Lets Comply PAIA Manual

In Terms of Section 51

of the Promotion of Access to Information Act 2 of 2000 (PAIA)

1. Introduction & Purpose

1.1. About This Manual

1.1.1. This Manual ("the Manual") is compiled by Lets Comply (Pty) Ltd ("Lets Comply", "the Company", "we", "us", or "our") in accordance with section 51 of the Promotion of Access to Information Act 2 of 2000, as amended ("PAIA" or "the Act").

1.1.2. PAIA gives effect to the constitutional right of access to information held by both public and private bodies. Section 32 of the Constitution of the Republic of South Africa, 1996, guarantees everyone the right of access to any information held by the state and any information that is held by another person and that is required for the exercise or protection of any right.

1.1.3. This Manual serves as the primary reference document to assist members of the public, clients, and any other person ("the Requester") who wishes to obtain access to records held by Lets Comply. It sets out the categories of records held, the procedure for requesting access, the fees payable, and the grounds upon which access may be refused.

1.2. About Lets Comply

1.2.1. Lets Comply (Pty) Ltd is a South African compliance firm with a clear and unwavering purpose: to turn compliance into a catalyst for business growth rather than a hurdle. We believe that when done right, compliance empowers businesses to operate with confidence, resilience, and integrity.

1.2.2. Lets Comply provides compliance consulting, regulatory advisory, compliance management, and related professional services to businesses across multiple sectors.

2. Definitions

In this Privacy Policy, the following terms shall have the meanings ascribed to them below:

• "Competent Person" means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child.
• "Consent" means any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information.
• "Data Subject" means the natural or juristic person to whom personal information relates.
• "Information Officer" means the head of Lets Comply or any duly authorised person responsible for ensuring compliance with POPIA, and registered with the Information Regulator.
• "Operator" means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of the responsible party.
• "Personal Information" has the meaning ascribed to it in POPIA and includes any information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, including but not limited to name, identity number, contact details, financial information, and location information.
• "POPIA" or "the Act" means the Protection of Personal Information Act 4 of 2013, as amended from time to time.
• "Processing" means any operation or activity, automated or not, concerning personal information, including collection, receipt, recording, organisation, storage, updating, modification, retrieval, alteration, consultation, use, dissemination, distribution, merging, linking, restriction, degradation, erasure, or destruction of information.
• "Responsible Party" means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information. Lets Comply is the Responsible Party in respect of personal information processed under this Policy.
• "Special Personal Information" means personal information concerning religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information, or criminal behaviour.
• "Third Party" means any person other than the Data Subject, the Responsible Party, or the Operator.
• "Website" means the Lets Comply website accessible at https://letscomply.africa/.

2. Purpose

This manual is intended to:

2.1. Foster a culture of transparency and accountability by providing clear guidance on the right of access to information held by Let's Comply;

2.2. Enable any person who wishes to exercise their constitutional right of access to information — to do so in a manner that is orderly, efficient, and consistent with the provisions of PAIA;

2.3. Inform requesters of the categories of records held by the Lets Comply, the procedural requirements for submitting access requests, the applicable fees, and the grounds upon which access may be refused;

2.4. Ensure that the Lets Comply meets its obligations as a private body under PAIA and gives effect to the spirit and purpose of the Act, which is to make South Africa an open and democratic society based on the values of human dignity, equality, and freedom;

2.5. Demonstrate the Lets Comply's commitment — as a compliance consulting firm — to upholding the rule of law, practising what it advises, and setting an example of responsible corporate governance and regulatory compliance for its clients and stakeholders;

2.6. Serve as a practical reference document for, clients, third parties, and any other person seeking to understand Lets Comply's information access framework.

4. Contact Details

4.1. Lets Comply has appointed a dedicated Information Officer who is responsible for ensuring compliance with PAIA and for addressing any queries, requests, or complaints.

4.2. If you wish to contact us regarding any access to information matter, please use the following details:

4.3. The Information Regulator of South Africa oversees compliance with both PAIA and POPIA. Requesters may approach the Information Regulator if they are dissatisfied with a decision made by Lets Comply regarding access to records:

5. Guide on how to use PAIA and how to obtain access to the Guide

5.1 Purpose of PAIA

PAIA gives effect to the constitutional right of access to information held by both public and private bodies, as contemplated in section 32 of the Constitution of the Republic of South Africa, 1996. PAIA is intended to be used as a tool to enable persons to access information that is required for the exercise or protection of any right.

Any person wishing to access records held by Lets Comply must do so in accordance with the procedures set out in PAIA and in this manual.

5.2 Who May Request Access?

A person may submit a request for access to records held by Lets Comply where:

1. The information is required for the exercise or protection of a right;
2. The records are not otherwise freely or voluntarily available from Lets Comply; and
3. The request relates to records that fall within Lets Comply's possession or under its control.

The Requester must identify the right that they wish to exercise or protect and provide an explanation of why the requested record is required for the exercise or protection of that right.

5.3. The Guide

5.3.1. The Information Regulator has, in terms of section 10(1) of PAIA, compiled and made available a revised Guide on how to use PAIA and POPIA ("the Guide") in an easily comprehensible form. The Guide is available in all eleven official languages of the Republic of South Africa and in braille.

5.3.2. The Guide provides information on, amongst other things:

1. The objects of PAIA and POPIA;
2. The contact details of Information Officers and Deputy Information Officers of public and private bodies;
3. The manner and form of submitting requests for access to records;
4. Assistance available from Information Officers and the Regulator;
5. All available legal remedies, including internal appeals, complaints to the Regulator, and court applications; and
6. Applicable fees and regulations prescribed under PAIA.

5.3.3. A copy of the Guide may be obtained as follows:

5.3.4. A copy of the Guide is available for public inspection at Let's Comply's offices during normal business hours in the following two official languages:

1. English
2. Afrikaans

6. Records Automatically Available

In terms of section 52 of PAIA, certain records are available without a person having to submit a formal request. The following records of Lets Comply are freely available on our website without a formal PAIA request:

1. This PAIA Manual
2. Privacy Policy;
3. General information about Lets Comply and its services
4. Lets Comply contact details
5. Publicly available marketing materials, brochures, and service descriptions.

7. Records Available in Terms of Other Legislation

In terms of section 52(2) of PAIA, certain records are available to specific persons in terms of other legislation. The following table sets out a non-exhaustive list of legislation under which specific categories of records may be accessed by entitled persons without a PAIA request.

8. Records That May Be Requested

8.1. In addition to records available automatically or under other legislation, a Requester may request access to records held by Lets Comply in terms of PAIA, subject to the grounds for refusal set out in Section 12 of this Manual.

8.2. A Requester must demonstrate that the record is required for the exercise or protection of a right. Requests for access to records that cannot be linked to a right that the Requester wishes to exercise or protect may be refused.

9. Categories of Records Held by Lets Comply

Lets Comply holds the following categories of records. This list is not exhaustive and is intended to assist Requesters in identifying the nature of records that may be available:

9.1 Corporate and Governance Records

1. Memorandum of Incorporation (MOI);
2. Certificate of Incorporation and registration documents;
3. Share register and shareholder agreements;
4. Board resolutions and minutes;
5. Annual returns lodged with CIPC;
6. Company policies and procedures.

9.2 Financial Records

1. Invoices, receipts, and payment records;
2. Bank statements;
3. Tax returns and correspondence with SARS;
4. Contracts with suppliers and service providers;
5. Quotes and Invoices

9.3 Client and Service Records

1. Client engagement letters and service agreements;
2. Compliance reports and assessments prepared for clients;
3. Correspondence and communication records with clients;
4. Compliance programme documentation;
5. Regulatory return submissions prepared on behalf of clients.

9.4 Information Technology and Data Records

1. IT policies and procedures;
2. Data processing agreements with operators;
3. Security policies and incident response records;
4. Website analytics data (aggregated and anonymised).

9.5 Legal and Regulatory Records

1. Legal opinions and correspondence;
2. Correspondence with regulatory authorities, Ombud Schemes and bargaining councils.

9.6 Marketing and Communications Records

1. Marketing materials and published content;
2. Client communication templates and newsletters;
3. Direct marketing consent records;
4. Records of marketing opt-outs.

10. How to Request Access to Records

10.1 Submission of a Request

To request access to records held by Lets Comply, a Requester must submit a written request to the Information Officer using the prescribed Form 2 (see Annexure A to this Manual).

10.2 Information Required on Form 2

A request for access to records must include the following information:

1. The full name, capacity, and contact details of the Requester;
2. Where the Requester is submitting a request on behalf of another person (third party), the full name and contact details of that person and proof of authority to act on their behalf;
3. A description of the record or records to which access is requested, in sufficient detail to enable the Information Officer to identify the record;
4. The form in which access to the record is requested (e.g., inspection, copy, transcript);
5. An indication of the right that the Requester wishes to exercise or protect and an explanation of why the record is required for the exercise or protection of that right;
6. Whether the Requester wishes to be informed of the reasons for any decision in a language other than English;
7. An indication of the postal address, or email address to which the notice of decision and the record (if applicable) are to be sent;
8. Proof of payment of the requested fee (if applicable).

10.3 How to Submit the Request

1. Completed Form 2 requests may be submitted to the Information Officer by sending the completed form via email to Lets Comply's Information Officer whose details appear in Section of this Manual.
2. Lets Comply will acknowledge receipt of a request within 5 business days of receiving it.

10.4 Third-Party Requests

If the record requested contains personal information about a third party other than the Requester, or if the third party may have an interest in the matter, Lets Comply will, where required by section 71 of PAIA, notify the relevant third party of the request and provide that party with an opportunity to make representations as to why access should or should not be granted.

11. Processing of Requests

11.1 Decision Timeframes

In terms of section 56 of PAIA, the Information Officer must, within 30 days of receipt of the request (or such extended period as may be permitted), decide whether to grant or refuse the request and notify the Requester accordingly.

11.2 Extension of Time

The Information Officer may, in terms of section 57 of PAIA, extend the period within which to respond to a request by a further period not exceeding 30 days if:

1. The request is for a large number of records or requires searching through a large number of records, and compliance within the original 30-day period would unreasonably interfere with the activities of Lets Comply;
2. The request requires a search for records held at a location other than the office of the Information Officer and the records cannot reasonably be obtained within the original 30-day period;
3. Consultation with a third party or another public or private body is necessary to make the decision.

The Requester will be notified of any extension within the original 30-day period.

11.4 Form of Access

Where a request for access is granted, the Information Officer will provide access in the form requested by the Requester, unless:

1. The form of access would interfere unreasonably with the effective administration of Lets Comply;
2. The record is not available in the requested form;
3. The provision of access in the requested form would be detrimental to the preservation of the record or the information contained in it.

11.5 Severability

If access is granted to a part of a record and refused to another part, the Information Officer will provide access to the part to which access is granted, and the reason for refusing access to the remainder will be communicated to the Requester.

12. Fees Payable

12.1 Request Fee

1. In terms of section 54 of PAIA, a Requester who wishes to submit a request for access to records may be requested to pay a fee as prescribed. The current request fee is set out in Annexure B.
2. A Requester who is seeking access to personal information about themselves is exempt from paying the request fee.

12.2 Access Fee

In addition to the request fee, access fees are payable for the costs of reproducing, compiling, and/or searching for the requested records. The access fees are prescribed in terms of section 54(6) of PAIA and are set out in Annexure B to this Manual.

12.3 Deposit

Where the Information Officer estimates it will take more than 6 hours to search for and prepare the record requested, the Information Officer may require the Requester to pay a deposit of not more than one third of the estimated access fee before processing the request.

12.4 Waiver of Fees

1. In terms of section 54(8) of PAIA, the Information Officer may, on good cause shown, waive any fees prescribed.
2. A Requester may apply for a waiver of fees in writing to the Information Officer, setting out the grounds for the application.
3. The Information Officer will consider the application and may take into account, among other factors, whether the Requester is indigent or whether the provision of access would be in the public interest.

12.5 Personal Information Requests

A Requester who is seeking access to their own personal information is not required to pay a request fee. Access fees for reproduction and search may still apply.

13. Grounds for Refusal of Access

The Information Officer may refuse access to records in terms of the following grounds as set out in Chapter 4 of PAIA. This is not an exhaustive recitation but sets out the principal grounds for refusal applicable to private bodies:

13.1 Mandatory Protection of Privacy of Third Party (Section 63)

The Information Officer must refuse a request for access to a record if its disclosure would involve the unreasonable disclosure of personal information about a third party, including a deceased person. Disclosure will not be considered unreasonable where the third party has consented to the disclosure, the information is already publicly available, or disclosure is clearly in the public interest.

13.2 Mandatory Protection of Commercial Information of Third Party (Section 64)

The Information Officer must refuse a request for access to a record that would disclose trade secrets, financial, commercial, scientific, or technical information of a third party, the disclosure of which would be likely to cause harm to the commercial or financial interests of that party.

13.3 Mandatory Protection of Certain Other Information of Third Party (Section 65)

The Information Officer must refuse access if the record would disclose information supplied in confidence by a third party, the disclosure of which could reasonably be expected to put that third party at a disadvantage in contractual negotiations or prejudice that party in commercial competition.

13.4 Mandatory Protection of Research Information of Third Party (Section 66)

The Information Officer must refuse access if the record would disclose research information of a third party, the disclosure of which prior to its completion would be likely to expose the third party or the subject of the research to serious disadvantage.

13.5 Protection of Commercial Information of the Private Body (Section 67)

The Information Officer may refuse access to a record if it contains trade secrets of Lets Comply, financial, commercial, scientific, or technical information, the disclosure of which would be likely to cause harm to the commercial or financial interests of Lets Comply, or information the disclosure of which could reasonably be expected to put Lets Comply at a disadvantage in contractual negotiations or prejudice it in commercial competition.

13.6 Protection of Research Information of the Private Body (Section 68)

The Information Officer may refuse access if the record discloses research information of Lets Comply, the disclosure of which prior to its completion would be likely to expose Lets Comply or the subject of the research to serious disadvantage.

13.7 Mandatory Protection Against Disclosure Where Disclosure Is Prohibited by Another Law (Section 70)

The Information Officer must refuse access to a record if its disclosure is prohibited or restricted by, or in terms of, any law, or if it would be privileged in legal proceedings, unless the person entitled to claim the privilege has waived it.

13.8 Failure to Identify Right to Be Exercised or Protected

In terms of section 50(1) of PAIA, access may be refused where the Requester fails to identify a right that they wish to exercise or protect and/or fails to explain why the requested record is required for the exercise or protection of that right.

14. Remedies Available to Requesters

A Requester who is aggrieved by a decision of the Information Officer of a private body may directly approach the courts or the Information Regulator.

14.1 Application to Court

In terms of section 78 of PAIA, a Requester who has been refused access to a record may, within 180 days of being notified of the decision (or of the deemed refusal), apply to a court for relief. The High Court has jurisdiction to hear such applications.

The court may, amongst other remedies:

• Order the Information Officer to grant access to the record;
• Grant any other order that is just and equitable;
• Order costs against any party.

14.2 Complaint to the Information Regulator

A Requester may submit a complaint to the Information Regulator in terms of PAIA or POPIA if they believe that Lets Comply has failed to comply with its obligations. The Information Regulator may investigate the complaint and take appropriate enforcement action.

14. Protection of Personal Information (POPIA)

14.1 POPIA and PAIA

The Protection of Personal Information Act 4 of 2013 ("POPIA") works in conjunction with PAIA to regulate the manner in which personal information is collected, processed, stored, and shared. POPIA gives effect to the right to privacy as enshrined in section 14 of the Constitution.

Where a request for access to records under PAIA involves personal information about a third party, the provisions of POPIA will also be applicable and the Information Officer must consider whether disclosure of such personal information is appropriate.

14.2 Rights of Data Subjects Under POPIA

In addition to rights under PAIA, individuals (Data Subjects) whose personal information is held by Lets Comply have the following rights under POPIA:

• The right to be notified that personal information is being collected;
• The right to access personal information held about them;
• The right to request correction, deletion, or destruction of inaccurate or irrelevant personal information;
• The right to object to the processing of personal information;
• The right to object to the use of personal information for direct marketing purposes;
• The right to lodge a complaint with the Information Regulator;
• The right not to be subject to automated decision-making that produces legal or similarly significant effects.

14.3 Privacy Policy

Lets Comply has adopted a comprehensive Privacy Policy that sets out in detail how it processes personal information, describes the categories of personal information processed, the purposes for processing, retention periods, and security measures in place in compliance with POPIA. The Privacy Policy is available on the Lets Comply website at https://letscomply.africa/ and upon request to the Information Officer.

15. Availability of This Manual

In terms of section 51(3) of PAIA, this Manual must be made available as follows:

• At the registered/principal office of Lets Comply for inspection during business hours (08:00 to 17:00, Monday to Friday, excluding public holidays) free of charge;
• On the Lets Comply website at https://letscomply.africa/ free of charge;
• A copy will be provided to any person upon request at a fee not exceeding the prescribed charge for reproduction.

16. Conclusion

Lets Comply is committed to transparency, accountability, and the lawful exercise of rights by all persons who interact with Lets Comply. This Manual reflects our commitment to upholding the constitutional right of access to information and to complying fully with our obligations under PAIA and POPIA.

We encourage any person who wishes to access records held by Lets Comply to contact our Information Officer in the first instance. Our Information Officer will endeavour to assist Requesters in a manner that is efficient, lawful, and respectful of the rights and interests of all parties.

Should you have any questions regarding this Manual, the records held by Lets Comply, or the procedure for requesting access to records, please do not hesitate to contact us using the details set out in Section 4 of this Manual.

20. Policy Review

This Manual will be updated whenever there are material changes to the information contained herein, the applicable legislation, or the structure and record-keeping practices of Lets Comply. The version number and review date are reflected on the cover page of this Manual.