Login
Get a Loan now

SMART SOLVE FINANCE (PTY) LTD PAIA MANUAL

Prepared in terms of section 51 of the Promotion of Access to Information Act 2 of 2000 (as amended)

Last Review DateOctober 2025
Frequency of Review12 Months Cycle
Next Review DateOctober 2026
Policy OwnerBryan Finlay
Information OfficerBryan Finlay

POLICY STATEMENT

  • This policy forms part of the policy owner’s internal business processes and procedures.
  • Any reference to the “organisation” shall be interpreted to include the “policy owner”.
  • The organisation’s governing body, its employees, consultants, contractors, suppliers, and any other persons acting on behalf of the organisation are required to familiarise themselves with the policy’s requirements and undertake to comply with the stated processes and procedures.
  • Risk owners and control owners are responsible for overseeing and maintaining control procedures and activities.

DEFINITIONS

Data SubjectThe person to whom the personal information relates.
Deputy Information OfficerThe person to whom any power or duty conferred or imposed on an Information Officer by POPI has been delegated. Not Applicable
HeadIn relation to a private body means: in the case of a natural person, that natural person or any person duly authorised by that natural person;in the case of a partnership, any partner of the partnership or any person duly authorised by the partnership;in the case of a juristic person:the chief executive officer or equivalent officer of the juristic person or any person duly authorised by that officer; orthe person who is acting as such or any person duly authorised by such acting
Informatio n OfficerThe head of a private body, Bryan Finlay
Information RegulatorThe Regulator was established in terms of Section 39 of POPI.
PAIAThe Promotion of Access to Information Act 2 of 2000.
PersonA natural person or a juristic person.
Personal InformationInformation relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to: information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.Information relating to the education or the medical, financial, criminal, or employment history of the person.Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignments to the person, the biometric information of the person.The personal opinions, views, or preferences of the person; correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.The views or opinions of another individual about the person; and the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information
Personal RequesterA requester seeking access to a record containing personal information about the requester.
POPIThe Promotion of Personal Information Act 4 of 2013.
Private BodyA natural person who carries or has carried on any trade, business, or profession, but only in such capacityA partnership which carries or has carried on any trade, business, or profession; orAny former or existing juristic person, but excludes a public body
ProcessingAny operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use, dissemination by means of transmission, distribution or making available in any other form, or merging, linking, as well as restriction, degradation,
RequesterIn relation to a private body, means any person, including, but not limited to a public body or an official thereof, making a request for access to a record of the organisation or a person acting on behalf of such person.
Request for accessA request for access to a record of the organisation in terms of Section 50 of PAIA.
RecordAny recorded information regardless of the form or medium is in the possession or under the control of the organisation irrespective of whether or not it was created by the
Third-partyIn relation to a request for access to a record held by the organisation, means any person other than the requester.

POLICY PURPOSE

The Promotion of Access to Information Act, 2000, gives effect to section 32 of the Constitution, which provides that everyone has the right to access information held by the State or any other person (or private body) when that information is required for the exercise or protection of any rights.

The purpose of PAIA is to:

  • Foster a culture of transparency and accountability in public and private bodies by giving effect to the right of access to information, and to
  • Actively promote a society in which the people of South Africa have effective access to information to enable them to more fully exercise and protect all of their rights

The organisation recognises everyone’s right to access to information and is committed to providing access to the organisation’s records where the proper procedural requirements as set out by PAIA and POPI have been met.

The organisation’s PAIA manual is compiled in accordance with section 51 of the Act and contains the following provisions:

Annexure A: Contact Details & Business TypeThis section provides the organisation’s postal and street address, phone, and fax number, and, if available, the e-mail address of the head of the organization
Annexure B: Section 10 PAIA GuideThis section provides a description of the guide referred to in Section 10 of PAIA and how you may obtain access to it
Annexure C: Statutory RecordsThis section provides a description of the various statutes in terms of which the organisation is required to maintain records
Annexure D: Availability of RecordsThis section provides a list of records held by the organisation along with an indication of whether the record is freely available or only accessible by way of a formal request in terms of the provisions of PAIA. The section also provides a description of the category of the data subject(s) to who the respective records relate along with an indication of the purpose for which the record is being kept. Records that are indicated as “Freely Available” can be accessed by contacting the Deputy Information Officer (see Annexure A), without having to follow any formal procedures. Records that are indicated as a “PAIA Request”, require the requester to lodge a formal request as provided for in Annexure E.
Annexure E: Request ProcedureThis section sets out the procedure required to obtain access to a record indicated as a “PAIA Request” in Annexure D
Annexure F: Outcome of Request and Fees PayableThis section sets out the outcome of the request and fees that are payable to the organisation prior to processing a request to obtain access to a record held by the organisation.
Annexure G: Processing of Personal InformationThis section sets out the applicable aspects for the processing of personal information
Annexure H: Deputy Information Officer AppointmentThis section provides for the formal appointment of a Deputy Information Officer where so required

DUTIES OF THE INFORMATION OFFICER

The Information Officer and/or the Deputy Information Officer of the organisation are responsible for:

  • Publishing and proper communication of the manual i.e., creating policy awareness
  • The facilitation of any request for access
  • Providing adequate notice and feedback to the requester
  • Determining whether to grant a request for access to a complete/full record or only part of a record
  • Ensuring that access to a record, where so granted, is provided timeously and in the correct format
  • Reviewing the policy for accuracy and communicating any amendments

Right of Access

The Information Officer, Bryan Finlay may only provide access to any record held by the organisation to a requester if:

  • The record is required for the exercise or protection of any right, and
  • The requester complies with the procedural requirements relating to a request for access to that record, and
  • Access to that record is not refused in terms of any of the grounds for refusal listed below

Grounds for Refusal

A: Mandatory Protection of privacy of a Third Party who is a Natural Person

Grounds for refusal
  • The disclosure would involve the unreasonable disclosure of personal information about a third party that is a natural person (including a deceased individual).
No Grounds for Refusal:
  • The record consists of information that concerns an individual who has already consented in writing to its disclosure to the requester concerned
  • The record consists of information that is already publicly available
  • The record consists of information that was given to the organisation by the individual to whom it relates, and the individual was informed by or on behalf of the organisation, before it is given, that the information belongs to a class of information that would or might be made available to the public
  • The record consists of information about an individual’s physical or mental health, or well- being, who is under the care of the requester and who is under the age of 18; or incapable of understanding the nature of the request, and if giving access would be in the individual’s best interest
  • The record consists of information about an individual who is deceased, and the requester is the individual’s next of kin or making the request with the written consent of the individual’s next of kin
  • The record consists of information about an individual who is or was an official of the organisation and which relates to the position or functions of the individual, including, but not limited to the title, work address, work phone number, classification, salary scale or remuneration and responsibilities of the position held, or services performed by the individual,

and the name of the individual on a record prepared by the individual in the course of employment

B: Mandatory Protection of Commercial Information of a Third Party

Ground for refusal
  • The record consists of information that contains trade secrets of a third party
  • The record consists of information that contains financial, commercial, scientific or technical information, other than trade secrets, of a third party, the disclosure of which would be likely to cause harm to the commercial or financial interests of that third party
  • The record consists of information supplied in confidence by a third party, the disclosure of which could reasonably be expected to put that third party at a
No Grounds for Refusal

The Information Officer, Bryan Finlay must assess whether there are any grounds for refusing a request for access.

Where any grounds for refusal are found, a request for access will not be granted.

However, despite finding any grounds for refusal, access to the record(s) will be provided where:

  • the disclosure of the record would reveal evidence of a substantial contravention of, or failure to comply with, the law or imminent and serious public or environmental risk, and
  • the public interest in disclosing records, will clearly outweigh the harm contemplated in the provision in question.

Where there are no grounds for refusal, a request for access will be granted.

If a request for access is made with regards to a record containing information that would justify a ground for refusal, every part of the record which

  • does not contain, and
    • can reasonably be severed from any part that contains any such information must, despite any other provision of PAIA, also be disclosed.

The grounds for refusal, or absence thereof, are set out below:

  • The record consists of information about a third party who has consented and who has already consented in writing to its disclosure to the requester concerned.
    • The record consists of information about the results of any product or environmental testing or other investigation supplied by a third party or the results of any such testing or investigation carried out by or on behalf of a third party and its disclosure would reveal a serious public safety or environmental risk (the results of any product or environmental testing or other investigation do not include the results of preliminary testing or other investigation conducted for the purpose of developing methods of testing or other investigation).

C: Mandatory Protection of certain Confidential Information of a Third Party Grounds for refusal:

  • The record consists of information the disclosure of which would constitute an action for

breach of a duty of confidence owed to a third party in terms of an agreement.

D: Mandatory Protection of Safety of Individuals and Protection of Property Grounds for refusal:

  • The record consists of information that if disclosed could reasonably be expected to

endanger the life or physical safety of an individual.

  • The record consists of information that if disclosed would likely prejudice or impair the security of a building, a structure or system, a computer or communication system, a means of transport, or any other property.
    • The record consists of information that if disclosed would likely prejudice or impair the security of methods, systems, plans, or procedures for the protection of an individual in accordance with a witness protection scheme, the safety of the public, or any part of the public, or the security of property.

E: Mandatory Protection of Records privileged from Production in Legal Proceedings Grounds for refusal:

  • The record consists of information privileged from production in legal proceedings unless the

person entitled to the privilege has waived the privilege.

F: Commercial Information of the Organisation Grounds for refusal:

  • The record consists of information that contains trade secrets of the organisation.
    • The record consists of information that contains financial, commercial, scientific or technical information, other than trade secrets, of the organisation, the disclosure of which would likely cause harm to the commercial or financial interests of the organisation.
    • The record consists of information, the disclosure of which, could reasonably be expected to put the organisation at a disadvantage in contractual or other negotiations or prejudice the organisation in commercial competition.
    • The record is a computer program as defined in section 1(1) of the Copyright Act (Act 98 of 1978), owned by the organisation, except insofar as it is required to give access to a record to which access is granted in terms of PAIA.
No grounds for refusal:
  • The record consists of information about the results of any product or environmental testing or other investigation supplied by the organisation or the results of any such testing or investigation carried out by or on behalf of the organisation and its disclosure would reveal a serious public safety or environmental risk (the results of any product or environmental testing or other investigation do not include the results of preliminary testing or other investigation conducted for the purpose of developing methods of testing or other investigation).

G: Mandatory Protection of Research Information of a Third Party and the Organisation Grounds for refusal:

  • The record consists of information that contains information about research being or to be

carried out by or on behalf of a third party, the disclosure of which would be likely to expose the third party, a person that is or will be carrying out the research on behalf of the third party, or the subject matter of the research to serious disadvantage.

  • The record consists of information that contains information about research being or to is carried out by or on behalf of the organisation, the disclosure of which would be likely to expose the organisation, a person that is or will be carrying out the research on behalf of the organisation, or the subject matter of the research to serious disadvantage.

NOTICE

Where a request for access has been received the Information Officer, Bryan Finlay will notify the requester of receipt and the prescribed fee (if any) that is payable prior to processing the request. Please refer to Annexure F for a full breakdown of fees payable. Personal requesters will not be charged a request fee.

The notice must state:

  • The amount of the deposit payable (if any)
    • That the requester may lodge a complaint with the Information Regulator or an application with a court against the tender or payment of the request fee, or the tender or payment of a deposit, as the case may be
    • The procedure (including the period) for lodging the complaint with the Information Regulator or the application

Except to the extent that the provisions regarding third-party notification may apply, the Information Officer and/or Deputy Information Officer to whom the request is made, must as soon as reasonably possible, but in any event within 30 days, after the request has been received in the prescribed format:

  • Decide in accordance with PAIA whether to grant the request, and
    • Notify the requester of the decision and, if the requester stated that he or she wishes to be informed of the decision in any other manner, inform him or her in that manner, if it is reasonably possible

If the request for access is granted, the notice must state:

  • The access fee (if any) to be paid upon access
    • The form in which access will be given, and
    • That the requester may lodge a complaint with the Information Regulator or an application with a court against the access fee to be paid or the form of access granted, and the procedure, including the period allowed, for lodging a complaint with the Information Regulator or the application

If the request for access is refused, the notice must:

  • State adequate reasons for the refusal, including the relevant provision of PAIA that was relied on
    • Exclude, from any such reasons, any reference to the content of the records’ and
    • State that the requester may lodge a complaint with the Information Regulator or an application with a court against the refusal of the request, and the procedure (including the period) for lodging a complaint with the Information Regulator or the application
    • Should all reasonable steps have been taken to find a record requested, and there are reasonable grounds for believing that the record:
    • Is in the organisation’s possession, but cannot be found, or
    • Simply does not exist, the head of the organisation must, by way of affidavit or affirmation, notify the requester that it is not possible to provide access to that record. The affidavit or affirmation must provide full account of all steps taken to find the record in question or to determine whether the record exists, as the case may be, including all communication with every person who conducted the search on behalf of the head.

AVAILABILITY OF THE MANUAL

A copy of the Manual is available-

  • On request copy will be sent via email, and a hardcopy will be kept at the office for public inspection
  • To any person upon request and upon the payment of a reasonable prescribed fee
    • To the Information Regulator upon request.
    • A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be paid per each A4-size photocopy made.

ANNEXURE A: CONTACT DETAILS & BUSINESS

A. Organisation Contact Details

Street address: 3rd Floor Regus House, Fairview Office Park, Ring Road, Gqeberha, South Africa, 6045

Phone number: 060 0865458

B. Information Officer

Full names and Surname: Bryan Finlay

Email Address: info@smartsolvefinance.co.za

C. Business Type

Credit Provider.

ANNEXURE B: SECTION 10 PAIA GUIDE

The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.

The Guide is available in each of the official languages and in braille.

The aforesaid Guide contains the description of-

  • the objects of PAIA and POPIA;
    • the postal and street address, phone and fax number and, if available, electronic mail address of the Information Officer of every public body, and designated in terms of section 17(1) of PAIA and section 56 of POPIA;
    • the manner and form of a request for-
      • access to a record of a public body contemplated in section 11;
      • and access to a record of a private body contemplated in section 50;
    • the assistance available from the IO of a public body in terms of PAIA and POPIA;
    • the assistance available from the Regulator in terms of PAIA and POPIA;
    • all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging-
  • an internal appeal
  • complaint to the Regulator; and an application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body
  • the provisions of sections 14 and 51 requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual
  • the provisions of sections 15 and 52 providing for the voluntary disclosure of categories of records by a public body and private body, respectively
  • the notices issued in terms of sections 22 and 54 regarding fees to be paid in relation to requests for access; and – the regulations made in terms of section 92

Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.

The Guide can also be obtained-

  • upon request to the Information Officer.
  • from the website of the Regulator (inforegulator.org.za).

PAIA grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights.

Where a public body lodges a request, the public body must be acting in the public interest.

Requests in terms of PAIA shall be made in accordance with the prescribed procedures at the rates provided.

ANNEXURE C: STATUTORY RECORDS

Smart Solve Finance maintains statutory records and information in terms of the following legislation (not limited to):

  • National Credit Act
    • Basic Conditions of Employment Act
    • Companies Act
    • Employment Equity Act
    • Financial Advisory & Intermediary Services Act
    • Financial Intelligence Centre Act
    • Income Tax Act
    • Labour Relations Act
    • Long-term Insurance Act
    • Pension Fund Act
    • Medical Schemes Act
    • Prevention of Organised Crime Act
    • Short-term Insurance Act
    • Skills Development Act
    • Unemployment Insurance Act
    • Value Added Tax Act

ANNEXURE D: AVAILABILITY OF RECORDS

The organisation maintains the following categories of records and related subject matter. The status of the record’s availability, the purpose for its processing, and the relevant data subject category to which the record relates are set out below:

CategoryRecordAvailabilityPurposeData Subject
Public AffairsPublic Product InformationFreely AvailableConvey Public InformationOrganisation
Public Corporate RecordsFreely AvailableConvey Public InformationOrganisation
Media ReleasesFreely AvailableConvey Public InformationOrganisation
Published NewslettersFreely AvailableConvey Public InformationOrganisation
Magazine ArticlesFreely AvailableConvey Public InformationOrganisation
Regulatory & AdministrativePermits, Licenses or AuthoritiesFreely AvailableStatutory RequirementOrganisation
Conflict of Interest Management PolicyFreely AvailableStatutory RequirementOrganisation
Complaints PolicyFreely AvailableStatutory RequirementOrganisation
Financial Intelligence Centre Act PolicyPAIA RequestStatutory RequirementOrganisation
Health & Safety PlanPAIA RequestStatutory RequirementOrganisatio n
Memorandum of IncorporationPAIA RequestStatutory RequirementOrganisation
Minutes of Board or Directors MeetingsPAIA RequestStatutory RequirementOrganisation
Register of MembersPAIA RequestStatutory RequirementOrganisation
Register of Board of DirectorsPAIA RequestStatutory RequirementOrganisation
Internal correspondence (e- mails/memos)  PAIA RequestInternal Communications  Employees
Insurance Policies held by organisationPAIA RequestRisk ManagementOrganisation
Human ResourcesEmployment ApplicationsPAIA RequestInternal ReferencingEmployees
Employment ContractsPAIA RequestContractual AgreementEmployees
Personal Information of EmployeesPAIA RequestInternal ReferencingEmployees
Employment Equity PlanPAIA RequestStatutory RequirementOrganisation
Medical Aid RecordsPAIA RequestInternal ReferencingEmployees
Pension Fund RecordsPAIA RequestInternal ReferencingEmployees
Disciplinary RecordsPAIA RequestStatutory RequirementEmployees
Performance Management RecordsPAIA RequestInternal ReferencingEmployees
Salary RecordsPAIA RequestInternal ReferencingEmployees
Employee Benefit RecordsPAIA RequestInternal ReferencingEmployees
PAYE RecordsPAIA RequestStatutory RequirementEmployees
Seta RecordsPAIA RequestStatutory RequirementEmployees
Disciplinary CodePAIA RequestStatutory RequirementOrganisation
Leave RecordsPAIA RequestInternal ReferencingEmployees
Training RecordsPAIA RequestInternal ReferencingEmployees
Training ManualPAIA RequestInternal ReferencingOrganisation
FinancialFinancial StatementsPAIA RequestInternal ReferencingOrganisation
Financial and Tax RecordsPAIA RequestStatutory RequirementOrganisation
Asset RegisterPAIA RequestInternal ReferencingOrganisation
Management Accounts and ReportsPAIA RequestInternal ReferencingOrganisation
Vouchers, Cash Books, and LedgersPAIA RequestInternal ReferencingOrganisation
Banking Records and StatementsPAIA RequestInternal ReferencingOrganisation
Electronic Banking RecordsPAIA RequestInternal ReferencingOrganisation
MarketingMarket InformationPAIA RequestInternal ReferencingOrganisation
Product BrochuresPAIA RequestInternal ReferencingOrganisation
AdvertisementsPAIA RequestInternal ReferencingOrganisation
Field RecordsPAIA RequestInternal ReferencingOrganisation
Performance RecordsPAIA RequestInternal ReferencingOrganisation
Client CustomerProduct / Service Sales RecordsPAIA RequestInternal ReferencingOrganisation
Marketing StrategiesPAIA RequestInternal ReferencingOrganisation
Customer / Client DatabasePAIA RequestInternal ReferencingCustomers
Customer / Client agreementsPAIA RequestInternal ReferencingCustomers
Customer / Client FilesPAIA RequestInternal ReferencingCustomers
Customer / Client InstructionsPAIA RequestInternal CommunicationsCustomers
Customer / Client CorrespondencePAIA RequestExternal CommunicationsCustomers
Third-PartyRental agreementsPAIA RequestContractual AgreementThird-Party
Non-disclosure agreementsPAIA RequestRisk ManagementThird-Party
Letters of IntentPAIA RequestContractual AgreementThird-Party
Supplier ContractsPAIA RequestContractual AgreementThird-Party

ANNEXURE E: REQUEST FOR ACCESS TO RECORDS (Regulation 7)

NOTE:

  1. Proof of identity must be attached by the requester.
  2. If requests made on behalf of another person, proof of such authorisation, must be attached to this form.
Download Form

ANNEXURE F: OUTCOME OF REQUEST AND OF FEES PAYABLE

Note:

  1. If your request is granted the—
    1. amount of the deposit, (if any), is payable before your request is processed; and
    1. requested record/portion of the record will only be released once proof of full payment is received.
  2. Please use the refence number hereunder in all future correspondence.
Download Form

ANNEXURE G: PROCESSING OF PERSONAL INFORMATION

1. Purpose of Processing Personal Information

Process personal information for several key purposes, all centred around facilitating and managing credit transactions, assessing risk, and complying with legal obligations.

2. Description of the categories of Data Subjects and of the information or categories of information relating thereto

Categories of Data SubjectsPersonal information that may be processed
Customers / ClientsName, Last name, Identity number, Driver’s license number, Passport number, Birth certificate number, Date of birth (not age), Age (not date of birth), Gender, Nationality, Photographs Marital status, Education records, student grades and evaluations, etc. Home / residential address, First name of children under 18 years of age, Last name of children under 18 years of age, Birth information of children under 18 years of age, Identity number of children under 18 years of age, E-mail address, Home postal address, Home telephone number, Personal cellular, mobile or wireless number, Business e-mail address, Business postal address, Business telephone number, Business cellular, mobile or wireless number,(Medical record, including information about physical or psychological state of health, well-being, disability, disease state, medical history or medical treatment or diagnosis by a health care professional), Prescription information such as prescription number and prescribed drug, Health insurance identification or member number, (Drugs, therapies, or medical products or equipment used), Patient Identification number, Family health or morbidity history, Pregnancy status, Insurance claim history, Medical Aid number, Financial institution account number, credit or debit card number [NB: Note Section 105 – 107 Offences and Penalties!]Income/ Salary/Service Fees/Other Compensation, User Identification and/or Employee number as assigned by an employer, Employer or taxpayer identification number, Background checks (Sanction List)
Service Providersnames, registration number, vat numbers, address, and bank details
Employeesaddress, qualifications, gender and race, banking details, id number, Name, Surname, contact number, email address, previous employment, Tax Number, drivers’ license
  • The recipients or categories of recipients to whom the personal information may be supplied

Specify the person or category of persons to whom the body may disseminate personal information. Below is an example of the category of personal information which may be disseminated and the recipient or category of recipients of the personal information.

    Category of personal information  Recipients or Categories of Recipients to whom the personal information may be supplied
Identity number and names, for criminal checksSouth African Police Services
Name, Last name, Identity number, Passport number, Birth certificate number, Date of birth (not age), Age (not date of birth), Gender, Nationality, Photographs Marital status, Education records, student grades and evaluations, etc. Home / residential address, First name of children under 18 years of age, Last name of children under 18 years of age, Birth information of children under 18 years of age, Identity number of children under 18 years of age, E-mail address, Home postal address, Home telephone number, Personal cellular, mobile or wireless number, Business e-mail address, Business postal address, Business telephone number, Business cellular, mobile or wireless number,(Medical record, including information about physical or psychological state of health, well-being, disability, disease state, medical history or medical treatment or diagnosis by a health care professional), Prescription information such as prescription number and prescribed drug, Health insurance identification or member number, (Drugs, therapies, or medical products or equipment used), Patient Identification number, Family health or morbidity history, Pregnancy status, Medical Aid number Identification and/or Employee number as assigned by an employer, Employer or taxpayer identification numberGovernment Agencies: This includes law enforcement agencies, tax authorities, and regulatory bodies. They may require personal information for compliance, investigation, or legal purposes. Financial Institutions: Banks, credit unions, investment firms, and other financial institutions collect personal and financial information for account management, transactions, and regulatory compliance. Service Providers: Third-party service providers such as IT companies, cloud service providers, and marketing agencies may receive personal information for providing services to businesses or individuals. Business Partners: Companies may share personal information with business partners for joint marketing initiatives, collaborations, or contractual obligations. Third-party Vendors: Various vendors and suppliers may receive personal information in the course of providing goods or services to individuals or organizations. Marketing and Advertising Companies: Personal information may be shared with marketing and advertising companies for targeted advertising, market research, and promotional activities. Legal Representatives: Lawyers, legal advisors, and solicitors may receive personal information for legal representation, dispute resolution, or contract negotiation.
Qualifications, for qualification verificationsSouth African Qualifications Authority
Credit and payment history, for credit informationCredit Bureaus

4.     Planned transborder flows of personal information

  • No transborder flows take place

5.     General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information

  • Data Encryption, Antivirus and Anti-malware Solutions ensure the confidentiality and integrity of the personal information under the care of the body.
    • Our laptops are password protected; we also make use of anti-virus software.
    • Hardcopy files (where applicable) are locked in file cabinets