CCS BUSINESS CONSULTANTS INC POPIA POLICY AND PAIA MANUAL
Published in terms of Sections 11 and 24 of the Protection of Personal Information Act No 4 of 2013 and Section 51 of the Promotion of Access to Information Act No 2 of 2000.
INTRODUCTION
1.1 CCS BUSINESS CONSULTANTS INC (the Practice) provides differentiated and professional expertise in the fields of taxation, accounting, payroll and strategic business consulting.
1.2. Privacy Statement: The Practice commit to protecting each clients’ personal information, as formalised between the client and the Practice in the form of a documented engagement letter and standard terms and conditions.
1.3. Contained herein, the Practice compiled (i) a POPI policy to specify the true purpose of collecting and safeguarding client personal information and (ii) in terms of the PAIA, provide guidance as to how information from the Practice should be requested.
APPOINTED INFORMATION OFFICER
2.1. The duly appointed Information Officer at the Practice is: Full name: RIËTTE MOUTON Designation: PARTNER
PRACTICE CONTACT DETAILS
3.1. The Practice contact details in terms of PAIA, Section 51 are as follows:
Postal Address: PO Box 37, Menlyn, Pretoria, 0063
Physical Address: 421 Julius Jeppe Street, Waterkloof, 0181
Landline Number: +27123465448
General Email Address: admin@ccsbus.co.za
Website: https://www.ccsbus.co.za/
AVAILABILITY OF THE POPIA POLICY AND PAIA MANUAL
4.1. A copy of this Policy and Manual is published on the Practice’s website at www.ccsbus.co.za or alternatively, a copy can be requested from the Information Officer (see contact details in paragraph 3).
POPIA POLICY AND PAIA MANUAL
5.1. The POPIA- and PAIA Acts give effect to everyone’s constitutional right of access to information held by private sector or public bodies, if the record or personal information is required for the exercise or protection of any rights. If a public body lodges a request, the public body must be acting in the public interest.
5.2. This POPIA Policy explains the type of personal information held by the Practice, including how personal information is processed. The POPI Policy also explains how to object to the processing of personal information held by the Practice, or request for correction or deletion of personal information, in terms of Sections 11 and 24 of the Protection of Personal Information Act (4 of 2013) (POPIA).
5.3. In addition, the PAIA Manual provides an outline of the type of records and the personal information the Practice holds, and explains how to submit requests for access to these records in terms of the Promotion of Access to Information Act (2 of 2000) (PAIA).
5.4. Requests shall be made in accordance with the prescribed procedures, at the rates provided. The forms and relevant fees are dealt with under paragraphs 7 and 9 respectively hereunder.
GUIDE OF THE SOUTH AFRICAN INFORMATION REGULATOR
6.1. Guides to the PAIA and POPIA Acts can be obtained and queries directed to:
The Information Regulator (South Africa)
Postal address: P.O Box 31533, Braamfontein, Johannesburg, 2017
Website: https://www.justice.gov.za/inforeg/index.html
General email enquiries: enquiries@inforegulator.org.za
Frequent Asked Questions: https://www.justice.gov.za/paia/PAIA-FAQ.pdf
For PAIA complaints: send email to PAIAComplaints@inforegulator.org.za - should your PAIA request be denied or there is no response from a public or private bodies for access to records you may use this email address to lodge a complaint
For POPIA complaints: send email to POPIAComplaints@inforegulator.org.za – should you feel that your personal information has been violated, you may use this email address to lodge a complaint.
PROCESSING OF PERSONAL INFORMATION
7.1. Purpose of Processing
7.1.1. The Practice uses Personal Information under its care in the following ways:
Rendering services according to instructions provided by clients or contractual agreements
Rendering support services as required by clients
Employee administration
Keeping of accounts and records
Complying with tax laws
Complying with any other applicable laws
Statistical analysis for marketing purposes
7.1.2. In addition to the above the Practice may supply the Personal Information to service providers who render the following services:
Capturing and organising of data
Storing of data
Sending of emails and other correspondence to clients
Related to the service and/or products initially contracted to provide
Conducting due diligence checks
7.2. Categories of Data Subjects and their Personal Information which may be processed, are:
7.2.1. Clients - Natural Persons:
Names
Contact details
Physical and postal addresses
Date of birth
Identity number
Tax related information
Nationality
Gender
Criminal behaviour
Correspondence between the Practice and said natural person
7.2.2. Clients – Juristic Persons / Entities:
Names
Names of contact person - Entity
Name of legal entity
Physical and postal address
Contact details
Financial information
Registration number
Founding documents
Tax related information
Authorised signatories
Beneficiaries
Ultimate beneficial owners
Correspondence between the Practice and said juristic persons/entities
Any additional information required to provide the contracted services or use of products
7.2.3. Clients - Foreign Persons / Entities:
Names
Contact details
Physical and postal addresses
Date of birth
Passport number
Tax related information
Nationality
Gender
Correspondence between the Practice and said juristic persons/entities
Intermediary/advisor
Names of contact persons - Entity
Name of legal entity
Physical and postal address
Contact details
Financial information
Registration number
Founding documents
Tax related information
Authorised signatories
Beneficiaries
Ultimate beneficial owners
7.2.4. Third-party Service Providers:
Names of contact persons
Name of legal entity
Physical and postal address and contact details
Financial information
Registration number
Founding documents
Tax related information
BBBEE information
Authorised signatories
Beneficiaries
Ultimate beneficial owners
Information about services and products
7.2.5. Employees / Directors / Partners / Sole Proprietors:
Gender
Marital Status
Race
Age
Language
Education information
Financial Information
Employment History
ID number
Physical and Postal address
Contact details
Opinions
Criminal behaviour
Wellbeing
7.3. Actual or Planned Transborder Flows of Personal Information
7.3.1. Due to the Practice’s international representation and presence data may be required to be moved across borders and will be subject to the applicable laws of said countries.
7.3.2. This may be due to hosting agreements or in relation to the provision of contracted services.
7.3.3. Whenever this is a requirement, the client will be duly notified and the Practice will seek written approval from the client upon the provision of the requirements and details of such transborder flows.
7.4. General Description of Information Security Measures
7.4.1. The Practice employs up to date technology to ensure the confidentiality, integrity and availability of the Personal Information under its care. Measures include:
Firewalls
Virus protection software and update protocols
Logical and physical access control
Secure setup of hardware and software making up the IT infrastructure
Outsourced Service Providers who process Personal Information on behalf of the Practice
Outsourced Service Providers who are contracted to implement security controls
ACCESS TO RECORDS HELD BY THE PRACTICE
8.1. Any person (requester) making a request for access to a Practice record must comply with all the requirements contained in the PAIA Act.
8.2. Request for Information - In this regard, the Act distinguishes between two types of requesters as described below.
8.2.1. Personal Requester - A personal requester is a requester who is seeking access to a record containing personal information about the requester. Subject to the provisions of the Act and applicable law, the Practice will provide the requested information, or give access to any record with regards to the requester’s personal information. The prescribed fee for reproduction of the information requested will be charged by the Practice.
8.2.2. Other Requester - This requester (other than a personal requester) is entitled to request access to information pertaining to third parties. However, the Practice is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of the Act. The prescribed fee for reproduction of the information requested will be charged by the Practice.
8.3. Request Procedure
8.3.1. A requester must comply with all the procedural requirements contained in the Act relating to a request for access to a record.
8.3.2. A requester therefor must:
Complete the prescribed Form 2 accessible at https://www.justice.gov.za/inforeg/docs/forms/InfoRegSA-PAIA-Form02- Reg7.pdf and
Make payment of the request fee outlined at https://www.sahrc.org.za/home/21/files/PAIA%20Notice%20on%20fees.pdf and
Submit Form 2 to the information officer at the postal or physical address or email address stated in in paragraph 3.
8.3.3. The prescribed form must be filled in with enough particularity to at least enable the information officer to identify:
The identity of the requester;
The record or records requested;
What form of access is required; and
The contact details of the requester.
8.3.4. A requester must state that he or she requires the information in order to exercise or protect a right, and clearly state what the nature of the right is so to be exercised or protected. The requester must also provide an explanation of why the requested record is required for the exercise or protection of that right.
8.3.5. The Practice will process a request within 30 days, unless the requestor has stated special reasons which would satisfy the information officer that circumstances dictate that this time period cannot be complied with.
8.3.6. The requester shall be informed in writing whether access has been granted or denied. If, in addition, the requester requires the reasons for the decision in any other manner, he or she must state the manner and the particulars so required. If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is making the request to the satisfaction of the information officer.
8.3.7. If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally to the information officer.
8.4. Decision
8.4.1. The 30-day period within which the Practice has to decide whether to grant or refuse a request, may be extended for a further period of not more than 30 days if the request is for a large quantity of information, or the information cannot reasonably be obtained within the original 30-day period. The information officer will notify the requester in writing should an extension be necessary and the reason for the extension.
FEES
9.1. The Act provides for two types of fees:
9.1.1. A request fee, (which will be a standard fee); and
9.1.2. An access fee, which must be calculated by taking into account reproduction costs, search and preparation time and cost, as well as postal costs where applicable. When a request is received by the information officer of the Practice, the information officer shall by notice require the requester, other than a personal requester, to pay the prescribed request fee (if any), before further processing of the request. If a search for the record is necessary and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the information officer shall notify the requester to pay a deposit as part of the access fee which would be payable if the request is granted. This amount will be based on the perceived effort by the Practice to locate and present the requested records.
9.2. The information officer may withhold a record/s until the requester has paid the fee or fees as indicated. A requester whose request for access to a record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available in the request form. If a deposit has been paid in respect of a request for access, which is refused, then the information officer shall repay the deposit to the requester.
PROCESSES TO FOLLOW IF REQUEST FOR INFORMATION IS REFUSED
The following processes are allowed for by the act but internal processes are not required.
10.1. Internal Processes The Practice does not have internal appeal procedures. As such, the decision made by the information officer pertaining to a request is final, and requestors will have to exercise such external remedies at their disposal if a request is refused, and the requestor is not satisfied with the response provided by the information officer.
10.2. External Processes A requestor that is dissatisfied with the information officer’s refusal to disclose information, may within 30 days of notification of the decision, apply to a court for relief. Likewise, a third party dissatisfied with the information officer’s decision to grant a request for information, may within 30 days of notification of the decision, apply to a court for relief. For purposes of the Act, courts that have jurisdiction over these applications are the Constitutional Court, the High Court or another court of similar status.
CATEGORIES OF RECORDS HELD BY THE BUSINESS: SECTION 51(1)(E)
11.1. Companies Act Records:
Documents of incorporation
Memorandum of Incorporation
Minutes of Board of Directors meetings
Records relating to the appointment of directors / auditor / secretary / public officer and other officers
Share Register and other statutory registers
11.2. Financial Records:
Annual Financial Statements
Tax Returns
Accounting Records
Banking Records
Bank Statements
Electronic banking records
Asset Register
Rental Agreements
Invoices
11.3. Records related to the South African Revenue Service:
PAYE Records
Documents issued to employees for income tax purposes
Records of payments made to SARS on behalf of employees
VAT Information
UIF Details and Information
11.4. Employee Documents and Records:
Employment contracts
Including all addendums and specific policies related to employment of the employee
Disciplinary records
Salary records
Leave records
Training records
CVs
Address and other contact details
Information about family members/dependants/next of kin
LIST OF APPLICABLE LEGISLATION
12.1. The Practice’s retains a number of records in accordance with legislation which applies to it, including but not limited to:
Basic Conditions of Employment Act 57 of 1997
Broad-based Black Economic Empowerment Act 53 of 2003
Closed Corporations Act 69 of 1984
Companies Act 71 of 2008
Compensation for Occupational Injuries and Diseases Act 130 of 1993
Competition Act No 89 of 1998
Consumer Affairs Act No 23 of 1999
Consumer Protection Act, No. 68 of 2008
Copyright Act 98 of 1978 Credit Agreements Act No 75 of 1980
Customs and Excise Act No 91 of 1964
Debt Collectors Act No 114 of 1998
Electronic Communications and Transactions Act 25 of 2002
Employment Equity Act 55 of 1998
Financial Advisory and Intermediary Services Act No 37 of 2002
Financial Intelligence Centre Act, No. 38 of 2001
Income Tax Act, No. 58 of 1962
Insolvency Act No 24 of 1936
Labour Relations Act 66 of 1995
National Credit Act, No. 34 of 2005
Non-Profit Organisations Act No 71 of 1997
Occupational Health and Safety Act 85 of 1993
Regulation of Interception of Communications and Provision of Communication Related Information Act 70 of 2002
Promotion of Access to Information Act 2 of 2000
Protection of Personal Information Act 4 of 2013
Unemployment Insurance Act 30 of 1966
Unemployment Insurance Contributions Act 4 of 2002
Trust Property Control Act 57 of 1988
Value Added Tax Act 89 of 1991
CCS POPI Policy and PAIA Manual 1 April 2025