Open Access Fibre Network
This manual was prepared in accordance with Section 51 of the Promotion of Access to Information Act, 2000 (‘PAIA’) and to
address requirements of the Protection of Personal Information Act 4 of 2013 (‘POPI’).
This POPI/ PAIA manual applies to Octotel Pty Ltd
Registration Number: CK 2015/051236/07
(“OCTOTEL”)
Registered Office Address:
5th Floor, The Point, 76 Regent Road, Sea Point, Cape Town, South Africa
No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without express written permission of: OCTOTEL PTY Ltd
4th Floor, The Point,
76 Regent Road, Sea Point,
Cape Town, South Africa
OCTOTEL Pty Ltd is committed to on-going research and development to track technological developments and customer needs in the market. Consequently, information contained in this document may be subject to change without prior notice.
1 Introduction
PAIA
The Promotion of Access to Information Act, 2000 (the “PAIA”) grants the public the right to make a request to access records held by private bodies and the government, if such information is required in the exercise and/or protection of any Constitutional rights. On request, the private body or government is obliged to release such information unless the Act expressly states that the records
containing such information may or must not be released. This manual informs requestors of procedural and other requirements
which a request must meet as prescribed by the Act.
POPI
OCTOTEL processes personal information of its employees, members, clients and other data subjects from time to time. As such, it is obliged to comply with the Protection of Personal Information Act No. 4 of 2013 (“POPI”) as well as the Promotion of Access to Information Act No. 2 of 2000 (“PAIA”). This manual, in addition to its privacy policy, is OCTOTEL’s commitment to protecting its members’/clients’/supplier’s/employees’ and other data subjects’ privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws.
Nature of Business
OCTOTEL Pty Ltd (hereinafter, the ‘Company’) is an ICASA Registered Electronic Communications Network Service Provider (ECNS licence holder).
Information Officer details
All PAIA requests should be submitted to:
Octotel Chief Information Officer: Wian Heath
Physical Address: Suite 401, 4th Floor
The Point Office
76 Regent Road
Sea Point
Western Cape, 8060
Postal Address:
PO BOX 12768,
Mill Street,
Cape Town,
8010
Telephone Number: 087 470 08 00
Email Address: Wian@rampgroup.co.za
3 Requesting Access To Records Held By OCTOTEL
A requester can be a natural person/ juristic entity who submits a request for access to a record held by OCTOTEL. In this regard, the Act distinguishes between two types of requesters:
3.1 Personal Requester
A personal requester is a requester who is seeking access to a record containing personal information about the requester. Subject to the provisions of PAIA/ the Act and applicable law, OCTOTEL will provide the requested information, or
give access to any record about the requester’s personal information. The prescribed fee for reproduction of the information requested will be charged by OCTOTEL.
3.2 Third party requester
This requester (is someone other than a personal requester) and is entitled to request access to information pertaining to a third party/ ies.
However, OCTOTEL is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of PAIA/ the Act, which includes notifying the third party that such a request has been made. The prescribed fee for reproduction of the information requested will be charged by OCTOTEL.
3.3 Request Procedure
A requester must comply with all the procedural requirements contained in the Act relating to a request for access to a record.
For instance, OCTOTEL may only process your request once the requirements in terms of PAIA have been met.
A requester may submit a request in the prescribed Form and submit it to our Information Officer. The prescribed request form must be filled in with enough information to at least enable the information officer to identify:
• The record or records requested
• The identity of the requester
• What form of access is required?
• The postal address or email address of the requester.
A requester must state that he or she requires the information to exercise or protect a right, and clearly state what the nature of the right is, so to be exercised or protected. The requester must also provide an explanation of why the requested record is required for the exercise or protection of that right.
OCTOTEL will process a request within 30 days, unless the requestor has stated special reasons which would satisfy the information officer that circumstances dictate that this period not be complied with.
The requester shall be informed in writing whether access has been granted or denied. If, in addition, the requester requires the reasons for the decision in any other manner, he or she must state the way it is required. If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is making the request to the satisfaction of the information officer.
If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally to the information officer.
3.4 Decision
3.4.1 The Information Officer will, within 30 days of receipt of the request, decide whether to grant or decline the request.
3.4.2 The 30-day period may be extended for a further period if the request is for a large amount of information or the request requires a search for information held at another office of OCTOTEL and the information
cannot reasonably be obtained within the original 30-day period. The Information Officer will notify the Requester in writing should an extension be sought.
3.5 Grounds For Refusal Of Access To Records In Terms Of PAIA
The following are the grounds on which OCTOTEL may, subject to the exceptions contained in Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:
3.5.1 Mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable.
3.5.2 Mandatory protection of the commercial information of a third party, if the Records contain: a) Trade secrets of that third party
b) Financial, commercial, scientific, or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or c) Information disclosed in confidence by a third party to OCTOTEL, the disclosure of which could put that third-party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition
3.5.3 Mandatory protection of confidential information of third parties if it is protected in terms of any agreement.
3.5.4 Mandatory protection of the safety of individuals and the protection of property.
3.5.5 Mandatory protection of Records that would be regarded as privileged in legal proceedings.
3.5.6 Protection of the commercial information of OCTOTEL, which may include: a) Trade secrets
b) Financial/commercial, scientific, or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of OCTOTEL.
c) Information which, if disclosed, could put OCTOTEL at a disadvantage in contractual or other negotiations or prejudice OCTOTEL in commercial competition; and/or
d) Propriety software which are developed and ow, and which are protected by copyright and intellectual property laws.
3.5.7 Research information of OCTOTEL or a third party, if such disclosure would place the research or the researcher at a serious disadvantage, and
3.5.8 Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.
3.6 Remedies Available To The Requester Upon Refusal Of A Request For Access Of PAIA
After submitting a complaint in the prescribed form provided in this Manual, and where OCTOTEL is unable to resolve your complaint within one month (or extended period), to your satisfaction, you have the right to refer your complaint to the relevant Information Regulator.
3.6.1 Internal remedies
OCTOTEL does not have internal appeal procedures. As such, the decision made by the Information Officer is final, and Requesters will have to exercise such external remedies at their disposal if the Request for Access is refused.
3.6.2 External remedies
Any person wishing to lay a matter of concern or complaint may do so at the Information Regulator of South Africa.
Website: www.inforegulator.org.za.
Email: enquiries@inforegulator.org.za
In respect of European Data Subjects at:
The supervisory authority, in the Member State of
your habitual residence, place of work or place of the alleged GDPR infringement. See link that provides details of the list of supervisory authority’s details
https://edpb.europa.eu/aboutedpb/board/members_en
3.7 Availability Of This Manual
3.7.1. This Manual is available for inspection by the public, upon request, during office hours and free of charge at OCTOTEL’s offices.
3.7.2. This Manual is also published on OCTOTEL’s website www.octotel.co.za
4 Fees
The Act provides for two types of fees:
1. A request fee, (which will be a standard fee) When a request is received by the information
officer of OCTOTEL, the information officer shall by notice require the requester, other than a personal requester, to pay the
prescribed request fee, if any, before further processing of the request can take place. If a search for the information is necessary
and the preparation and disclosure of the information for disclosure, requires more time than prescribed in the regulations for
this purpose, the information officer shall notify the requester to pay as a deposit if the request is granted.
The information officer shall withhold information until the requester has paid the fee or fees indicated.
2. Reproduction/ Access fee
A requester whose request
for access to information has been granted, must pay an access fee reproduction, for search, preparation, and for any time in excess of the prescribed hours to prepare the information for disclosure including making arrangements to make it available in the request form. If a deposit has been paid in respect of a request for access, which is refused, then the information officer shall repay the
deposit to the requester.
Below is a guideline for reproduction fees: 1. Request fee, payable by every requeste R140.00 2. Photocopy or printed black & white copy for every A4 page R2.00 per page or part of the page 3. Printed copy of A4-size page R2.00 per page or part of the page 4.For a copy in a computer-readable form on: – a flash drive (provided by the requester) R40.00 – a compact disc (CD) if the requester provides the CD to usR40.00 – a compact disc (CD) if we give the CD to the requester R60.00 5. For a transcription of visual images, for an A4-size page or part of the page This service will be outsourced. The fee will depend on the quotation from the service provider. 6. For a copy of visual images This service will be outsourced. The fee will depend on the quotation from the service provider. 7. For a transcription of an audio record, per A4-size page R24.00 8. For a copy of an audio record on a flash drive (provided by the requester) R40.00 For a copy of an audio record on compact disc (CD) if the requester provides the CD to us For a copy of an audio record on compactdisc (CD) if we give the CD to the requester R60.00 9. For each hour or part of an hour (excluding the first hour) reasonably required to search for, and prepare the record for disclosure The search and preparation fee cannot exceed R145.00-R435.00 10. Deposit: if the search exceeds 6 hours One-third of the amount per request. It is calculated in terms of items 2 to 8 above. 11.Postage, email or any other electronic transfer Actual expense, if any.
5 Categories Of Records Held By The Company: Section 51(1)(E)
5.4 Companies Act Records
5.4.1 Company Incorporation
5.4.2 Names of Directors
5.4.3 Salaries of Directors
5.4.4 Minutes of Board Meetings
5.4.5 Records relating to the appointment of directors / auditor / secretary / public officer and other officers
5.5 Financial Records
5.5.1 Financial Statements
5.5.2 Documents relating to taxation of the company
5.5.3 Accounting Records
5.5.4 Financial Agreements
5.6 Agreements or Contract Records
5.6.1 Standard Agreements
5.6.2 Contracts concluded with Companies
5.6.3 Contracts concluded with Customers
5.6.4 Third Party Contracts (such as Service Level Agreements etc.)
5.6.5 Suppliers Contracts
5.7 Employees
5.7.1 List of Employees
5.7.2 Personal Information of Employees
5.7.3 Employee Contracts of Employment
5.7.4 Salaries of Employees
5.7.5 Leave Records
5.8 Company Policies and Directives
5.8.1 Internal relating to employees and the company
5.8.2 External relating to clients and other third parties.
5.9 Regulatory
5.9.1 Licenses or Authorities
5.10 Customer Information
5.10.1 Customer Details
5.10.2 Contact details of individuals within Customers
5.10.3 Communications with Customers
5.11 Systems, Solutions, and Information Technology
5.11.1 Intellectual property pertaining to solutions and products developed. 5.11.2 Usage of solutions and products.
6 Protection of Personal Information (POPIA compliance)
6.4 Conditions of Processing
Chapter 3 of POPI provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in POPI. Below is a description of the eight Conditions for Lawful Processing as contained in POPI:
a) Accountability – the Responsible Party has an obligation to ensure that there is compliance with POPI in respect of the Processing of Personal Information.
b) Processing limitation – Personal Information must be collected directly from a Data Subject to the extent applicable; must only be processed with the consent of the Data Subject and must only be used for the purposes for which it was obtained.
c) Purpose specification – Personal Information must only be processed for the specific purpose for which it was obtained and must not be retained for any longer than it is needed to achieve such purpose.
d) Further processing limitation – further processing of Personal Information must be compatible with the initial purpose for which the information was collected.
e) Information quality – the Responsible Party must ensure that Personal Information held is accurate and updated regularly and that the integrity of the information is maintained by appropriate security measures.
f) Openness – there must be transparency between the Data Subject and the Responsible Party.
g) Security safeguards – a Responsible Party must take reasonable steps to ensure that adequate safeguards are in place to ensure that Personal Information is being processed responsibly and is not unlawfully accessed.
h) Data Subject participation – the Data Subject must be made aware that their information is being processed and must have provided their informed consent to such processing.
6.5 Purpose of the Processing of Personal Information by OCTOTEL
As outlined in paragraph 6.1(c), Personal Information may only be Processed for a specific purpose. The purposes for which OCTOTEL processes or will process Personal Information is in line with the Act and with the informed consent of all parties.
6.6 Categories of Data Subjects and Personal Information/special Personal Information relating thereto
As per section 1 of POPI, a Data Subject may either be a natural or a juristic person (persons who are deceased are not covered in terms of this definition). The Privacy Policy sets out the various categories of Data Subjects that OCTOTEL Processes Personal Information on and the types of Personal Information relating thereto.
6.7 Recipients of Personal Information
OCTOTEL uses safeguards both internal and external to maintain the integrity and safety of all its data subjects. Further, OCTOTEL reinforces its responsibilities under POPIA by only engaging with Operators who also subscribe to POPI requirements.
6.8 Cross-Border Flows Of Personal Information
Section 72 of POPI provides that Personal Information may only be transferred out of the Republic of South Africa:
a) If the recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws must be substantially like the Conditions for Lawful Processing as contained in POPI; or
b) If the Data Subject consents to the transfer of their Personal Information; or
c) If the transfer is necessary for the performance of a contractual obligation between the Data Subject and the Responsible Party; or
d) If the transfer is necessary for the performance of a contractual obligation between the Responsible Party and a third party, in the interests of the Data Subject; or
e) If the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to obtain the consent of the Data Subject, and if it were, the Data Subject, would likely provide such consent.
OCTOTEL has trans-border flows of Personal Information as described below:
6.8.1 we make use of systems hosted in European territories and Personal Information may be stored in European zones which would be subject to strict data protection laws in line with the GDPR.
6.8.2 Before signing an agreement with a third-party service provider that we are required to share Personal Information with, we ensure that their data protection standards are in line with those outlined in Information Protection Laws and request that this obligation is provided for in writing.
6.9 Description of information security measures to be implemented by OCTOTEL
A preliminary assessment of the information security measures implemented or to be implemented by OCTOTEL may be conducted to ensure that the Personal Information is processed and is safeguarded in accordance with the Conditions for Lawful Processing.
6.10 Objection to the Processing of Personal Information by a Data Subject
Section 11 (3) of POPI and regulation 2 of the POPI Regulations provides that a Data Subject may, at any time object to the Processing of Personal Information and should make such objections in writing to the Information Officer.
6.11 Request for correction or deletion of Personal Information
Section 24 of POPI and regulation 3 of the POPI Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form on the website of the Information Regulator.
