1.1 “Act or PAIA” means the Promotion of Access to Information Act No. 2 of 2000 (as amended);
1.2 “Data Subject” has the meaning ascribed to it in section 1 of POPIA;
1.3 “PAIA Regulations” means the regulations promulgated under PAIA;
1.4 “Personnel” means any permanent, temporary and part-time staff, contract workers, directors or officers of Root.
1.5 “Personal Information” has the meaning ascribed to it in section 1 of POPIA;
1.6 “POPIA” means the Protection of Personal Information Act No. 4 of 2014 (as amended);
1.7 “Private Bodies” has the meaning ascribed to it in section 1 of PAIA; and
1.8 “Root” means Root Software Proprietary Limited; incorporated and registered in the Republic of South Africa with registration number 2017/025689/07; and
2.1PAIA was enacted on 3 February 2000, giving effect to the constitutional right in terms section 32 of the Bill of Rights contained in the Constitution of the Republic of South Africa 108 of 1996 (the Constitution) of access to any information held by the state and any information that is held by another person and that is required for the exercise or protection of any rights.
2.2In terms of section 51 of the Act, all Private Bodies are required to compile an information manual, which details the procedural issues attached to a request for information, the prescribed rates, the requirements which such request must meet as well as the grounds for refusal or partial refusal of such request. Please refer to the sections below for more information (“PAIA Manual”).
3.1This PAIA Manual is intended to:
3.1.1ensure that Root complies with the provisions of the Act; and
3.1.2foster a culture of transparency and accountability within Root by giving effect to the right to information that is required for the exercise or protection of any right.
3.2The purposes of this PAIA Manual are:
3.2.1to provide a list of the available records of Root;
3.2.2to set out the requirements with regard to who may request information in terms of PAIA, as well as the grounds on which a request may be denied; and
3.2.3to define the manner and form in which a request for information must be submitted and to detail all fees applicable in respect of such information request.
4.1 Head of Root: Louw Hopley (CEO)
4.2 Email of Head of Root: email@example.com
4.3 Street Address of Root: Unit A, 4th Floor, Hill House, 43 Somerset Road, Green Point, Cape Town, 8005
4.4 Postal Address of Root: Same as above
5.1 Information Officer: Name: Charlotte Koep
Email: firstname.lastname@example.org / email@example.com
5.2 Deputy Information Officer: Name: Jared Lesar
Email: firstname.lastname@example.org / email@example.com
An official guide has been compiled which contains information to assist a person wishing to exercise a right of access to information in terms of PAIA and POPIA. This guide is made available by the Information Regulator (established in terms of POPIA). Copies of the updated guide are available from the Information Regulator free of charge. Any request for public inspection of the guide at the office of the Information Regulator or a request for a copy of the Guide from the Information Regulator must substantially correspond with Form 1 of Annexure A to Government Notice No. R.757 dated 27 August 2021 promulgated under the PAIA Regulations. Their contact details are as follows:
Any person, may request a copy of the Guide, or any part thereof, from the Information Regulator.
7.1 PAIA provides that a person may only make a request for information if the information is required for the exercise or protection of a legitimate right.
7.2 Information will therefore not be furnished unless a person provides sufficient particulars to enable Root to identify the right that the requester is seeking to protect as well as an explanation as to why the requested information is required for the exercise or protection of that right.
7.3 The requester is required to comply with the procedural requirements in terms of the Act pertaining to a request for access.
7.4 The exercise of an individual’s rights is subject to justifiable limitations, including the reasonable protection of privacy, commercial confidentiality and effective, efficient and good governance. PAIA and the request procedure contained in this PAIA Manual may not be used for access to a record for criminal or civil proceedings, nor should information be requested after the commencement of such proceedings.
8.1 Information that is obtainable via the Root website about Root is automatically available and need not be formally requested in terms of this PAIA Manual.
8.2 The following categories of records are automatically available for inspection, purchase or photocopying (unless any of them have confidential information in which case please refer to the grounds of refusal of access to a record in paragraph 12.5 below):
8.2.2 press releases;
8.2.4 User guides;
8.2.5 API documentation; and
8.2.6 various other marketing and promotional material.
9.1 In terms of POPIA, Personal Information must be processed for a specified purpose. The purpose for which data is processed by Root will depend on the nature of the data and the particular Data Subject. This purpose is ordinarily disclosed, explicitly or implicitly, at the time the data is collected.
9.2 In general, Root collects and processes Personal Information:
9.2.1 To meet our responsibilities to our customers;
9.2.2 To meet our responsibilities to Personnel;
9.2.3 To meet our contractual responsibilities to third-party service providers;
9.2.4 To inform customers of products and services;
9.2.5 To comply with all legal and regulatory requirements;
9.2.6 To protect and pursue the legitimate interests of Root or third parties to whom Personal Information is provided; and
9.2.7 For any further purposes related to the above.
9.4 Categories of Data Subjects and Personal Information collected by Root and the purpose of processing such Personal Information:
9.5.1 Any legal or juristic person with an appropriate legal basis;
9.5.2 Third-party service providers;
9.5.3 Regulatory and governmental authorities or ombudsmen, or other authorities, including tax authorities, where Root has a duty to share information;
9.5.4 Companies within the Root group; and
Root may send personal information to third party service providers outside of the Republic of South Africa for the purposes of storing information on cloud-based systems and/or fulfilling business functions relevant to providing products and services to Root’s clients. Root will not send your information to a country that does not have data protection legislation similar to that of the Republic of South Africa, or otherwise in accordance with the POPIA.
9.7.1 Root takes extensive information security measures to ensure the security, confidentiality, integrity and availability of Personal Information in our possession. This is supported by appropriate technical and organisational measures designed to ensure that personal data remains confidential and secure against unauthorised or unlawful processing and against accidental loss, destruction or damage.
9.7.2 Information security at Root is achieved by implementing a suitable set of responsibilities, controls, processes and systems to ensure that Root’s information security objectives relating to confidentiality, integrity and availability are met, including but not limited to documented information security policies and practices made available to all Root Personnel, logical and physical access control measures, incident response procedures and business continuity and disaster recovery procedures.
10.1 Companies Act 71 of 2008;
10.3 PAIA; and
10.4 Such other legislation as applicable from time to time.
11.1 Root maintains records on the categories and subject matters listed below. Please note that recording a category or subject matter in this PAIA Manual does not imply that a request for access to such records would be honoured. All requests for access will be evaluated on a case by case basis in accordance with the provisions of PAIA.
11.2 Please note further that many of the records held by Root are those of third parties, such as clients and employees, and Root takes the protection of third party confidential information very seriously. In particular, where Root provides certain services to clients, many of the records held are confidential and others are the property of the client and not of Root. For further information on the grounds of refusal of access to a record please see paragraph 12.5 below. Requests for access to these records will be considered very carefully. Please ensure that requests for such records are carefully motivated.
12.1.1 Any request for access to a record in terms of PAIA must substantially correspond with Form 2 of Annexure A to Government Notice No. R.757 dated 27 August 2021 promulgated under the PAIA Regulations and should be specific in terms of the record requested.
12.1.2 A request for access to information which does not comply with the formalities as prescribed by PAIA will be returned to you.
12.1.3 POPIA provides that a Data Subject may, upon proof of identity, request Root to confirm, free of charge, all the information it holds about the Data Subject and may request access to such information, including information about the identity of third parties who have or have had access to such information.
12.1.4 POPIA also provides that where the Data Subject is required to pay a fee for services provided to him/her, Root must (and will) provide the Data Subject with a written estimate of the payable amount before providing the service and may require that the Data Subject pays a deposit for all or part of the fee.
12.1.5 Grounds for refusal of the Data Subject’s request are set out in PAIA and are discussed below.
12.1.6 POPIA provides that a Data Subject may object, at any time, to the processing of Personal Information by Root, on reasonable grounds relating to his/her particular situation, unless legislation provides for such processing. The Data Subject must complete the prescribed form and submit it to Root’s Information Officer at the postal or physical address, or electronic mail address set out above.
12.1.7 A Data Subject may also request Root to correct or delete Personal Information about the Data Subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or destroy or delete a record of Personal Information about the Data Subject that Root is no longer authorised to retain records in terms of POPIA's retention and restriction of records provisions.
12.1.7 A Data Subject that wishes to request a correction or deletion of Personal Information or the destruction or deletion of a record of Personal Information must submit a request to Root’s Information Officer at the postal or physical address, or electronic mail address set out above in the prescribed form.
Proof of identity is required to authenticate the identity of the requester. The requester will, in addition to completing the prescribed form, be required to submit acceptable proof of identity such as a certified copy of their identity document or other legal forms of identity.
12.3.1 There are two categories of fees which are payable:
188.8.131.52 The request fee: R140.00
184.108.40.206 The access fee: This is calculated by taking into account reproduction costs, search and preparation costs, as well as postal costs.
12.3.2 Section 54 of PAIA entitles Root to levy a charge or to request a fee to enable it to recover the cost of processing a request and providing access to records. The fees that may be charged are set out in Annexure B of Government Notice No. R.757 dated 27 August 2021 promulgated under the PAIA Regulations.
12.3.3 When a decision to grant a request has been taken, the record will not be disclosed until the necessary fees have been paid in full.
12.4.1 Requests will be processed within 30 (thirty) days, unless the request contains considerations that are of such a nature that an extension of the time limit is needed.
12.4.2 The Information Officer or Deputy Information Officer will inform the requester of the decision, and the fees payable (if applicable) on a form that corresponds substantially with Form 3 of Annexure A to Government Notice No. R.757 dated 27 August 2021 promulgated under the PAIA Regulations.
12.4.3 Should an extension be required, you will be notified, together with reasons explaining why the extension is necessary.
12.5.1 There are various grounds upon which a request for access to a record may be refused. These grounds include:
220.127.116.11 the protection of Personal Information of a third person from unreasonable disclosure;
18.104.22.168 the protection of commercial information of a third party (for example: trade secrets; financial, commercial, scientific or technical information that may harm the commercial or financial interests of a third party);
22.214.171.124 if disclosure would result in the breach of a duty of confidence owed to a third party;
126.96.36.199 if disclosure would jeopardise the safety of an individual or prejudice or impair certain property rights of a third person;
188.8.131.52 if the record was produced during legal proceedings, unless that legal privilege has been waived;
184.108.40.206 if the record contains trade secrets, commercial, financial or sensitive information or any information that would put Root at a disadvantage in negotiations or prejudice it in commercial competition; and/or
220.127.116.11 if the record contains information about research being carried out or about to be carried out on behalf of a third party or by Root.
12.5.2 Section 70 of PAIA contains an overriding provision. Disclosure of a record is compulsory if it would reveal (i) a substantial contravention of, or failure to comply with the law; or (ii) there is an imminent and serious public safety or environmental risk; and (iii) the public interest in the disclosure of the record in question clearly outweighs the harm contemplated by its disclosure.
12.5.3 If the request for access to information affects a third party, then such third party must first be informed within 21 (twenty one) days of receipt of the request. The third party would then have a further 21 (twenty one) days to make representations and/or submissions regarding the granting of access to the record.
12.5.4 If all reasonable steps have been taken to find a record, and such a record cannot be found or if the records do not exist, then the Information Officer or Deputy Information Officer will notify the requester, by way of an affidavit or affirmation, that it is not possible to give access to the requested record.
13.1 If the Information Officer or Deputy Information Officer decides to grant you access to the particular record, such access must be granted within 30 (thirty) days of being informed of the decision.
13.2 There is no internal appeal procedure that may be followed after a request to access information has been refused. The decision made by the Information Officer or Deputy Information Officer is final. In the event that you are not satisfied with the outcome of the request, you are entitled to apply to a court of competent jurisdiction to take the matter further.
13.3 Where a third party is affected by the request for access and the Information Officer or Deputy Information Officer has decided to grant you access to the record, the third party has 30 (thirty) days in which to appeal the decision in a court of competent jurisdiction. If no appeal has been lodged by the third party within 30 (thirty) days, you must be granted access to the record.
Copies of this Manual are available:
14.1 For public inspection, during normal business hours, at the offices of Root (as set out above);
14.2 On the Root website;
14.3 To any person upon request and upon the payment of the fee as determined by the Information Regulator; and
14.4 To the Information Regulator upon request.