Promotion of Access to Information (PAIA) Manual
Last updated: October 2023
Table of contents
1. Introduction
1.1 Welcome to Direct Transact (Pty) Limited, operates its business in the field of information technology services with regards to account hosting services, clearing and settlement and provides, inter alia, transaction processing and clearing services to a diverse range of corporate clients, always striving to uphold the constitutional right of access to information while maintaining confidentiality, privacy, and compliance with South African laws.
2. Contact Details
2.1 If you have any questions or concerns regarding your personal information and our data practices, please feel free to reach out to our Information Officer, using the following contact details:
2.1.1 Physical Address: 210Aramist Avenue, Waterkloof Glen, Pretoria, 0010
2.1.2 Postal Address: xxxxxxxxxxxxxxxxxxxxxxx
2.1.3 Telephone: +27 12 368 49001.1.4
2.1.4 Email: compliance@directtransact.co.za
3. The Act
3. The Act
3.1 Introduction
3.1.1 This Manual has beencompiled to comply with the Promotion of Access to Information Act 2 of 2000 ("the Act"), in conjunction with the Protection of Personal Information Act 4 of 2013 (“POPIA”). Its purpose is to ensure your constitutional right to access information held by Direct Transact, while respecting the reasonable limitations to protect privacy, commercial confidentiality, and effective governance.
3.1.2 This Manual is available at directtransact.co.za and the physical address provided in paragraph 3 above.
3.1.3 Requests for information under the Act should follow the procedures outlined in this Manual and be accompanied by the prescribed fees, where applicable. For further guidance on exercising your rights, you may refer to the guide provided by the South African Human Rights Commission (“SAHRC”), available from their website orcontact details provided.
3.2Purpose for Processing Data
3.2.1 At Direct Transact, we take your privacy seriously and process personal information only with your consent and when necessary for legitimate business interests, adhering to South Africanprivacy legislation.
3.2.2 We process personal information for various purposes, including providing information, products, services, support, managing customer records, securely transmitting data for our customers, recruitment, administration, and more. We also analyse and improve our products and services, detect fraud, and ensure the security of our premises and assets.
3.3 Categories of Data Subjects
3.3.1 We process personal information of different types of individuals, including employees, customers, potential customers, suppliers, and product testers. The data we process varies depending on the purpose and relationship with each individual.
3.3.2 Example table:
| Data Subjects | Type of Personal Information Processed |
|---|---|
Employees and potential employees | Demographic information Health and disability information Employment contracts Performance and disciplinary matters Payroll Physical access and monitoring Training Employment history Criminal history Background checks Time and attendance Correspondence |
| Customers and Potential Customers | Demographic information of (potential) customers and their representatives Contracts Contact details Banking details Credit record Account history Correspondence Customer information (exclusively for contracted support, hosting or back-up purposes) |
| Suppliers | Demographic information of suppliers and their representatives Banking details Account history Product and service information Contracts Correspondence |
3.4 Catagories of Data Recipients
3.4.1 Direct Transact may share personal information with employees, service providers, agents, and third parties under specific circumstances, such as legal obligations, contractual requirements, or service provision. We ensure that any sharing of personal information is done with the necessary consent or notification to the data subjects.
3.4.2 Direct Transact’s employees are required to adhere to Direct Transact’s data privacy and confidentiality policies, and are trained in this regard.
3.5 Transfer of Your Personal Information out of South Africa
3.5.1 With your prior consent, we may subcontract data hosting to third parties located outside South Africa. In such cases, we ensure that standard contractual clauses are agreed upon toprotect your personal information.
3.6 Information Security Measures
3.6.1 To safeguard your data, including personal information, Direct Transact implements various information technology security measures. These include encryption, backups, anti-virus and anti-malware protection, redundancy, and disaster recovery plans. We also work with third-party service providers who comply with South African data protection laws or equivalent standards.
4. Applicable Legislation
4. Applicable Legislation
4.1 As a responsible company, we adhere to various South African legislation relevant to our operations. Our commitment to compliance ensures that we maintain transparency and respect for your rights.
| No. | Act |
|---|---|
1 | Basic Conditions of Employment Act 75 of 1997 |
| 2 | Broad-based Black Economic Empowerment Act 53 of 2003 |
| 3 | Companies Act 71 of 2008 |
| 4 | Electronic Communications and Transactions Act 25 of 2002 |
| 5 | Employment Equity Act 55 of 1998 |
| 6 | Income Tax Act 58 of 1962 |
| 7 | Labour Relations Act 66 of 1995 |
| 8 | Occupational Health Act 61 of 2003 |
| 9 | Promotion of Access to Information Act 2 of 2000 |
| 10 | Skills Development Act 97 of 1998 |
| 11 | Skills Development Levies Act 9 of 1999 |
| 12 | Unemployment Insurance Contributions Act 4 of 2002 |
| 13 | Value Added Tax Act 89 of 1991 |
4.2 If you have any further questions about our data practices or how we handle your personal information, please do not hesitate to contact us. We are here to provide you with the necessary information and ensure your data privacy is protected.
5. Schedule of Records
5. Schedule of Records
5.1 Direct Transact has under its control or in its possession the following categories of records under the subjects described below. The categories of records are not exhaustive and are subject to amendment.
| Record Type | Subject | Access Level |
|---|---|---|
Business | CIPC records (including company registration, officers and intellectual property) Audited financial statements Tax records Asset registers Statutory records Operational records Internal policies and procedures Financial records Product development information Management planning information Budgets Information technology system records Information technology disaster recovery and implementation plans | 1,2 4 4 4 4 4 3 4 4 4 4 4 4 |
| Marketing | Product information Manuals Media releases Company website Marketing plans | 1 2 1 1 4 |
| Pesonnel | Personal information provided by personnel Personal information provided by third parties Employment contracts Internal evaluation, performance management and disciplinary records Statutory records regarding UIF, PAYE, B-BBEE, EE, Health and Safety Correspondence with and about personnel Training schedules and material Remuneration records Facilities management documentation | 3 4 4 3 2.3 3.4 2.3 3.4 2 |
| Legal | Agreements and Memoranda of understanding Litigation records Legal opinions Legal correspondence | 4 4 4 4 |
| Customer | Personal information provided by customers about their businesses and representatives Customer contracts Customer databases (including personal information of customers' customers) Credit records Account records Correspondence with and about customers | 3 4 3.4 4 4 3.4 |
| Suppliers & Contractors | Personal information provided by suppliers and contractors Contracts Accounting Records | 3 4 4 |
| Access Level | Classification | Description |
|---|---|---|
1 | Public | Unrestricted availability |
| 2 | Internal Use | Administrative records relating to the running of the business with little interest or value to outside parties, to which outside parties may be granted limited access, depending on the circumstances |
| 3 | Confidential | Personal information of an individual or juristic person requested by the data subject of that information. |
| 4 | Restricted | Legally privileged document, or document likely to harm an individual, compromise the safety of individuals or property, or harm the commercial or financial interests of the company or a third party. |
6. Request for Access to Information
6. Request for Access to Information
6.1 To be granted access to a record referred to in paragraph 5 above, please complete the request form included as Schedule 1 here to and address your request to the Direct Transact Information Officer at the details given in paragraph 2 above and submit it to compliance@directtransact.co.za.
6.2 Details of the fees payable and the payment procedure will be provided by the Direct Transact Information Officer once the request has been received.
7.3 Please complete all fieldsin the request form, ensuring that you provide us with the following information:
7.3.1 Details of the record that you are requesting;
7.3.2 A copy of your valid South African ID document or card;
7.3.3 A copy of the power of attorney (if applicable);
7.3.4 A description of the right you seek to exercise or protect, with an explanation of the reason the record is required to exercise or protect the right;
7.3.5 Details of how the information requested must be provided to you if the request is granted; and
7.3.6 Your contact details.
7. Fees
7. Fees
7.1 When the Information Officer of Direct Transact receives a request on the official form for information in terms of the Act, the Information Officer will send the requester (other than a personal requester) a notice requiring the requester to pay the prescribed request fee of R50.00 (fifty rand) before further processingthe request.
7.2 A further access/reproduction fee will be payable before the requested record is released. The fee is calculated in accordance with the prescribed rates set outin schedule 2, taking access/reproduction costs, search and preparation time, and postal costs (if relevant).
7.3 If preparation of the record requested will take more than six hours, a deposit of one third of the access fee will be payable in advance of provision of the record, with the balance payable on delivery.
7.4 The Information Officer will provide the details of the account into which the payment must be made on the invoice for the access/reproduction fee.
8. Timelines for consideration
8. Timelines for consideration
8.1 Once received, Direct Transact will assess your request, and your request will be processed within 30 (thirty) days, unless the request contains considerations that are of such anature that an extension of the 30-day (thirty day) time limit is needed. If an extension is necessary, you will be notified with reasons for the extension.
8.2 If the Information Officer fails to communicate a decision on a request, such a request is then deemed to have been refused.
9. Grounds for Refusal of Access to Records
9. Grounds for Refusal of Access to Records
9.1 The main grounds on which Direct Transact may refuse access to records relate to:
9.1.1 The privacy of a thirdparty who is a natural person;
9.1.2 The commercial informationof a third party;
9.1.3 Confidential information ofa third party;
9.1.4 The safety of individualsand property;
9.1.5 Legally privileged records; and
9.1.6 Commercial information of Direct Transact, which may include without limitation:
9.1.6.1 Trade secrets;
9.1.6.2 Financial, commercial,scientific, or technical information, the disclosure of which would likely harm the financial or commercial interests of Direct Transact;
9.1.6.3 Information that, if disclosed, could put Direct Transact at a disadvantage in negotiations or commercial competition;
9.1.6.4 Computer programs and related information technology software that are owned by Direct Transact andthat are protected by copyright; and
9.1.6.5 Research information compiled by Direct Transact or a third party if disclosure would expose the third party, researcher, or subject matter of the research and therefore seriously disadvantage Direct Transact.
9.2 Requests submitted in terms of the Protection of Personal Information Act, 4 of 2013, may be refused on the same grounds set out above.
10. Remedies Available
10. Remedies Available
10.1 Direct Transact does not have any internal appeal procedures that may be followed once a request to access information has been refused. The decision of the Information Officer is final. If you are not satisfied with the outcome of your request, you can apply to the Information Regulator for relief.
11. Schedule 1: Access Request Form
11. Schedule 1: Access Request Form
12.Schedule 2: Fees
12.1 | The following schedule lays out the fees associated with a request for information. | Request Fee (Ex VAT) |
| 12.1.1 | For every photocopy of an A4-sized page or part thereof | R1.10 |
| 12.1.2 | For every printed copy of an A4-sized page or part thereof held electronically | R0.75 |
| 12.1.3 | For a copy in acomputer-readable form on a CD | R70.00 |
| 12.1.4 | For a copy in acomputer-readable form on a flash drive | R100.00 |
| 12.1.5 | For a transcription ofvisual images for an A4-sized page or part thereof | R40.00 |
| 12.1.6 | For a copy of a visual image | R60.00 |
| 12.1.7 | For a transcription of an audio record per A4-sized page or part thereof | R20.00 |
| 12.1.8 | For a copy of an audio record | R30.00 |
| 12.1.9 | To search for and prepare the record for disclosure | R300.00 per hour or part thereof |
