PAIA Manual – English

1.     Definitions and Interpretations

1.1.         Definitions

The following words or expressions will bear the following meaning in the Manual:

  • “Access fee” means fee prescribed for the purposes of Section 22 (6) of PAIA;
  • “Board” means the Board of the South African Responsible Gambling Foundation appointed through its Memorandum of Incorporation (MoI) as contemplated by the Companies Act, 71 of 2008 as amended.
  • “Data subject” means the natural or juristic person to whom Personal Information relates;
  • “Deputy information Officer” or “DIO” means the designated individual who is responsible for assisting the Information Officer with the administration of PAIA;
  • “Effective date” means the date of approval of this Manual by the Board of the Foundation;
  • Information Officeror “IO” means the Executive Director of the Foundation;
  • Internal appeal” means an internal appeal to the relevant authority in terms of Section 74 of PAIA;
  • Manual” means this manual, together with all annexures thereto as amended and made available by the Foundation from time to time;
  • “PAIA” means Promotion of Access to Information Act 2 of 2000 as Amended;
  • “POPIA” means Protection of Personal Information Act 4 of 2013;
  • Personal Information” has the meaning ascribed thereto under POPIA and specifically includes any form of information that can be used to identify a Data Subject;
  • POPIA” means the Protection of Personal Information Act, 2013 as amended from time to time together with the applicable regulations;
  • “POPIA Regulations” means the regulations relating to the Protection of Personal Information, 2018;
  • Record” shall bear the meaning ascribed thereto in PAIA and includes any recorded information under the control of the Foundation;
  • Processing” shall bear the meaning ascribed thereto in POPIA and “Process” has a corresponding meaning;
  • “Regulator” means Information Regulator;
  • “Republic” means Republic of South Africa;
  • “Request for access” means a request for access to a Record in terms of Section 11 of PAIA; and
  • Responsible Party” means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for Processing Personal Information.

 

1.2.         Interpretations

  • A reference to any statutory enactment shall be construed as a reference to that enactment as at the Effective Date of this Manual and as amended or substituted from time to time.
  • If any provision in a definition is a substantive provision conferring a right or imposing an obligation on any party then, notwithstanding that it is only in a definition, effect shall be given to that provision as if it were a substantive provision in the body of this Manual.
  • Where any word or expression is defined within a particular clause, that word or expression shall bear the meaning ascribed to it in that clause wherever it is used in this document.
  • Any reference to days (other than a reference to business days), months or years shall be a reference to calendar days, months or years, as the case may be. “Business day” or “Working day” means any day other than a Saturday, Sunday or Public Holiday as defined in Section 1 of the Public Holidays Act, 1994 (as amended).
  • When any number of days is prescribed in this Manual, the number shall be reckoned exclusive of the first and inclusive of the last day and if the last day is a Saturday, Sunday or Public Holiday, it shall be the next day which is not a Saturday, Sunday or Public Holiday.
  • Words importing any one gender shall include the other gender, and the singular shall include the plural, unless the context indicates otherwise.
  • The use of the word “including” followed by a specific example(s) shall not be construed as limiting the meaning of the general wording preceding it and the eiusdem generis rule shall not be applied in the interpretation of such general wording or such specific example(s).
  • Should there be a conflict in the interpretation of or application of this Manual and PAIA, the latter shall prevail.

2.     Introduction

  • This Manual has been prepared in accordance with Section 14 of the Promotion of Access to Information Act, 2000 (as amended) (“PAIA”).
  • The Manual may be amended from time to time, and as soon as any amendments have been effected, the latest version of the Manual will be published in accordance with PAIA.
  • Requesters are invited to contact the Information Officer or the Deputy Information Officer of the South African Responsible Gambling Foundation (“The Foundation”) should they require any assistance in respect of the use or content of this Manual.
  • The definitions provided in this Manual are solely for the purpose of this Manual.
  • The Manual does not purport to be exhaustive of or to comprehensively deal with every procedure provided for in PAIA. Requesters are advised to familiarise themselves with the provisions of PAIA before lodging any request with the Foundation.

3.     Scope of the Manual

  • This Manual has been prepared in respect of and applies to the Records of the South African Responsible Gambling Foundation

4.     Purpose of the manual

This PAIA Manual is useful for the public to-

  • check the categories of records held by the South African Responsible Gambling Foundation (“The Foundation”) which are available without a person having to submit a formal PAIA request;
  • have sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the Foundation holds records and the categories of records held on each subject;
  • know the description of the records of the Foundation which are available in accordance with any other legislation;
  • know all the remedies available from the Foundation regarding requests for access to the Records, before approaching the Regulator or the Courts;
  • describe the services available to Requester as provided by the Foundation, and how to gain access to those services;
  • outline the description of the Guide, as updated by the Regulator and how to obtain access to it;
  • understand if the Foundation will process Personal Information, the purpose of processing the same and the description of the categories of Data Subjects, and of the information or categories of information relating thereto;
  • know if the Foundation has planned to transfer or process Personal Information outside the Republic of South Africa and the recipients or categories of recipients to whom the Personal Information may be supplied;
  • know whether the Foundation has appropriate security measures to ensure the confidentiality, integrity and availability of the Personal Information which is to be processed; and
  • access all the relevant contact details of the Information Officer and Deputy Information Officers who will assist the public with the records they intend to access.

5.     Key contact details for access to information

5.1.         Chief Information Officer

Name:                              Sibongile Simelane-Quntana

Tel:                                   +27 011 266 7323

Email:                              SibongileSQ@responsiblegambling.org.za

 

5.2.         Deputy Information Officers

Name:                              Witness Saurombe

Tel:                                   +27 11 026 7323

Email:                             WitnessS@responsiblegambling.org.za

 

Name:                              Velaphi Muhlarhi

Tel:                                   +27 11 026 7323

Email:                                 VeliM@responsiblegambling.org.za

 

5.3.         Access to information general contacts

Email:                   accesstoinformation@responsiblegambling.org.za

5.4.          Head Office

Physical Address

The South African Responsible Gambling Foundation
Sunnyside Office Park
32 Princess of Wales
2nd Floor Sentinel House
Parktown
2193

Telephone:                     +27 11 026 7327

Email:                              info@responsiblegambling.org.za

Website:                          www.responsiblegambling.org.za

6.     Guide on using PAIA and to obtain access to the guide

  • The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.
  • Members of the public can inspect or make copies of the Guide from the offices of the Foundation during normal working hours. The Guide can also be obtained:

Tel:       (010) 023 5200

Email: PAIACompliance@infoRegulator.org.za

Address: Information Regulator South Africa

JD House
27 Stiemens Street
Braamfontein
Johannesburg, 2001

Postal: P.O. Box 31533
Braamfontein
Johannesburg,
2017

  • A copy of the Guide is also available in the following additional two official languages, for public inspection during normal office hours-
    • The additional two languages that this guide will be available are IsiZulu and Afrikaans. The Foundation is committed to make the guide available in additional languages within 12 months from the publication date of this manual.

7.     Categories of records of the Foundation which are available without a person having to request access

  • This section of the Manual sets out the categories and descriptions of records held by the Foundation. The inclusion of any category of Records should not be taken to mean that Records falling within that category will be made available under PAIA. In particular, certain grounds of refusal as set out in PAIA may be applicable to a requester for access to such Records.
  • Operational Information and Agreements of the following categories:
  • Documents relating to the policy, objectives and governance of the Foundation
  • Agreements with any person or government.
  • Rental agreements.
  • Memorandums of Understanding
  • Memorandum of Incorporation
  • Public awareness
    • Finances and Accounting records of the following categories:
  • Bank account records.
  • Gross Gambling Revenue contributions by gambling and betting operators
  • Books of Accounts
  • Audited financial statements.
  • Annual reports, including balance sheet and statement of income and expenditure certified by the Foundation’s Auditors.
  • Annual budgets and Annual Performance Plans.
  • VAT, PAYE, and COIDA records.
    • Human Resources records of the following categories:
  • Policies and procedures.
  • Contracts, conditions of service and other agreements (excluding personnel files).
  • Pension fund records other than personal information of employees
  • Medical Scheme Records other than personal information of employees

 

  • Intellectual property information of the following categories
  • Logos
  • Winners Know When To Stop slogan
  • A gambling problem hurts slogan
  • Research Materials
  • Photograph materials
  • Training materials

8.     Description of the records of the Foundation which are available in accordance with any other legislation

 

Category of Records Applicable Legislation
Memorandum of Incorporation Companies Act 71 of 2008
PAIA Manual Promotion of Access to Information Act 2 of 2000

9.     Request Procedure

  • Completion of the prescribed form
    • Any request for access to a record in terms of PAIA must substantially correspond with Form 2 of Annexure A to Government Notice No. R.757 dated 27 August 2021 promulgated under the PAIA Regulations and should be specific in terms of the record requested. Please refer to Annexure A. A request can also be submitted via the following link: https://responsiblegambling.org.za/paia-workform/
  • A request for access to information which does not comply with the formalities as prescribed by PAIA will not be processed and may be declined and the requester will be required to make a new submission which will be processed as a new submission thus subjected to the waiting period stipulated hereunder.
  • POPIA provides that a data subject may, upon proof of identity, request the Foundation to confirm, free of charge, all the information it holds about the data subject and may request access to such information, including information about the identity of third parties who have or have had access to such
  • POPIA also provides that where the data subject is required to pay a fee for services provided, the Foundation must provide the data subject with a written estimate of the payable amount before providing the service and may require that the data subject pays a deposit for all or part of the fee. Grounds for refusal of the data subject’s request are set out in PAIA and are discussed below.
  • POPIA provides that a data subject may object, at any time, to the processing of personal information by the Foundation, on reasonable grounds relating to their situation, unless legislation provides for such processing. The data subject must complete the prescribed form attached hereto as Annexure F and submit to the Information Officer at the physical address, indicated in 5.4. or electronic mail address info@responsiblegambling.org.za
  • Record(s) of personal information about the data subject that the Foundation is no longer authorised to retain records in terms of POPIA’s retention and restriction of records provisions;
    • Record(s) of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless—
      • retention of the record is required or authorised by law;
      • the Foundation reasonably requires the record for lawful purposes related to its functions or activities;
      • retention of the record is required by a contract between the parties thereto; or
      • the data subject or a competent person where the data subject is a child has consented to the retention of the record.
    • The destruction or deletion of record(s) of personal information in terms of subsection (9.4.1) must be done in a manner that prevents its reconstruction in an intelligible form.
    • Record(s) of personal information may be retained for periods in excess of those contemplated in subsection (9.4.1) for historical, statistical or research purposes if the Foundation has established appropriate safeguards against the records being used for any other purposes.
    • A data subject that wishes to request a correction or deletion of personal information or the destruction or deletion of a record of personal information must submit a request to the Information Officer at the physical address, or electronic mail address set out above on the form attached hereto as Annexure G. A request can also be submitted by following this link https://responsiblegambling.org.za/paia-workform/
    • When making such as request, proof of identity is required to authenticate data subject and the The data subject may, in addition to this prescribed form, be required to submit acceptable proof of identity such as a certified copy of identity document or other legal forms of identity.
  • Proof of identity

Proof of identity is required to authenticate your identity and the request. You may, in addition to this prescribed form, be required to submit acceptable proof of identity such as a certified copy of your identity document or other legal forms of identity.

  • Payment of the prescribed fees
    • There are two categories of fees which are payable:
      • The request fee: R140
      • The access fee: This is calculated by considering reproduction costs, search and preparation costs, as well as postal costs. These fees are set out in Annexure B.
  • Section 54 of PAIA entitles the Foundation to levy a charge or to request a fee to enable it to recover the cost of processing a request and providing access to records. The fees that may be charged are set out in Annexure B of Government Notice No. 757 dated 27 August 2021 promulgated under the PAIA Regulations. Please refer to Annexure B.
  • Where a decision to grant a request has been taken, the record will not be disclosed until the necessary fees have been paid in full.
  • Grounds for refusal of access and protection of information:
    • There are various grounds upon which a request for access to a record may be refused. These grounds include:
      • the protection of personal information of a third person (who is a natural person) from unreasonable disclosure.
      • the protection of commercial information of a third party (for example: trade secrets; financial, commercial, scientific or technical information that may harm the commercial or financial interests of a third party);
      • if disclosure would result in the breach of a duty of confidence owed to a third party;
      • if disclosure would jeopardise the safety of an individual or prejudice or impair certain property rights of a third person;
      • if the record was produced during legal proceedings, unless that legal privilege has been waived;
      • if the record contains trade secrets, financial or sensitive information or any information that would put the Foundation at a disadvantage in negotiations or prejudice it in commercial competition; and/or
      • if the record contains information about research being carried out or about to be carried out on behalf of a third party or the Foundation.
    • Section 70 of PAIA contains an overriding Disclosure of a record is compulsory if it would reveal;
      • a substantial contravention of, or failure to comply with the law; or
      • there is an imminent and serious public safety or environmental risk; and
      • the public interest in the disclosure of the record in question clearly outweighs the harm contemplated by its
  • If the request for access to information affects a third party, then such third party must first be informed within 21 (twenty-one) days of receipt of the request. The third party would then have a further 21 (twenty-one) days to make representations and/or submissions regarding the granting of access to the record.

10.  Processing of Personal Information

10.1  Purpose of Processing Personal Information

  • In terms of POPIA, Personal Information must be processed for a specified purpose.
  • The Foundation will Process Personal Information only in ways that are for, or compatible with, the purposes for which the data was collected or that are subsequently authorised by the relevant Data Subject.
  • The Foundation will retain Personal Information only for as long as is necessary to accomplish the Foundation legitimate business purposes or for as long as may be permitted or required by applicable law.
  • The Foundation uses the Personal Information it collects for following non-exhaustive purposes, as more fully set out in the Foundation’s Data Privacy Policy located at the Foundation website https://responsiblegambling.org.za/privacy-policy/
    • For the purpose of providing treatment, counselling, psychiatric evaluation, rehabilitation and other related activities;
    • Referral of individuals to a Network of Treatment Professionals for cognitive behavioural therapy,
    • For the purposes of collecting data during research and public awareness, such information will be analysed for the purposes of publication without detailing or publishing personal information;
    • For the purposes of responsible gambling contributions of gross gambling revenue;
    • For the purposes of assessment and referral;
    • For the purpose of onboarding its service providers;
    • For purposes of implementing contractual agreements with service providers;
    • For employment-related purposes such as recruiting staff, administering payroll, background checks, performance management etcetera.
    • For internal audit purposes (i.e., ensuring that the appropriate internal controls are in place in order to mitigate the relevant risks, as well as to carry out any investigations where this is required);
    • For complying with tax laws;
    • For external audit purposes. For this purpose, the Foundation engages external service providers and, in so doing, shares Personal Information of the Data Subjects with Third Parties;
    • For keeping accounts of records;
    • For such other purposes to which the Data Subject may consent from time to time; and
    • For such other purposes as authorised in terms of applicable law.
  • The Foundation will not use the Personal Information which it collects for any purposes other than those purposes specified herein.

11.  Categories of data subjects and of Personal Information

  • The Foundation collects Personal Information directly from the Data Subject and/or from Employees, Third Parties, service providers, and where the Foundation obtains Personal Information from Third Parties, the Foundation will ensure that it obtains the consent of the Data Subject to do so or will only Process the Personal Information with the Data Subject’s consent where the Foundation is permitted to do so in terms of the applicable laws. This list of categories is non-exhaustive.
  • Examples of Third Parties from whom Personal Information is collected includes any Third Party with whom the Foundation conducts its business; regulatory bodies; verification agencies; other companies providing services to the Foundation and where the Foundation makes use of publicly available sources of information.
  • The Personal Information relating thereto is as follows:
Data Subject Information to be processed
Gambling Operators Names of contact persons, name of legal entity, physical and postal address and contact details, registration number, founding documents, tax related information, authorised signatories, Annual Financial Statements, Gross Gambling Revenue
Gambling Regulators Names of contact persons, name of legal entity, physical and postal address and contact details, registration number
Individuals with Gambling Disorder Names and Surname, physical and postal address and identity number, contact details, mental health information, physical health information,
Learners Gender, Ethnicity, age, language, education, Names and Surname, physical and postal address and identity number
Research Subjects Names and Surname, Gender, Ethnicity, age, language, education, gambling participation
Public Awareness and Events Participants Gender, Ethnicity, age, language, education, Names and Surname, Gambling participation
Employees Gender, marital status, ethnicity, age, language, education information, financial information, employment history, ID number, physical and postal address, contact details,
Service Providers Names of contact persons; name of legal entity, physical and postal address and contact details, registration number, founding documents, tax related information, authorised signatories,
Other Third Parties Names of contact persons; name of legal entity, physical and postal address and contact details, registration number, founding documents, tax related information, authorised signatories,
  • The recipients or categories of recipients to whom the personal information may be supplied;
Category of personal information Recipients or Categories of Recipients to whom the personal information may be supplied
Identity number and names, for criminal checks South African Police Services
Qualifications,    for                             qualification

Verifications

 South African Qualifications Authority
Credit and payment history, for credit information Credit Bureaus
  • Depending on the nature of the Personal Information, the Foundation may supply information or records to the following categories of recipients:
    • Statutory oversight bodies, regulators making a request for data;
    • Any Court, administrative or judicial forum, arbitration, statutory commission, or ombudsman making a request for data or discovery in terms of the applicable rules;
    • South African Revenue Services, or another similar authority;
    • Anyone making a successful application for access in terms of PAIA;
    • Subject to the provisions of POPIA and the National Credit Act, 2005 (as amended), the Foundation may share information of a staff member with any credit bureau or credit providers, if such as staff member has applied for credit and has agreed that the Foundation can be contacted to facilitate their credit application process; and
    • Any person who conducts business with the Foundation, in the ordinary course of business.
  • The Foundation will comply with POPIA before transferring Personal Information to a Third-Party who is not a contractor of the Foundation. Before transferring Personal Information to a Third-Party contractor, such as an authorised service provider, the Foundation will obtain written assurances from the Third-Party that it will Process Personal Information in a manner consistent with POPIA. Where the Foundation learns that a Third-Party contractor is using or disclosing Personal Information in a manner contrary to POPIA, the Foundation will take reasonable steps to prevent such use or disclosure.
  • Planned transborder flows of personal information
    • The Foundation has subscribed with various multi-international companies such as Microsoft, Google, Apple, Samsung, Sage Payroll, Sage Accounting, where some personal information may therefore be stored in the cloud outside the Republic.
    • Personal information that will be stored and categories of personal information.

 

Category of personal information Recipients or Categories of Recipients to whom the personal information may be supplied
Names, Surnames, Gender, Physical Address, Credit Card information, email addresses, cellphone numbers  

Microsoft, Google, Apple, Samsung, Sage Payroll, Sage Accounting
  • General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information
    • The security and confidentiality of Personal Information is incredibly important to the Foundation, as such the Foundation has implemented reasonable technical, administrative, and physical security measures to protect Personal Information from unauthorised access or disclosure and improper use.
    • The Foundation is committed to ensuring that its security measures which protect Data Subject’s Personal Information are continuously reviewed and updated where necessary.
    • In Processing any Personal Information, the Foundation shall comply with the following minimum technical and organisational security requirements:
      • Physical Access – Access to Personal Information is restricted in Foundation ‘s offices and only given to those Employees who need access to it to perform a specific job/task.
      • Unique User Identification – Employees each have a unique user ID assigned to them, subject to strict confidentiality undertakings in terms of the Foundation ‘s password and confidentiality policy.
      • Passwords – The Foundation shall ensure that there are passwords required for any access to Personal Information in line with its password policy.
      • Physical access and privileges – The Foundation ensure that access to Personal Information is limited to Employees on a “need to know” basis, and the Foundation’s Employees are required to strictly utilise their unique user ID and applicable passwords to access same.
      • Back-ups – The Foundation ensures that all Personal Information is backed-up regularly, based on operational or legal requirements, and that back up testing is conducted regularly in order to ensure that Personal Information can be recovered in the event that such Personal Information is lost, damaged or destroyed.
      • Malware protection – The Foundation ensures that its environment has comprehensive malware protection software employed, which software is specifically designed to protect the Foundation from the most recent malware infections.
      • Vulnerability scanning – The Foundation frequently conducts vulnerability scanning in order to assess whether Personal Information is adequately protected from external threats.

12.  Availability of the manual

  • This Manual is available in three official languages namely English, Afrikaans and isiZulu.
  • This Manual is available on the Foundation’s website https://www.responsiblegambling.org.za and at the offices of the Foundation for public inspection during normal business hours, to any person upon request and the payment of the prescribed amount and to the Regulator also upon request.

13.  Updating of the manual

The head of the Foundation will on a regular basis update this manual.

14.  Prescribed forms and fee structure

The forms and fee structure prescribed under PAIA and the forms prescribed under POPIA are attached to this Manual.

  • A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be payable per each A4-size photocopy made.

CLICK HERE TO DOWNLOAD FORMS