PAIA Manual

Manual Prepared in Accordance with Section 51 of the Promotion of Access to Information Act, 2000

Tracepoint (Pty) Ltd.

Registration Number: 2025/199716/07

Effective Date: March 2026

1. Introduction and Purpose

This manual is published in compliance with Section 51 of the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”), as amended, read together with the Protection of Personal Information Act, No. 4 of 2013 (“POPIA”).

PAIA gives effect to the constitutional right of access to any information held by another person that is required for the exercise or protection of any rights, as enshrined in Section 32 of the Constitution of the Republic of South Africa, 1996.

The purpose of this manual is to:

Inform the public of the structure and functions of Tracepoint (Pty) Ltd. (“the Company” or “Tracepoint”);

Provide details of the records held by the Company;

Explain how to submit a request for access to records held by the Company;

Set out the grounds upon which a request for access to records may be refused;

Outline the remedies available to a requester whose request has been refused; and

Comply with the obligations imposed on private bodies under PAIA and POPIA.

This manual does not constitute legal advice and should be read together with PAIA, POPIA and the relevant regulations.

2. Company Details - Section 51(1)(a)

Nature of Business

Tracepoint (Pty) Ltd. is a private company duly registered and incorporated in terms of the Companies Act, No. 71 of 2008, conducting business in the Republic of South Africa.

3. Contact Details of Information Officer - Section 51(1)(b)

In terms of Section 55 of POPIA, the head of a private body as contemplated in PAIA is the Information Officer of that private body. Tracepoint has designated the following individuals to deal with requests for access to information:

Information Officer

Deputy Information Officer

The Information Officer and Deputy Information Officer have been registered with the Information Regulator in terms of Section 55 of POPIA.

4. Guide by the South African Human Rights Commission - Section 51(1)(c)

In terms of Section 10 of PAIA, the South African Human Rights Commission (“SAHRC”) has compiled a guide to assist persons wishing to exercise their right of access to information held by private and public bodies. The guide is available from the SAHRC and contains information to assist a person wishing to exercise a right contemplated in PAIA, including:

The objects of PAIA;

The postal and street address, telephone and fax number and electronic mail address of the Information Officer of every public and private body;

The manner and form of a request for access to a record of a public or private body;

The assistance available from the Information Officer of a public or private body;

The assistance available from the SAHRC;

All remedies in law regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA;

The provisions of other legislation; and

The regulations made in terms of Section 92 of PAIA.

SAHRC Contact Details

Information Regulator Contact Details

The Information Regulator is the independent body established in terms of POPIA to, amongst other things, monitor and enforce compliance with PAIA and POPIA.

5. Records Available Without a Request - Section 51(1)(d)

In terms of Section 51(1)(d) of PAIA, the following categories of records are automatically available to the public without the need to submit a formal PAIA request:

Information published on the Company’s website at https://www.tracepoint.co.za;

Marketing materials and brochures made available in the ordinary course of business;

Published reports and documents intended for public distribution;

Any records required to be made publicly available by legislation; and

General product and service information.

Records that are automatically available may be accessed by visiting the Company’s website or by contacting the Information Officer.

6. Records Available on Request - Section 51(1)(e)

In terms of Section 51(1)(e) of PAIA, the following categories of records held by Tracepoint may be subject to a request for access. The inclusion of a category of records in this section does not create a right of access to such records. Access to records is subject to the grounds for refusal set out in Section 7 of this manual.

Note: Some records may not be available on grounds of confidentiality, privilege or as provided for in PAIA and POPIA.

6.1 Company Records

Memorandum of Incorporation and amendments;

Minutes of directors’ and shareholders’ meetings;

Resolutions of directors and shareholders;

Share register and related documents;

Company registration certificates and CIPC documents;

Statutory registers and returns;

Powers of attorney and mandates;

Agreements and contracts to which the Company is a party;

Licences, permits and authorisations; and

Internal policies and procedures.

6.2 Financial Records

Annual financial statements;

Management accounts;

Tax returns and related records;

VAT records;

Banking records;

Asset registers;

Invoices, receipts and proof of payment;

Payroll records;

Audit reports; and

Budgets and financial projections.

6.3 Client and Customer Records

Client databases and contact information;

Contractual agreements with clients and customers;

Client correspondence;

Service records and reports;

Quotations and proposals;

Invoices and statements;

Complaint records;

Client onboarding and due diligence documentation; and

Records obtained from or provided to clients in the course of business.

6.4 Human Resources Records

Employment contracts and letters of appointment;

Remuneration records and salary information;

Employee personal information and identity documents;

Leave records;

Disciplinary records and grievance proceedings;

Training records and skills development documentation;

Performance appraisals and reviews;

Medical records and incapacity documentation;

Employment equity plans and reports;

Workplace policies and procedures;

UIF, PAYE and SDL records;

COIDA records;

Pension and provident fund records; and

Recruitment and selection records.

6.5 IT and Technical Records

Software licences and service agreements;

IT infrastructure and systems documentation;

Database records and access logs;

Information security policies and procedures;

Website analytics and logs;

Data processing records;

Backup and disaster recovery documentation;

Technical specifications and architecture documents; and

Third-party IT service provider agreements.

6.6 Operational Records

Standard operating procedures;

Operational reports and performance records;

Quality assurance records;

Supply chain and procurement documentation;

Supplier and service provider agreements;

Insurance policies and claims documentation;

Health and safety records;

Compliance and regulatory records;

Environmental records (where applicable);

Incident reports; and

Business continuity plans.

6.7 Marketing Records

Marketing strategies and plans;

Advertising and promotional material;

Market research and analysis;

Brand guidelines and assets;

Social media records;

Event and campaign records;

Mailing lists and distribution databases;

Customer surveys and feedback; and

Public relations and media correspondence.

7. Grounds for Refusal of Access to Records - Section 51(1)(f)

In terms of Sections 62 to 70 of PAIA (applied via Section 51(1)(f)), the Company may refuse a request for access to records on the following grounds:

7.1 Mandatory Protection of Privacy of a Third Party (Section 63)

Access will be refused if disclosure would involve the unreasonable disclosure of personal information about a natural person (third party), including a deceased individual, unless that individual has consented or the information is already publicly available.

7.2 Mandatory Protection of Commercial Information of a Third Party (Section 64)

Access will be refused if the record contains trade secrets, financial, commercial, scientific or technical information of a third party, the disclosure of which could reasonably be expected to cause harm to the commercial or financial interests of that third party.

7.3 Mandatory Protection if Disclosure Would Constitute an Action for Breach of a Duty of Confidence (Section 65)

Access will be refused if the record was supplied in confidence and disclosure would constitute a breach of a duty of confidence owed to a third party.

7.4 Mandatory Protection of Safety of Individuals and Property (Section 66)

Access will be refused if disclosure could reasonably be expected to endanger the life or physical safety of an individual or to prejudice the security of a building, structure, system or property.

7.5 Mandatory Protection of Records Privileged from Production in Legal Proceedings (Section 67)

Access will be refused if the record is privileged from production in legal proceedings, unless the person entitled to the privilege has waived such privilege.

7.6 Commercial Information of the Private Body (Section 68)

Access may be refused if the record contains trade secrets, financial, commercial, scientific or technical information of the Company, the disclosure of which could reasonably be expected to cause harm to the commercial or financial interests of the Company.

7.7 Mandatory Protection of Research Information of a Third Party and the Private Body (Section 69)

Access will be refused if the record contains information about research being or to be carried out by or on behalf of a third party or the Company, the disclosure of which would be likely to expose the research or the third party, researcher or the Company to serious disadvantage.

7.8 Requests for Information Manifestly Frivolous or Vexatious or Involving Unreasonable Diversion of Resources (Section 70)

Access may be refused if the request is manifestly frivolous or vexatious or if the work involved in processing the request would substantially and unreasonably divert the resources of the Company.

8. Request Procedure - Section 51(1)(g)

8.1 How to Submit a Request

A requester seeking access to records held by Tracepoint must submit a request on the prescribed Form 2 (Request for Access to Record of Private Body), as published in Government Gazette No. 45057 (Government Notice No. R757 of 3 June 2022) or any subsequent amendment thereof.

The completed Form 2 must be submitted to the Information Officer at the address, fax number or email address set out in Section 3 of this manual.

8.2 Requirements for a Valid Request

The requester must:

Complete the prescribed Form 2 in full;

Provide sufficient detail to identify the record(s) requested;

Indicate the form in which they wish to access the record (e.g., copy, inspection, etc.);

Indicate the right that the requester is seeking to exercise or protect and explain why the record is required for the exercise or protection of that right;

If the request is made on behalf of another person, provide proof of the capacity in which the request is made;

Pay the prescribed request fee (if applicable); and

Pay the access fee (if applicable and upon notification).

8.3 Processing of Requests

The Information Officer will acknowledge receipt of the request;

The Information Officer must respond to the request within 30 (thirty) days of receipt of the completed Form 2 and payment of the request fee;

This period may be extended by a further period of 30 (thirty) days if the request is for a large number of records or if the search requires a search through a large number of records and compliance within the original 30-day period would unreasonably interfere with the activities of the Company;

The requester will be notified in writing of the decision to grant or refuse the request;

If access is granted, the requester will be notified of the applicable access fee (if any) and the form in which access will be given;

If access is refused, the requester will be provided with reasons for the refusal and informed of the remedies available; and

If a request is made for information that is not held by the Company, the request will be transferred to the appropriate body (if known) within 14 days.

8.4 Form of Access

Access to records may be provided in the following forms, subject to the form in which the record exists:

Personal inspection at the Company’s premises;

A printed copy of the record;

A copy in electronic format (where available);

A transcription of the record; or

A copy of the record in any other manner reasonably possible.

9. Remedies Available if Request is Refused

9.1 Internal Remedies

The Company does not have internal appeal procedures in terms of PAIA. As such, the decision of the Information Officer is final.

9.2 External Remedies

A requester who is aggrieved by the decision of the Information Officer may, within 180 (one hundred and eighty) days of notification of the decision:

Lodge a complaint with the Information Regulator - A complaint may be lodged in the prescribed manner and form with the Information Regulator at the contact details set out in Section 4 of this manual; or

Apply to a court of competent jurisdiction - A requester may apply to a court for appropriate relief, including an order compelling the Company to grant access to the record.

The Information Regulator has the power to investigate complaints, make determinations and issue enforcement notices.

10. Prescribed Fees

10.1 Request Fee

A requester who seeks access to a record held by the Company must pay a request fee as prescribed by regulation, before the request will be processed. The request fee is currently set at R50.00 (subject to amendment by regulation).

The request fee is not applicable to a personal requester who seeks access to their own personal information.

10.2 Access Fee

In addition to the request fee, an access fee may be payable for the search, preparation, reproduction, and/or delivery of the record. The access fee is calculated in accordance with the prescribed fee schedule, as set out in the regulations published under PAIA.

The prescribed access fees are as follows (subject to amendment):

Note: The above fees are indicative and are subject to the prevailing regulations. The Information Officer will notify the requester of the applicable fees upon receipt of a request.

10.3 Payment

A request fee must accompany the request;

An access fee is payable before access is granted;

The requester will be notified of the access fee and must pay such fee within 30 days of notification;

If the fee is not paid within the prescribed period, the request will be deemed to have been withdrawn; and

Fees may be paid by electronic funds transfer, as directed by the Information Officer.

11. Integration with POPIA - Section 57

11.1 Application of POPIA

In terms of Section 57 of POPIA, read with Section 51 of PAIA, this manual serves as a combined reference for information access and the protection of personal information.

11.2 Purpose of Processing Personal Information

Tracepoint processes personal information for the following purposes, in compliance with the conditions for lawful processing set out in Chapter 3 of POPIA:

To provide and improve the Company’s products and services;

To manage and administer client and customer relationships;

To comply with legal and regulatory obligations;

To manage employment relationships and human resources functions;

To manage supplier and service provider relationships;

To communicate with stakeholders;

To conduct marketing activities (with appropriate consent);

To protect the legitimate interests of the Company;

To fulfil contractual obligations; and

For any other lawful purpose related to the Company’s business operations.

11.3 Categories of Data Subjects

The Company may hold personal information of the following categories of data subjects:

11.4 Rights of Data Subjects

Data subjects have the following rights under POPIA:

The right to be notified that personal information is being collected (Section 18);

The right to request access to personal information held by the Company (Section 23);

The right to request correction or deletion of personal information (Section 24);

The right to object to the processing of personal information (Section 11(3)(a));

The right to object to direct marketing by means of unsolicited electronic communications (Section 69);

The right to lodge a complaint with the Information Regulator (Section 74); and

The right to institute civil proceedings regarding an interference with the protection of personal information (Section 99).

11.5 Security Measures

Tracepoint has implemented reasonable technical and organisational security measures to protect personal information against loss, unauthorised access, misuse, interference, modification or disclosure, as required by Section 19 of POPIA. These measures are reviewed and updated periodically.

11.6 Cross-Border Transfers

The Company will only transfer personal information outside the borders of the Republic of South Africa in compliance with the conditions set out in Section 72 of POPIA.

11.7 Requests in Terms of POPIA

A data subject who wishes to exercise any right in terms of POPIA may submit a request to the Information Officer using the contact details set out in Section 3 of this manual. Such requests will be dealt with in accordance with the provisions of PAIA, as contemplated in Section 57 of POPIA.

12. Availability of this Manual

This manual is available:

On the Company’s website at https://www.tracepoint.co.za;

At the Company’s registered office at 4th Floor Menlyn Corner, 87 Frikkie de Beer Street, Menlyn, 0181, for inspection during normal business hours;

From the Information Regulator at https://www.inforegulator.org.za; and

Upon request from the Information Officer at [email protected].

A copy of this manual is also available for inspection free of charge at the Company’s offices.

This manual will be updated from time to time as and when required.

This manual has been prepared in compliance with the Promotion of Access to Information Act, No. 2 of 2000 (as amended) and the Protection of Personal Information Act, No. 4 of 2013. It is a standalone legal compliance document and does not form part of or replace, any other policy of the Company.

© Tracepoint (Pty) Ltd. All rights reserved.