TELL US ABOUT YOUR BUSINESS AND WE'LL GET BACK TO YOU.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    TELL US ABOUT YOUR BUSINESS AND WE'LL GET BACK TO YOU.

      This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

      PAIA Manual

      Prepared in terms of section 51 of the Promotion of Access to
      Information Act 2 of 2000 (as amended)

      1. List of Acronyms and Abbreviations

      1.1  “CEO”  Chief Executive Officer;

      1.2  “DIO” Deputy Information Officer;

      1.3  “IO” Information Officer;

      1.4  “Minister” Minister of Justice and Correctional Services;

      1.5  “PAIA” Promotion of Access to Information Act No. 2 of 2000 (as Amended);

      1.6  “POPIA” Protection of Personal Information Act No.4 of 2013;

      1.7  “Regulator” Information Regulator; and

      1.8  “Republic” Republic of South Africa

      2. Introduction

      2.1  DMA is an authorised financial services provider in terms of the Financial Advisory & Intermediary Service Act 37 of 2002 and regulated by the Financial Sector Conduct Authority. As an authorized Financial Service Provider, with Financial Services Provider number 40983.

      2.2  This manual has been prepared, as required by section 51 of PAIA, for the specific entity, being DMA. PAIA gives effect to the constitutional rights of access to any information held by a public or private body that is required for the exercise of the protection of any rights.

      2.3.  DMA is committed to ensuring that all business is conducted in accordance with good business practice and relevant legislation. In order to promote effective governance, it is necessary to ensure that all affected parties are educated and empowered to understand and access their rights in terms of PAIA, where applicable.

      2.4  The objective of this PAIA Manual is to outline a suitable approach and response to requests to access information and the essential procedural requirements attached to such requests. This PAIA Manual should be read in conjunction with POPIA and DMA’s policies in respect of POPIA, where applicable.

      3. Purpose of PAIA Manual

      This PAIA Manual is useful for the public to –

      3.1  check the categories of records held by a body which are available without a person having to submit a formal PAIA request;

      3.2  have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;

      3.3  know the description of the records of the body which are available in accordance with any other legislation;

      3.4  access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;

      3.5  know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;

      3.6  know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;

      3.7  know the description of the categories of data subjects and of the information or categories of information relating thereto;

      3.8  know the recipients or categories of recipients to whom the personal information may be supplied;

      3.9  know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and

      3.10  know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.

      4. Key Contact Details for access to information of DMA

      4.1 . Chief Information Officer

      Name: Peter Johnson

      Tel: +27 10 201 6300

      Email: peter.johnson@dma.co.za

      4.2. Deputy Information Officer

      Name: Leandri Marx

      Tel: +27 10 201 6300

      Email: leandri.marx@dma.co.za

      4.3 Access to information general contacts

      Email: compliance@dma.co.za

      4.4 National Head Office

      Postal Address: 48 7th Avenue, Parktown North, Johannesburg, Gauteng, South Africa, 2193

      Physical Address: As above

      Telephone: +27 10 201 6300

      Email: compliance@dma.co.za

      Website: www.dma.co.za

      5. Guide on how to use PAIA and how to obtain access to the guide

      5.1.  The Regulator has, in terms of section 10 (1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.

      5.2.  The Guide is available in each of the official languages and in braille.

      5.3.  The aforesaid Guide contains the description of –

      5.3.1. the objects of PAIA and POPIA;

      5.3.2. the postal and street address, phone number and, if available, electronic mail address of –

      5.3.2.1. the Information Officer of every public body, and

      5.3.2.2. every Deputy Information Officer of every public and private body designated in terms of section 17(1) of PAIA1 and section 56 of POPIA2 ;

      5.3.3. the manner and form of a request for –

      5.3.3.1. access to a record of a public body contemplated in section 113 ; and

      5.3.3.2. access to a record of a private body contemplated in section 504 ;

      5.3.4. the assistance available from the IO of a public body in terms of PAIA and
      POPIA;

      5.3.5. the assistance available from the Regulator in terms of PAIA and POPIA;

      5.3.6. all remedies in law available regarding an act or failure to act in respect of
      a right or duty conferred or imposed by PAIA and POPIA, including the
      manner of lodging –

      5.3.6.1. an internal appeal;

      5.3.6.2. a complaint to the Regulator; and

      5.3.6.3. an application with a court against a decision by the IO of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body;

      5.3.7. the provisions of sections 145 and 516 requiring a public and private body, respectively, to compile a manual and how to obtain access to a manual;

      5.3.8. the provisions of sections 157 and 528 providing for the voluntary disclosure of categories of records by a public and private body, respectively;

      5.3.9. the notices issued in terms of sections 229 and 5410 regarding fees to be paid in relation to requests for access; and

      5.3.10. the regulations made in terms of section 9211
      .

      5.4.  Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.

      5.5.  The Guide can also be obtained –

      5.5.1. upon request to the IO;

      5.5.2. from the website of the Regulator (https://www.inforegulator.org.za/docs.html ).

      5.6  A copy of the Guide is also available in the following two official languages, for public inspection during normal office hours

      5.6.1 English and Afrikaans

      1 Section 17(1) of PAIA- For the purposes of PAIA, each public body must, subject to legislation governing the employment of personnel of the public body concerned, designate such number of persons as deputy information officers as are necessary to render the public body as accessible as reasonably possible for requesters of its records.

      2 Section 56(a) of POPIA- Each public and private body must make provision, in the manner prescribed in section 17 of the Promotion of Access to Information Act, with the necessary changes, for the designation of such a number of persons, if any, as deputy information officers as is necessary to perform the duties and responsibilities as set out in section 55(1) of POPIA.

      3 Section 11(1) of PAIA- A requester must be given access to a record of a public body if that requester complies with all the procedural requirements in PAIA relating to a request for access to that record; and access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

      4 Section 50(1) of PAIA- A requester must be given access to any record of a private body if –

      a) that record is required for the exercise or protection of any rights;
      b) that person complies with the procedural requirements in PAIA relating to a request for access to that record; and
      c) access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

      5 Section 14(1) of PAIA- The information officer of a public body must, in at least three official languages, make available a manual containing information listed in paragraph 4 above.

      6 Section 51(1) of PAIA- The head of a private body must make available a manual containing the description of the information listed in paragraph 4 above.

      7 Section 15(1) of PAIA- The information officer of a public body, must make available in the prescribed manner a description of the categories of records of the public body that are automatically available without a person having to request access

      8 Section 52(1) of PAIA- The head of a private body may, on a voluntary basis, make available in the prescribed manner a description of the categories of records of the private body that are automatically available without a person having to request access

      9 Section 22(1) of PAIA- The information officer of a public body to whom a request for access is made, must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

      10 Section 54(1) of PAIA- The head of a private body to whom a request for access is made must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

      11 Section 92(1) of PAIA provides that –“The Minister may, by notice in the Gazette, make regulations regarding-

      (a) any matter which is required or permitted by this Act to be prescribed;
      (b) any matter relating to the fees contemplated in sections 22 and 54;
      (c) any notice required by this Act;
      (d) uniform criteria to be applied by the information officer of a public body when deciding which categories of records are to be made available in terms of section 15; and
      (e) any administrative or procedural matter necessary to give effect to the provisions of this Act.”

      6. Categories of records of DMA which are available without a person having to request access

      6.1.  The records reflected in the table below are available without a person having to formally request access.

      Category of Records Types of the Record Available on Website Available upon Request
      Company information Complaints policy and procedure
      Conflicts of interest policy and register
      PAIA Manual
      Privacy notice/statement
      Terms and conditions
      X X
      Company information Other policies X
      Publications Advertising
      Information documents
      Marketing material
      Newsletters
      Presentations
      Press releases
      Social media
      Videos
      Websites and content
      X X

      7. Description of the records of DMA which are available in accordance with any other legislation

      7.1. The records reflected in the table below are available, in accordance with legislation.

      Category of Records Applicable Legislation
      Company information Company information Companies Act 71 of 2008
      Collective investment schemes information Collective Investment Schemes Control Act 45 of 2002
      Communications information
      Information security and privacy policy
      Privacy notice/statement
      Electronic Communications Act 36 of 2005
      Electronic Communications and Transactions Act 25 of 2002
      Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2002
      Competition information Competition Act 89 of 1998
      Copyright information Copyright Act 98 of 1978
      Credit information Credit Rating Services Act 24 of 2012
      National Credit Act 34 of 2005
      Employment information Basic Conditions of Employment Act 75 of 1997
      Broad-Based Black Economic Empowerment Act 53 of 2003
      Compensation for Occupational Injuries and Diseases Act 130 of 1993
      Employment Equity Act 55 of 1998
      Labour Relations Act 66 of 1995
      Skills Development Act 97 of 1998
      Unemployment Insurance Act 63 of 2001
      Exchange control information Currency and Exchanges Act 9 of 1933
      Financial crime information Financial Intelligence Centre Act 38 of 2001
      Prevention and Combating of Corrupt Activities Act 12 of 2004
      Prevention of Organised Crime Act 121 of 1998
      Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004
      PAIA Manual
      Information security information
      Promotion of Access to Information Act 2 of 2000
      Protected Disclosures Act 26 of 2000
      Protection of Personal Information Act 4 of 2013
      Complaints management policy and procedure
      Financial services provider information
      Financial Advisory and Intermediary Services Act 37 of 2002
      Financial institutions information Financial Institutions (Protection of Funds) Act 28 of 2001
      Financial Sector Regulation Act 9 of 2017
      Financial markets information Financial Markets Act 19 of 2012
      Health information Council for Medical Schemes Levies Act 58 of 2000
      Medical Schemes Act 131 of 1998
      Occupational Health and Safety Act 85 of 1993
      Tobacco Products Control Act 83 of 1993
      Insurance information Insurance Act 18 of 2017
      Long-Term Insurance Act 52 of 1998
      Short-Term Insurance Act 53 of 1998
      Legal information Interpretation Act 33 of 1957
      Justices of the Peace and Commissioner of Oaths Act 16 of 1963
      Legal Practice Act 28 of 2014
      Promotion of Administrative Justice Act 3 of 2000
      Small Claims Courts Act 61 of 1984
      People information Births and Deaths Registration Act 51 of 1992
      Children’s Act 38 of 2005
      Civil Union Act 17 of 2006
      Consumer Protection Act 68 of 2008
      Constitution of the Republic of South Africa (as amended)
      Maintenance Act 99 of 1998
      Marriage Act 99 of 1998
      Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000
      Retirement fund information Friendly Societies Act 25 of 1956
      Government Employees Pension Law (1996)
      Pension Funds Act 24 of 1956
      Tax information Employment Tax Incentive Act 26 of 2013
      Income Tax Act 58 of 1962
      Organisation for Economic Co-operation and Development (OECD) Common Reporting Standard for automatic exchange of financial account information (CRS)
      Securities Transfer Tax Act 25 of 2007
      Securities Transfer Tax Administration Act 26 of 2007
      Skills Development Levies Act 9 of 1999
      Tax Administration Act 28 of 2011
      Tax on Retirement Funds Act 38 of 1996
      Unemployment Insurance Contributions Act 4 of 2002
      United States Foreign Account Tax Compliance Act (FATCA)
      Value Added Tax Act 89 of 1991
      Trust property information Trust Property Control Act 57 of 1988

      8. Description of the subjects on which the body holds records and categories of records held on each subject by DMA

      8.1.  The records reflected in the table below may be formally requested, in terms of the PAIA, but parts, or the whole, of the record may be subject to the grounds for refusal of access to records. Refer to the Guide on how to use the PAIA.

      8.2.  DMA reserves the right to refuse access to records if the processing of the record will substantially and unreasonably result in a diversion of its resources.

      8.3.  DMA reserves the right to refuse access to records that relate to the mandatory protection of:

      8.3.1.  privacy of a third party, who is a natural person, which would involve the unreasonable disclosure of personal information of that natural person;

      8.3.2.  commercial information of a third party, if the record contains trade secrets of the third party; financial, commercial or technical, information, which disclosure may cause harm to the financial or commercial, interests of the third party; and information disclosed in confidence by a third party to DMA, if the disclosure may place the third party at a disadvantage;

      8.3.3.  confidential information of a third party, if it is protected in terms of an agreement, or legislation;

      8.3.4.  safety of natural persons and the protection of property;

      8.3.5.  records that are regarded as privileged, in legal proceedings;

      8.3.6.  records that are personal information, in terms of the POPIA; and

      8.3.7.  commercial activities of DMA, including, but not limited to, trade secrets, financial, commercial, or technical, information and software platforms, or programmes, exclusively developed for DMA.

      8.4.  DMA will refuse access if the requests are frivolous and/or vexatious.

      8.5.  The IO or DIO may grant access to a record if disclosing the record would reveal evidence of a material contravention of, or failure to comply with, any law, and the public interest in disclosing the record outweighs the harm contemplated in the relevant grounds for refusal of access to records

      Subjects on which the body holds records Categories of records
      Company information Incorporation documents
      Memorandum of incorporation
      Minutes
      Resolutions
      Records of subsidiary companies
      Registers of directors and officers
      Share registers and other statutory registers
      Statutory returns to relevant authorities
      Other statutory obligations
      Policies and procedures
      Records relating to appointment of directors, auditors, company secretary, public officer, and other officers
      Accounting and finance records Accounting (including books of account)
      Administration
      Annual financial statements
      Asset registers
      Audit reports
      Banking
      Budgets
      Intellectual property
      Invoices and credit notes
      Lease agreements
      Rental agreements
      Sale agreements
      Supporting schedules, and documents, to books of account
      Tax records Dividends withholding tax
      Income tax
      Pay As You Earn (PAYE)
      Skills Development Levies (SDL)
      Unemployment Insurance Fund (UIF) levies
      Workmen’s compensation
      Value Added Tax (VAT)
      Legal records Documents relating to litigation and/or arbitration
      General agreements and contracts
      Licenses, permits, and authorisations
      Regulator correspondence
      Insurance records Claims
      Details of insurance cover, limits, and insurers
      Insurance policies
      Employee records Arbitration awards
      Attendance registers
      Casual employees
      CCMA proceedings
      Code of conduct
      Income tax (PAYE/SDL/UIF) submissions for employees
      Confidentiality agreements
      Disciplinary proceedings and internal evaluations
      Employee personal details
      Employment conditions and policies
      Employment contracts
      Employment equity plan
      Internal correspondence
      Internal policies, and procedures
      Leave
      Operating manuals
      Other agreements/contracts
      Other interventions
      Medical aid
      Documents provided by employees
      Strikes, lockouts, or protest, action
      Remuneration and benefits
      Restraint of trade agreements
      Retirement funds
      Service
      Share option schemes registers
      Share option schemes rules
      Share purchase scheme register
      Share purchase scheme rules
      Training schedules and material
      Verification reports (credit, criminal, employment, FAIS, identity, qualification)
      Client records Client agreements/contracts and forms
      Complaints and/or queries
      Client documents, and information
      Proposals
      Transactions and supporting information
      Verification reports
      Service supplier and third Code of conduct
      Conflicts of interest
      Requests for information
      Service supplier and/or third party agreements/contracts (including service level agreements)
      Tenders
      Terms and conditions for dealing with suppliers
      Transactions and supporting information
      Information technology Asset issuing and custodian information
      Back-ups
      Disaster recovery testing
      Incidents and service requests
      Information and communication technologies (ICT) policies and procedures
      Network maintenance
      Operations reports
      Service level agreements
      System event logs
      System performance logs
      System maintenance checklists
      System development lifecycle documents
      Publications Advertising
      Information documents
      Marketing material
      Newsletters
      Presentations
      Press releases
      Social media
      Videos
      Websites and content

      9. Processing of personal information

      9.1  Purpose of Processing Personal Information
      DMA processes the personal information of data subjects in the following ways:

      9.1.1  Executing and/or fulfilling its statutory obligations in terms of the PAIA and/or the POPIA;

      9.1.2  Executing and/or fulfilling its statutory obligations in terms of other applicable legislation;

      9.1.3  Executing and/or fulfilling its contractual obligations;

      9.1.4  Administering employees and potential employees;

      9.1.5  Keeping accounts and records;

      9.1.6  Procurement processes; and

      9.1.7  Visitors to the Company’s business premises.

      9.2  Description of the categories of Data Subjects and of the information or categories of information relating thereto
      DMA may process information for itself, shareholders (and those of clients), employees (and those of clients), clients (and those of clients), service suppliers (and those of clients) and product suppliers (and those of clients)

      Categories of Data Subjects Personal Information that may be processed
      Clients (and those of clients) Full names; contact details (contact numbers; fax numbers; email addresses); physical addresses; postal addresses; unique identifier; identity/registration numbers; confidential correspondence; tax related information; company information; information required in terms of the FAIS Act and the FICA (and other relevant legislation)
      Service suppliers and product suppliers (and those of clients) Full names of contact persons; registered, and trade, names of entities; full names of directors and shareholders, physical addresses; postal addresses; contact details (contact numbers, fax numbers, email addresses); financial information; identity/passport/registration numbers; founding documents; tax related information; authorised signatories’ information; broad-based black economic empowerment (B-BBEE) status; associated entities; business strategies; information required in terms of the FAIS Act and the FICA (and other relevant information)
      Employees/Key individuals/Representatives (and those of clients) Gender; pregnancy; marital status; race; age; language; education information (qualifications); financial information; employment history; identity/passport/registration numbers; physical addresses; postal addresses; contact details (contact numbers; fax numbers; email addresses); credit record; FAIS related information; criminal record; well-being and family members; medical; nationality; ethnic and/or social origin; physical and/or mental health; disability; biometric information; professional affiliation; references; CVs/resumes; information required in terms of the FAIS Act and the FICA (and other relevant legislation)

      9.3  The recipients or categories of recipients to whom the personal information may be supplied

      9.3.1  DMA may supply the personal information of data subjects to service suppliers, who provide the following services:

      9.3.1.1  Administration (for example, clients, investments, medical aids, retirement funds);

      9.3.1.2  Accounting and/or auditing;

      9.3.1.3  Capturing and organising personal information;

      9.3.1.4  Compliance;

      9.3.1.5  Due diligence reviews;

      9.3.1.6  Information and communication technologies (ICT);

      9.3.1.7  Storing of personal information; and

      9.3.1.8  Verification checks (for example, credit (and payment history), criminal, employment history, FAIS related, financial sanctions, identity, qualifications, terrorism).

      9.3.2  DMA may supply the personal information of data subjects to:

      9.3.2.1  Courts, in terms of matters taken on judicial review;

      9.3.2.2  Enforcement agencies, for criminal investigation (for example, National Prosecuting Authority, South African Police Service);

      9.3.2.3  People against whom complaints have been lodged; and/or

      9.3.2.4  Regulators, ombuds, or tribunals, in terms of matters that fall under their jurisdiction.

      Category of personal information Recipients of Categories of Recipients to whom the personal information may be supplied
      Identity/passport/registration numbers, dates of birth, dates of incorporation, names Companies and Intellectual Property Commission, Department of Home Affairs, Financial Intelligence Centre, South African Police Services, United Nations, and verification providers
      Qualifications South African Qualifications Authority and verification providers
      Credit, and payment history Credit Bureaus and verification providers
      Tax information South African Revenue Service

      9.4 Planned transborder flows of personal information

      9.4.1  DMA has not planned transborder flows of personal information however does store information within a cloud environment which is GDPR (General Data Protection Regulation) compliant. The GDPR is a regulation in European (EU) law on data protection and privacy in the European Union and the European Economic Area.

      9.4.2  If it becomes necessary to transfer personal information to another country for a lawful purpose outside South Africa or the EU (in terms of DMA’s cloud storage), DMA will ensure that the person (both legal and natural) to whom the personal information will be transferred is subject to a law, binding
      company rules, and/or binding agreements, which provide a suitable level of protection, and the third party agrees to treat the personal information with the same level of protection as DMA is required to provide, in terms of the POPIA.

      9.4.3  The cross-border transfer of personal information will be done with the data subject’s consent; however, if it is not reasonably practicable to obtain the data subject’s consent, DMA will transfer the personal information if it will be for the data subject’s benefit and the data subject would have provided consent if it had been reasonably practicable to obtain the consent.

      9.5 General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information

      9.5.1  DMA has established and maintains, suitable technical and operational, measures to prevent loss of damage to, or unauthorised destruction of, personal information and unlawful access to, or processing of, personal information.

      9.5.2  The suitable measures that DMA has taken includes, but is not limited to:

      9.5.2.1  Access control;

      9.5.2.2  Agreements with operators to ensure that they implement and maintain suitable security controls;

      9.5.2.3  Anti-virus software;

      9.5.2.4  Anti-malware software;

      9.5.2.5  Awareness and vigilance of users;

      9.5.2.6  Data back-ups;

      9.5.2.7  Data encryption; and/or

      9.5.2.8  Defensive measures.

      9.5.3  The suitable measures are in place to ensure that DMA:

      9.5.3.1  Identifies the risks (both internal and external) to the personal information that is in its possession and/or under its control;

      9.5.3.2  Establishes and maintains suitable safeguards against the risks identified;

      9.5.3.3  Regularly verifies that the safeguards are effectively implemented; and

      9.5.3.4  Updates the safeguards when new risks are identified and when existing safeguards are found to be deficient.

      10. Availability of the manual

      10.1  A copy of the Manual is available

      10.1.1  on www.dma.co.za , if any;

      10.1.2  head office of the SCM DMA (Pty) Ltd for public inspection during normal business hours;

      10.1.3  to any person upon request and upon the payment of a reasonable prescribed fee; and

      10.1.4  to the Information Regulator upon request.

      10.2  A fee for a copy of the Manual, as contemplated in annexure B of the Regulations (as may be amended from time to time), shall be payable per each A4-size photocopy made.

      11. Updating of the manual

      The head of SCM DMA (Pty) Ltd will on a regular basis review this manual and update it where/if required.

      PAIA Manual English Signature
      PAIA Manual English Revision History