PAIA Manual

Prepared in terms of section 51 of the Promotion of Access to
Information Act 2 of 2000 (as amended)

1. List of Acronyms and Abbreviations

1.1  “CEO”  Chief Executive Officer;

1.2  “DIO” Deputy Information Officer;

1.3  “IO” Information Officer;

1.4  “Minister” Minister of Justice and Correctional Services;

1.5  “PAIA” Promotion of Access to Information Act No. 2 of 2000 (as Amended);

1.6  “POPIA” Protection of Personal Information Act No.4 of 2013;

1.7  “Regulator” Information Regulator; and

1.8  “Republic” Republic of South Africa

2. Introduction

2.1  DMA is an authorised financial services provider in terms of the Financial Advisory & Intermediary Service Act 37 of 2002 and regulated by the Financial Sector Conduct Authority. As an authorized Financial Service Provider, with Financial Services Provider number 40983.

2.2  This manual has been prepared, as required by section 51 of PAIA, for the specific entity, being DMA. PAIA gives effect to the constitutional rights of access to any information held by a public or private body that is required for the exercise of the protection of any rights.

2.3.  DMA is committed to ensuring that all business is conducted in accordance with good business practice and relevant legislation. In order to promote effective governance, it is necessary to ensure that all affected parties are educated and empowered to understand and access their rights in terms of PAIA, where applicable.

2.4  The objective of this PAIA Manual is to outline a suitable approach and response to requests to access information and the essential procedural requirements attached to such requests. This PAIA Manual should be read in conjunction with POPIA and DMA’s policies in respect of POPIA, where applicable.

3. Purpose of PAIA Manual

This PAIA Manual is useful for the public to –

3.1  check the categories of records held by a body which are available without a person having to submit a formal PAIA request;

3.2  have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;

3.3  know the description of the records of the body which are available in accordance with any other legislation;

3.4  access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;

3.5  know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;

3.6  know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;

3.7  know the description of the categories of data subjects and of the information or categories of information relating thereto;

3.8  know the recipients or categories of recipients to whom the personal information may be supplied;

3.9  know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and

3.10  know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.

4. Key Contact Details for access to information of DMA

4.1 . Chief Information Officer

Name: Peter Johnson

Tel: +27 10 201 6300

Email: peter.johnson@dma.co.za

4.2. Deputy Information Officer

Name: Leandri Marx

Tel: +27 10 201 6300

Email: leandri.marx@dma.co.za

4.3 Access to information general contacts

Email: compliance@dma.co.za

4.4 National Head Office

Postal Address: 48 7th Avenue, Parktown North, Johannesburg, Gauteng, South Africa, 2193

Physical Address: As above

Telephone: +27 10 201 6300

Email: compliance@dma.co.za

Website: www.dma.co.za

5. Guide on how to use PAIA and how to obtain access to the guide

5.1.  The Regulator has, in terms of section 10 (1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.

5.2.  The Guide is available in each of the official languages and in braille.

5.3.  The aforesaid Guide contains the description of –

5.3.1. the objects of PAIA and POPIA;

5.3.2. the postal and street address, phone number and, if available, electronic mail address of –

5.3.2.1. the Information Officer of every public body, and

5.3.2.2. every Deputy Information Officer of every public and private body designated in terms of section 17(1) of PAIA1 and section 56 of POPIA2 ;

5.3.3. the manner and form of a request for –

5.3.3.1. access to a record of a public body contemplated in section 113 ; and

5.3.3.2. access to a record of a private body contemplated in section 504 ;

5.3.4. the assistance available from the IO of a public body in terms of PAIA and
POPIA;

5.3.5. the assistance available from the Regulator in terms of PAIA and POPIA;

5.3.6. all remedies in law available regarding an act or failure to act in respect of
a right or duty conferred or imposed by PAIA and POPIA, including the
manner of lodging –

5.3.6.1. an internal appeal;

5.3.6.2. a complaint to the Regulator; and

5.3.6.3. an application with a court against a decision by the IO of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body;

5.3.7. the provisions of sections 145 and 516 requiring a public and private body, respectively, to compile a manual and how to obtain access to a manual;

5.3.8. the provisions of sections 157 and 528 providing for the voluntary disclosure of categories of records by a public and private body, respectively;

5.3.9. the notices issued in terms of sections 229 and 5410 regarding fees to be paid in relation to requests for access; and

5.3.10. the regulations made in terms of section 9211
.

5.4.  Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.

5.5.  The Guide can also be obtained –

5.5.1. upon request to the IO;

5.5.2. from the website of the Regulator (https://www.inforegulator.org.za/docs.html ).

5.6  A copy of the Guide is also available in the following two official languages, for public inspection during normal office hours

5.6.1 English and Afrikaans

1 Section 17(1) of PAIA- For the purposes of PAIA, each public body must, subject to legislation governing the employment of personnel of the public body concerned, designate such number of persons as deputy information officers as are necessary to render the public body as accessible as reasonably possible for requesters of its records.

2 Section 56(a) of POPIA- Each public and private body must make provision, in the manner prescribed in section 17 of the Promotion of Access to Information Act, with the necessary changes, for the designation of such a number of persons, if any, as deputy information officers as is necessary to perform the duties and responsibilities as set out in section 55(1) of POPIA.

3 Section 11(1) of PAIA- A requester must be given access to a record of a public body if that requester complies with all the procedural requirements in PAIA relating to a request for access to that record; and access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

4 Section 50(1) of PAIA- A requester must be given access to any record of a private body if –

a) that record is required for the exercise or protection of any rights;
b) that person complies with the procedural requirements in PAIA relating to a request for access to that record; and
c) access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

5 Section 14(1) of PAIA- The information officer of a public body must, in at least three official languages, make available a manual containing information listed in paragraph 4 above.

6 Section 51(1) of PAIA- The head of a private body must make available a manual containing the description of the information listed in paragraph 4 above.

7 Section 15(1) of PAIA- The information officer of a public body, must make available in the prescribed manner a description of the categories of records of the public body that are automatically available without a person having to request access

8 Section 52(1) of PAIA- The head of a private body may, on a voluntary basis, make available in the prescribed manner a description of the categories of records of the private body that are automatically available without a person having to request access

9 Section 22(1) of PAIA- The information officer of a public body to whom a request for access is made, must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

10 Section 54(1) of PAIA- The head of a private body to whom a request for access is made must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

11 Section 92(1) of PAIA provides that –“The Minister may, by notice in the Gazette, make regulations regarding-

(a) any matter which is required or permitted by this Act to be prescribed;
(b) any matter relating to the fees contemplated in sections 22 and 54;
(c) any notice required by this Act;
(d) uniform criteria to be applied by the information officer of a public body when deciding which categories of records are to be made available in terms of section 15; and
(e) any administrative or procedural matter necessary to give effect to the provisions of this Act.”

6. Categories of records of DMA which are available without a person having to request access

6.1.  The records reflected in the table below are available without a person having to formally request access.

Category of Records Types of the Record Available on Website Available upon Request
Company information Complaints policy and procedure
Conflicts of interest policy and register
PAIA Manual
Privacy notice/statement
Terms and conditions
X X
Company information Other policies X
Publications Advertising
Information documents
Marketing material
Newsletters
Presentations
Press releases
Social media
Videos
Websites and content
X X

7. Description of the records of DMA which are available in accordance with any other legislation

7.1. The records reflected in the table below are available, in accordance with legislation.

Category of Records Applicable Legislation
Company information Company information Companies Act 71 of 2008
Collective investment schemes information Collective Investment Schemes Control Act 45 of 2002
Communications information
Information security and privacy policy
Privacy notice/statement
Electronic Communications Act 36 of 2005
Electronic Communications and Transactions Act 25 of 2002
Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2002
Competition information Competition Act 89 of 1998
Copyright information Copyright Act 98 of 1978
Credit information Credit Rating Services Act 24 of 2012
National Credit Act 34 of 2005
Employment information Basic Conditions of Employment Act 75 of 1997
Broad-Based Black Economic Empowerment Act 53 of 2003
Compensation for Occupational Injuries and Diseases Act 130 of 1993
Employment Equity Act 55 of 1998
Labour Relations Act 66 of 1995
Skills Development Act 97 of 1998
Unemployment Insurance Act 63 of 2001
Exchange control information Currency and Exchanges Act 9 of 1933
Financial crime information Financial Intelligence Centre Act 38 of 2001
Prevention and Combating of Corrupt Activities Act 12 of 2004
Prevention of Organised Crime Act 121 of 1998
Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004
PAIA Manual
Information security information
Promotion of Access to Information Act 2 of 2000
Protected Disclosures Act 26 of 2000
Protection of Personal Information Act 4 of 2013
Complaints management policy and procedure
Financial services provider information
Financial Advisory and Intermediary Services Act 37 of 2002
Financial institutions information Financial Institutions (Protection of Funds) Act 28 of 2001
Financial Sector Regulation Act 9 of 2017
Financial markets information Financial Markets Act 19 of 2012
Health information Council for Medical Schemes Levies Act 58 of 2000
Medical Schemes Act 131 of 1998
Occupational Health and Safety Act 85 of 1993
Tobacco Products Control Act 83 of 1993
Insurance information Insurance Act 18 of 2017
Long-Term Insurance Act 52 of 1998
Short-Term Insurance Act 53 of 1998
Legal information Interpretation Act 33 of 1957
Justices of the Peace and Commissioner of Oaths Act 16 of 1963
Legal Practice Act 28 of 2014
Promotion of Administrative Justice Act 3 of 2000
Small Claims Courts Act 61 of 1984
People information Births and Deaths Registration Act 51 of 1992
Children’s Act 38 of 2005
Civil Union Act 17 of 2006
Consumer Protection Act 68 of 2008
Constitution of the Republic of South Africa (as amended)
Maintenance Act 99 of 1998
Marriage Act 99 of 1998
Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000
Retirement fund information Friendly Societies Act 25 of 1956
Government Employees Pension Law (1996)
Pension Funds Act 24 of 1956
Tax information Employment Tax Incentive Act 26 of 2013
Income Tax Act 58 of 1962
Organisation for Economic Co-operation and Development (OECD) Common Reporting Standard for automatic exchange of financial account information (CRS)
Securities Transfer Tax Act 25 of 2007
Securities Transfer Tax Administration Act 26 of 2007
Skills Development Levies Act 9 of 1999
Tax Administration Act 28 of 2011
Tax on Retirement Funds Act 38 of 1996
Unemployment Insurance Contributions Act 4 of 2002
United States Foreign Account Tax Compliance Act (FATCA)
Value Added Tax Act 89 of 1991
Trust property information Trust Property Control Act 57 of 1988

8. Description of the subjects on which the body holds records and categories of records held on each subject by DMA

8.1.  The records reflected in the table below may be formally requested, in terms of the PAIA, but parts, or the whole, of the record may be subject to the grounds for refusal of access to records. Refer to the Guide on how to use the PAIA.

8.2.  DMA reserves the right to refuse access to records if the processing of the record will substantially and unreasonably result in a diversion of its resources.

8.3.  DMA reserves the right to refuse access to records that relate to the mandatory protection of:

8.3.1.  privacy of a third party, who is a natural person, which would involve the unreasonable disclosure of personal information of that natural person;

8.3.2.  commercial information of a third party, if the record contains trade secrets of the third party; financial, commercial or technical, information, which disclosure may cause harm to the financial or commercial, interests of the third party; and information disclosed in confidence by a third party to DMA, if the disclosure may place the third party at a disadvantage;

8.3.3.  confidential information of a third party, if it is protected in terms of an agreement, or legislation;

8.3.4.  safety of natural persons and the protection of property;

8.3.5.  records that are regarded as privileged, in legal proceedings;

8.3.6.  records that are personal information, in terms of the POPIA; and

8.3.7.  commercial activities of DMA, including, but not limited to, trade secrets, financial, commercial, or technical, information and software platforms, or programmes, exclusively developed for DMA.

8.4.  DMA will refuse access if the requests are frivolous and/or vexatious.

8.5.  The IO or DIO may grant access to a record if disclosing the record would reveal evidence of a material contravention of, or failure to comply with, any law, and the public interest in disclosing the record outweighs the harm contemplated in the relevant grounds for refusal of access to records

Subjects on which the body holds records Categories of records
Company information Incorporation documents
Memorandum of incorporation
Minutes
Resolutions
Records of subsidiary companies
Registers of directors and officers
Share registers and other statutory registers
Statutory returns to relevant authorities
Other statutory obligations
Policies and procedures
Records relating to appointment of directors, auditors, company secretary, public officer, and other officers
Accounting and finance records Accounting (including books of account)
Administration
Annual financial statements
Asset registers
Audit reports
Banking
Budgets
Intellectual property
Invoices and credit notes
Lease agreements
Rental agreements
Sale agreements
Supporting schedules, and documents, to books of account
Tax records Dividends withholding tax
Income tax
Pay As You Earn (PAYE)
Skills Development Levies (SDL)
Unemployment Insurance Fund (UIF) levies
Workmen’s compensation
Value Added Tax (VAT)
Legal records Documents relating to litigation and/or arbitration
General agreements and contracts
Licenses, permits, and authorisations
Regulator correspondence
Insurance records Claims
Details of insurance cover, limits, and insurers
Insurance policies
Employee records Arbitration awards
Attendance registers
Casual employees
CCMA proceedings
Code of conduct
Income tax (PAYE/SDL/UIF) submissions for employees
Confidentiality agreements
Disciplinary proceedings and internal evaluations
Employee personal details
Employment conditions and policies
Employment contracts
Employment equity plan
Internal correspondence
Internal policies, and procedures
Leave
Operating manuals
Other agreements/contracts
Other interventions
Medical aid
Documents provided by employees
Strikes, lockouts, or protest, action
Remuneration and benefits
Restraint of trade agreements
Retirement funds
Service
Share option schemes registers
Share option schemes rules
Share purchase scheme register
Share purchase scheme rules
Training schedules and material
Verification reports (credit, criminal, employment, FAIS, identity, qualification)
Client records Client agreements/contracts and forms
Complaints and/or queries
Client documents, and information
Proposals
Transactions and supporting information
Verification reports
Service supplier and third Code of conduct
Conflicts of interest
Requests for information
Service supplier and/or third party agreements/contracts (including service level agreements)
Tenders
Terms and conditions for dealing with suppliers
Transactions and supporting information
Information technology Asset issuing and custodian information
Back-ups
Disaster recovery testing
Incidents and service requests
Information and communication technologies (ICT) policies and procedures
Network maintenance
Operations reports
Service level agreements
System event logs
System performance logs
System maintenance checklists
System development lifecycle documents
Publications Advertising
Information documents
Marketing material
Newsletters
Presentations
Press releases
Social media
Videos
Websites and content

9. Processing of personal information

9.1  Purpose of Processing Personal Information
DMA processes the personal information of data subjects in the following ways:

9.1.1  Executing and/or fulfilling its statutory obligations in terms of the PAIA and/or the POPIA;

9.1.2  Executing and/or fulfilling its statutory obligations in terms of other applicable legislation;

9.1.3  Executing and/or fulfilling its contractual obligations;

9.1.4  Administering employees and potential employees;

9.1.5  Keeping accounts and records;

9.1.6  Procurement processes; and

9.1.7  Visitors to the Company’s business premises.

9.2  Description of the categories of Data Subjects and of the information or categories of information relating thereto
DMA may process information for itself, shareholders (and those of clients), employees (and those of clients), clients (and those of clients), service suppliers (and those of clients) and product suppliers (and those of clients)

Categories of Data Subjects Personal Information that may be processed
Clients (and those of clients) Full names; contact details (contact numbers; fax numbers; email addresses); physical addresses; postal addresses; unique identifier; identity/registration numbers; confidential correspondence; tax related information; company information; information required in terms of the FAIS Act and the FICA (and other relevant legislation)
Service suppliers and product suppliers (and those of clients) Full names of contact persons; registered, and trade, names of entities; full names of directors and shareholders, physical addresses; postal addresses; contact details (contact numbers, fax numbers, email addresses); financial information; identity/passport/registration numbers; founding documents; tax related information; authorised signatories’ information; broad-based black economic empowerment (B-BBEE) status; associated entities; business strategies; information required in terms of the FAIS Act and the FICA (and other relevant information)
Employees/Key individuals/Representatives (and those of clients) Gender; pregnancy; marital status; race; age; language; education information (qualifications); financial information; employment history; identity/passport/registration numbers; physical addresses; postal addresses; contact details (contact numbers; fax numbers; email addresses); credit record; FAIS related information; criminal record; well-being and family members; medical; nationality; ethnic and/or social origin; physical and/or mental health; disability; biometric information; professional affiliation; references; CVs/resumes; information required in terms of the FAIS Act and the FICA (and other relevant legislation)

9.3  The recipients or categories of recipients to whom the personal information may be supplied

9.3.1  DMA may supply the personal information of data subjects to service suppliers, who provide the following services:

9.3.1.1  Administration (for example, clients, investments, medical aids, retirement funds);

9.3.1.2  Accounting and/or auditing;

9.3.1.3  Capturing and organising personal information;

9.3.1.4  Compliance;

9.3.1.5  Due diligence reviews;

9.3.1.6  Information and communication technologies (ICT);

9.3.1.7  Storing of personal information; and

9.3.1.8  Verification checks (for example, credit (and payment history), criminal, employment history, FAIS related, financial sanctions, identity, qualifications, terrorism).

9.3.2  DMA may supply the personal information of data subjects to:

9.3.2.1  Courts, in terms of matters taken on judicial review;

9.3.2.2  Enforcement agencies, for criminal investigation (for example, National Prosecuting Authority, South African Police Service);

9.3.2.3  People against whom complaints have been lodged; and/or

9.3.2.4  Regulators, ombuds, or tribunals, in terms of matters that fall under their jurisdiction.

Category of personal information Recipients of Categories of Recipients to whom the personal information may be supplied
Identity/passport/registration numbers, dates of birth, dates of incorporation, names Companies and Intellectual Property Commission, Department of Home Affairs, Financial Intelligence Centre, South African Police Services, United Nations, and verification providers
Qualifications South African Qualifications Authority and verification providers
Credit, and payment history Credit Bureaus and verification providers
Tax information South African Revenue Service

9.4 Planned transborder flows of personal information

9.4.1  DMA has not planned transborder flows of personal information however does store information within a cloud environment which is GDPR (General Data Protection Regulation) compliant. The GDPR is a regulation in European (EU) law on data protection and privacy in the European Union and the European Economic Area.

9.4.2  If it becomes necessary to transfer personal information to another country for a lawful purpose outside South Africa or the EU (in terms of DMA’s cloud storage), DMA will ensure that the person (both legal and natural) to whom the personal information will be transferred is subject to a law, binding
company rules, and/or binding agreements, which provide a suitable level of protection, and the third party agrees to treat the personal information with the same level of protection as DMA is required to provide, in terms of the POPIA.

9.4.3  The cross-border transfer of personal information will be done with the data subject’s consent; however, if it is not reasonably practicable to obtain the data subject’s consent, DMA will transfer the personal information if it will be for the data subject’s benefit and the data subject would have provided consent if it had been reasonably practicable to obtain the consent.

9.5 General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information

9.5.1  DMA has established and maintains, suitable technical and operational, measures to prevent loss of damage to, or unauthorised destruction of, personal information and unlawful access to, or processing of, personal information.

9.5.2  The suitable measures that DMA has taken includes, but is not limited to:

9.5.2.1  Access control;

9.5.2.2  Agreements with operators to ensure that they implement and maintain suitable security controls;

9.5.2.3  Anti-virus software;

9.5.2.4  Anti-malware software;

9.5.2.5  Awareness and vigilance of users;

9.5.2.6  Data back-ups;

9.5.2.7  Data encryption; and/or

9.5.2.8  Defensive measures.

9.5.3  The suitable measures are in place to ensure that DMA:

9.5.3.1  Identifies the risks (both internal and external) to the personal information that is in its possession and/or under its control;

9.5.3.2  Establishes and maintains suitable safeguards against the risks identified;

9.5.3.3  Regularly verifies that the safeguards are effectively implemented; and

9.5.3.4  Updates the safeguards when new risks are identified and when existing safeguards are found to be deficient.

10. Availability of the manual

10.1  A copy of the Manual is available

10.1.1  on www.dma.co.za , if any;

10.1.2  head office of the SCM DMA (Pty) Ltd for public inspection during normal business hours;

10.1.3  to any person upon request and upon the payment of a reasonable prescribed fee; and

10.1.4  to the Information Regulator upon request.

10.2  A fee for a copy of the Manual, as contemplated in annexure B of the Regulations (as may be amended from time to time), shall be payable per each A4-size photocopy made.

11. Updating of the manual

The head of SCM DMA (Pty) Ltd will on a regular basis review this manual and update it where/if required.

PAIA Manual English Signature
PAIA Manual English Revision History

TELL US ABOUT YOUR BUSINESS AND WE'LL GET BACK TO YOU.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    TELL US ABOUT YOUR BUSINESS AND WE'LL GET BACK TO YOU.

      This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.