AXIZ (PTY) LTD – 1989/000907/07MANUAL IN TERMS OF THE OF PROMOTION OF ACCESS TO INFORMATION ACT, ACT 2 OF 2000 Date of Update: 17 October 2023
1. INTRODUCTION
1.1. The Promotion of Access to Information Act, Act 2 Of 2000 (“PAIA”) gives effect to the constitutional right of access to any information held by the State and any information that is held by another person and that is required for the exercise or protection of any rights.
1.2. This is the Information Manual in Terms of PAIA in respect of Axiz Proprietary Limited (“Axiz”).
1.3. Axiz is an IT distribution company and regarded as a private body in terms of PAIA.
2. CONTACT DETAILS
2.1. Postal Address PO Box 2794, Rivonia, Sandton, Gauteng, 2128
2.2. Physical Address International Business Gateway, Corner New Road and 6th Road, Midrand, 1685, Gauteng, South Africa
2.3. Telephone Number 011 237 7000
2.4. Electronic Mail [email protected]
2.5. Chief Executive Officer Craig Brunsden
2.6. Deputy Information Officer Sonja Sarjoo
3. PURPOSE OF THIS MANUAL
3.1. This manual is a guide to accessing records held by Axiz and is intended to provide guidelines to the members of the public who wish to exercise their constitutional rights embodied in PAIA.
3.2. This manual contains a guide in respect of how to lodge a request for information, the types of records that are available, the grounds for refusal, what procedures will be followed in considering a request, the applicable fee structure and information on the applicable appeal procedures should you not be satisfied with the outcome of the request.
3.3. This manual will outline how Axiz will process personal information and the purpose of processing of information by Axiz, as well as a description of the categories of Axiz’s data subjects.
4. THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013 (“POPI”)
4.1. POPI amends PAIA in certain instances. Under POPI the South African Human Rights Commission’s (“the SAHRC”) functions in terms of PAIA are transferred to the Information Regulator effective 30 June 2021.
4.2. The SAHRC will however still retain its constitutional obligation to promote, protect and monitor the right of access to information as rights enshrined in the Constitution of the Republic of South Africa.
5. DESCRIPTION OF HOW TO USE PAIA PREPARED BY THE INFORMATION REGULATOR
The Information Regulator has compiled a guide in terms of section 10(1) of PAIA. The guide contains information required by any person wishing to exercise any right set out in PAIA and POPI. The Guide is available in all of the official languages and braille upon request to the Information Regulator from the website of the Information
(https://www.justice.gov.za/inforeg/)
6. CATEGORIES OF RECORDS WHICH ARE AVAILABLE WITHOUT A PERSON HAVING TO REQUEST ACCESS IN TERMS OF PAIA
All information freely available on Axiz’s website, namely www.axiz.com, are automatically available to any person
requesting the information and it is therefore not necessary to apply for access thereto in terms of PAIA.
7. DESCRIPTION OF RECORDS WHICH ARE AVAILABLE IN ACCORDANCE WITH ANY LEGISLATION OTHER THAN PAIA
7.1. Basic Conditions of Employment Act 75 of 1997.
7.2. Companies Act 71 of 2008.
7.3. Compensation for Occupational Injuries and Disease Act 130 of 1993.
7.4. Employment Equity Act 55 of 1998.
7.5. Financial Intelligence Centre Act 38 of 2001.
7.6. Income Tax Act 58 of 1962.
7.7. Labour Relations Act 66 of 1995.
7.8. Skills Development Act 9 of 1999.
7.9. Unemployment Insurance Act 63 of 1962.
7.10. Value Added Tax Act 89 of 1991.
8. PURPOSE OF PROCESSING PERSONAL INFORMATION
8.1. Axiz is a distributor of IT hardware, software, cloudware and services. We therefore process the personal information of our customers, their customers and our suppliers in order to provide and deliver the products or services purchased.
8.2. Personal information is used for both delivery and operational requirements, as well as compliance requirements placed on us by our suppliers, our banks, our insurance providers and the various Governments and Government entities in the countries in which we operate.
9. CATEGORIES OF INFORMATION PROCESSED
9.1. Records under the Companies Act
9.1.1. Memorandum of Incorporation
9.1.2. Minutes of meetings of the Board of Directors
9.1.3. Minutes of meetings of Shareholders
9.1.4. Records relating to the appointment of Directors, Auditors, Secretary, Public Officer and any other Officer
9.1.5. Statutory registers
9.2. Financial Records
9.2.1. Accounting records
9.2.2. Annual Financial Statements
9.2.3. Asset Register
9.2.4. Banking records, bank statements, paid cheques, electronic banking records
9.2.5. Invoices and Purchase Orders
9.2.6. Rental and Licence Agreements
9.2.7. Tax Returns
9.3. Income Tax Records
9.3.1. PAYE records
9.3.2. Documents issued to employees for income tax purposes
9.3.3. Records of payments made to the South African Revenue Services on behalf of employees.
9.3.4. All other Statutory Compliances:
9.3.4.1. Value Added Tax
9.3.4.2. Securities Transfer Tax
9.3.4.3. Regional Services Levies
9.3.4.4. Skills Development Levies
9.3.4.5. Unemployment Insurance Fund
9.3.4.6. Workmen’s Compensation
9.4. Personnel Documents andRecords
9.4.1. Employment contracts
9.4.2. Employment Equity Plan
9.4.3. Disciplinary records
9.5. Salary records
9.6. SETA records, Training records, Training Manuals
9.7. Disciplinary code
9.8. Leave records
10. DESCRIPTION OF CATEGORIES OF DATA SUBJECTS
10.1. Recipients or categories of recipients to whom personal information may be supplied:
10.1.1. Customers
10.1.2. Suppliers
10.1.3. Employees
11. PLANNED TRANSBORDER FLOWS OF PERSONAL INFORMATION
11.1. Transfer to any of our branches for operational reasons (currently Namibia, Botswana, Kenya, Mozambique ,
Mauritius and Zambia)
11.2. Transfer to any of our international suppliers for operational reasons
12. INFORMATION SECURITY MEASURES IMPLEMENTED TO ENSURE THE CONFIDENTIALITY, INTEGRITY AND AVAILABILITY OF THE INFORMATION
12.1. Individual user log-in details for staff to access the corporate network and systems
12.2. Password procedures (complexity and regular updating)
12.3. Automatic locking of computers after a certain period of inactivity
12.4. Anti-virus, firewalls and other security software installed on all devices connected to the corporate network
12.5. Data back-up processes
12.6. Information Security policies in place
12.7. Data protection training of all employers
12.8. Regular audit of IT systems, including system security
12.9. Non-disclosure and data protection agreements in place with customers, suppliers, services providers
12.10. Access card-controlled entrances
12.11. Security personnel at entrances
12.12. Security fences around office premises
12.13. Burglar alarm system after office hours
12.14. CCTV
12.15. Locked and access-controlled filing rooms
12.16. Locked and access-controlled server rooms
13. HOW TO MAKE A REQUEST
13.1. The requester must comply with all the procedural requirements of PAIA relating to the request for access to a record.
13.2. The requester must complete a Form 02 (available on the website of the Information Regulator at https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-PAIA-Form02-Reg7.pdf) and submit this form together with a request fee to the Information Officer at the postal address, physical address or electronic mail address stated above.
13.3. The prescribed form must contain sufficient particularity in order to enable the Information Officer of Axiz to identify –
13.3.1. the records requested.
13.3.2. the identity of the requester.
13.3.3. which form of access is required.
13.3.4. the electronic mail address of the requester.
13.4. In the prescribed form, the requester must identify the right that the requester is seeking to protect. The requester must also provide an explanation of why the requested record is required for the exercise or protection of any right.
13.5. If, in addition to a written reply, the requester wishes to be informed of the decision in respect of the request in any other manner, the requester must state the manner in which it wishes to be informed.
13.6. If the request is made on behalf of another person, then the requester must submit proof of the capacity in terms of which the requester is making the request, to the reasonable satisfaction of the Information Officer of Axiz.
13.7. Axiz will inform the requester within 30 (thirty) business days after receipt of the request of its decision whether or not to grant the request.
13.8. The 30 (thirty) day period may be extended by a further period of not more than 30 (thirty) business days if the request is for a large number of records or requires Axiz to search through a large volume of records or the records are not kept at the offices of Axiz.
13.9. The requestor will be notified of Axiz’s decision of the request on the prescribed Form 03 (which is available at
https://inforegulator.org.za/wp-content/uploads/2020/07/Form-3-PAIA.pdf)
13.10. If the request for access is granted, the Form will state the access fee (if any) to be paid upon access
and the form in which the access will be given.
13.11. The requester may lodge a complaint with the Information Regulator or an application with a court against
the access fee to be paid or the form of access granted.
13.12. If the request for access is refused, the Form will state adequate reasons for the refusal, including the
provisions of PAIA relied upon and will state that the requester may lodge an application with a court against the
refusal for the request, and the procedure (including the period) for lodging the application.
14. GROUNDS FOR REFUSAL OF ACCESS TO RECORDS (CHAPTER 4 OF PAIA)
14.1. Subject to sections 7 and 70 of PAIA, the main grounds on which Axiz may refuse a request for information as contemplated in PAIA are the following:
14.1.1. mandatory protection of the privacy of a third party who is a natural person, which would involve the unreasonable disclosure of personal information of that natural person;
14.1.2. mandatory protection of commercial information of a third party, if the record contains –
14.1.2.1. trade secrets of that third party;
14.1.2.2. financial, commercial, scientific, or technical information which disclosure could likely cause harm to the financial or commercial interests of that third party; and
14.1.2.3. information disclosed in confidence by a third party to Axiz if the disclosure could put that third party at a disadvantage in negotiations or prejudice that third party in commercial competition.
14.1.3. mandatory protection of confidential information if the disclosure would constitute a breach of a duty or confidence to a third party in terms of any agreement;
14.1.4. mandatory protection of the safety of individuals and the protection of safety of property;
14.1.5. mandatory protection of records which would be regarded as privileged in legal proceedings;
14.1.6. the protection of the commercial activities of Axiz which include –
14.1.6.1. trade secrets of Axiz;
14.1.6.2. financial, commercial, scientific, or technical information which disclosure could likely cause harm to the financial or commercial interests of Axiz.
14.1.6.3. information which, if disclosed, could put Axiz at a disadvantage in negotiations or commercial
competition;
14.1.6.4. a computer program which is owned by Axiz, and which is protected by copyright except in so far as Axiz is required to give access to a record to which access is granted in terms of PAIA; and
14.1.6.5. research information of Axiz or a third party on behalf of Axiz, if the disclosure would expose the third party, Axiz or the researcher of the subject matter of the research to serious disadvantage.
15. REMEDIES AVAILABLE ON REFUSAL OF A REQUEST FOR INFORMATION
15.1. Axiz does not have an internal appeal procedure and as such, the decision made by the Information Officer of Axiz is final.
15.2. If your request is denied, you are entitled to apply to a court with the appropriate jurisdiction for relief