PAIA & POPI Manual

Privacy is paramount

Published in terms of Section 51 of the Promotion of Access to Information Act 2 of 2000

This manual applies to

GET FRANCK (PTY) LIMITED

Registration number: 2021/315101/07

(“Organisation”)

  • BACKGROUND TO THE PROMOTION OF ACCESS TO INFORMATION ACT
    • The Promotion of Access to Information Act, No.2 of 2000 (“PAIA Act”) was enacted on 3 February 2000, giving effect to the constitutional right in terms of section 32 of the Bill of Rights contained in the Constitution of the Republic of South Africa 108 of 1996 (the “Constitution”) of access to any information held by the state and any information that is held by another person that is required for the exercise or protection of any rights.
    • In terms of section 51 of the PAIA Act, all private bodies (juristic and natural persons) are required to compile an Information Manual (“PAIA Manual”).
    • Where a request is made in terms of the PAIA Act, the body to whom the request is made is obliged to release the information, subject to applicable legislative and/or regulatory requirements, except where the PAIA Act expressly provides that the information may be adopted when requesting information from a public or private body.
  • DETAILS OF ORGANISATION THIS MANUAL APPLIES TO
    • This manual was prepared in accordance with section 51 of the PAIA Act and to address requirements of the POPI Act for the Organisation.
    • The Organisation is a digital platform that empowers users by delivering affordable and integrated mental healthcare, by offering instant access to a global network of certified mental health practitioners, resources and tools.
    • This PAIA manual is available at its premises: Unit 2, Lifestyle Management Park, 221 Clifton Avenue, Centurion, Pretoria, as well as on its website: www.getfranck.com.
  • PURPOSE
    • The purpose of the PAIA Act is to promote the right of access to information, to foster a culture of transparency and accountability within the Organisation by giving the right to information that is required for the exercise or protection of any right and to actively promote a society in which the people of South Africa have effective access to information to enable them to exercise and protect their rights.
    • In order to promote effective governance of private bodies, it is necessary to ensure that everyone is empowered and educated to understand their rights in relation to public and private bodies.
    • Section 9 of the PAIA Act recognizes that the right to access information cannot be unlimited and should be subjected to justifiable limitations, including, but not limited to:
      • limitation aimed at the reasonable protection of privacy;
      • commercial confidentiality;
      • effective, efficient and good governance,
    • and in a manner which balances that right with any other rights, including such rights contained in the Bill of Rights in the Constitution.
    • This PAIA manual complies with the requirements of the guide contained in section 10 of the PAIA Act and recognizes that upon commencement of the POPI Act, that the appointed Information Regulator will be responsible to regulate compliance with the PAIA Act and its regulations by private and public bodies.
  • CONTACT DETAILS [Section 51(1)(a)]
    • The details of the Organisation that adopted this PAIA Manual is as follows:
Managing Director Eidde Francke
Registered Address Unit 2, Lifestyle Management Park, 221 Clifton Avenue, Centurion, Pretoria
Telephone Number +27 82 866 2178
Website www.getfranck.com
  • THE INFORMATION OFFICER [Section 51(1)(b)]
    • The PAIA Act prescribes the appointment of an Information Officer for the public bodies where such Information Officer is responsible to, inter alia, assess requests for access to information.
    • The head of a private body fulfils such a function in terms of section 51 of the PAIA Act. The Organisation has opted to appoint the following person as Information Officer to assess such a request for access to information as well as to oversee its required functions in terms of the PAIA Act:
Information Officer Helena Vorster
Address Unit 2, Lifestyle Management Park, 221 Clifton Avenue, Centurion, Pretoria
Telephone Number +27 829205221
E-mail helena@getfranck.com

    • The Information Officer appointed in terms of the PAIA Act also refers to the Information Officer as referred to in the POPI Act. The Information Officer oversees the functions and responsibilities as required for in terms of both the PAIA Act as well as the duties and responsibilities in terms of section 55 of the POPI Act after registering with the Information Regulator.
    • The Information Officer may appoint, where it deemed necessary, Deputy Information Officers, as allowed in terms of section 17 of the PAIA Act as well as section 56 of the POPI Act. The Organisation has opted not to appoint a Deputy Information Officer.
    • This is to render the Organisation as accessible as reasonable possible for requesters of its records and to ensure fulfilment of its obligations and responsibilities as prescribed in terms of section 55 of the POPI Act. All requests for information in terms of the PAIA Act must be addressed to the Information Officer.
  • GUIDE OF SA HUMAN RIGHTS COMMISSION AND THE INFORMATION REGULATOR [Section 51(1)(b)]
    • The PAIA Act grants a Requester access to records of a private body, if the record is required for the exercise to protection of any rights.
    • Requests in terms of the PAIA Act shall be made in accordance with the prescribed procedures, at the rates provided. The forms and tariff are dealt with in paragraphs 6 and 7 of the PAIA Act.
    • Requests are referred to the Guide in terms of section 10 of the PAIA Act which has been compiled by the South African Human Rights Commission (“SAHRC”), which will contain information for the purposes of exercising Constitutional Rights. The Guide is available from the SAHRC.
    • The contact details of the SAHRC are:
Contact Body The South African Human Rights Commission
Physical Address PAIA Unit
29 Princess of Wales Terrace
Cnr York and Andrew Streets
Parktown
Postal Address Private Bag 2700
Houghton
2041
Telephone Number +27 11 877 3600
E-mail PAIA@sahrc.org.za
Website www.sahrc.org.za
    • Sections 110 and 114(4) of the POPI Act states that the SAHRC will be replaced as the Regulator under the PAIA Act and will be replaced with the Information Regulator. The Information Officer will take over the PAIA functions from SAHRC on such date as agreed to between the parties. Until then requests to access records of a private body can be made to the SAHRC or to the Information Regulator as follows:
Contact Body The Information Regulator (South Africa)
Physical Address JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal Address P.O Box 31533, Braamfontein, Johannesburg, 2017
Telephone Number +27 (0)12 406 4818
E-mail inforeg@justice.gov.za
Website www.justice.gov.za/inforeg
  • LATEST NOTICE IN TERMS OF SECTION 52(2) (IF ANY) [Section51(1)(c)]
    • No notice has been published on the categories of records that are automatically available without a person having to request access in terms of section 52(2) of the PAIA Act.
  • SUBJECTS AND CATEGORIES OF RECORDS AVAILABLE ONLY ON REQUEST TO ACCESS IN TERMS OF THE ACT [Section 51(1)(e)]
    • Records held by the Organisation
    • This clause serves as reference to the categories of information that the Organisation holds. The information is classified and grouped according to records relating to the following subjects and categories:
Subject Category
Companies Act Records Documents of Incorporation
Index of names of Directors
Memorandum of Incorporation
Minutes of meetings of the board of directors
Minutes of meetings of shareholders
Proxy forms
Register of directors ’shareholdings
Share certificates
Share Register and other statutory registers and/or records and/or documents
Special resolutions/Resolutions passed at General and
Records relating to the appointment of:
Auditors
Directors
Prescribed officers
Public Officers
Secretary
Financial Records Accounting records
Annual Financial Reports
Annual Financial Statements
Asset Registers
Bank statement
Banking details and bank accounts
Banking records
General ledgers and subsidiary ledgers
General reconciliation
Invoices
Policies and procedures
Tax returns
Income Tax records PAYE Records
Documents issued to employees for income tax purposes
Records of payments made to SARS on behalf of employees
All other statutory compliances:
VAT
UIF
Workmen’s Compensation
Sales Customer details
Information and records provided by a third party
Marketing Advertising and promotional material
IT Computer/mobile device usage policy documentation
Disaster recovery plans
Hardware asset registers
Information security policies/standard/procedures
Information technology systems and user manuals
Information usage policy documentation
Project implementation plans
Software licensing
System documentation and manuals
    • Note that the accessibility of the records may be subject to the grounds of refusal set out in this PAIA Manual.
    • permission from the third party concerned, in addition to normal requirements, before the Organisation will consider access.
  • RECORDS AVAILABLE WITHOUT REQUEST TO ACCESS IN TERMS OF THE PAIA ACT
    • Records of a public nature may be accessed without the need to submit a formal application.
    • Other non-confidential records, such as statutory records maintained at Companies and Intellectual Property Commission, may also be accessed without the need to submit a formal application. However, please note that an appointment to view such records will still have to be made with the Information Officer.
  • DESCRIPTION OF RECORDS OF THE BODY WHICH ARE AVAILABLE IN ACCORDANCE WITH ANY OTHER LEGISLATION [Section 51(1)(d)]
  • Where applicable to its operations, the Organisation also retains records and documents in terms of the legislation below. Unless disclosure is prohibited in terms of legislation, regulations, contractual agreement or otherwise, records that are required to be made available in terms of these shall be made available for inspection by interested parties in terms of the requirements and conditions of the PAIA Act and the POPI Act or in terms of the below mentioned legislation and applicable internal policies, should such interested parties be entitled to such information.
  • A request to access must be done in accordance with the prescriptions of the PAIA Act.
  • The legislation applicable to the Organisation may include but are not limited to the following:
    • Basic Conditions of Employment Act, No 75 of 1997;
    • Broad-Based Black Economic Empowerment Act, No 53 of 2003;
    • Business Act, No71 of 1991;
    • Children’s Act Regulations 2010;
    • Companies Act, No 71 of 2008;
    • Compensation for Occupational Injuries & Diseases Act, 130 of 1993;
    • Competition Act, No 71 of 2008;
    • Communicable Diseases Regulation 2008;
    • Constitution of the Republic of South Africa 2008;
    • Copyright Act, No 98 of 1978;
    • Criminal Law (Sexual Offences and Related Matters) Amendment Act 2007;
    • Domestic Violence Act 1998;
    • Electronic Communications Act, No 36 of 2005;
    • Electronic Communications and Transactions Act No 25 of 2002;
    • Employment Equity Act No 55 of 1998;
    • Health Professions Act 1974;
    • Identification Act, No 68 of 1997;
    • Income Tax Act, No 58 of 1962;
    • Intellectual Property Laws Amendment Act No 38 of 1997;
    • Labour Relations Act, No 66 of 1995;
    • Mental Healthcare Act 2002;
    • National Health Act 2003;
    • Nursing Act 33 of 2005;
    • Older Persons Act 2006;
    • Occupational Health and Safety Act, No 85 of 1993;
    • Prescription Act, No 68 of 1969;
    • Prevention of Organised Crime Act, No 121 of 1998;
    • Promotion of Access to Information Act, No. 2 of 2000;
    • Protection of Personal Information Act, No 4 of 2013;
    • Regulations of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002;
    • Revenue Laws Second Amendment Act No. 61 of 2008;
    • Sexual Offences Act 2007;
    • Unemployment Insurance Contributions Act 4 of 2002;
    • Unemployment Insurance Act no.30 of 1966; and
    • Value Added Tax Act 89 of 1991;
  • It is further recorded that the accessibility of documents and records may be subject to the grounds of refusal set out in this PAIA Manual.
  • DETAIL TO FACILTATE A REQUEST FOR ACCESS TO A RECORD OF THE ORGANISATION [Section 51(1)(e)]
    • The Requester, as defined in the PAIA Act, must comply with all the procedural requirements contained in the PAIA Act relating to the request for access to a record.
    • The Requester must complete the prescribed form and submit same as well as payment of a request fee and a deposit (if applicable) to the Information Officer or the Deputy Information Officer at the postal or physical address or electronic mail address as noted in clause 5 above.
    • The form can be obtained from the Information Regulator’s website www.justice.gov.za/inforeg (Form C – Request for access to record of Private Body).
    • The prescribed from must be filled in with sufficient information to enable the Information Officer to identify:
      • the record or records requested; and
      • the identity of the requester.
    • The Requester should indicate which form of access is required and specify a postal address or fax number of the Requester in the Republic of South Africa.
    • The Requester must state that he/she requires the information in order to exercise or protect a right, and clearly state what the nature of the right is so to be exercised or protected. The Requester must clearly specify why the record is necessary to exercise or protect such a right (section 53(2)(d) of the PAIA Act).
    • The Organisation will process the request within 30 (thirty) days, unless the Requester has stated special reasons to the satisfaction of the Information Officer that circumstances dictate that the above time periods not be complied with.
    • The Requester shall be advised whether access is granted or denied in writing. If, in addition, the Requester requires the reasons for the decision in any other manner, the Requester will be obliged to state which manner and the particulars required.
    • If a request is made on behalf of another person, then the Requester must submit proof of the capacity in which the Requester is making the request to the reasonable satisfaction of the Information Officer (section 53(2)(f) of the PAIA Act).
    • If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.
    • The Requester must pay the prescribed fee, before any further processing can take place.
    • All information as listed in this clause 11 herein should be provided and failing which the process will be delayed until the required information is provided. The prescribed time periods will not commence until the Requester has furnished all the necessary and required information. The Information Officer shall sever a record, if possible, and grant only access to that portion requested and which is not prohibited from being disclosed.
  • REFUSAL OF ACCESS TO RECORDS
    • Grounds to Refuse Access
      • A private body such as the Organisation is entitled to refuse a request for information.
      • The main grounds for the Organisation to refuse a request for information relates to the:
        • mandatory protection of the privacy of a third party who is a natural person or a deceased person (section 63) or a juristic person, as included in POPI Act, which would involve the unreasonable disclosure of personal information of that natural or juristic person;
        • mandatory protection of personal information and for disclosure of any personal information to, in addition to any other legislative, regulatory or contractual agreements, to comply with the provisions of the POPI Act;
        • mandatory protection of the commercial information of a third party (section 64 of the PAIA Act) if the record contains:
          • trade secrets of the third party;
          • financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of that third party; or
          • information disclosed in confidence by a third party to the Organisation, if the disclosure could put that third party at a disadvantage in negotiations or commercial competition;
        • mandatory protection of confidential information of third parties (section 65 of the PAIA Act) if it is protected in terms of any agreement;
        • mandatory protection of the safety of individuals and the protection of property (section 66 of the PAIA Act);
        • mandatory protection of records which would be regarded as privileged in legal proceedings (section 67 of the PAIA Act);
        • the commercial activities (section 68 of the PAIA Act) of a private body, such as the Organisation, which may include:
          • trade secrets of the Organisation;
          • financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of the Organisation;
          • information which, if disclosed could put the Organisation at a disadvantage in negotiations or commercial competition;
          • a computer program which is owned by the Organisation, and which is protected by copyright; or
          • the research information (section 69 of the PAIA Act) of the Organisation or a third party, if its disclosure would disclose the identity of the Organisation, the researcher or the subject matter of the research and would place the research at a serious disadvantage; or
        • requests for information that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources shall be refused.
      • All requests for information will be assessed on their own merits and in accordance with the applicable legal principles and legislation.
      • If a requested record cannot be found or if the record does not exist, the Information Officer shall, by way of an affidavit or affirmation, notify the Requester that it is not possible to give access to the requested record. Such a notice will be regarded as a decision to refuse a request for access to the record concerned for the purpose of the PAIA Act. If the record should later be found, the Requester shall be given access to the record in the manner stipulated by the Requester in the prescribed form, unless the Information Officer refuses access to such record.
  • REMEDIES AVAILABLE WHEN THE ORGANISATION REFUSES A REQUEST
    • Internal Remedies
      • The Organisation does not have internal appeal procedures. The decision made by the Information Officer is final.
      • Requesters will have to exercise such external remedies at their disposal if the request for information is refused and the Requestor is not satisfied with the answer supplied by the Information Officer.
    • External Remedies
    • A Requestor that is dissatisfied with the Information Officer’s refusal to disclose information, may within 30 (thirty) days of notification of the decision, may apply to a Court for relief.
    • For purposes of the PAIA Act, the Courts that have jurisdiction over these applications are the Constitutional Court, the High Court or another court of similar status and a Magistrate’s Court designated by the Minister of Justice and Constitutional Development, and which is presided over by a designated Magistrate.
  • ACCESS TO RECORDS HELD BY THE ORGANISATION
    • Prerequisites for Access by Personal/Other Requester
      • Records held by the Organisation may be accessed by requests only once the prerequisite requirements for access have been met.
      • A Requester is any person making a request for access to a record of the Organisation.
      • There are 2 (two) types of requesters:
        • Personal Requester
          A personal requester is a requester who is seeking access to a record containing personal information about the Requester. The Organisation will voluntarily provide the requested information, or give access to any record with regard to the requester’s personal information. The prescribed fee for reproduction of the information requested will be charged.
      • Other Requester
        • This Requester (other than a personal requester) is entitled to request access to information on third parties.
        • In considering such a request, the Organisation will adhere to the provisions of the PAIA Act. Section 71 of the PAIA Act requires that the Information Officer take all reasonable steps to inform a third party to whom the requested record relates of the request, informing him/her that he/she may make a written or oral representation to the Information Officer why the request should be refused or, where required, give written consent for the disclosure of the Information.
    • The Organisation is not obliged to voluntarily grant access to such records. The Requester must fulfil the prerequisite requirements, in accordance with the requirements of the PAIA Act and as stipulated in Chapter 5: Part 3, including the payment of a request and access fee.
  • PRESCRIBED FEES [Section 51(1)(f)]
    • Fees Provided by the PAIA Act
      • The PAIA Act provides for 2 (two) types of fees, namely:
      • a request fee, which is a form of administration fee to be paid by all Requesters except personal requesters, before the request is considered and is not refundable; and
    • an access fee, which is paid by all Requesters in the event that a request for access is granted. This fee is inclusive of costs involved by the private body in obtaining and preparing a record for delivery to the Requester.
    • When the request is received by the Information Officer, such officer shall by notice require the Requester, other than a personal requester, to pay the prescribed request fee, before further processing of the request (section 54(1) of the PAIA Act).
    • If the search for the record has been made and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the Information Officer shall notify the Requester to pay as a deposit the prescribed portion of the access fee which would be payable if the request is granted.
    • The Information Officer shall withhold a record until the Requester has paid the fees as indicated below.
    • A Requester whose request for access to a record has been granted, must pay an access fee that is calculated to include, where applicable, the request fee, the process fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available in the request form.
    • If a deposit has been paid in respect of a request for access, which is refused, then the Information Officer concerned must repay the deposit to the Requester.
  • REPRODUCTION FEE
    • Where the Organisation has voluntarily provided the Minister with a list of categories of records that will automatically be made available to any person requesting access thereto, the only charge that may be levied for obtaining such records, will be a fee for reproduction of the record in question, which will be as follows:
Reproduction of Information Fees Fees to be Charged
Information in an A-4 size page photocopy or part thereof R 1,10
A printed copy of an A4-size page or part thereof R 0,75
A copy in computer-readable format, for example: Compact disc R 70,00
A transcription of visual images, in an A4-size page or part thereof R 40,00
A copy of visual images R 60,00
A transcription of an audio record for an A4-size page or part thereof R 20,00
A copy of an audio record R 30,00
    • Request Fees
      • Where a Requester submits a request for access to information held by an institution on a person other than the Requester himself/herself, a request fee in the amount of R50,00 is payable up-front before the institution will further process the request received.
    • Access Fees
      • An access fee is payable in all instances where a request for access to information is granted, except in those instances where payment of an access fee is specially excluded in terms of the PAIA Act or an exclusion is determined by the Minister in terms of section 54(8) of the PAIA Act. The applicable access fees which will be payable are:
Reproduction of Information Fees Fees to be Charged
Information in an A4-size page photocopy or part thereof R 1,10
A printed copy of an A4-size page or part thereof R 0,75
A copy in computer-readable format, for example: USB
Compact disc
R 7,50
R 70,00
A transcription of visual images, in an A4-size page or part thereof R 40,00
A copy of visual images R 60,00
A transcription of an audio record for an A4-size page or part thereof R 20,00
A copy of an audio record
*Per hour or part of an hour reasonably required for such search.
R 30,00*
Where a copy of a record need to be posted the actual postal fee is payable.
    • Deposits
      • Where the institution receives a request for access to information held on a person other than the Requester himself/herself and the Information Officer upon receipt of the request is of the opinion that the preparation of the required record of disclosure will take more than 6 (six) hours, a deposit is payable by the Requester. The amount of the deposit is equal to 1/3 (one third) of the amount of the applicable access fee.
    • Collection Fees
      • The initial “request fee” of R50,00 should be deposited into the bank account nominated by the Organisation and a copy of the deposit slip, application form and other correspondence / documents, forwarded to the Information Officer via fax/ email.
      • All fees are subject to change as allowed for in the PAIA Act and as a consequence such escalations may not always be immediately available at the time of the request being made.
      • Requesters shall be informed of any changes in the fees prior to making a payment.
  • DECISION
    • Time Allowed to Institution
      • The Organisation will, within 30 (thirty) days of receipt of the request, decide whether to grant or decline the request and give notice with reasons (if required) to that effect.
      • The 30 (thirty) day period within which the Organisation has to decide whether to grant or refuse the request, may be extended for a further period of not more than (30) thirty days if the request is for a large number of information, or the request requires a search for information held at another office of the Organisation and the information cannot reasonably be obtained within the original 30 (thirty) day period.
      • The Organisation will notify the Requester in writing should an extension be sought.
  • PROTECTION OF PERSONAL INFORMATION THAT IS PROCESSED BY THE ORGANISATION
    • The POPI Act requires the Organisation to inform their clients as to the manner in which their Personal Information is used, disclosed and destroyed.
    • Chapter 3 of the POPI Act provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in the POPI Act.
    • In this clause 18 words and phrases shall have the meanings assigned to them as in the POPI Act.
    • The Organisation needs Personal Information relating to both individual and juristic persons in order to carry out its business and organisational functions. The manner in which this information is Processed and the purpose for which it is Processed is determined by the Organisation. The Organisation is accordingly a Responsible Party for the purposes of the POPI Act and will ensure that the Personal Information of a Data Subject:
      • is processed lawfully, fairly and transparently. This includes the provision of appropriate information to Data Subjects when their data is collected by the Organisation, in the form of privacy or data collection notices. The Organisation must also have a legal basis (for example, consent) to process Personal Information;
      • is processed only for the purposes for which it was collected;
      • will not be processed for a secondary purpose unless that processing is compatible with the original purpose.
      • is adequate, relevant and not excessive for the purposes for which it was collected;
      • is accurate and kept up to date;
      • will not be kept for longer than necessary;
      • is processed in accordance with integrity and confidentiality principles. This includes physical and organisational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, used and communicated by the Organisation, in order to protect against access and acquisition by unauthorised persons and accidental loss, destruction or damage;
    • is processed in accordance with the rights of Data Subjects, where applicable. Data Subjects have the right to:
      • be notified that their Personal Information is being collected by the Organisation. The Data Subject also has the right to be notified in the event of a data breach;
      • know whether the Organisation holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this PAIA Manual;
      • request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;
      • object to the Organisation’s use of their Personal Information and request the deletion of such Personal Information (deletion would be subject to the Organisation’s record keeping requirements);
      • object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications; and
      • complain to the Information Regulator regarding an alleged infringement of any of the rights protected under the POPI Act and to institute civil proceedings regarding the alleged non- compliance with the protection of his, her or its personal information.
    • Purpose of the Processing of Personal Information by the Organisation
      • As outlined above, Personal Information may only be processed for a specific purpose. The purposes for which the Organisation processes or will process Personal Information is:
    • Mental Health Practitioners:
    • to enter formal agreements with service providers (metal health practitioners) that will render the mental healthcare and other related services to online users of the Organisation’s online platform via its website or online mobile application;
    • to register the metal health practitioners as registered service providers on the Organisation’s online platform to enable them to render the required online services or to enable an online user to make direct contact with such service providers for a formal appointment or other assistance as may be required from time to time;
    • for communication purposes (subscription, account, enquiries and all other internal business and account related communication) via the selected communication channels of the Organisation;
  • Online users or patients:
    • to render the mental healthcare and other related services to online users of the Organisation’s online platform via its website of online mobile application;
    • for selected communication for opted services within the the Organisation’s online platform to receive the services;
    • to share the personal, medical information of an online user with the selected health care practitioner;
    • for invoicing and payment;
    • for the referral of online users to metal health practitioners;
    • for submission of claims to a Medical Aid for claim purposes; and
    • as may be required by law.
  • Categories of Data Subjects and Personal Information/Special Personal Information relating thereto
    • As per section 1 of the POPI Act, a Data Subject may either be a natural or a juristic person. Below are the types of Personal Information that will be collected:
  • Mental Health Practitioners –registered or full names, ID number, date of birth, cell number, work number, email address, physical work address, HPCSA registration number, practice number, speciality / registration category, short professional biography and photo of the practitioner/s.; and
  • Online users or patients – full names, ID number, date of birth, cell number, work number, email address, physical work address, Medical Aid name, Medical Aid number, next of kin, employer name, occupation, employer contact details, person responsible for account (if not medical aid) and this person’s contact details.
    • Recipients of Personal Information
      • The Organisation may provide a Data Subject’s Personal Information to the following recipients:
        • employees of the Organisation;
        • service providers and subcontractors of the Organisation;
        • medial aids; and
        • as required by law.
      • Cross-border flows of Personal Information
        • Section 72 of the POPI Act provides that Personal Information may only be transferred out of the Republic of South Africa if the:
          • recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws must be substantially similar to the Conditions for Lawful Processing as contained in the POPI Act; or
          • Data Subject consents to the transfer of their Personal Information; or
          • transfer is necessary for the performance of a contractual obligation between the Data Subject and the Responsible Party; or
          • transfer is necessary for the performance of a contractual obligation between the Responsible Party and a third party, in the interests of the Data Subject; or
          • the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to obtain the consent of the Data Subject, and if it were, the Data Subject, would in all likelihood provide such consent.
      • The Organisation’s planned cross-border transfers, if applicable, of Personal Information and the condition that applies thereto will be on the same terms and conditions as set out herein.
    • Description of information security measures to be implemented by the Organisation
      • The types of security measures to be implemented by the Organisation in order to ensure that Personal Information is respected and protected is:
        • anti-Virus programmes;
        • password protected computers;
        • information will only be accessible to employees with clearance within the Organisation and will be password protected; and
        • information will only be accessed for purposes of agreed-to services to be offered to the patients of the Organisation.
        • A preliminary assessment of the suitability of the information security measures implemented or to be implemented by the Organisation may be conducted in order to ensure that the Personal Information that is processed by the Organisation is safeguarded and Processed in accordance with the Conditions for Lawful Processing.
      • Objection to the Processing of Personal Information by a Data Subject
        • Section 11 (3) of the POPI Act and regulation 2 of the POPI Act Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its Personal Information in the prescribed form (Form 1 to be obtained under the POPI Act Regulations), subject to exceptions contained in the POPI Act.
      • Request for correction or deletion of Personal Information
        • Section 24 of the POPI Act and regulation 3 of the POPI Act Regulations provides that a Data Subject may in the prescribed form (Form 2 to be obtained under the POPI Act Regulations) request for their Personal Information to be corrected or deleted.
  • AVAILABILITY AND UPDATING OF THE PAIA MANUAL
    • This PAIA Manual is made available in terms of Regulation Number R.187 of 15 February 2002. The Organisation will update this PAIA Manual at such intervals as may be deemed necessary.
    • This PAIA Manual of the Organisation is available to view at its premises and on its website.
Document Owner: Ink Legal (Pty) Limited
Approved by: Helena Vorster
Date approved: September 2021
Due for review by Owner: September 2022
Version: 1

Get in touch

Unit 2, Lifestyle Management Park, 221 Clifton Avenue, Centurion, Pretoria

+27 79 848 3645

info@getfranck.com

Send a message