This manual was prepared in accordance with Section 51 of the Promotion of Access to Information Act, 2000 and to 
address requirements of the Protection of Personal Information Act, 2013. 

This manual applies to RSAWEB Pty Ltd 
Registration Number: CK 2012/193994/07 
(“RSAWEB”) 

Registered Office Address: 
4th Floor, The Point, 76 Regent Road, Sea Point, Cape Town, South Africa 

No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any 
purpose, without express written permission of: 
RSAWEB PTY Ltd 
4th Floor, The Point, 
76 Regent Road, Sea Point, 
Cape Town, South Africa 

RSAWEB Pty Ltd is committed to on-going research and development to track technological developments and customer needs 
in the market. Consequently, information contained in this document may be subject to change without prior notice. 

1 Introduction 

The promotion of Access to Information Act, 2000 (the “Act”) gives third parties the right to approach private bodies and the 
government to request information held by them, which is required in the exercise and/or protection of any rights. On request, 
the private body or government is obliged to release such information unless the Act expressly states that the records 
containing such information may or must not be released. This manual informs requestors of procedural and other requirements 
which a request must meet as prescribed by the Act. 

Nature of Business 

The Company is an ICASA Registered Internet Services Provider, holding both IECS & IECNS licenses 

Contact Details 

Name of Body: RSAWEB Pty Ltd 
Information Officer: Wian Heath 
Physical Address: Suite 401, 4th Floor 
The Point Office 
76 Regent Road 
Sea Point 
Western Cape, 8060 
Postal Address: 
PO BOX 12768, 
Mill Street, 
Cape Town, 
8010 
Telephone Number: 087 470 00 00 
Email Address: [email protected]   

2 Guide Of The South African Human Rights Commission 

A guide to the Act (as contemplated under section 10 of the Act) is available from the South African Human Rights Commission. 
The guide contains such information as may reasonably be required by a person who wishes to exercise any right contemplated 
in the Act. Any enquiries regarding this guide and its contents should be directed to: 

The South African Human Rights Commission: 
PAIA Unit (the Research and Documentation Department) 
Postal address: Private Bag 2700, Houghton, 2041 
Telephone: +27 11 484-8300 
Fax: +27 11 484-7146 
Website: https://www.sahrc.org.za 
E-mail: [email protected] 

3 Access To Records Held By RSAWEB 

Records held by RSAWEB may be accessed on request only once the requirements for access have been met. A requester is any 
person making a request for access to a record of RSAWEB and in this regard, the Act distinguishes between two types of 
requesters: 

3.1 Personal Requester 

A personal requester is a requester who is seeking access to a record containing personal information about the 
requester. Subject to the provisions of the Act and applicable law, RSAWEB will provide the requested information, or 
give access to any record about the requester’s personal information. The prescribed fee for reproduction of the 
information requested will be charged by RSAWEB. 

3.2 Other Requester 

This requester (other than a personal requester) is entitled to request access to information pertaining to third parties. 
However, RSAWEB is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of the 
Act. The prescribed fee for reproduction of the information requested will be charged by RSAWEB. 

3.3 Request Procedure 

A requester must comply with all the procedural requirements contained in the Act relating to a request for access to a 
record. A requester must complete the request form enclosed herewith in Appendix 1 and submit it, as well as the 
payment of a request fee, if applicable to the information officer at the physical address, or electronic mail address as 
stated herein. The request form must be filled in with enough information to at least enable the information officer to 
identify: 

• The record or records requested
  • The identity of the requester
  • What form of access is required? 
  • The postal address or email address of the requester. 

A requester must state that he or she requires the information to exercise or protect a right, and clearly state what the 
nature of the right is, so to be exercised or protected. The requester must also provide an explanation of why the 
requested record is required for the exercise or protection of that right. 

RSAWEB will process a request within 30 days, unless the requestor has stated special reasons which would satisfy the 
information officer that circumstances dictate that this period not be complied with. 

The requester shall be informed in writing whether access has been granted or denied. If, in addition, the requester 
requires the reasons for the decision in any other manner, he or she must state the way it is required. If a request is 
made on behalf of another person, the requester must then submit proof of the capacity in which the requester is 
making the request to the satisfaction of the information officer. 

If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the 
request orally to the information officer. 

3.4 Decision 

3.4.1 The Information Officer will, within 1 month of receipt of the request, decide whether to grant or decline 
the request. 

3.4.2 The 30 day period may be extended for a further period if the request is for a large amount of information 
or the request requires a search for information held at another office of RSAWEB and the information 
cannot reasonably be obtained within the original 30 day period. The Information Officer will notify the 
Requester in writing should an extension be sought. 

3.5 Grounds For Refusal Of Access To Records In Terms Of PAIA 

The following are the grounds on which RSAWEB may, subject to the exceptions contained in Chapter 4 of PAIA, refuse a 
Request for Access in accordance with Chapter 4 of PAIA: 

3.5.1 Mandatory protection of the privacy of a third party who is a natural person, including a deceased person, 
where such disclosure of Personal Information would be unreasonable. 

3.5.2 Mandatory protection of the commercial information of a third party, if the Records contain: 
a) Trade secrets of that third party 
b) Financial, commercial, scientific, or technical information of the third party, the disclosure of which 
could likely cause harm to the financial or commercial interests of that third party; and/or 
c) Information disclosed in confidence by a third party to RSAWEB, the disclosure of which could put 
that third-party at a disadvantage in contractual or other negotiations or prejudice the third party in 
commercialcompetition 

3.5.3 Mandatory protection of confidential information of third parties if it is protected in terms of any agreement. 

3.5.4 Mandatory protection of the safety of individuals and the protection of property. 

3.5.5 Mandatory protection of Records that would be regarded as privileged in legal proceedings. 

3.5.6 Protection of the commercial information of RSAWEB, which may include: 
a) Trade secrets 
b) Financial/commercial, scientific, or technical information, the disclosure of which could likely cause 
harm to the financial or commercial interests of RSAWEB. 
c) Information which, if disclosed, could put RSAWEB at a disadvantage in contractual or other 
negotiations or prejudice RSAWEB in commercial competition; and/or 
d) Propriety software which are developed and ow, and which are protected by copyright and 
intellectual property laws. 

3.5.7 Research information of RSAWEB or a third party, if such disclosure would place the research or the 
researcher at a serious disadvantage, and 

3.5.8 Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of 
resources. 

3.6 Remedies Available To The Requester Upon Refusal Of A Request For Access Of PAIA 

After submitting a compliant in the form provided in Appendix 1 of this Manual, and where RSAWEB is unable to resolve 
your complaint within one month (or extended period), to your satisfaction, you have the right to refer your complaint to 
the below details. 

3.6.1 Internal remedies 

RSAWEB does not have internal appeal procedures. As such, the decision made by the Information 
Officer is final, and Requesters will have to exercise such external remedies at their disposal if the 
Request for Access is refused. 

3.6.2 External remedies 

In respect of South African Data Subjects at: The Information Regulator at Physical Address: 333 Hoofd 
Forum 111 3rd Floor Braampark Braamfontein, Johannesburg Email: [email protected], Website: 
https://justice.gov.za/inforeg/ 

In respect of European Data Subjects at: The supervisory authority, in the particular Member State of 
your habitual residence, place of work or place of the alleged GDPR infringement. See link that provides 
details of the list of supervisory authorities details 
https://edpb.europa.eu/aboutedpb/board/members_en 

3.7 Availability Of This Manual 

3.7.1This Manual is available for inspection by the general public, upon request, during office hours and free of charge at 
RSAWEB’s offices. 

3.7.2This Manual is also published on RSAWEB’s website www.rsaweb.co.za 

4. Fees 

The Act provides for two types of fees: 

Fees can be scrutinised in Appendix 2. 

A request fee, (which will be a standard fee) and an access fee, which must be calculated by considering reproduction costs, 
search and preparation time and cost, as well as postal costs where applicable. When a request is received by the information 
officer of RSAWEB, the information officer shall by notice require the requester, other than a personal requester, to pay the 
prescribed request fee, if any, before further processing of the request can take place. If a search for the information is necessary 
and the preparation and disclosure of the information for disclosure, requires more time than prescribed in the regulations for 
this purpose, the information officer shall notify the requester to pay as a deposit if the request is granted. 

The information officer shall withhold information until the requester has paid the fee or fees indicated. A requester whose request 
for access to information has been granted, must pay an access fee reproduction, for search, preparation, and for any time in excess 
of the prescribed hours to prepare the information for disclosure including making arrangements to make it available in the request 
form. If a deposit has been paid in respect of a request for access, which is refused, then the information officer shall repay the 
deposit to the requester. 

5 Categories Of Records Held By The Company: Section 51(1)(E) 

5.4 Companies Act Records 
5.4.1 Company Incorporation 
5.4.2 Names of Directors 
5.4.3 Salaries of Directors 
5.4.4 Minutes of Board Meetings 
5.4.5 Records relating to the appointment of directors / auditor / secretary / public officer and other officers 

5.5 Financial Records 
5.5.1 Financial Statements 
5.5.2 Documents relating to taxation of the company 
5.5.3 Accounting Records 
5.5.4 Financial Agreements 

5.6 Agreements or Contract Records 
5.6.1 Standard Agreements 
5.6.2 Contracts concluded with Companies 
5.6.3 Contracts concluded with Customers 
5.6.4 Third Party Contracts (such as Service Level Agreements etc.) 
5.6.5 Suppliers Contracts 

5.7 Employees 
5.7.1 List of Employees 
5.7.2 Personal Information of Employees 
5.7.3 Employee Contracts of Employment 
5.7.4 Salaries of Employees 
5.7.5 Leave Records 

5.8 Company Policies and Directives 
5.8.1 Internal relating to employees and the company 
5.8.2 External relating to clients and other third parties 

5.9 Regulatory 
5.9.1 Licenses or Authorities 

5.10 Customer Information 
5.10.1 Customer Details 
5.10.2 Contact details of individuals within Customers 
5.10.3 Communications with Customers 

5.11 Systems, Solutions, and Information Technology 
5.11.1 Intellectual property pertaining to solutions and products developed. 
5.11.2 Usage of solutions and products 

6 Protection of Personal Information That Is Processed by RSAWEB 

6.4 Conditions of Processing 

Chapter 3 of POPI provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible 
Party. These conditions may not be derogated from unless specific exclusions apply as outlined in POPI. Below is a 
description of the eight Conditions for Lawful Processing as contained in POPI: 

•  Accountability – the Responsible Party has an obligation to ensure that there is compliance with POPI in respect of
  the Processing of Personal Information.
• Processing limitation – Personal Information must be collected directly from a Data Subject to the extent
  applicable; must only be processed with the consent of the Data Subject and must only be used for the purposes
  for which it was obtained. 
• Purpose specification – Personal Information must only be processed for the specific purpose for which it was
  obtained and must not be retained for any longer than it is needed to achieve such purpose.
• Further processing limitation – further processing of Personal Information must be compatible with the initial
  purpose for which the information was collected.
• Information quality – the Responsible Party must ensure that Personal Information held is accurate and updated
  regularly and that the integrity of the information is maintained by appropriate security
• Openness – there must be transparency between the Data Subject and the Responsible Party.
• Security safeguards – a Responsible Party must take reasonable steps to ensure that adequate safeguards are in
  place to ensure that Personal Information is being processed responsibly and is not unlawfully
• Data Subject participation – the Data Subject must be made aware that their information is being processed and
  must have provided their informed consent to such processing.

6.5 Purpose of the Processing of Personal Information by RSAWEB 

As outlined in paragraph 6.1c, Personal Information may only be Processed for a specific purpose. The purposes for which 
RSAWEB Processes or will Process Personal Information, is set out in Appendix 3. 

6.6 Categories of Data Subjects and Personal Information/special Personal Information relating thereto 

As per section 1 of POPI, a Data Subject may either be a natural or a juristic person. Appendix 3 sets out the various 
categories of Data Subjects that RSAWEB Processes Personal Information on and the types of Personal Information relating 
thereto. 

6.7 Recipients of Personal Information 
Part 3 of Appendix 5 outlines the recipients to whom RSAWEB may provide a Data Subjects Personal Information to. 

6.8 Cross-Border Flows Of Personal Information 

Section 72 of POPI provides that Personal Information may only be transferred out of the Republic of South Africa: 

1. a) If the recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws
   must be substantially like the Conditions for Lawful Processing as contained in POPI; or
2. b) If the Data Subject consents to the transfer of their Personal Information; or
3. c) If the transfer is necessary for the performance of a contractual obligation between the Data Subject and the
   Responsible Party; or
4. d) If the transfer is necessary for the performance of a contractual obligation between the Responsible Party and a
   third party, in the interests of the Data Subject; or
5. e) If the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to obtain the consent of the
   Data Subject, and if it were, the Data Subject, would likely provide such consent.

RSAWEB has trans-border flows of Personal Information as described below: 

6.8.1 we make use of systems hosted in European territories and Personal Information may be stored in European zones which would be subject to strict data protection laws in line with the GDPR. 

6.8.2 Before signing an agreement with a third-party service provider that we are required to share Personal Information 
with, we ensure that their data protection standards are in line with those outlined in Information Protection Laws 
and request that this obligation is provided for in writing. 

6.9 Description of information security measures to be implemented by RSAWEB 

Section D of Appendix 3 sets out the types of security measures to implemented by RSAWEB to ensure that Personal 
Information is respected and protected. 

A preliminary assessment of the suitability of the information security measures implemented or to be implemented by 
RSAWEB may be conducted in order to ensure that the Personal Information that is processed by RSAWEB is 
safeguarded and Processed in accordance with the Conditions for Lawful Processing. 

6.10 Objection to the Processing of Personal Information by a Data Subject 

Section 11 (3) of POPI and regulation 2 of the POPI Regulations provides that a Data Subject may, at any time object to 
the Processing of his/her/its Personal Information in the prescribed form attached to this manual as Appendix 5 subject 
to exceptions contained in POPI. 

6.11 Request for correction or deletion of Personal Information 

Section 24 of POPI and regulation 3 of the POPI Regulations provides that a Data Subject may request for their Personal 
Information to be corrected/deleted in the prescribed form attached as Appendix 4 to this Manual. 

Please click here to view the Appendices 

 We are formally recognised as compliant by the Internet Service Providers Association. The Internet Service Providers Association (ISPA) is a South African Internet industry body not for gain. ISPA is a voluntary organisation, representing the interests of its members. Visit their website here. (http://ispa.org.za/code-of-conduct/) 

1. DEFINITIONS

1.1. “RSAWEB” means RSAWEB (Pty) Ltd, a private company registered as 
such in South Africa; 
1.2. “User” means any person who makes use of the RSAWEB Website / 
Mobile. 

2. CONSENT

By utilising the RSAWEB website or mobile app, the User agrees and consents 
to the transfer of its personal information and to be bound by the provisions of 
this Privacy Policy. 

3. COLLECTION OF PERSONAL INFORMATION

3.1. In order to register for any of the RSAWEB products and/or services, 
the User will need to provide personally identifiable information which 
will be entered into the RSAWEB database and processed. 

3.2. RSAWEB will endeavour to take all reasonable measures to protect the 
User’s personal information. 

3.3. Should the User provide RSAWEB with personal information by way of 
electronic mail correspondence, ticketing system, telephonically, chat 
or other direct means, that personal information will be utilised insofar 
as it is necessary to address the matters raised by the User in the 
correspondence. RSAWEB may refer such personal information to a 
third party should it be necessary for such third party to assist with the 
query or concern. 

3.4. Except where the law and/or this Privacy Policy provides otherwise, 
RSAWEB undertakes to protect the confidentiality of the personal 
information supplied in the course of contracting for the RSAWEB 
products and/or services. RSAWEB may however disclose the User’s 
personal information to: 

3.4.1. its employees; 

3.4.2. third party service providers who assist RSAWEB with providing 

services and/or products to the User; 
3.4.3. law enforcement, government officials, fraud detection 
agencies; 

3.4.4. to any person should such disclosure be required in terms of 
any applicable law, subpoena, order of court or legal process. 

3.5. RSAWEB undertakes not to sell or otherwise dispose of the User’s 
personal information. 

3.6. Notwithstanding the above, the User agrees that RSAWEB may utilise 
the User’s personal information to inform the User of special offers and 
promotional material, provided that the User may opt-out of receiving 
such material and information. 

3.7. Should the User’s personal information change, the User is to inform 
RSAWEB thereof and provide the updated correct information to 
RSAWEB. The User agrees that it will not impersonate or misrepresent 
any of its personal information. 

3.8. The User may request access to any personal information held or stored 
by RSAWEB. 

4. COLLECTION OF NON-IDENTIFIABLE INFORMATION

4.1. When accessing RSAWEB’s website or mobile a, the User agrees and 
accepts that the following non-identifiable information will automatically 
be collected and stored for RSAWEB’s benefit: 

4.1.1. the internet protocol (IP) address from which the User accesses 
RSAWEB’s website or mobile app; 

4.1.2. the type of browser and operating system used by the User to 
access RSAWEB’s website or mobile app; 

4.1.3. the date and time that the RSAWEB website or mobile app is 
accessed by the User; 

4.1.4. the pages visited by the User. 

4.2. It is recorded and agreed by the User and RSAWEB that the above 
information referred to in this clause 4 will not identify the User 
personally and the User will remain anonymous. 

5. COOKIES

5.1. In order to automatically collect the anonymous information which is 
referred to in clause 4 above, the User accepts that RSAWEB utilises 
cookies, which is a small file that is placed on the User’s hard drive to 
collect information about the use of the site. 

5.2. Should the User decide that it does not want information collected using 
cookies, it shall be the User’s responsibility to alter the manner in which 
the User’s browser identifies and manages cookies. The User accepts 
however, should he/she alter the use of cookies on his/her 
browser, certain services and features on the RSAWEB website/app 
may not be available and the User’s use of the website/app may be 
limited. 

5.3. If the User does not disable the cookies function then the User is 
deemed to consent to RSAWEB’s use of the User’s personal information 
collected from the cookies. 

6. THIRD-PARTY SITES

Should RSAWEB’s website/app contain any links to sites that belong to third 
parties, RSAWEB will not be responsible whatsoever for any use of the User’s 
personal information on such sites. 

7. TRANS-BORDER INFORMATION FLOW
   RSAWEB makes use of third-party vendors based outside of South Africa, such
   vendors will subscribe to similar or better Protection of Information flow than 
   POPIA. 

Insofar as the order, onboarding, delivery and support, RSAWEB will 
ensure Third Parties will be addressed and clause 6 above will apply. 

Compliance per section 72 will be achieved through the use of the necessary 
contractual commitments from the relevant third parties 

Examples, some but not all, of third-party international vendors that RSAWEB 
utilise are listed below: 

Zoho: GDPR Privacy Policy 

• https://www.zoho.com/privacy.html
• https://www.zoho.com/gdpr.html

Pandadocs : Privacy Policy 

• https://www.pandadoc.com/privacy -notice/ 

8. AMENDMENTS TO THE PRIVACY POLICY

8.1. RSAWEB reserves the right, in its sole discretion, to amend this Privacy 
Policy which will be displayed on RSAWEB’s website /app. 

8.2. It is the User’s responsibility to ensure it is acquainted with the latest 
terms of the Privacy Policy as displayed on the website /app. 

9. DISCLAIMER

9.1. Whilst RSAWEB will do all things reasonably necessary to protect the 
User’s rights, RSAWEB cannot guarantee or accept any liability 
whatsoever for the unauthorised or unlawful disclosure of the User’s 
personal information, which is in RSAWEB’s possession, made by third 
parties who are not subject to RSAWEB’s control. 

9.2. The use of RSAWEB’s website/app is entirely at the User’s own risk 
and the User assumes full responsibility for any risk or loss resulting 
from the use of the website/app. 

9.3. RSAWEB does not make any warranties or representations, whether 
express or implied, that the information or files on RSAWEB’s 
website/app 

9.4. are free of viruses, spyware, malware, trojans or destructive material 
which is able to corrupt, destroy, disrupt or compromise the operation, 
stability, security or content of the User’s computer system. 

Please don’t pirate any content from our website for financial benefit. 

Notice specific to copyrighted material owned my RSAWEB CC hereby gives you permission to retrieve, store, cite or refer to or print material from this website only for educational, non-commercial or personal use. 

You are not permitted to reproduce, publish, perform, broadcast, make an adaptation of, sell, let or offer or expose or hire any copy of the materials without the prior written permission of RSAWEB CC 

Copyright Notice: © RSAWEB. All rights reserved. 

We will be notified if someone reports an illegal website hosted on our systems. 

In terms of section 75 of the Electronic Communications and Transactions Act (“the Act”) RSAWEB has designated the Internet Service Providers’ Association as an agent to receive notifications of infringements as defined in Section 77 of the Act. 

For further details contact the Internet Service Providers’ Association 

– Internet Service Providers’ Association (ISPA) 

– Address: PO Box 518, Noordwyk, 1687 

– Telephone: 010 500 1200 

– Fax: 086 606 4066 

– Take-down notice email: [email protected] 

– Take-down notice information and form: https://ispa.org.za/tdn/ 

1. Traffic to the website is uncapped, subject to the other terms in this agreement. 
2. Once the allocated disk space of a package has been reached, over usage rates will be in effect. 
3. In addition to RSAWEB’s Terms and Acceptable Use Policy contained in the General Terms, the following conditions apply: 
   3.1 Shared Webhosting services are intended for the hosting of typical website content, to serve the needs of the normal operation of a personal or small home business website. 
   3.2 The service is not intended to support the sustained demand of medium to large enterprises or non-typical applications better suited to a dedicated/cloud server. 
   3.3 Disk Space is not intended for online file storage or archiving electronic files, documents, log files, backups, other non-web based content or FTP hosts, all of which is prohibited. 
   3.4 All password-protected archive (zip and rar) files not acceptable on RSAWEB servers. 
   3.5 All downloadable files or files stored on the Server must be directly related to the general nature of the Website index. All files on a Domain must be part of the active Website and linked to the site. 
   3.6 Shared Webhosting and Database Disk Space are intended to accommodate the files necessary for publishing a website. Storage, exchange and download of additional files within the Customer’s web hosting space, in a peer-to-peer arrangement or for any other purpose is not allowed. 
4. Domain Renewal 
   4.1 RSAWEB will register a domain for a specified initial period, i.e., 12 months 
   4.2 After the initial period, the customer is solely responsible to renew the domain at the end of the initial period, and subsequent periods thereafter, until such a time that the domain is cancelled or transferred by the customer. 
   4.3 Domains set to auto-renew, will also be the responsibility of the customer. Should the auto-renewal process fail, the customer must inform RSAWEB of the failure. 
   4.4 RSAWEB will endeavour to send a courtesy reminder to the customer via electronic communication, such as, email or SMS. Such reminders are a courtesy and in no way transfer responsibility of renewing the domain from the customer to RSAWEB. 
   4.5 Should a reminder fail to reach or failed to be issued to the customer, this will not constitute a breach of the agreement, as it is a courtesy. 
   4.6 Customers registering domains are responsible to note the date of the domain registration and ensure the renewal is effective. 
   Customers with renewal queries should contact our Service Desk