This manual was prepared in accordance with Section 51 of the Promotion of Access to Information Act, 2000 (‘PAIA’) and to address requirements of the Protection of Personal Information Act 4 of 2013 (‘POPI’).

This POPI & PAIA manual applies to RSAWEB Pty Ltd Registration Number: CK 2012/193994/07 (“RSAWEB”)

Registered Office Address:
4th Floor, The Point, 76 Regent Road, Sea Point, Cape Town, South Africa

No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without express written permission of:
RSAWEB PTY Ltd
4th Floor, The Point,
76 Regent Road, Sea Point,
Cape Town, South Africa

RSAWEB Pty Ltd is committed to on-going research and development to track technological developments and customer needs in the market. Consequently, information contained in this document may be subject to change without prior notice.

1. Introduction

PAIA

The Promotion of Access to Information Act, 2000 (the “PAIA”) grants the public the right to make a request to access records held by private bodies and the government, if such information is required in the exercise and/or protection of any Constitutional rights.
On request, the private body or government is obliged to release such information unless the Act expressly states that the records containing such information may or must not be released.
This manual informs requestors of procedural and other requirements which a request must meet as prescribed by the Act.

POPI

RSAWEB processes personal information of its employees, members, clients and other data subjects from time to time. As such, it is obliged to comply with the Protection of Personal Information Act No. 4 of 2013 (“POPI”) as well as the Promotion of Access to Information Act
No. 2 of 2000 (“PAIA”). This manual, in addition to its privacy policy, is RSAWEB’s commitment to protecting its members’ / clients’ /supplier’s / employees’ and other data subjects’ privacy and ensuring that their personal information is used appropriately, transparently, securely and in
accordance with applicable laws.

Nature of Business

The RSAWEB Pty Ltd (hereinafter, the ‘Company’) is an ICASA Registered Internet Services Provider, holding both IECS & IECNS licenses.

Information Officer details

All PAIA requests should be submitted to:

RSAWEB Information Officer: Wian Heath
Physical Address: Suite 401, 4th Floor
The Point Office
76 Regent Road
Sea Point
Western Cape, 8060
Postal Address:
PO BOX 12768,
Mill Street,
Cape Town,
8010
Telephone Number: 087 470 00 00
Email Address: [email protected]

3. Requesting Access To Records Held By RSAWEB

A requester can be a natural person/ juristic entity who submits a request for access to a record held by RSAWEB. In this regard, the Act distinguishes between two types of requesters:

3.1 Personal Requester

A personal requester is a requester who is seeking access to a record containing personal
information about the requester.
Subject to the provisions of PAIA/ the Act and applicable law, RSAWEB will provide the requested information, or give access to any record about the requester’s personal information.
The prescribed fee for reproduction of the information requested will be charged by RSAWEB.

3.2 Third party requester

This requester (is someone other than a personal requester) and is entitled to request access to information pertaining to a third party/ ies.
However, RSAWEB is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of PAIA/ the Act, which includes notifying the third party that such a request has been made. The prescribed fee for reproduction of the information requested will be charged by RSAWEB.

3.3 Request Procedure

A requester must comply with all the procedural requirements contained in the Act relating to a request for access to a record. For instance, RSAWEB may only process your request once the requirements in terms of PAIA have been met.

A requester may submit a request in the prescribed Form and submit it to our Information Officer. The prescribed request form must be filled in with enough information to at least enable the information officer to identify:

• The record or records requested
• The identity of the requester
• What form of access is required
• The postal address or email address of the requester.

A requester must state that he or she requires the information to exercise or protect a right, and clearly state what the nature of the right is, so to be exercised or protected.

The requester must also provide an explanation of why the requested record is required for the exercise or protection of that right.

RSAWEB will process a request within 30 days, unless the requestor has stated special reasons which would satisfy the information officer that circumstances dictate that this period not be complied with.

The requester shall be informed in writing whether access has been granted or denied. If, in addition, the requester requires the reasons for the decision in any other manner, he or she must state the way it is required. If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is making the request to the satisfaction of the information officer.

If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally to the information officer.

3.4 Decision

3.4.1 The Information Officer will, within 1 calendar month (30- day) of the date of receipt of the request, decide whether to grant or decline the request.

3.4.2 The 30-day period may be extended for a further period if the request is for a large amount of information or the request requires a search for information held at another office of RSAWEB and the information cannot reasonably be obtained within the original 30-day period.

The Information Officer will notify the Requester in writing should an extension be sought.

3.5 Grounds For Refusal Of Access To Records In Terms Of PAIA:

The following are the grounds on which RSAWEB may, subject to the exceptions contained in Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:

3.5.1 Mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable.

3.5.2 Mandatory protection of the commercial information of a third party, if the Records contain:

a) Trade secrets of that third party;
b) Financial, commercial, scientific, or technical information of the third party, the disclosure of
which could likely cause harm to the financial or commercial interests of that third party; and/or
c) Information disclosed in confidence by a third party to RSAWEB, the disclosure of which
could put that third-party at a disadvantage in contractual or other negotiations or prejudice the
third party in commercial competition.

3.5.3 Mandatory protection of confidential information of third parties if it is protected in terms of
any agreement.

3.5.4 Mandatory protection of the safety of individuals and the protection of property.

3.5.5 Mandatory protection of Records that would be regarded as privileged in legal proceedings.

3.5.6 Protection of the commercial information of RSAWEB, which may include:

a) Trade secrets;

b) Financial/commercial, scientific, or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of RSAWEB;
c) Information which, if disclosed, could put RSAWEB at a disadvantage in contractual or other negotiations or prejudice RSAWEB in commercial competition; and/or
d) Propriety software which are developed and ow, and which are protected by copyright and intellectual property laws.

3.5.7 Research information of RSAWEB or a third party, if such disclosure would place the research or the researcher at a serious disadvantage, and

3.5.8 Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.

3.6 Remedies Available To The Requester Upon Refusal Of A Request For Access Of PAIA

After submitting a complaint in the prescribed form provided in this Manual, and where RSAWEB is unable to resolve your complaint within one month (or extended period), to your satisfaction, you have the right to refer your complaint to the below details.

3.6.1 Internal remedies

RSAWEB does not have internal appeal procedures. As such, the decision made by the
Information Officer is final, and Requesters will have to exercise such external remedies at their
disposal if the Request for Access is refused.

3.6.2 External remedies
Any person wishing to lay a matter of concern or complaint may do so at the Information
Regulator of South Africa.

Website: www.inforegulator.org.za

Email: [email protected]

In respect of European Data Subjects at:

The supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged GDPR infringement. See link that provides details of the list of supervisory authority’s details: https://edpb.europa.eu/aboutedpb/board/members_en

3.7 Availability Of This Manual

3.7.1. This Manual is available for inspection by the public, upon request, during office hours
and free of charge at RSAWEB’s offices.

3.7.2. This Manual is also published on RSAWEB’s website www.rsaweb.co.za

4. Fees

The Act provides for two types of fees:

1. A request fee, (which will be a standard fee) When a request is received by the information officer of RSAWEB, the information officer shall by notice require the requester, other than a personal requester, to pay the prescribed request fee, if any, before further processing of the request can take place. If a search for the information is necessary and the preparation and disclosure of the information for disclosure, requires more time than prescribed in the regulations for this purpose, the information officer shall notify the requester to pay as a deposit if the request is granted.

The information officer shall withhold information until the requester has paid the fee or fees indicated.

2. Reproduction/ Access fee

A requester whose request for access to information has been granted, must pay an access fee reproduction, for search, preparation, and for any time more than the prescribed hours to prepare the information for disclosure including making arrangements to make it available in the request form. If a deposit has been paid in respect of a request for access, which is refused, then the information officer shall repay the deposit to the requester.

Below is a guideline for reproduction fees:

5. Categories Of Records Held By The Company: Section 51(1)(E)

5.4 Companies Act Records
5.4.1 Company Incorporation
5.4.2 Names of Directors
5.4.3 Salaries of Directors
5.4.4 Minutes of Board Meetings
5.4.5 Records relating to the appointment of directors / auditor / secretary / public officer and
other officers.

5.5 Financial Records
5.5.1 Financial Statements
5.5.2 Documents relating to taxation of the company
5.5.3 Accounting Records
5.5.4 Financial Agreements

5.6 Agreements or Contract Records
5.6.1 Standard Agreements
5.6.2 Contracts concluded with Companies
5.6.3 Contracts concluded with Customers
5.6.4 Third Party Contracts (such as Service Level Agreements etc.)
5.6.5 Suppliers Contracts

5.7 Employees
5.7.1 List of Employees
5.7.2 Personal Information of Employees
5.7.3 Employee Contracts of Employment
5.7.4 Salaries of Employees
5.7.5 Leave Records

5.8 Company Policies and Directives
5.8.1 Internal relating to employees and the company
5.8.2 External relating to clients and other third parties.

5.9 Regulatory
5.9.1 Licenses or Authorities

5.10 Customer Information
5.10.1 Customer Details
5.10.2 Contact details of individuals within Customers
5.10.3 Communications with Customers
5.11 Systems, Solutions, and Information Technology
5.11.1 Intellectual property pertaining to solutions and products developed.
5.11.2 Usage of solutions and products.

6. Protection of Personal Information (POPIA Compliance)

6.1 Conditions of Processing

Chapter 3 of POPI provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in POPI. Below is a description of the eight Conditions for
Lawful Processing as contained in POPI:

a) Accountability – the Responsible Party has an obligation to ensure that there is compliance with POPI in respect of the Processing of Personal Information.

b) Processing limitation – Personal Information must be collected directly from a Data Subject to the extent applicable; must only be processed with the consent of the Data Subject and must only be used for the purposes for which it was obtained.

c) Purpose specification – Personal Information must only be processed for the specific purpose for which it was obtained and must not be retained for any longer than it is needed to achieve such purpose.

d) Further processing limitation – further processing of Personal Information must be compatible with the initial purpose for which the information was collected.

e) Information quality – the Responsible Party must ensure that Personal Information held is accurate and updated regularly and that the integrity of the information is maintained by appropriate security measures.

f) Openness – there must be transparency between the Data Subject and the Responsible Party.

g) Security safeguards – a Responsible Party must take reasonable steps to ensure that adequate safeguards are in place to ensure that Personal Information is being processed responsibly and is not unlawfully accessed.

h) Data Subject participation – the Data Subject must be made aware that their information is being processed and must have provided their informed consent to such processing.

6.2 Purpose of the Processing of Personal Information by RSAWEB

As outlined in paragraph 6.1(c), Personal Information may only be Processed for a specific purpose. The purposes for which RSAWEB processes or will process Personal Information is in line with the Act and with the informed consent of all parties.

6.3 Categories of Data Subjects and Personal Information/special Personal Information
relating thereto.

As per section 1 of POPI, a Data Subject may either be a natural or a juristic person (persons who are deceased are not covered in terms of this definition). The Privacy Policy sets out the various categories of Data Subjects that RSAWEB Processes Personal Information on and the
types of Personal Information relating thereto.

6.4 Recipients of Personal Information
RSAWEB uses safeguards both internal and external to maintain the integrity and safety of all its data subjects. Further, RSAWEB reinforces its responsibilities under POPIA by only engaging with Operators who also subscribe to POPI requirements.

6.5 Cross-Border Flows Of Personal Information

Section 72 of POPI provides that Personal Information may only be transferred out of the Republic of South Africa:

a) If the recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws must be substantially like the Conditions for Lawful Processing as contained in POPI; or

b) If the Data Subject consents to the transfer of their Personal Information; or

c) If the transfer is necessary for the performance of a contractual obligation between the Data Subject and the Responsible Party; or

d) If the transfer is necessary for the performance of a contractual obligation between the Responsible Party and a third party, in the interests of the Data Subject; or

e) If the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to obtain the consent of the Data Subject, and if it were, the Data Subject, would likely provide such consent.

6.6 RSAWEB has trans-border flows of Personal Information as described below:

6.6.1 we make use of systems hosted in European territories and Personal Information may be stored in European zones which would be subject to strict data protection laws in line with the GDPR.

6.6.2 Before signing an agreement with a third-party service provider that we are required to share Personal Information with, we ensure that their data protection standards are in line with those outlined in Information Protection Laws and request that this obligation is provided for in
writing.

6.7 Description of information security measures to be implemented by RSAWEB

A preliminary assessment of the information security measures implemented or to be implemented by RSAWEB may be conducted to ensure that the Personal Information is processed and is safeguarded in accordance with the Conditions for Lawful Processing

6.8 Objection to the Processing of Personal Information by a Data Subject

Section 11 (3) of POPI and regulation 2 of the POPI Regulations provides that a Data Subject may, at any time object to the Processing of Personal Information and should make such objections in writing to the Information Officer.

6.9 Request for correction or deletion of Personal Information

Section 24 of POPI and regulation 3 of the POPI Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form on the website of the Information Regulator.

 We are formally recognised as compliant by the Internet Service Providers Association. The Internet Service Providers Association (ISPA) is a South African Internet industry body not for gain. ISPA is a voluntary organisation, representing the interests of its members. Visit their website here. (http://ispa.org.za/code-of-conduct/) 

Please don’t pirate any content from our website for financial benefit. 

Notice specific to copyrighted material owned my RSAWEB CC hereby gives you permission to retrieve, store, cite or refer to or print material from this website only for educational, non-commercial or personal use. 

You are not permitted to reproduce, publish, perform, broadcast, make an adaptation of, sell, let or offer or expose or hire any copy of the materials without the prior written permission of RSAWEB CC 

Copyright Notice: © RSAWEB. All rights reserved. 

We will be notified if someone reports an illegal website hosted on our systems. 

In terms of section 75 of the Electronic Communications and Transactions Act (“the Act”) RSAWEB has designated the Internet Service Providers’ Association as an agent to receive notifications of infringements as defined in Section 77 of the Act. 

For further details contact the Internet Service Providers’ Association 

– Internet Service Providers’ Association (ISPA) 

– Address: PO Box 518, Noordwyk, 1687 

– Telephone: 010 500 1200 

– Fax: 086 606 4066 

– Take-down notice email: [email protected] 

– Take-down notice information and form: https://ispa.org.za/tdn/ 

1. Traffic to the website is uncapped, subject to the other terms in this agreement. 
2. Once the allocated disk space of a package has been reached, over usage rates will be in effect. 
3. In addition to RSAWEB’s Terms and Acceptable Use Policy contained in the General Terms, the following conditions apply: 
   3.1 Shared Webhosting services are intended for the hosting of typical website content, to serve the needs of the normal operation of a personal or small home business website. 
   3.2 The service is not intended to support the sustained demand of medium to large enterprises or non-typical applications better suited to a dedicated/cloud server. 
   3.3 Disk Space is not intended for online file storage or archiving electronic files, documents, log files, backups, other non-web based content or FTP hosts, all of which is prohibited. 
   3.4 All password-protected archive (zip and rar) files not acceptable on RSAWEB servers. 
   3.5 All downloadable files or files stored on the Server must be directly related to the general nature of the Website index. All files on a Domain must be part of the active Website and linked to the site. 
   3.6 Shared Webhosting and Database Disk Space are intended to accommodate the files necessary for publishing a website. Storage, exchange and download of additional files within the Customer’s web hosting space, in a peer-to-peer arrangement or for any other purpose is not allowed. 
4. Domain Renewal 
   4.1 RSAWEB will register a domain for a specified initial period, i.e., 12 months 
   4.2 After the initial period, the customer is solely responsible to renew the domain at the end of the initial period, and subsequent periods thereafter, until such a time that the domain is cancelled or transferred by the customer. 
   4.3 Domains set to auto-renew, will also be the responsibility of the customer. Should the auto-renewal process fail, the customer must inform RSAWEB of the failure. 
   4.4 RSAWEB will endeavour to send a courtesy reminder to the customer via electronic communication, such as, email or SMS. Such reminders are a courtesy and in no way transfer responsibility of renewing the domain from the customer to RSAWEB. 
   4.5 Should a reminder fail to reach or failed to be issued to the customer, this will not constitute a breach of the agreement, as it is a courtesy. 
   4.6 Customers registering domains are responsible to note the date of the domain registration and ensure the renewal is effective. 
   Customers with renewal queries should contact our Service Desk 

At RSAWEB, we’re dedicated to bringing you engaging and innovative marketing experiences. As part of our commitment to creativity and efficiency, we employ artificial intelligence (AI) technologies to generate images, including those of people, used in our advertising campaigns.

Transparency and Integrity: Please be aware that some of the individuals depicted in our advertisements are not real persons, but rather, are created by AI based on extensive data models. These images are designed to represent the diverse communities we serve and to showcase our products/services in a relatable manner.

Ethical Consideration: RSAWEB prioritises ethical considerations and ensures that our use of AI-generated images is conducted with respect and sensitivity towards individual privacy and likeness rights. Our goal is to celebrate human diversity without misrepresentation or infringing on personal rights.

Purpose of Use: The AI-generated images are intended to illustrate and promote our products/services in a manner that resonates with our audience. These images are purely illustrative and do not represent actual clients or endorsements.

Commitment to Compliance: RSAWEB adheres to all applicable laws and regulations regarding advertising and privacy. We are committed to maintaining the highest standards of transparency and ethical marketing practices.