PAIA MANUAL
Prepared in terms of section 51 of the Promotion of Access to Information Act 2 of 2000 (as amended)
DATE OF COMPILATION: 06/02/2026
DATE OF REVISION: 08/02/2026
TABLE OF CONTENTS
- 1. List of Acronyms and Abbreviations
- 2. Purpose of PAIA Manual
- 3. Key Contact Details for Access to Information
- 4. Guide on How to Use PAIA and How to Obtain Access to the Guide
- 5. Categories of Records Available Without a Formal Request
- 6. Records Available in Accordance with Other Legislation
- 7. Subjects on Which the Body Holds Records
- 8. Processing of Personal Information
- 9. Availability of the Manual
- 10. Updating of the Manual
1. LIST OF ACRONYMS AND ABBREVIATIONS
- “CEO”: Chief Executive Officer
- “DIO”: Deputy Information Officer
- “IO”: Information Officer
- “Minister”: Minister of Justice and Correctional Services
- “PAIA”: Promotion of Access to Information Act No. 2 of 2000 (as Amended)
- “POPIA”: Protection of Personal Information Act No. 4 of 2013
- “Regulator”: Information Regulator
- “Republic”: Republic of South Africa
2. PURPOSE OF PAIA MANUAL
This PAIA Manual is useful for the public to:
- Check the categories of records held by a body which are available without a person having to submit a formal PAIA request;
- Have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;
- Know the description of the records of the body which are available in accordance with any other legislation;
- Access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;
- Know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;
- Know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;
- Know the recipients or categories of recipients to whom the personal information may be supplied;
- Know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and
- Know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.
3. KEY CONTACT DETAILS FOR ACCESS TO INFORMATION
Chief Information Officer
- Name: ANDRIES REYNECKE
- Tel: +27602546017
- Email: ANDRIES@PRPRO.CO.ZA
Deputy Information Officer
- Name: DUAAN VAN DER HOOGEN
- Tel: +27845054466
- Email: DUAAN@PRPRO.CO.ZA
General Contacts
- Email: Enquiries@prpro.co.za
- Postal & Physical Address: 82 VAN RIEBEECK, LYTTELTON MANOR, CENTURION, 0157
- Telephone: +27602546017
National or Head Office
- Email: Enquiries@prpro.co.za
- Postal & Physical Address: 82 VAN RIEBEECK, LYTTELTON MANOR, CENTURION, 0157
- Telephone: +27602546017
- Website: https://www.prpro.co.za/
4. GUIDE ON HOW TO USE PAIA AND HOW TO OBTAIN ACCESS TO THE GUIDE
The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.
The Guide is available in each of the official languages and in braille. It contains descriptions of:
- The objects of PAIA and POPIA;
- Contact details of Information Officers of every public and private body;
- The manner and form of a request for access to records;
- The assistance available from the IO of a body and the Regulator;
- All remedies in law available regarding an act or failure to act;
- Provisions requiring a body to compile a manual and how to obtain access to it;
- Voluntary disclosure of categories of records;
- Notices regarding fees to be paid; and
- Regulations made in terms of section 92.
Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, or via the Regulator's website (https://www.justice.gov.za/inforeg/).
5. CATEGORIES OF RECORDS AVAILABLE WITHOUT A FORMAL REQUEST
| Category of records | Types of the Record | Available on Website | Available upon request |
|---|---|---|---|
| Contracts / Agreements | Agreement | X | X |
| Data Protection / Privacy Policy | Privacy Policy | X | X |
| Terms of Use / Consumer Disclosures | Terms and Conditions | X | X |
| Access to Information Manual | PAIA Manual | X | X |
6. RECORDS AVAILABLE IN ACCORDANCE WITH OTHER LEGISLATION
| Category of Records | Applicable Legislation |
|---|---|
| Memorandum of incorporation | Companies Act 71 of 2008 |
| Payroll & Employee Data | Protection of Personal Information Act (POPIA), 2013 |
| Employment Contracts & HR Policies | Basic Conditions of Employment Act (BCEA), 1997 |
| Salary & Benefits Records | Income Tax Act, 1962 + Tax Administration Act, 2011 |
| Leave & Employment Records | Labour Relations Act (LRA), 1995 |
| Consumer-Facing Agreements | Consumer Protection Act (CPA), 2008 |
| Privacy Policy & Data Handling | POPIA, 2013 |
| Access to Information Manual | Promotion of Access to Information Act (PAIA), 2000 |
| Administrative Decisions (if applicable) | Promotion of Administrative Justice Act (PAJA), 2000 |
7. SUBJECTS ON WHICH THE BODY HOLDS RECORDS
| Subjects | Categories of records |
|---|---|
| Strategic Documents | Annual Reports, Strategic Plan, Annual Performance Plan. |
| Human Resources | HR policies, Advertised posts, Employee records (contracts, leave, salaries, disciplinary). |
| Finance & Payroll | Payroll records, Salary schedules, Tax submissions, Financial statements, Invoices. |
| Information Technology | System architecture, Software licensing, Security policies, Data backup logs. |
| Legal & Compliance | Agreements, Privacy Policy, Terms & Conditions, PAIA Manual. |
| Client Records | Client contracts, SLAs, Support tickets, Training materials. |
| Governance & Administration | Memorandum of Incorporation, Board resolutions, Company policies, Internal correspondence |
8. PROCESSING OF PERSONAL INFORMATION
Purpose of Processing
- Payroll Administration: Calculation of salaries, tax compliance (PAYE, UIF, SDL).
- Human Resources Management: Maintaining employee records, recruitment, leave tracking.
- Benefits & Compliance: Administration of medical aid, pension, and labour law compliance.
- Client & Service Delivery: Managing contracts, billing, and providing software support.
- Legal & Regulatory: Compliance with POPIA, PAIA, and Companies Act.
- Security & Risk Management: Safeguarding systems and monitoring data usage.
Categories of Data Subjects and Information
| Categories of Data Subjects | Personal Information Processed |
|---|---|
| Employees | Names, ID numbers, contact details, contracts, salary, tax numbers, banking details. |
| Customers / Clients | Company names, registration numbers, VAT numbers, contact persons, billing details. |
| Service Providers / Suppliers | Names, registration/VAT numbers, banking details, contracts, invoices. |
| Shareholders / Directors | Names, ID numbers, addresses, shareholding details, board resolutions. |
| Regulators / Authorities | Statutory submissions, tax records, UIF declarations, compliance reports. |
Recipients of Personal Information
- SAPS: For criminal record checks.
- SAQA: For qualification verification.
- SARS: For statutory payroll submissions and tax compliance.
- Department of Labour: For compliance with BCEA and LRA.
- Credit Bureaus: For financial background checks (if applicable to clients or suppliers).
- Financial Institutions: For payments and billing.
- Benefit Providers: For administration of medical aid/pension.
- CIPC: For corporate compliance.
- External Auditors / Regulatory Authorities: For statutory audits and compliance reviews.
TRANSBORDER FLOWS OF PERSONAL INFORMATION
The organisation makes use of Absolute Hosting’s servers for storage and processing. Infrastructure may be located both within South Africa and in data centres outside the Republic.
Categories of personal information stored on Absolute Hosting servers include:
- Employee records (names, identity numbers, contact details, employment contracts, salary details, leave records, disciplinary records, banking details, tax numbers).
- Client records (company names, registration numbers, VAT numbers, addresses, billing details, service agreements).
- Service provider records (names, registration numbers, VAT numbers, addresses, banking details, contracts).
Purpose of transborder storage and processing:
- Secure hosting of payroll and HR data.
- Ensuring system availability, redundancy, and disaster recovery.
- Compliance with contractual obligations to clients.
Where personal information is processed outside the Republic, the organisation ensures an adequate level of protection as required by Section 72 of POPIA or that appropriate contractual safeguards are in place.
General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information
The organisation has implemented appropriate technical and organisational safeguards to ensure the confidentiality, integrity, and availability of personal information under its care. These measures include, but are not limited to:
- Data Encryption: Encryption of data at rest and in transit.
- Access Control: Role-based permissions and Multi-factor authentication.
- Network Security: Firewalls, intrusion detection, and regular patching.
- Anti-Virus: Deployment of endpoint protection and continuous monitoring.
- Backup & Recovery: Regular backups and disaster recovery procedures.
- Monitoring and Auditing: Logging and monitoring of system activity to detect unauthorised access or anomalies. Periodic audits of compliance with POPIA and internal policies.
- Physical Security: Secure hosting facilities with restricted access, surveillance, and environmental safeguards.
- Employee Awareness and Training: Ongoing training on data protection, confidentiality, and secure handling of personal information.
9. AVAILABILITY OF THE MANUAL
A copy of this Manual is available -
- on https://www.prpro.co.za/, if any;
- head office of the COAST 2 CAPITAL for public inspection during normal business hours;
- to any person upon request and upon the payment of a reasonable prescribed fee; and
- to the Information Regulator upon request.
A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be payable per each A4-size photocopy made.
10. UPDATING OF THE MANUAL
The head of a COAST 2 CAPITAL will on a regular basis update this manual.
ANDRIES REYNECKE
DIRECTOR
DIRECTOR