Promotion of Access to Information (PAIA) Manual

1. INTRODUCTION

  • 1.1. This PAIA Manual has been prepared in line with section 51 of the Promotion of Access to Information Act 2 of 2000 (“the Act”). Its purpose is to assist individuals in requesting access to records held by a private body. When a request is made under the Act, the private body is required to provide the information if the requester demonstrates that it is necessary to exercise or protect their rights, unless there are legitimate grounds for refusal. The Act outlines the procedures for requesting information.

  • 1.2. Section 51 of the Act mandates private bodies to produce a manual that facilitates access to information held by the private body. It also specifies the essential requirements that such a manual must fulfil.

  • 1.3. This document is the PAIA Manual of Namhost Internet Services Pty Ltd ("Namhost"). It has been prepared in compliance with section 51 of the Act, as amended by the Protection of Personal Information Act, 2013 ("POPIA"). POPIA upholds the Constitutional right to privacy and sets forth minimum standards for the processing of personal information. It revises certain provisions of the Act, aiming to balance the right of access to information with the protection of personal data. POPIA also introduces the Information Regulator, who is tasked with ensuring compliance and addressing issues such as unsolicited electronic communications and automated decision-making.

Table of Contents

2. DEFINITIONS

Unless otherwise indicated, or where the context implies otherwise, the following terms shall have the following definitions, namely -

  • 2.1. "Act" means the Promotion of Access to Information Act, Act 2 of 2000, as amended from time to time;

  • 2.2. "Affiliates" means any connected party within the same group of companies, employees, sub-contractors, contractors and assigns;

  • 2.3. "Company" means Namhost and its Affiliates;

  • 2.4. "Information Officer" means the person acting on behalf of Namhost and discharging the duties and responsibilities assigned to the head of Namhost by the Act. The Information Officer is duly authorised to act as such and such authorisation has been confirmed by the “head” of Namhost in writing;

  • 2.5. "Manual" means this manual published in compliance with Section 51 of the Act;

  • 2.6. "PAIA" means Promotion of Access to Information;

  • 2.7. "Record" means any recorded information, regardless of form or medium, which is in the Possession or under the control of Namhost, irrespective of whether it was created by Namhost;

  • 2.8. "Registry Operator" means an operator authorised to accredit Namhost to sell domains;

  • 2.9. "Request" means a request for access to a Record of Namhost;

  • 2.10. "Requestor" means any person, individual or juristic persons, including a public body or an official thereof, making a Request for access to a Record of Namhost and includes any person acting on behalf of that person; and

  • 2.11. "SAHRC" means the South African Human Rights Commission.

  • 2.12. Unless a contrary intention clearly appears, words signifying -

    • 2.12.1. the singular includes the plural and vice versa;
    • 2.12.2. any one gender includes the other genders and vice versa; and
    • 2.12.3. natural persons include juristic persons.

  • 2.13. Unless otherwise stated, terms defined in the Act shall have the same meaning in this Manual.

Table of Contents

3. CONTACT DETAILS OF INFORMATION OFFICER (SECTION 51(1)(a))

  • 3.1. This Manual is published on Namhost's website and is available on request from the Information Officer. The details of the Information Officer are:

    Name of Private Body: Namhost Internet Services Pty Ltd
    Designated Information Officer: Ardi Coetzee
    Email address of Information Officer: ardi@namhost.com
    Postal address: 24 Black Eagle Rd, Hermanus, 7210, RSA
    Street address: 24 Black Eagle Rd, Hermanus, 7210, RSA
    Phone number: +27 72 994 8745

  • 3.2. This Manual is available at www.namhost.com/paia.

Table of Contents

4. INFORMATION REGULATOR'S GUIDE

  • 4.1. An official guide has been prepared to assist individuals seeking to exercise their rights to access information as provided by the Act. and POPIA. This guide is available from the Information Regulator, which was established under POPIA. Copies can be obtained from the Information Regulator or the Information Officer at no cost. Requests to inspect the guide at Namhost's office or to obtain a copy from the Information Officer should align with Form 1 of Annexure A to Government Notice No. R.757 dated 27 August 2021, issued under the PAIA Regulations. Please refer to Annexure C.

  • 4.2. In addition, the Information Regulator of South Africa can be approached at the following address:

    Physical Address: JD House
    27 Stiemens Street
    Braamfontein
    Johannesburg
    2001
    Postal Address: PO Box 31533
    Braamfontein
    Johannesburg
    2017
    General enquiries: enquiries@inforegulator.org.za
    Complaints: PAIAComplaints@inforegulator.org.za
    Compliance: PAIACompliance@inforegulator.org.za

Table of Contents

5. OBJECTIVES OF THIS MANUAL

The objectives of this Manual are:

  • 5.1. to compile an inventory of all records maintained by Namhost;

  • 5.2. to outline the criteria for individuals who are eligible to request information under the Act, as well as the justifications for which a request may be refused;

  • 5.3. to specify the procedures and format for submitting a request for information; and

  • 5.4. to adhere to the supplementary requirements mandated by POPIA.

Table of Contents

6. MANNER OF REQUEST

  • 6.1. According to the Act, an individual may request information only if it is necessary for the exercise or protection of a legitimate right, subject to the provisions in the Act.

  • 6.2. Consequently, information will not be provided unless the Requester gives sufficient details to enable Namhost to identify the right being protected and explains why the information is necessary for exercising or protecting that right. The exercise of an individual's rights is subject to reasonable limitations, including the protection of privacy, commercial confidentiality, and effective, efficient, and good governance. The Act and the procedures outlined in this Manual are not intended for accessing records for criminal or civil proceedings, nor should information be requested once such proceedings have begun.

  • 6.3. The Information Officer is responsible for receiving and coordinating all requests for access to records under the Act, ensuring compliance with the Act and POPIA.

  • 6.4. The Information Officer will liaise with Namhost's management / directors regarding these requests.

  • 6.5. All requests in terms of the Act and this Manual must be addressed to the Information Officer using the details in paragraph 3.1 above.

Table of Contents

7. AUTOMATICALLY AVAILABLE INFORMATION

  • 7.1. Information available on Namhost's website can be accessed openly and by the public, without the need for a formal request as outlined in this Manual.

  • 7.2. Namhost's website is publicly accessible to anyone with internet access, and the following types of information are available for download, inspection, purchase, or photocopying (at the Requestor's own cost):

    • 7.2.1. Marketing templates;
    • 7.2.2. media releases;
    • 7.2.3. public newsletters and/or publications; and
    • 7.2.4. various other marketing and promotional material.

Table of Contents

8. INFORMATION AVAILABLE IN TERMS OF POPIA

  • 8.1. In terms of POPIA, personal information must be processed for a specified purpose and subject to the limitations in POPIA. The purpose for which data is processed by Namhost will depend on the nature of the data and the data subject. This purpose is ordinarily disclosed, explicitly or implicitly, at the time the data is collected.

  • 8.2. Categories of personal information that may be collected by Namhost includes (without limitation):

    • 8.2.1. name and surname;
    • 8.2.2. contact number and email address;
    • 8.2.3. physical address;
    • 8.2.4. identity or passport number;
    • 8.2.5. date of birth;
    • 8.2.6. bank details;
    • 8.2.7. DoubleClick DART Cookies;
    • 8.2.8. log files;
    • 8.2.9. cookies and web beacons;
    • 8.2.10. information Namhost infers about the data subject based on such user's interaction with products and services;
    • 8.2.11. device information (for example the type of device you're using, how you access platforms, the user's browser or operating system and user's Internet Protocol ("IP address")); and
    • 8.2.12. location information.

  • 8.3. The purpose of processing personal information is:

    • 8.3.1. to provide you with information, products or services you request from Namhost;
    • 8.3.2. to refer you to an appropriate third-party service provider;
    • 8.3.3. to communicate with you;
    • 8.3.4. to provide you with support; and
    • 8.3.5. to provide effective advertising (for example to provide you with news, special offers and general information about other services and events which Namhost offers, that are similar to those that you have already procured or enquired about).

  • 8.4. A description of the categories of data subjects and of the information or categories of information relating thereto:

    • 8.4.1. visitors of the website;
    • 8.4.2. people who make use of Namhost's platform and/or services; and
    • 8.4.3. all data subjects whose personal information is processed by Namhost.

  • 8.5. The recipients or categories of recipients to whom Namhost may share personal information which is as follows:

    • 8.5.1. Namhost may disclose a data subject's personal information to a limited number of our employees and third-party service providers (other than those who Namhost refer persons to), who interact with such data subjects our behalf;
    • 8.5.2. other parties in response to a legal or regulatory obligation Namhost may have;
    • 8.5.3. other parties when Namhost performs an obligation toward its data subjects;
    • 8.5.4. other parties in response to legal process or when necessary to conduct or protect our legal rights;
    • 8.5.5. companies and/or contractors which provide services to us. Companies that provide services to us or act on our behalf may have access to information about you. These companies and contractors are limited in their ability to use information they receive while providing services to us or you;
    • 8.5.6. third parties where you provide consent. In some cases, third parties (often advertisers) may wish to attain information about you to promote their products to you, or for whatever other reason. Namhost may share information with third parties where you provide consent in the form of an explicit opt-in. Before Namhost asks a user to opt-in, Namhost will endeavour to provide the user with a clear description of what data would be shared with the third-party. Remember that once a person has opted in to allow Namhost to send information to the third-party, Namhost cannot control what they do with such data; therefore, be sure to investigate their privacy policies before providing permission for Namhost to share information to such party; and
    • 8.5.7. third parties during a business transfer. Where all or a part of our business is merged, sold or reorganised, personal information about you may be shared with the successor entity. Namhost will use reasonable measures to help ensure that any successor entity processes personal information in accordance with this manual and our Privacy Policy.

  • 8.6. Planned transborder flows of personal information:

    Namhost might transfer personal information to places outside of South Africa, including but not limited to the Republic of Namibia, and store it there, where Namhost's suppliers might process it. If this is required, Namhost will comply with applicable data privacy laws and its Privacy Policy before effecting the transfer of Personal Information.

  • 8.7. A general description of information security measures to be implemented by Namhost:

    Namhost takes extensive information security measures to ensure the confidentiality, integrity and availability of personal information in our possession. Namhost takes appropriate technical and organisational measures designed to ensure that personal information and data remains confidential and secure against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Table of Contents

9. RECORDS AVAILABLE IN TERMS OF OTHER LEGISLATION

  • 9.1. Records are kept in accordance with the following legislation to the persons or entities specified in such legislation (including but not limited to the below):

    • 9.1.1. Basic Conditions of Employment Act, 1997;
    • 9.1.2. Broad Based Black Economic Empowerment Act, 2003;
    • 9.1.3. Close Corporations Act, 1984;
    • 9.1.4. Companies Act, 2008;
    • 9.1.5. Compensation for Occupational Injuries and Health Diseases Act, 1993;
    • 9.1.6. Consumer Protection Act, 2008;
    • 9.1.7. Copyright Act, 1978;
    • 9.1.8. Electronic Communications and Transactions Act, 2002;
    • 9.1.9. Employment Equity Act, 1998;
    • 9.1.10. Financial Markets Act, 2012;
    • 9.1.11. Income Tax Act, 1962;
    • 9.1.12. Labour Relations Act, 1995;
    • 9.1.13. National Payment Systems Act, 1998;
    • 9.1.14. Occupational Health and Safety Act, 1993;
    • 9.1.15. Skills Development Act, 1998;
    • 9.1.16. Skills Development Levies Act, 1999;
    • 9.1.17. Trademarks Act, 1993;
    • 9.1.18. Unemployment Contributions Act, 2002;
    • 9.1.19. Unemployment Insurance Act, 2001; and
    • 9.1.20. Value Added Tax Act, 1991.

Table of Contents

10. CATEGORIES OF RECORDS HELD AND SUBJECT TO REQUEST

  • 10.1. General information held by Namhost, which is public in nature, may be accessed on Namhost's website without a formal request as contemplated by this PAIA Manual. The records which Namhost holds and the categories within which the records fall are listed below, as required by section 51(2)(e) of the Act. While Namhost holds such records, it is entitled to refuse access in terms of sections 62 and 69 of the Act.

  • 10.2. Statutory and Legal (which is not an exhaustive list):

    • 10.2.1. Statutory registers;
    • 10.2.2. Annual reports;
    • 10.2.3. Statutory records and returns, including incorporation documents, memorandum of incorporation and share register;
    • 10.2.4. Records relating to the appointment of directors/ auditors/ secretary/ and other officers;

    • 10.2.5. Minutes of meetings relating to:

      • 10.2.5.1. the board;
      • 10.2.5.2. the board and statutory committees;
      • 10.2.5.3. the management committees;
      • 10.2.5.4. shareholder's meetings;
    • 10.2.6. Resolutions taken by the board and/or shareholders;
    • 10.2.7. Proxy documentation;
    • 10.2.8. Contractual and legal agreements;

    • 10.2.9. Intellectual property relating to:

      • 10.2.9.1. trademarks certificates;
      • 10.2.9.2. licenses;
      • 10.2.9.3. copyrights and designs; and
      • 10.2.9.4. health and safety records.

    • 10.2.10. Human Resources:

      • 10.2.10.1. HR policies & procedures;
      • 10.2.10.2. Skills development plans and reports;
      • 10.2.10.3. Employee records;
      • 10.2.10.4. Benefits and payroll records;
      • 10.2.10.5. Leave Records;
      • 10.2.10.6. IR disciplinary and grievance procedures and hearings, including CCMA records;
      • 10.2.10.7. Training Manuals; and
      • 10.2.10.8. Training records.

    • 10.2.11. Administration, Finance and Accounting:

      • 10.2.11.1. Accounting records;
      • 10.2.11.2. Financial reports and statements;
      • 10.2.11.3. Management accounts;
      • 10.2.11.4. Banking Account details and Statements;
      • 10.2.11.5. Tax returns;
      • 10.2.11.6. VAT returns;
      • 10.2.11.7. Skills Development Levies UIF;
      • 10.2.11.8. Workmen's Compensation;
      • 10.2.11.9. Policies and procedures; and
      • 10.2.11.10. Supplier records;

    • 10.2.12. Insurance:

      • 10.2.12.1. Policies, including coverage, limits and insurers; and
      • 10.2.12.2. Claim records.

    • 10.2.13. Information technology:

      • 10.2.13.1. Hardware;
      • 10.2.13.2. Software packages;
      • 10.2.13.3. Licences;
      • 10.2.13.4. IT policies and procedures; and
      • 10.2.13.5. Operating systems.

    • 10.2.14. Sales, Marketing and Communication Records:

      • 10.2.14.1. Customer records (inclusive but not limited to data, domain data, billing records);
      • 10.2.14.2. Statements of account; and
      • 10.2.14.3. Terms & conditions;
    • 10.2.15. Marketing material and media releases: brochures, newsletters and advertising materials;
    • 10.2.16. Public communication records;
    • 10.2.17. Internal communication;
    • 10.2.18. Performance records;
    • 10.2.19. Interested party records;

    • 10.2.20. Assets:

      • 10.2.20.1. Land and building register;
      • 10.2.20.2. Fixed assets register;
      • 10.2.20.3. Title deeds; and
      • 10.2.20.4. Leases.

    • 10.2.21. Operations information:

      • 10.2.21.1. This information can be defined as information needed in the day-to-day running of the organisation. Examples include (without limitation) internal telephone lists, address lists, company policies, company procedures, human resource manual, administration manual, industry related statistical data, guest database, historical guest histories, guest reservation data, management information reports, property development information such as title deeds, lease agreements, construction contracts and architectural drawings.

    • 10.2.22. Registry Data Records:

      • 10.2.22.1. Registrar Records;
      • 10.2.22.2. Registrars' Details; and
      • 10.2.22.3. Record of Domain Name Disputes and Complaints.

Table of Contents

11. CLASSIFICATION OF COMPANY RECORDS

  • 11.1. On request, access of Namhost's records listed above may be granted or refused based on the following considerations:

    • 11.1.1. Disclosure and/or access granted:

      • 11.1.1.1. information which forms part of a public access document; and
      • 11.1.1.2. information which is subject to any intellectual property rights and copyright.

    • 11.1.2. Limited disclosure and/or access granted:

      Personal information of natural persons that belong to the requestor of that information, or personal information of juristic persons represented by the requestor of that information, as contemplated by section 61 of the Act.

    • 11.1.3. Information which may not be disclosed:

      • 11.1.3.1. information relating to a request after the commencement of criminal or civil proceedings, as contemplated by section 7 of the Act;
      • 11.1.3.2. unreasonable disclosure of personal information of a natural person or a juristic person, as contemplated by section 63(2) of the Act and the POPIA;
      • 11.1.3.3. information which is likely to harm the commercial or financial interests of a third party, as contemplated by section 64(1)(a) and (b) of the Act;
      • 11.1.3.4. information which is likely to harm Namhost or a third party in contract negotiations, as contemplated by section 64(1)(c) of the Act;
      • 11.1.3.5. information which would breach a duty of confidence owed to a third party in terms of an agreement, as contemplated by section 65 of the Act;
      • 11.1.3.6. information which should instead be requested from a Registry Operator;
      • 11.1.3.7. information which is likely to compromise the safety of individuals or protection of property, as contemplated in section 66 of the Act;
      • 11.1.3.8. legally privileged information, as contemplated by section 67 of the Act;
      • 11.1.3.9. commercial information of a private body, as contemplated by section 68 of the Act; and
      • 11.1.3.10. information which is likely to prejudice research and development information of Namhost or a third party, as contemplated by section 69 of the Act.

    • 11.1.4. Information which may not be refused:

      • 11.1.4.1. disclosure of information, which is in the public interest, as contemplated by section 70 of the Act.

Table of Contents

12. ACCESS: PROCEDURE AVAILABLE AND FEES

  • 12.1. Completion of the prescribed form

    • 12.1.1. Any request for access to a record under PAIA must closely align with Form 2 of Annexure A to Government Notice No. R.757 dated 27 August 2021, as issued under the PAIA Regulations, and must specify the record being requested. Refer to Annexure A for details.
    • 12.1.2. Requests that do not meet the formal requirements set out by the Act will be returned and not processed.
    • 12.1.3. Under POPIA, a data subject can, upon proving their identity, request Namhost to confirm, at no cost, all the information it holds about them and may request access to this information, including details about third parties who have accessed it.
    • 12.1.4. If the data subject must pay a fee for services provided, POPIA requires Namhost to provide a written estimate of the costs before delivering the service and may ask for a deposit for part or all the fee.
    • 12.1.5. The grounds for refusing a data subject's request are detailed in the Act and outlined in this Manual.
    • 12.1.6. POPIA allows a data subject to object at any time to the processing of their personal information by Namhost on reasonable grounds related to their situation, unless the processing is mandated by law. The data subject must complete the prescribed form, Annexure E, and submit it to the Information Officer at the provided postal or physical address, fax number, or email address.
    • 12.1.7. A data subject may also request Namhost to correct or delete personal information that is inaccurate, irrelevant, excessive, outdated, incomplete, misleading, or unlawfully obtained; or to destroy or delete a record of personal information that Namhost is no longer authorised to retain under POPIA's provisions on the retention and restriction of records.
    • 12.1.8. Requests for the correction or deletion of personal information, or the destruction or deletion of a record, must be submitted to the Information Officer at the specified postal or physical address, fax number, or email address using the form attached as Annexure F.
    • Proof of identity
    • 12.1.9. Proof of identity is required to authenticate the Requestor's identity and the Request. The Requestor will, in addition to this prescribed form, be required to submit acceptable proof of identity such as a certified copy of the Requestor's identity document or other legal forms of identity.
    • 12.1.10. If the Request is made on behalf of another person, the requester must submit proof of their capacity to make the request on behalf of another person, as set out in section 53(2)(f) of the Act.

  • 12.2. Payment of the Prescribed Fees

    • 12.2.1. The fees payable in respect of a Request are reflected per Annexure B.
    • 12.2.2. Section 54 of the Act entitles Namhost to levy a charge or to request a fee to enable it to recover the cost of processing a request and providing access to records. The fees that may be charged are set out in Annexure B of Government Notice No. R.757 dated 27 August 2021, promulgated under the PAIA Regulations. Please refer to Annexure D.
    • 12.2.3. Where a decision to grant a request has been made, the record will not be disclosed until the necessary fees have been paid in full by the Requestor.

  • 12.3. Timelines for processing a request for access.

    • 12.3.1. Requests will be addressed within 30 (thirty) days, unless there are special circumstances that necessitate extending the time frame.
    • 12.3.2. The Information Officer will notify the requester of the decision and any applicable fees using a form like Form 3 of Annexure A to Government Notice No. R.757 dated 27 August 2021, issued under the PAIA Regulations.
    • 12.3.3. If an extension is needed, the requester will be informed, along with an explanation of why more time is required.

  • 12.4. Remedies where a Request is refused:

    • 12.4.1. If Namhost denies a request for information, the requester has the following options:
    • 12.4.2. Internal remedies: Namhost does not offer an internal appeal process. The decision made by the Information Officer is final. If the request is rejected, the requester can pursue the external remedies outlined below.
    • 12.4.3. External remedies: The requester may seek relief by applying to a court of competent jurisdiction or by approaching the Information Regulator.

Table of Contents

13. AVAILABILITY OF THIS MANUAL

Copies of this Manual are available for inspection, free of charge, at the offices of Namhost and at https://www.namhost.com/t/namhost/Namhost-PAIA_Manual.pdf

Table of Contents