Secure Citizen's PAIA

Promotion of Access to Information Act Manual

It’s about access

 This manual applies to Secure Citizen (Pty) Ltd with registration number: 2019/547916/07 (“Secure Citizen”) and with registered address at: Building A, Suite 2, Cotillion Place, 22 Techno Ave, Techno Park, Stellenbosch, 7600

1. Overview

Promotion of access to information policy: PAIA

 This manual was prepared in accordance with section 51 of the Promotion of Access to Information Act No. 2 of 2000 (the “Act”) as well as to address requirements of the Protection of Personal Information Act No. 4 of 2013 (“POPI”). This manual is intended to assist persons wishing to access information, in terms of the Act, from Secure Citizen.

2. Introduction

The Act gives third parties (i.e., the public) the right to approach private bodies and the government to request information held by them, which is required in the exercise and/or protection of any rights. On request, the private body or government is obliged to release such information unless the Act expressly states that the records containing such information may not be released. This manual informs requestors of procedural and other requirements which a request must meet as prescribed by the Act.

3. Nature of business

Secure Citizen offers fraud prevention and identity verification solutions.

Contact details for access to information of Secure Citizen

4. Guide on how to use PAIA and how to obtain access to the guide

A guide to the Act (as contemplated under section 10(1) of the Act) (the “Guide”) is available from the Information Regulator. The Act grants a requester access to records of a private body if the record is required for the exercise or protection of any right/s. The Guide contains such information as may reasonably be required by a person who wishes to exercise any right contemplated in the Act and/or POPIA. 

Members of the public can inspect or make copies of the Guide from the office of the Information Regulator during normal working hours, the details of said office are: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 (inforeg@justice.gov.za).

The Guide can also be obtained from the website of the Information Regulator (http://www.justice.gov.za/inforeg/). A copy of the Guide is attached to this PAIA manual marked as Annexure “A”.

5. Access to records held by Secure Citizen

Records held by Secure Citizen may be accessed on request only once the requirements for access have been met. A requester is any person making a request for access to a record of  Secure Citizen  and in this regard, the Act distinguishes between two types of requesters:

• Personal Requester

A personal requester is a requester who is seeking access to a record containing personal information about the requester. Subject to the provisions of the Act and applicable law, Secure Citizen will provide the requested information, or give access to any record with regard to the requester’s personal information. The prescribed fee for reproduction of the information requested will be charged by Secure Citizen.

• Other Requester

This requester (other than a personal requester) is entitled to request access to information pertaining to third parties. However, Secure Citizen is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of the Act. The prescribed fee for reproduction of the information requested will be charged by Secure Citizen.

6. Request Procedure

A requester requiring access to information held by Secure Citizen must complete the prescribed “Form 2” enclosed herewith in Annexure “B” (“Access Request Form”) and submit same as well as payment of a request fee and a deposit, if applicable to the information officer at the postal or physical address, or electronic mail address stated herein.

In order to enable ourselves to provide a timely response to requests for access, all

requesters should take note of the following when completing the Access Request Form:

• the Access Request Form must be completed in full;
• a full description of the records requested must be provided;
• Proof of Identity to authenticate the identity of the requester must be provided;
• the requester must state that they require the information in order to exercise or protect a right;
• the requester must clearly state the nature of the right to be exercised or protected; and
• they must specify why the record is necessary to exercise or protect such a right.

If a request is made on behalf of another person, then the requester must submit proof of the capacity in which the requester is making the request to the reasonable satisfaction of the information officer.

If an individual is unable to complete the prescribed forms because of illiteracy or disability, such a person may make the request orally to the information officer.

On receipt of a duly completed Access Request Form, we will endeavour to notify you in writing within 30 days as to whether your request has been approved or declined. The 30 day period within which Secure Citizen has to decide whether to grant or refuse a request, may be extended for a further period of not more than 30 days if the request is for a large quantity of information, or the request requires a search for information held at another site (other than the head office) and the information cannot reasonably be obtained within the original 30 day period. The information officer will notify the requester in writing should an extension be necessary.

7. Fees

The Act provides for two types of fees:

• A request fee,(a standard administration fee), which is paid by all requesters, (except for personal requesters), must be paid before the request can be considered. This fee is non-refundable; and                                                                                                           
•  An access fee, which is paid by all requesters after the request for access has been granted.  This fee is calculated by taking into account reproduction costs, search and preparation time and cost, as well as postal costs where applicable.

If a search for the record is necessary and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the information officer shall notify the requester to pay as a deposit the prescribed portion of the access fee which would be payable if the request is granted.

The information officer shall withhold a record until the requester has paid the fee or fees as indicated. A requester whose request for access to a record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available in the request form. If a deposit has been paid in respect of a request for access, which is refused, then the information officer shall repay the deposit to the requester. Any fees or deposit payable by the requester shall be as detailed in Form “3” (marked as Annexure “C”).

8. Decision and Outcome of Request

Once Secure Citizen has processed the request, it will complete and return to the requester the prescribed “Form 3” (marked as Annexure “C”) detailing (i) whether the request has been approved or denied and the reasons therefor, (ii)  the amount of the deposit (if any) payable by the requestor and (iii) any fees payable by the requester with regards to the request. For the avoidance of doubt,  the requested record (or portion thereof) will only be released upon receipt of proof of full payment of any deposit and fees owing by the requester and detailed in this Form “3”.

9. Categories of records held by Secure Citizen: section 51(1)(E)

Records Available Without Request

• PAIA Manual

• Other non-confidential records of Secure Citizen, such as statutory records maintained at the CIPC

Records Available Upon Request

• Companies Act 71 of 2008 (“Companies Act”) Records
• Documents of incorporation
• Minutes of board of directors meetings
• Records relating to the appointment of directors / auditor / secretary / public officer and other officers
• Written resolutions
• Share register and other statutory registers
• Other statutory records
• Financial Records
• Annual Financial Statements

• Tax Returns
• Accounting Records
• Banking Records
• Bank Statements
• Electronic banking records
• Asset Register
• Invoices
• Insurance Policies
• Tax Records

• Tax returns
• VAT Records
• PAYE Records
• Documents issued to employees for income tax purposes
• Records of payments made to SARS on behalf of employees
• VAT
• Skills Development Levies
• UIF
• Workmen’s Compensation 
• Personnel Documents and Records
• List of Employees
• Employment contracts

• Medical Scheme Records (where applicable)
• Pension / Provident Fund Records (where applicable)
• Employment policies and procedures
• Any Internal Evaluations and Performance Reviews
• Disciplinary Codes and Records
• Training Records (where applicable)
• Any Personal Records provided by personnel
• Salary records
• Leave records
• Training records
• Other statutory records
• Client records
• Names/surnames of representatives/ contact persons
• Mobile number
• Email address
• Physical address
• Name and registration number of legal entity
• Communications and/or correspondence with clients
• Transactional Information (if applicable)
• Client contracts
• End Customer records
• Identity number/passport number

Any end customer records/information must requested by the end customer directly from the client.

10. Processing of Personal Information in terms of POPIA

Purpose of Processing – Secure Citizen uses the Personal Information under its care in the following ways:

• Providing software and services to clients
• manage employees
• process personal information of employees
• manage supplier contracts and merchant relationships
• market goods and services to clients and to prospective clients (with their consent)
• Keeping of accounts and records
• Complying with tax laws
• process customer requests or complaints
• enforce outstanding debts
• keep our customer records up to date
• for audit trail purposes

Categories of Data Subjects and their Personal Information

Secure Citizen may process information relating to suppliers, shareholders, contractors service providers, staff and clients:

Categories of Recipients for Processing the Personal Information  

Secure Citizen may supply the Personal Information to service providers who render the following services:                                                                                                                                       

• Capturing and organising of data;
• Storing/hosting of data;
• Sending of emails and other correspondence to clients, service providers or partners;
• Collections and legal services;
• Conducting due diligence checks;
• Administration of any policies offered to Secure Citizen employees.
• Actual or Planned Transborder Flows of Personal Information

Data may be transferred trans-border in order to provide certain agreed services to clients or to store data with third party cloud storage providers. 

11. General Description of Information Security Measures

Secure Citizen prioritizes robust information security measures to safeguard sensitive data, critical systems, and maintain the trust of stakeholders. Secure Citizen employs technologies and  protocols to ensure the confidentiality, integrity, and availability of its information assets. Key components of the information security measures include:                                                                      

• Identity and access control
• Encryption (Where possible)
• Data Backup & Recovery
• Monitoring
• Continuity planning
• Physical Security measures
• Outsourced service providers who process Personal Information on behalf of Connect SA are contracted to implement security controls.

12. Remedies available if request for information is refused

• Internal Remedies

Secure Citizen does not have internal appeal procedures. As such, the decision made by the information officer pertaining to a request is final, and requestors will have to exercise such external remedies at their disposal if a request is refused, and the requestor is not satisfied with the response provided by the information officer.

• External Remedies

A requestor that is dissatisfied with the information officer’s refusal to disclose information, may within 30 days of notification of the decision, apply to a court for relief. Likewise, a third party dissatisfied with the information officer’s decision to grant a request for information, may within 30 days of notification of the decision, apply to a court for relief. For purposes of the Act, courts that have jurisdiction over these applications are the Constitutional Court, the High Court or another court of similar status, including a Magistrate’s Court designated by the Minister of Justice and Constitutional Development and which is presided over by a designated Magistrate.

13. Availability of the manual

The manual is available for inspection, on reasonable prior notice, at the office of Secure Citizen free of charge as well as on the Secure Citizen’s website at www.securecitizen.co.za.

 Last updated: 23 January 2025

Annexures

• Annexure “A”: PAIA Guide
• Annexure “B”: Form 2 – Request for Access to Record
• Annexure “C” : Form 3 – Outcome of Request and Fees Payable