Promotion of Access to Information (PAIA) Manual
This PAIA Manual was last updated on 1 June 2021
- Introduction
- Contact Details
- The Act
- Applicable Legislation
- Schedule of Records
- Request for Access to Information
- Fees
- Timelines for Consideration
- Grounds for Refusal of Access to Records
- Remedies Available
- Schedule 1: Access Request Form
- Schedule 2: Fees
-
Introduction
- Byte Orbit (Pty) Limited (registration No: 2015/169050/07) is a company incorporated and carrying on business in accordance with the company laws of South Africa (“Byte Orbit”);
- Byte Orbit is a digital innovation and development execution partner based in Cape Town, South Africa. Byte Orbit provides software solutions and services to a broad spectrum of corporate clients.
- Byte Orbit supports the constitutional right of access to information and we are committed to provide you access to our records in accordance with the provisions of the Promotion of Access to Information Act 2 of 2000 ("the Act") and the Protection of Personal Information Act 4 of 2013 (“POPIA”), the confidentiality we owe third parties and the principles of South African privacy law.
-
Contact Details
Contact details of the information officer: Wendy Moulang (“Information Officer”)
- Physical Address: 2nd floor, Sable Park, Bridgeways Precinct, Century City, 7446
- Postal Address: Suite 148, Private Bag X22, Tygervalley, 7536
- Telephone: +27 21 492 5184
- Email: compliance@byteorbit.com
-
The Act
- Introduction This Manual has been compiled to meet the requirements of the Act, as applied in conjunction with POPIA. The goal is to give effect to the constitutional right of individuals to access information held by a private body (in this case, Byte Orbit), if the information is required for the exercise or protection of that individual's rights.
- Such right of access to information is subject to justifiable limitations for the reasonable protection of privacy, commercial confidentiality, and effective, efficient good governance, balancing the right to information against other rights. . If a public body lodges a request, the public body must be acting in the public interest.
- This Manual is available at byteorbit.com, and at the physical address specified in paragraph 2.1 above.
- Requests for information in terms of the Act must be made in accordance with the procedures prescribed in this Manual and accompanied by the prescribed fees.
-
The South African Human Rights Commission ("SAHRC") has compiled a guide in terms of Section 10 of the Act which gives advice on how to exercise your rights (“Guide”). This Guide is available from the SAHRC at:
Postal Address: Private Bag 2700, Houghton, 2041
Telephone Number: +27-11-877 3600
Fax Number: +27-11-403 0625
Website: www.sarhc.org - Purpose for processing data Byte Orbit takes the privacy and protection of personal information very seriously and will limit the personal information processed to only that to which you consent and which is necessary for our legitimate business interests and process it in strict accordance with current South African privacy legislation.
-
Byte Orbit processes personal information for a variety of purposes, including, but not limited to the following:
- to provide any information, products, services, or support requested by data subjects;
- to help identify data subjects when they contact Byte Orbit;
- to maintain customer records;
- to securely transmit the data of data subjects for the purpose of providing services to Byte Orbit customers;
- to manage the backup and storage of data subjects' data on behalf of some Byte Orbit customers to support the smooth and secure running of Byte Orbit customers' businesses;
- for recruitment, internship, and employment purposes;
- for travel purposes;
- for general administration, financial, and tax purposes;
- for legal or contractual purposes;
- for health and safety purposes;
- to monitor access, and ensure the security of Byte Orbit’s premises and assets;
- to transact with suppliers and business partners;
- to help Byte Orbit:
- improve the quality of its products and services;
- detect and prevent fraud and money laundering;
- debts;
- to carry out analysis and customer profiling; and
- to identify other products and services which might be of interest to data subjects and to inform them about our products and services.
-
Categories of Data Subjects
Byte Orbit processes the personal information of a number of types of subjects, for various reasons, including the following:
Data subjects Type of personal information processed Employees and potential employees - demographic information
- health and disability information
- employment contracts
- performance and disciplinary matters
- payroll
- physical access and monitoring
- training
- employment history
- criminal history
- background checks
- time and attendance
- correspondence
Customers and Potential Customers - demographic information of (potential) customers and their representatives
- contracts
- contact details
- banking details
- credit record
- account history
- correspondence
- customer information (exclusively for contracted support, hosting or back-up purposes)
Suppliers - demographic information of suppliers and their representatives
- banking details
- account history
- product and service information
- contracts
- correspondence
Product testers - demographic information
- personal information
- employment history
- views & opinions
-
Categories of Data recipients
Byte Orbit may share the personal information of our data subjects for the purposes outlined above with the following kinds of recipients:
- Byte Orbit employees;
- service providers and agents who perform services on Byte Orbit’s behalf;
- third parties as described below.
- Byte Orbit does not share the personal information of data subjects with third parties unless:
- a data subject has consented thereto;
- obliged to do so for legal or regulatory purposes, or in connection with legal proceedings; or
- it necessary to provide or improve a product or service for which a data subject has contracted with Byte Orbit;
- If required to share a data subject's private information with a third party as specified above, Byte Orbit shall notify the data subject of such disclosure.
- Byte Orbit’s employees are required to adhere to Byte Orbit’s data privacy and confidentiality policies, and are trained in this regard.
- Transfer of Your Personal Information out of South Africa Byte Orbit subcontracts the hosting of data (including personal information) to third parties located in countries other than South Africa with the prior consent of data subjects. Byte Orbit will, in these cases, ensure that standard contractual clauses are agreed upon with these parties so as to ensure protection of your Personal Information.
- Information security measures Byte Orbit implements appropriate information technology security measures to protect all data, including personal information, processed by Byte Orbit. Such protection includes but is not limited to encryption, back-ups, anti-virus and anti-malware protection, redundancy, and disaster recovery plans.
- Byte Orbit implements its technical and organisational security measures to protect the integrity, security, and accessibility of data processed by it. Any third parties with whom Byte Orbit interacts for the provision of such services are required to be bound by legislation similar to that in South Africa regarding the protection of personal information, or alternatively be bound by agreements which bind them to an equivalent level of competency and care.
-
Applicable Legislation
No. Act 1. Basic Conditions of Employment Act 75 of 1997 2. Broad-based Black Economic Empowerment Act 53 of 2003 3. Companies Act 71 of 2008 4. Electronic Communications and Transactions Act 25 of 2002 5. Employment Equity Act 55 of 1998 6. Income Tax Act 58 of 1962 7. Labour Relations Act 66 of 1995 8. Occupational Health Act 61 of 2003 9. Promotion of Access to Information Act 2 of 2000 10. Skills Development Act 97 of 1998 11. Skills Development Levies Act 9 of 1999 12. Unemployment Insurance Contributions Act 4 of 2002 13. Value Added Tax Act 89 of 1991 -
Schedule of Records
Byte Orbit has under its control or in its possession the following categories of records under the subjects described below. The categories of records are not exhaustive and are subject to amendment.
Record Type Subject Access Level Business CIPC records (including company registration, officers, intellectual property) 1, 2 audited financial statements 4 tax records 2 asset register 4 statutory records 2 operational records 4 internal policies and procedures 2 financial records 4 product development information 4 management planning information, budgets 4 information technology system records 4 information technology disaster recovery and implementation plans 4 Marketing product information 1 manuals 2 media releases 1 company website 1 marketing plans 4 Personnel personal information provided by personnel 3 personal information provided by third parties 4 employment contracts 4 internal evaluation, performance management and disciplinary records 3 statutory records regarding UIF, PAYE, B-BBEE, EE, Health and Safety 2,3 correspondence with and about personnel 3,4 training schedules and material 2,3 remuneration records 3,4 facilities management documentation 2 Legal agreements and memoranda of understanding 4 litigation records 4 legal opinions 4 legal correspondence 4 Customer personal information provided by customers about their businesses and representatives 3 customer contracts 4 customer databases (including personal information of customers' customers) 3,4 credit records 3 account records 3 correspondence with and about customers 3,4 Suppliers & Contractors personal information provided by suppliers and contractors 3 contracts 4 accounting records 3 Key to record access levelsAccess Level Classification Description 1 Public Unrestricted availability 2 Internal use Administrative records relating to the running of the business with little interest or value to outside parties, to which outside parties may be granted limited access, depending on the circumstances 3 Confidential Personal information of an individual or juristic person requested by the data subject of that information. 4 Restricted Legally privileged document, or document likely to harm an individual, compromise the safety of individuals or property, or harm the commercial or financial interests of the company or a third party. -
Request for Access to Information
- To be granted access to a record referred to in paragraph 5 above, please complete the request form included as Schedule 1 hereto and address your request to the Information Officer at the details given in paragraph 2 above and submit it to compliance@bytorbit.com.
- Details of the fees payable and the payment procedure will be provided by the Information Officer once the request has been received.
- Please complete all fields in the request form, ensuring that you provide us with the following information:
- Details of the record that you are requesting;
- A copy of your valid South African ID document or card;
- A copy of the power of attorney (if applicable);
- A description of the right you seek to exercise or protect, with an explanation of the reason the record is required to exercise or protect the right;
- Details of how the information requested must be provided to you if the request is granted; and
- Your contact details.
-
Fees
- When the Information Officer of Byte Orbit receives a request on the official form for information in terms of the Act, the Information Officer will send the requester (other than a personal requester) a notice requiring the requester to pay the prescribed request fee of R50.00 before further processing the request.
- A further access/reproduction fee will be payable before the requested record is released. The fee is calculated in accordance with the prescribed rates set out in schedule 2, taking access/reproduction costs, search and preparation time, and postal costs (if relevant).
- If preparation of the record requested will take more than six hours, a deposit of one third of the access fee will be payable in advance of provision of the record, with the balance payable on delivery.
- The Information Officer will provide the details of the account into which the payment must be made on the invoice for the access/reproduction fee.
-
Timelines for Consideration
- Once received, Byte Orbit will assess your request and your request will be processed within 30 (thirty) days, unless the request contains considerations that are of such a nature that an extension of the 30-day time limit is needed. If an extension is necessary, you will be notified with reasons for the extension.
- If the Information Officer fails to communicate a decision on a request, such a request is then deemed to have been refused.
-
Grounds for Refusal of Access to Records
-
The main grounds on which Byte Orbit may refuse access to records relate to:
- the privacy of a third party who is a natural person;
- the commercial information of a third party;
- confidential information of a third party;
- the safety of individuals and property;
- legally privileged records; and
- commercial information of Byte Orbit, which may include without limitation:
- trade secrets;
- financial, commercial, scientific or technical information, the disclosure of which would likely harm the financial or commercial interests of Byte Orbit;
- information that, if disclosed, could put Byte Orbit at a disadvantage in negotiations or commercial competition;
- computer programs and related information technology software that are owned by Byte Orbit and that are protected by copyright; and
- research information compiled by Byte Orbit or a third party, if disclosure would expose the third party, researcher or subject matter of the research and therefore seriously disadvantage Byte Orbit.
- Requests submitted in terms of the Protection of Personal Information Act, 4 of 2013, may be refused on the same grounds set out above.
-
The main grounds on which Byte Orbit may refuse access to records relate to:
-
Remedies Available
Byte Orbit does not have any internal appeal procedures that may be followed once a request to access information has been refused. The decision of the Information Officer is final. If you are not satisfied with the outcome of your request, you can apply to the Information Regulator for relief.
-
Schedule 1: Access Request Form
-
Schedule 2: Fees
The following schedule lays out the fees associated with a request for information.
Request Fee (Ex VAT) For every photocopy of an A4-sized page or part thereof R1.10 For every printed copy of an A4-sized page or part thereof held electronically R0.75 For a copy in a computer-readable form on a CD R70.00 For a copy in a computer-readable form on a flash drive R100.00 For a transcription of visual images for an A4-sized page or part thereof R40.00 For a copy of a visual image R60.00 For a transcription of an audio record per A4-sized page or part thereof R20.00 For a copy of an audio record R30.00 To search for and prepare the record for disclosure R30.00 per hour or part thereof