confidence by a third party to the Private Body, if the disclosure could put that third party at a disadvantage in negotiations or commercial competition;
• Mandatory protection of confidential information of third parties if it is protected in terms of any agreement;
• Mandatory protection of confidential information of the protection of property;
• Mandatory protection of records that would be regarded as privileged in legal proceedings;
• The commercial activities of IRC  Pty Ltd which may include:
  • Trade secrets of IRC  Pty Ltd
  • Financial, commercial, scientific or technical information, disclosure which could likely cause harm to the financial or commercial interest of IRC Pty Ltd ;
  • Information which, if disclosed could put IRC  Pty Ltd at a disadvantage in negotiations or commercial competition;
  • A computer program, owned by IRC  Pty Ltd and protected by copyright.
• The research information of IRC  Pty Ltd or a third party, if its disclosure would reveal the identity of IRC  Pty Ltd, the researcher or the subject matter of the research and would place the research at a serious disadvantage;

Requests for information that are clearly frivolous or vexatious, or which would involve an unreasonable diversion of resources shall be refused.

13. DECISION

IRC  Pty Ltd will within 30 days of receipt of the request, decide whether to grant or decline the request and give notice with reasons (if required) to that effect.

The requester shall be informed whether access has been granted or denied in the form of Form 3 (Annexure C). If, in addition, the requester requires the reason for the decision in any other manner, they must state the manner and the particulars so required.

The 30 day period within which IRC  Pty Ltd has to decide whether to grant or refuse the request, may be extended for further period of not more than 30 days if the request is for a large amount of information, or the request requires a search for information held at another office of IRC  Pty Ltd and the information cannot reasonably be obtained within the original 30 day period. IRC  Pty Ltd will notify the requester in writing should an extension be sought.

AVAILABILITY OF THE MANUAL

The manual of IRC Pty Ltd is available at the premises of IRC Pty Ltd as well as the website of IRC Pty Ltd.

ANNEXURE B: FORM 2

Form-02-Request-for-Access-to-Record

ANNEXURE B: FORM 3

Form-03-Outcome-of-request-and-of-fees-payable