GOVERNMENT NOTICE INFORMATION REGULATOR. No. R. 2017

Similar documents
PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

Published in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000

THE PROMOTION OF ACCESS TO INFORMATION ACT

to the Government Gazette of Mauritius No. 14 of 14 February 2009

ACCESS TO INFORMATION MANUAL. SASOL INZALO PUBLIC (RF) LIMITED (an investment holding company)

PROMOTION OF ACCESS TO INFORMATION ACT MANUAL

The first step of the dispute resolution process includes receipt, registration and acknowledgement of a new application.

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

(1 August 2014 to date) EMPLOYMENT EQUITY ACT 55 OF (Gazette No , Notice No dated 19 October 1998.

LAW OF THE REPUBLIC OF ARMENIA ON PROTECTION OF PERSONAL DATA CHAPTER 1 GENERAL PROVISIONS

DRAFT GOVERNMENT NOTICE DEPARTMENT OF JUSTICE AND CONSTITUTIONAL DEVELOPMENT. No. R. 2010

THE DERIVATIVES DIVISION OF THE JSE SECURITIES EXCHANGE

(Registration Number: 1998/11796/07) Access to Information Manual

PROMOTION OF ACCESS TO INFORMATION ACT SECTION 51 MANUAL FOR OSIRIS TRADING (PTY) LTD REGISTRATION NUMBER 1999/005636/07

THE FREEDOM OF INFORMATION LAW, 2007 (LAW 10 OF 2007) THE FREEDOM OF INFORMATION (GENERAL) REGULATIONS, 2008

EMPLOYMENT EQUITY ACT NO. 55 OF 1998

PRESCRIBED FORM TO BE COMPLETED BY A REQUESTER FORM C REQUEST FOR ACCESS TO RECORDS OF PRIVATE BODY

EMPLOYMENT EQUITY ACT NO. 55 OF 1998

PROMOTION OF ACCESS TO INFORMATION

Department of Labor Division of Industrial Affairs Office of Anti-Discrimination Statutory Authority: 19 Delaware Code, Sections 712(a)(2) and 728

GOVERNMENT GAZETTE OF THE REPUBLIC OF NAMIBIA. N$7.20 WINDHOEK - 3 November 2008 No. 4154

Rules for the conduct of proceedings before the CCMA. Act. Published under. GN R1448 in GG of 10 October as amended by

THE BANKING OMBUDSMAN SCHEME 2006 (including May 24, 2007 Amendments) NOTIFICATION. Ref.RPCD.BOS.No. 441 / / December 26, 2005

Annexure A FORM OF COMPLAINT(TO BE LODGED ) WITH THE BANKING OMBUDSMAN

2.16 Freedom of Information and Protection of Privacy Act

Kapara Insurance Brokers (Pty) Ltd

THE FREEDOM OF INFORMATION ACT, Arrangement of Sections PART I PRELIMINARY

Promotion of Access to Information Act. Section 51 Manual. For. FREE 4 ALL (Pty) Ltd

Lazer Communications CC

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

Access to Personal Information Procedure

ANNEXURE K RULES FOR THE CONDUCT OF PROCEEDINGS BEFORE THE BARGAINING COUNCIL FOR THE RESTAURANT, CATERING AND ALLIED TRADES TABLE OF CONTENTS

Data Protection Bill [HL]

MINERALS OPERATIONS EXECUTIVE (PTY) LTD

MANUAL. Accessing Our Fund Information. The Tongaat-Hulett Sugar Retirement Benefit Provident Fund

PAIA MANUAL: SA UNDERWRITING AGENCIES (PTY) LTD. SA UNDERWRITING AGENCIES (PTY) LTD (Registration No: 1992/03324/07) Hereafter referred to as SAU

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

CLIENT AGREEMENT. Between.... ( member") and.... ( client")

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

BDO Corporate Finance (PTY) LTD

Data Protection Bill [HL]

PROMOTION OF ACCESS TO INFORMATION ACT SECTION 51 MANUAL FOR MASSDISCOUNTERS T/A GAME AND DION WIRED

Labour Court Rules, 2006 ARRANGEMENT OF RULES PART I

Disciplinary Regulations

Refugee Regulations (forms and procedure) Published under GN R366 in GG of 6 April 2000

LAW SOCIETY OF SOUTH AFRICA (LSSA) Manual prepared in accordance with Section 51 of The Promotion of Access to Information Act 2/2000 ( the Act )

E-Channels Customer Master Agreement - HSBCnet (Business) Customer Details. Full Customer (Company) Name: Address: Emirate: Postal Code / PO Box:

Rules of Procedure TABLE OF CONTENTS

John Deere (Pty) Ltd PAIA MANUAL Section 51 of the Promotion of Access to Information Act No.2 of 2000

Information Privacy Act 2000

2014/098567/07 SEED ANALYTICS (PROPRIETARY) LIMITED MANUAL. in terms of. Section 51 of. The Promotion of Access to Information Act.

REGISTRATION OF A NEW POLITICAL PARTY TO PARTICIPATE IN ALL ELECTIONS

European Data Protection Supervisor Your personal information and the EU administration: What are your rights?

PURPOSES. The rights recognised by the Charter of Human Rights and Responsibilities; and

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

Rainbow Paper Management (Pty) Ltd 1986/003229/07

SKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY

NEW ZEALAND Trade Marks Regulations SR 2003/187 as at 10 December 2012, as amended by Trade Marks Amendment Regulations (SR 2012/336)

TWO-A-DAY PROMOTION OF ACCESS TO INFORMATION ACT MANUAL

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

LABOUR COURT RULES, 2017 ARRANGEMENT OF RULES PART I PRELIMINARY

GOVERNMENT GAZETTE OF THE REPUBLIC OF NAMIBIA

D R C. Rules. (As amended in July 2008)

Victorian Civil and Administrative Tribunal Rules 2008

ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002]

/q: ~:-/ ~,. 1 /. '- H, \ f \!,... :';"~ GOVERNMENT NOTICE DEPARTMENT OF TRADE AND INDUSTRY

Applied Business Solutions Ltd Software Distribution Agreement Document No :- 15

TRADE CREDIT APPLICATION

AIA Australia Limited

CARTRACK HOLDINGS LIMITED (Registration number: 2005/036316/06) PROMOTION OF ACCESS TO INFORMATION MANUAL

JAMS International Arbitration Rules & Procedures

Schools Subject Access Request Procedures

BERMUDA PUBLIC ACCESS TO INFORMATION REGULATIONS 2014 BR 79 / 2014

3. Records Available in Terms of any other Legislation [Section 51(1)(d)]

Precedent Standard Cost Agreement

Data Access Agreement

Larsen and Toubro T&D SA Proprietary Limited. Registration number: 2010/018159/07

STANDING ORDER (GENERAL) 101 THE MANAGEMENT OF COMPLAINTS AGAINST THE SOUTH AFRICAN POLICE SERVICE

AFRICAN DEVELOPMENT BANK GROUP

POLOKWANE SOCIETY OF ADVOCATES

Attorney Grievance Commission of Maryland. Administrative and Procedural Guidelines

THE INDUSTRIAL COURT (PROCEDURE) RULES, Citation. These Rules may be cited as the Industrial Court (Procedure) Rules, 2010.

REQUEST FOR QUOTATION (RFQ) (Drafting design and engineering specifications for a biogas plant)

IMMIGRATION AND PROTECTION TRIBUNAL PRACTICE NOTE 3/2018 (RESIDENCE)

ALBERTON AND JOHANNESBURG SOUTH BUSINESS FORUM (NPC) REGISTRATION NUMBER (2016/206547/08) ( AJSBF )

CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PART II

ARRANGEMENT OF SECTIONS PART I PRELIMINARY

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

INFORMATION MANUAL. FirstRand Limited

CWP Policy and Procedures Manual

REPUBLIC OF SOUTH AFRICA. Judicial Matters Amendment Bill, 2016

DATA PROTECTION (JERSEY) LAW 2005

Coordinated text from 10 August 2011 Version applicable from 1 September 2011

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

ARBITRATION RULES OF PROCEDURE TABLE OF CONTENTS DEFINITIONS... 4

Provincial Gazette Provinsiale Koerant

CCTV Code of Practice

APPLICATION FOR REGISTRATION: BOOKMAKER CLERK TOTALISATOR CLERK TOTALISATOR AGENT EMPLOYEE

CODE OF CONDUCT AND DISCIPLINARY PROCEDURE IN TERMS OF COPE S POLICIES AND CONSTITUTION AS AMENDED IN JANUARY 2014.

Transcription:

GOVERNMENT NOTICE INFORMATION REGULATOR No. R. 2017 PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013): The Information Regulator has under section 112(2) of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013), made the regulations in the Schedule. Definitions SCHEDULE 1. In these regulations any word or expression to which a meaning has been assigned in the Act has the meaning so assigned to it and, unless the context otherwise indicates "submit" means submit by (a) registered post; (b) electronic mail; (c) facsimile; or (d) personal delivery; and "the Act" means the Protection of Personal Information Act, 2013 (Act No. 4 of 2013). Manner of objection to the processing of personal information 2. (1) A data subject may object in writing on a form which corresponds substantially with Form 1 to the Annexure to the processing of personal information as contemplated in section 11(3)(a) of the Act, and submit such objection to the responsible party. (2) The responsible party, or a person designated for that purpose by the responsible party, must assist, to the best of its or his or her ability any data subject who requires assistance with the completion of Form 1 to the Annexure. Request for correction or deletion of personal information or destroying or deletion of record of personal information 3. (1) A data subject who wishes to request a responsible party in terms of section 24(1) of the Act to (a) correct or delete the personal information about him or her which is in the possession or under the control of the responsible party as contemplated in section 24(1)(a) of the Act; or (b) destroy or delete a record of personal information which the responsible party is no longer authorised to retain as contemplated in section 24(1)(b) of the Act, 1

must make the request in writing on a form which corresponds substantially with Form 2 to the Annexure and submit the request to the responsible party. (2) The responsible party, or a person designated for that purpose by the responsible party, must assist, to the best of his or her ability, any person who requires assistance with the completion of Form 2 to the Annexure. Duties and responsibilities of information officers 4. (1) Subject to the provisions of section 55 of the Act, an information officer must ensure that (a) a compliance framework is developed, implemented and monitored; (b) adequate measures and standards exists in order to comply with the conditions for the lawful processing of personal information; (c) preliminary assessments are conducted; (d) a manual for the purpose of the Promotion of Access to Information Act and the Act is developed detailing (i) the purpose of the processing; (ii) a description of the categories of data subjects and of the information or categories of information relating thereto; (iii) the recipients or categories of recipients to whom the personal information may be supplied; (iv) the planned trans-border or cross border flows of personal information; and (v) a general description allowing preliminary assessment of the suitability of information security measures to be implemented and monitored by the responsible party; (e) the manual referred to in paragraph (d) is available (i) on the website, of the responsible party; and (ii) at the office or offices of the responsible party for public inspection during normal business hours of that responsible party; (f) internal measures are developed together with adequate systems to process requests for information or access thereto; and (g) awareness sessions are conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator. (2) The information officer, or a person designated by him or her, can upon request of any person provide copies of the manual, to that person upon payment of a fee determined by the responsible party which may not be more than R3.50 per page. Application to issue a code of conduct 5. A private or public body which is, in the opinion of the Regulator, sufficiently representative of any class of bodies, or of any industry, profession, or vocation may apply to the Regulator for the issue of a code of conduct, on a form which corresponds substantially with Form 3 to the Annexure and must be submitted to the Regulator. 2

Request for data subject's consent for processing of personal information for the purpose of direct marketing by means of unsolicited electronic communications 6. A responsible party may request a data subject s consent in writing on a form which corresponds substantially with Form 4 to the Annexure for the processing of personal information of that data subject for the purpose of direct marketing as contemplated in section 69(2) of the Act. Submission of complaint or grievance 7. (1) A complaint contemplated in section 74(1) of the Act must be submitted to the Regulator in writing on a form which corresponds substantially with Part I of Form 5 to the Annexure. (2) A complaint contemplated in section 74(2) of the Act must be submitted to the Regulator in writing on a form which corresponds substantially with Part II of Form 5 to the Annexure. (3) The Regulator must assist, to the best of its ability, any person who requires assistance with the completion of Part I or Part II of Form 5 to the Annexure. Regulator acting as conciliator during an investigation 8. (1) The Regulator may decide to act as conciliator at any time during the investigation in relation to any interference with the protection of the personal information of a data subject, as contemplated in section 76(1)(b) of the Act, and may wish to endeavour to obtain a settlement as contemplated in section 80 of the Act. (2) The Regulator must obtain all the relevant documentation relating to the matter from the data subject and the responsible party. (3) The Regulator may join two or more complaints, which are alleged to relate to the same interference with the protection of personal information by the same responsible party in order to deal with the complaints in the same conciliation. (4) On receipt of the documentation contemplated in sub regulation (2) the Regulator must, as soon as it practically possible, in writing inform the data subject and the responsible party implicated in the complaint on a form which corresponds substantially with Form 6 to the Annexure of the Regulator's decision to act as conciliator in the matter by (a) setting the time and place of the conciliation meeting; and (b) taking steps to ensure that all persons entitled to attend the conciliation meeting are notified within a reasonable time, of the date, time and place of the meeting. (5) Where a conciliation meeting fails to take place, the Regulator must arrange for an alternative date and notify the persons entitled to attend the conciliation meeting accordingly. (6) (a) The Regulator must confer with the parties and endeavour to obtain an agreement or settlement in respect of the matter. 3

(b) The Regulator may confer with the parties in person, by remote or local electronic communication means, or by any other means as is deemed appropriate. (7) The Regulator must issue a conciliation certificate in writing on a form which corresponds substantially with Form 7 to the Annexure within 10 working days after the conclusion of the meeting. (8) The conciliation certificate must be published on the website of the Regulator. (9) If no agreement or settlement is reached or the parties did not wish to attend a conciliation meeting, the Regulator must proceed with the matter as provided for in terms of section 76 of the Act. Pre-investigation proceedings of Regulator 9. (1) The Regulator must inform the complainant, the data subject to whom the investigation relates (if not the complainant) and any person alleged to be aggrieved (if not the complainant), in writing on a form which corresponds substantially with Part A of Form 8 to the Annexure of the Regulator s intention to conduct an investigation, and submit the form to the complainant, the data subject to whom the investigation relates (if not the complainant) and any person alleged to be aggrieved (if not the complainant). (2) The Regulator must inform the responsible party to whom the investigation relates in writing on a form which corresponds substantially with Part B of Form 8 to the Annexure of the complaint or the subject matter of the investigation and must request a written response to the complaint or the subject matter of the investigation, if the responsible party so wishes, and submit the form to the responsible party. Notifications 10. (1) A data subject and a responsible partiy will be kept informed of developments during an investigation and will be informed of the result of an investigation at their designated addresses within 10 days of a decision being made or an action being taken as may be applicable. (2) Notices will be served in writing to notify the data subject, the complainant and the responsible party that (a) an enforcement notice will not be issued in terms of section 94(a) of the Act on a form which corresponds substantially with Form 9; (b) the complaint has been referred to the Enforcement Committee in terms of section 92 of the Act on a form which corresponds substantially with Form 10; (c) an enforcement notice has been served in terms of section 95 of the Act on a form which corresponds substantially with Form 11; (d) an enforcement notice had been cancelled in terms of section 96 of the Act on a form which corresponds substantially with Form 12; (e) an appeal has been lodged against an enforcement notice for cancellation or variation of the notice in terms of section 96 of the Act on a form which corresponds substantially with Form 13; (f) an appeal against an enforcement notice has been allowed and that an enforcement notice has been substituted in terms of section 98 of the Act on a form which corresponds substantially with Form 14; or 4

(g) an appeal has been dismissed in terms of section 98 of the Act on a form which corresponds substantially with Form 15, to the Annexure. Assessments 11. (1) A request for an assessment must be submitted to the Regulator in writing on a form which corresponds substantially with Form 16 to the Annexure. (2) The Regulator must inform the responsible party, on a form that corresponds substantially with Part II of Form 16 to the Annexure, if it has decided to conduct an assessment on (a) its own initiative; or (b) request by any person as contemplated in sub-regulation (1), within 10 working days of that decision being taken. (3) The Regulator must notify the person who requested an assessment, whether it has made an assessment or not and of any view formed or action taken if an assessment was conducted, on a form which corresponds substantially with Form 17 to the Annexure, within 10 working days of a decision being made or an assessment being conducted as the case may be. Short title 12. These regulations are called the Regulations relating to the Protection of Personal Information, 2017. ANNEXURE FORM 1 OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) [Regulation 2(1)] Note: 1. Affidavits or other documentary evidence in support of the objection must be attached. 2. If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page. Reference Number. A Name and surname of data subject: DETAILS OF DATA SUBJECT Residential, postal or business address: 5

Contact number(s): Code ( ) Fax number: B Name and surname of responsible party(if the responsible party is a natural): Residential, postal or business address: DETAILS OF RESPONSIBLE PARTY Contact number(s): Fax number: Name of public or private body(if the responsible party is not a natural person): Code ( ) Business address: Contact number(s): Code ( ) Fax number: C REASONS FOR OBJECTION (Please provide detailed reasons for the objection) Signed at... this... day of...20...... Signature of data subject (applicant) 6

FORM 2 REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) [Regulation 3(2)] Note: 1. Affidavits or other documentary evidence in support of the request must be attached. 2. If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page. Reference Number. Mark the appropriate box with an "x". Request for: Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party. Destroying or deletion of a record of personal information about the data subject which is in possession or under the control of the responsible party and who is no longer authorised to retain the record of information. A Surname: Full names: Identity number: DETAILS OF THE DATA SUBJECT Residential, postal or business address: Contact number(s): Fax number: B Name and surname of responsible party(if the responsible party is a natural person): Residential, postal or business address: Contact number(s): Fax number: DETAILS OF RESPONSIBLE PARTY Code ( ) Code ( ) 7

Name of public or private body (if the responsible party is not a natural person): Business address: Contact number(s): Code ( ) Fax number: REASONS FOR *CORRECTION OR DELETION OF THE PERSONAL INFORMATION ABOUT THE DATA SUBJECT/*DESTRUCTION OR DELETION OF A RECORD OF PERSONAL INFORMATION C ABOUT THE DATA SUBJECT WHICH IS IN POSSESSION OR UNDER THE CONTROL OF THE RESPONSIBLE PARTY. (Please provide detailed reasons for the request) * Delete whichever is not applicable Signed at... this... day of...20...... Signature of Data subject FORM 3 APPLICATION FOR THE ISSUE OF A CODE OF CONDUCT IN TERMS OF SECTION 61(1)(b) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) [Regulation 5] A DETAILS OF PRIVATE OR PUBLIC BODY (APPLICANT) 8

Indicate whether applicant is a private or a public body: List class of bodies, or of any industry, profession, or vocation, you represent: (Attach proof of representation) Business address: Contact number(s): Code ( ) Fax number: E-mail address B Full names of person completing this Form: Capacity in body: Does the person completing this Form have the authorisation of the body he/she represents to lodge this application? (Attach authorisation) Business address (if different from body's address): Contact number(s): DETAILS OF PERSON WHO COMPLETES THIS FORM Code ( ) Fax number: REASONS FOR APPLICATION FOR INFORMATION REGULATOR TO ISSUE A CODE OF CONDUCT C (Please provide detailed reasons for the request) 9

Signed at... this... day of...20...... Signature of person completing form FORM 4 APPLICATION FOR THE CONSENT OF A DATA SUBJECT FOR THE PROCESSING OF PERSONAL INFORMATION FOR THE PURPOSE OF DIRECT MARKETING IN TERMS OF SECTION 69(2) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) [Regulation 6] FROM: Contact number(s): Fax number: (Name and address of data subject) (Name, address and contact details of responsible party) Dear *Mr/Ms/Dr/Adv/Prof PART A 1. In terms of section 69 of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013), the processing of personal information of a data subject (the person to whom personal information relates) for the purpose of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail is prohibited unless written consent to the processing is given by the data subject. You may only be approached once for your consent by this responsible party. After you have indicated your 10

wishes in Part B, you are kindly requested to submit this Form either by post, facsimile or e-mail to the address, facsimile number or e-mail address as stated above. 2. "Processing means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including (a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; (b) dissemination by means of transmission, distribution or making available in any other form; or (c) merging, linking, as well as restriction, degradation, erasure or destruction of information. 3. Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; (d) the biometric information of the person; (e) (f) (g) (h) the personal opinions, views or preferences of the person; correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; the views or opinions of another individual about the person; and the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person. (Signature of person authorised by responsible party) Full names and designation of person signing on behalf of responsible party: Date: PART B I, (full names) hereby: Consent to goods and services to be marketed by means of unsolicited electronic communication. 11

SPECIFY GOODS AND SERVICES: SPECIFY METHOD OF COMMUNICATION: FAX : E - MAIL : SMS : OTHERS SPECIFY: Give my consent. Do not give my consent. Signed at... this... day of...20...... Signature of data subject FORM 5 COMPLAINT REGARDING INTERFERENCE WITH THE PROTECTION OF PERSONAL INFORMATION/COMPLAINT REGARDING DETERMINATION OF AN ADJUDICATOR IN TERMS OF SECTION 74 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) [Regulation 7] Note: 1. Affidavits or other documentary evidence in support of the request must be attached. 2. If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page. Mark the appropriate box with an "x". Complaint regarding: Reference Number:. Alleged interference with the protection of personal information Determination of an adjudicator. PART I A ALLEGED INTERFERENCE WITH THE PROTECTION OF THE PERSONAL INFORMATION (Section 74(1) of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) PARTICULARS OF COMPLAINANT 12

Surname of complainant: Full names of complainant: Identity number of complainant: Residential, postal or business address: Code ( ) Contact number(s): Fax number: B PARTICULARS OF BODY/RESPONSIBLE PARTY INTERFERING WITH PERSONAL INFORMATION Full names and surname of person interfering with personal information (if the person is a natural person) Name of public or private body (if not a natural person): Residential address (if applicable,,: postal address or business address: (Code ) Contact number(s): Fax number: C REASONS FOR COMPLAINT(Please provide detailed reasons for the complaint) PART II A GRIEVANCE REGARDING DETERMINATION OF ADJUDICATOR (Section 74(2) of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) PARTICULARS OF COMPLAINANT 13

Surname of complainant: Full names of complainant: Identity number of complainant: Residential, postal or business address: Code ( ) Contact number(s): Fax number: B PARTICULARS OF ADJUDICATOR Full names and surname of adjudicator Name and surname of responsible party (if it is a public or private body): Name of responsible party (if it is a public or private body)): Residential, postal or business address: (Code...) Contact number(s): Fax number: C REASONS FOR COMPLAINT (Please provide detailed reasons for the grievance) Signed at... this... day of...20... 14

... Signature of complainant/person aggrieved FORM 6 NOTICE TO PARTIES: CONCILIATION REGARDING INTERFERENCE WITH THE PROTECTION OF PERSONAL INFORMATION IN TERMS OF SECTION 76 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) [Regulation 8 (4)] Contact number(s): Facsimile number: Reference Number (Name, address and contact details of party involved) FROM: Contact number(s): Facsimile number: (Address and contact details of Regulator) YOU ARE HEREBY INVITED: To attend a conciliation meeting at...on the... day of... at... (time) and on any subsequent day that may be required, regarding the following matter: Kindly confirm your attendance to the meeting on/before. Dated at... this... day of...20... Regulator 15

FORM 7 NOTICE TO PARTIES: CONCILIATION REGARDING INTERFERENCE WITH THE PROTECTION OF PERSONAL INFORMATION IN TERMS OF SECTION 76 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) [Regulation 8(8)] CONCILIATION CERTIFICATE Reference Number: IN THE MATTER BETWEEN,Full names of complainant(s)(if not the data subject): Full names of data subject: AND,Full names of responsible party(s): CERTIFICATE OF COMPLETED CONCILIATION The complaint number: The nature of the complaint: THIS IS TO CERTIFY THAT (Full names of conciliator) has concluded a settlement in this matter has not concluded a settlement in this matter 16

REMEDIAL ACTION TO BE TAKEN: The nature of the remedial action: The period within which the remedial action must be taken: The reporting process: Other compliance matters: Dated at... this... day of...20... Conciliator FORM 8 NOTICE TO PARTIES OF INTENTION OF REGULATOR TO INVESTIGATE COMPLAINT IN TERMS OF SECTION 79 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) [Regulation 9] Reference Number Residential, postal or business address: 17

Contact number(s): Facsimile number: (Name, address and contact details of complainant/responsible party) FROM: Residential, postal or business address Contact number(s): Facsimile number: (Address and contact details of Regulator) PART A NOTICE TO DATA SUBJECT TO WHOM THE INVESTIGATION RELATES (if not the complainant) AND ANY PERSON ALLEGED TO BE AGGRIEVED (if not the complainant) YOU ARE HEREBY INFORMED THAT: The Regulator intends to investigate the following matter: Dated at... this... day of...20... Regulator PART B NOTICE TO RESPONSIBLE PARTY YOU ARE HEREBY INFORMED THAT: The Regulator received a complaint and intends to investigate the following matter: (Details of complaint or subject matter of the investigation) 18

Kindly note that you have the right to submit to the Regulator, on/before.(date), a written response in relation to the *complaint/ subject-matter of the investigation. Dated at... this... day of...20... Regulator FORM 9 NOTICE TO PARTIES IN TERMS OF SECTION 94 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) [Regulation 10 (2)(a)] FOR DEPARTMENTAL USE Reference number: Residential, postal or business address: Contact number(s): Facsimile number: (Name, address and contact details of data subject/complainant) Residential, postal or business address: Contact number(s): Facsimile number: (Address and contact details of responsible party) 19

An investigation has been completed in terms of the Protection of Personal Information Act of 2013. Parties are hereby notified that an enforcement notice will not be issued as no interference with the protection of personal information of a data subject has taken place in terms of section 94(a) Dated at... this... day of...20... Regulator FORM 10 REFERRAL TO ENFORCEMENT COMMITTEE IN TERMS OF SECTION 92 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013) [Regulation 10(2)(b)] FOR DEPARTMENTAL USE Reference number: Residential, postal or business address: Contact number(s): Facsimile number: (Name, address and contact details of data subject/complainant) Residential, postal or business address: Contact number(s): Facsimile number: (Address and contact details of responsible party) Complaint received from: 20

(Full names and surname) Date received: Responsible party: (Full names) An investigation has been completed in terms of the Protection of Personal Information Act of 2013. Parties are hereby notified that: A finding of... Other matter:... was referred to the Enforcement Committee in terms of section 92 on the day of 20... Regulator FORM 11 ENFORCEMENT NOTICE IN TERMS OF SECTION 95 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013) [Regulation 10 (2) (c)] FOR DEPARTMENTAL USE Reference number: Residential, postal or business address: Contact number(s): Facsimile number: (Name, address and contact details of data subject/complainant) 21

Residential, postal or business address: Contact number(s): Facsimile number: (Address and contact details of responsible party) Complaint received by: (Full names and surname) Date received: Responsible party: (Full names) A. The Enforcement Committee has concluded that the protection of the personal information of the data subject has been interfered with as follows: A breach of the conditions for the lawful processing of personal information (Chapter 3) Non-compliance with the duty to notify security compromises (section 22 of the Protection of Personal Information Act of 2013) Non-compliance with the duty of confidentiality (section 54 of the Protection of Personal Information Act of 2013) Non-compliance with obligations for direct marketing by means of unsolicited electronic communications (section 69 of the Protection of Personal Information Act of 2013) Non-compliance with obligations regarding the inclusion of personal information in directories (section 70 of the Protection of Personal Information Act of 2013) Non-compliance with obligations regarding automated decision making (section 71 of the Protection of Personal Information Act of 2013) Breach of the provisions of a code of the following code of conduct issued in terms of section 60: Code of Conduct of (Reference.) B. The reasons for reaching this conclusion are:.... 22

C. The responsible party is hereby ordered to: Take the following specified steps:... To refrain from taking the following specified steps:....... To stop the processing, the following specified personal information:..... To stop the processing of personal information for the following purpose:... To stop the processing of personal information in the following manner:... D. Urgency The Regulator directs that this notice should be complied with as a matter of urgency for the following reasons:... E. Time periods The responsible party must comply with this Enforcement Notice and the directives under C after 30 (thirty) days from receiving this notice. The responsible party must comply with this Enforcement Notice and the directives under C after 4 (four) days from receiving this notice F. Appeal 23

The responsible party may appeal against this Enforcement Notice within 30 (thirty) days of receiving this notice. Regulator FORM 12 CANCELLATION OF ENFORCEMENT NOTICE SECTION 96 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013) [Regulation 10 (2)(d)] FOR DEPARTMENTAL USE Reference number: Residential, postal or business address: Contact number(s): Facsimile number: (Name, address and contact details of data subject/complainant) Residential, postal or business address: Contact number(s): Facsimile number: (Address and contact details of responsible party) Complaint received by (state name and surname on date. Responsible party: The application by the responsible party to cancel or vary the Enforcement Notice./ (reference) issued on the day of 20... has been considered. This notice replaces the C. The responsible party is hereby ordered to: take the following specified steps: 24

to refrain from taking the following specified steps: to stop the processing, the following specified personal information:... to stop the processing of personal information for the following purpose:...... to stop the processing of personal information in the following manner:..... Appeal The complainant may appeal against the variation of the Enforcement Notice within 180 (one hundred and eighty) days of receiving this notice.. Regulator FORM 13 NOTICE OF APPEAL SECTION 97 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013) [Regulation 10 (2)(e)] FOR DEPARTMENTAL USE Reference number: 25

Residential, postal or business address: Contact number(s): Facsimile number: (Name, address and contact details of data subject/complainant) Residential, postal or business address: Contact number(s): Facsimile number: (Address and contact details of responsible party) Complaint received by (name and surname) on day of 20... Responsible party: Kindly take note that an APPEAL HAS BEEN LODGED to the High Court against the variation/ cancellation of an Enforcement Notice / issued on day of 20.. Regulator FORM 14 SUBSTITUTION OF ENFORCEMENT SECTION 98 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013) [Regulation (10) (2)(f)] FOR DEPARTMENTAL USE Reference number: Residential, postal or business address: Contact number(s): Facsimile number: (Name, address and contact details of data subject/complainant) Residential, postal or business address: 26

Contact number(s): Facsimile number: (Address and contact details of responsible party) Complaint received by (state name and surname on day of 20 Responsible party: The High Court of. Considered the appeal lodged in terms of notice The court has held that Enforcement Notice./ (reference) issued on the day of 20... is to be varied in the following manner: Regulator FORM 15 NOTICE OF DISMISSAL OF APPEAL SECTION 97 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013) [Regulation 10 (2)(g)] FOR DEPARTMENTAL USE Reference number: Residential, postal or business address: Contact number(s): Facsimile number: (Name, address and contact details of data subject/complainant) Residential, postal or business address: Contact number(s): Facsimile number: 27

(Address and contact details of responsible party) Complaint received by (name and surname) on day of 20... Responsible party: Kindly take note that an APPEAL HAS BEEN DISMISSED in the High Court against the variation/ cancellation of an Enforcement Notice / issued on day of 20.. Regulator FORM 16 REQUEST FOR AN ASSESSMENT SECTION 89 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013) [Regulation 11(1)] FOR DEPARTMENTAL USE Reference number: REQUEST FOR AN ASSESSMENT PART I (Section 89(1) of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) A request is hereby made in terms of section 89 of the Protection of Personal Information Act 4 of 2013 that the Information Regulator must assess whether the processing of information complies with the provisions of the Act: 1. CONTACT DETAILS REQUESTER: Name: Address:. Contact number/s:. RESPONSIBLE PARTY: Name: Address:. Contact number/s:.... 2. INFORMATION PROCESSING TO BE ASSESSED 28

3. PERSONS AFFECTED BY THE RELEVANT INFORMATION PROCESSING PRACTICE/S. 4. THE REASON WHY AN ASSESSMENT IS REQUESTED 5. SPECIFIC ASPECTS OF THE PROCESSING OF INFORMATION THAT THE ASSESSMENT SHOULD ADDRESS 6. TIME I first become aware that the processing of information should be assessed on:.. day of.. 20.. Explain the reasons for the delay (if any) in requesting the assessment: 7. DATA SUBJECT PARTICIPATION: Does the requester: Have the right to access personal information held by the responsible party in terms of section 23 of the Protection of Personal Information Act 4 of 2013: Yes No Not applicable Have to right to request the responsible party to correct personal information in terms of section 24 of the Protection of Personal Information Act 4 of 2013: Yes No Not applicable Signed on this day of 20 29

Requester PART II NOTICE OF A DECISION TO CONDUCT AN ASSESSMENT (Section 89(1) of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) 1. NOTICE OF A DECISION TO CONDUCT AN ASSESSMENT The Regulator has decided to conduct an assessment in terms of section 89(1) of the Protection of Personal Information Act 4 of 2013 on its own initiative. 2. INFORMATION PROCESSING TO BE ASSESSED 3. PERSONS AFFECTED BY THE RELEVANT INFORMATION PROCESSING PRACTICE/S. 4. THE REASON WHY AN ASSESSMENT IS TO BE CONDUCTED 5. SPECIFIC ASPECTS OF THE PROCESSING OF INFORMATION THAT THE ASSESSMENT SHOULD ADDRESS Signed on this day of 20 Regulator FORM 17 NOTIFICATION SECTION 89 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013) 30

[Regulation (11) (2)] FOR DEPARTMENTAL USE Reference number: A request was made in terms of section 89 of the Protection of Personal Information Act 4 of 2013 that the Information Regulator must assess whether the processing of information complies with the provisions of the Act: Name of Requester: Name of Responsible party:. Date of request:.. Kindly take note that the Information Regulator has: made an assessment not made an assessment The Information Regulator hereby wishes to confirm that it formed the following views: The Information Regulator hereby wishes to confirm that it wishes to take no further action in this regard. The Information Regulator hereby wishes to confirm that it wishes to take the following action in this regard: Regulator 31

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback