PAIA MANUAL AND POPIA POLICY FOR ETHICO BROKERS (PTY) LTD
COMPILED IN TERMS OF SECTION 51 OF THE
PROMOTION OF ACCESS TO INFORMATION ACT, ACT 2 OF 2000 (AS AMENDED)
read with
PROTECTION OF PERSONAL INFORMATION ACT, AC 4 OF 2013 (AS AMENDED)
- INTRODUCTION
1.1. This manual is compiled in terms of the Promotion of Access to Information Act, No 2 of 2000 (“the Act”) and the Protection of Personal Information Act No 4 of 2013 (POPIA).
1.2. The Act gives effect to the constitutional right of access to information contained in section 32 of the Constitution of the Republic of South Africa.
1.3. In terms of the Act, public bodies are required to compile a manual as a guide to requesters of information.
This manual further serves to indicate the kind of records held by Ethico Brokers and the availability of such records from Ethico.
- ABOUT ETHICO AND OBJECTIVES
2.1. Ethico is a private company and a non-mandated intermediary registered to provide advice and perform intermediary services and operates its business as an Insurance Broker dealing with and providing advice to clients. Ethico markets itself as such in the public domain under www.ethicobrokers.co.za.
2.2. The objectives of the ETHICO are to:
2.2.1. Promote fair customer treatment for our policyholders by ensuring that we understand our client’s needs and focus on cost-effective solutions.
2.2.2. Focus on tailor-solutions for personal and business insurance.
2.2.3. Assist in recommendations and providing quotes as soon as possible to provide peace of mind.
THE PURPOSE OF THIS MANUAL AND POLICY (PAIA & POPIA)
3.1. The purpose of this manual is to prescribe guidelines for members of the public to access information held by us.
3.2. We are obliged to protect our client information and the inherent rights as identified in terms of the Constitution, PAIA and POPIA, safe for where provision is made where we may disclose the aforesaid information.
3.3. Further to the aforesaid, this manual will ensure protection of PWV from compliance risks associated with protection, which includes the below but not limited to same:
Breaches of confidentiality. For instance, the organization could suffer loss in revenue where it is found that the personal information of data subjects has been shared or disclosed inappropriately.
Failing to offer choice. For instance, all data subjects should be free to choose how and for what purpose the organization uses information relating to them.
Reputational damage. For instance, the organization could suffer a decline in shareholder value following an adverse event such as a computer hacker deleting the personal information held by the organization.
3.4. This policy demonstrates the organization’s commitment to protecting the privacy rights of data subjects in the following manner:
Through stating desired behavior and directing compliance with the provisions of POPIA and best practice.
By cultivating an organizational culture that recognizes privacy as a human right.
By developing and implementing internal controls for the purpose of managing the compliance risk associated with the protection of personal information.
By creating business practices that will provide reasonable assurance that the rights of data subjects are protected and balanced with the legitimate business needs of the organization. By assigning specific duties and responsibilities to control owners, including the appointment of an Information Officer and where necessary, Deputy Information Officers in order to protect the interests of the organization and data subjects. By raising awareness through training and providing guidance to individuals who process personal information so that they can act confidently and consistently.
- ETHICO CONTACT DETAILS Section 51 (1) (a)
Persons designated/duly authorized persons:
Directors
Mr. Andre John Swart, Ms. Judy de Sa, Mr. Jaco Pohl
Information Officer
Ms. Judy de Sa
Telephone Number
010 133 0500
Email Address
info@Ethicoco.za
Website
https://www.Ethicobrokers.co.za/
Physical and Postal address
Unit 1, 14TH avenue center
42 Kessel Street
Fairland
2197
Request for information and access tp records nor readily available, may be made by contacting Ethico’s Information Officer on Tel 010 133 0500 or email judy@ethico.co.za
- GUIDELINES FOR ACCESS TO INFORMATION AS PROVIDED FOR IN SECTION 10 OF PAIA AND SECTION 57 OF POPIA
A guideline manual for how to use the PAIA has been compiled by the South African Human Rights Commission (“SAHRC”). This guide can be accessed directly from the SAHRC at the following contact details:
Website
www.sahrc.org.za
Postal address
PAIA UNIT, Private bag 2700, Houghton, 2041
Telephone
011 484 8300
Fax
011 484 0582
Email
paia@sahrc.org.za
If your personal information has not been processed in accordance with the POPI Act and the principles set out above, you have the right to lodge a complaint with the Information Regulator. For further information regarding the complaints process, please visit the website of the Information Regulator, as indicated below. Alternatively, you may contact the Information Regulator for further assistance:
The Information Regulator
Adv Pansy Tlakula
Physical Address
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email
complaints.IR@justice.gov.za
Website
https://www.justice.gov.za/inforeg/index.html
- TYPES OF RECORDS HELD
6.1. Records made available in terms of applicable legislation
Records are held and made available in terms of the legislation listed in under paragraph 6.3.
6.2. Records that is freely available
In terms of section 52(2) of the PAIA, the Minister may from time to time publish a Notice in the Government Gazette describing those records which are freely available. As of date of this Manual, no such Notice has been published that applies to ETHICO.
6.3. Other Records held
Products and Services subjects | |
Short-term Products | Risk Advisory for Business & Individuals |
Comprehensive Insurance Products | Short-term Insurance services |
Company Records may include the below – but not limited to: | |
Financial records | Distribution |
Client records for purposes of insurance | Marketing |
Client care | Information technology |
Product management | Human resources |
All records kept in terms of the Company Laws of South | |
Data subjects on whom records are held | |
Shareholders | Banking institutions |
Policyholders | External companies and/or contractors |
Directors | Third Parties |
Employees | Auditors |
Officials | Companies |
The records held in terms of the data subject may include the following, but not limited to: | |
Confidential | Scientific |
Personal | Research |
Commercial | Operational |
Financial | Trade |
Group/company incorporation | Business |
Group/company financial | Internal group/company divisions |
Group/company departments | Group/company structure |
Strategy | Operational |
Contractors | Policyholder |
Statutory required reports | Shareholder |
Subsidiary companies | External companies |
Consultant | Directors |
Information technology | Employee |
Clients | Banking institutions |
Product and services | Official/legal |
Contracts | Policy documents |
- GROUNDS FOR REFUSAL
In terms of the PAIA justifiable grounds exist for an entity to refuse or limit access to information. Grounds for refusal include, but are not only limited to these, are:
Personal information relating to individuals.
Certain types of commercial information.
Information that is deemed confidential.
Information that is deemed privileged.
Information relating to trade secrets.
Information relating to copy right.
Information relating to protected information technology.
Where the requests are unreasonable, vexatious, or frivolous.
Where the request is not in the prescribed manner form or accompanied with the prescribed fee
Requests for access to records of Ethico may be made to the relevant Directors listed above.
- PROCEDURE FOR PAIA REQUESTS
8.1. Any person may make a request for access to a record of Ethico.
8.2. A request must be made in writing on the prescribed Form A which is attached to this manual as Annexure A.
8.3. The request form must be addressed to the Information Officer using the contact details set out in clause 4 above. The request must contain the name and contact details of the requester and it must provide sufficient details to enable Ethico to identify the record requested. The requester should also indicate the form in which access to the record is requested.
8.4. Where the request is made on behalf of another person, the requester must submit proof, in the form of an affidavit or letter of consent, of the capacity in which the requester is making the request to the satisfaction of the Information Officer.
- PAYMENT OF FEES (S 22 of PAIA)
9.1. A request fee is payable for PAIA requests and proof of such payment must be sent to the
Information Officer together with the request. Once ETHICO has decided to grant the requested access to information, access fees may be imposed by ETHICO to the requester.
9.2. The request fee is aligned to the Regulations published in terms of the PAIA Act.
9.3. Bank deposit is the only accepted payment method for PAIA requests using Ethico’s banking details, which will be made available on request.
9.4. A request is only received once a completed form and the prescribed request fee have been received by the Information Officer.
9.5. Upon receipt of the PAIA request, Ethico shall endeavor to consider and provide a response to each request within the prescribed thirty (30) days. When necessary, Ethico may extend the period of thirty (30) days for a further period of thirty (30) days to finalize the request.
- DECISION OF ETHICO
10.1. As prescribed in section 25 of the Act, the Information Officer shall decide whether to grant the requested access to information and inform the requester accordingly. The requester shall be notified of the decision in the most expedient manner possible.
10.2. If the request for access to information is refused by the Information Officer, the requester shall be provided with written reasons for such refusal.
- RIGHT TO CHALLENGE DECISION
Where a request for access has been refused or not replied to, an internal appeal can be lodged with the Directors at one of the contact details listed above in paragraph 4.
An internal appeal can be lodged by way of a written letter addressed to the Directors of our firm. If an internal appeal is unsuccessful for whatever reason, the applicant is entitled to exercise their remedies in terms of the PAIA, which include access to a Court of law.
- AVAILABILITY OF THE MANUAL
This manual has been drafted to demonstrate ETHICO’s commitment with compliance to our Constitution, applicable laws and regulations of the Republic of South Africa. The availability of this manual is not only in compliance with the requirements of PAIA and POPIA but also is an effort to truly operate a transparent institution which is compliant and promotes the constitutional right of access to information.
The manual is available in electronic and hard copies in English. The hard copies are also made available at ETHICO’s reception area, and in every division of ETHICO for public inspection during business hours. The manual is also available on the website of ETHICO and can be made available to any person upon request.
- UPDATING OF THE MANUAL
This manual will be updated on an annual basis unless material amendments occur to warrant same.
- PROCESSING OF PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT NO 4 OF 2013
14.1. ETHICO must collect and use information, including personal information as defined in the Protection of Personal Information Act, to the extent that it is necessary to properly perform the functions, obligations and duties referred to in paragraph 3.
14.2. The following categories of personal information are processed for purpose of insurance as noted in paragraph:
Identifying number (employee number; company registration numbers, ID number); Email-addresses, physical address, telephone number; Names, surname, marital status, nationality, sexual orientation, age, physical health status, mental health status, well-being, disability status, language, birthplace, date of birth. Some of the information may be more prevalent in our employment processes than in the core business divisions.
Information on your race, ethnic or social origin, criminal recordings/proceedings.
Education, medical, financial, employment information.
Personal information is only disclosed if it is necessary to fulfil broker mandate for business purposes and/or insurance purpose, where there is a legal obligation, there is a public duty to disclose the information, or the legitimate interests of the data subject require disclosure or consent was provided by data subject to disclose the information.
The recipients of information include ETHICO service providers, other regulators (including foreign regulators), law enforcement agencies, and verification agents.
Personal information may be processed in other jurisdictions outside of South Africa for business purposes, sharing with foreign regulators for fulfilling a legislative mandate or law enforcement agencies for investigation purposes.
Where appropriate, we request the third parties with whom we share information with, to take adequate measures and comply with applicable data protection laws and protect the information we are disclosing to them. We do this through contractual arrangements with these third parties. We also take internal measures to ensure that the third parties we appoint have appropriate measures to protect the information we provide to them.
Ethico employs security controls, electronic and physical that are designed to maintain confidentiality, prevent loss of unauthorized access and damage to information by unauthorized parties.
The cyber security strategy of Ethico is aligned to industry standard frameworks to ensure effective cyber security risk management for Ethico. We conduct continuous security vulnerability assessments to improve our security posture and provide us with comfort.
Data subjects have the following remedies where there’s interference with the protection of their personal information by Ethico:
Lodge a complaint with the Ethico Information Officer, and where unsatisfied, lodge the complaint with the Information Regulator in the prescribed manner and form.
Institute civil action for damages in a court having jurisdiction. For more information on our processing activities, please visit the Ethico Privacy Policy on our website www.ethicobrokers.co.za
- FEES PAYABLE WHEN REQUESTING ACCESS TO ANY RECORD
The fees as prescribed by the Act include:
15.1. Request fee R 50.00
15.2. Every A4 photocopy or part thereof (per folio) R 1.10
15.3. Every A4 print copy (per folio) R 0.75
15.4. Electronic copies R 70.00
15.5. Transcription of visual images per A4 page R40.00 per Copy R 60.00
15.6. Transcription of audio records per A4 page R 20.00 per copy of audio R 30.00
15.7. Fee for time spent accessing record (per 30 min) R 30.00
15.8. Actual postal fees are payable by the requester.
15.9. Appeal fee for internal appeal R 50.00
Please note that these fees may be different by the time that records are requested as prescribed in terms of the Government Gazette
The fees prescribed above are excluding VAT which will be added to the fee when a request is receive
ANNEXURE A
PERSONAL INFORMATION REQUEST FORM PERSONAL INFORMATION REQUEST FORM
(Please submit the completed form to the Information Officer)
I request the organization to:
Signature _______________________
Date ____________________________
ANNEXURE B
POPIA COMPLAINT FORM POPIA COMPLAINT FORM
We are committed to safeguarding your privacy and the confidentiality of your personal information and are bound by the Protection of Personal Information Act.
Please submit your complaint to the Information Officer:
Name
Ms Judy de Sa
Contact Number
010 133 0500
Email Address
complaints@ethico.co.za
Where we are unable to resolve your complaint, to your satisfaction you have the right to complain to the Information Regulator.
The Information Regulator
Adv Pansy Tlakula (Chairperson)
Physical Address
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001.
Postal Address
PO Box 31533, Braamfontein, 2017
Email
enquiries@inforegulator.org.za
Contact Number
010 023 5200
Website
http://www.justice.gov.za/inforeg/index.html
Signature _______________________
Date ____________________________
