POPIA & PAIA Manual

PAIA MANUAL DRAFTED IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT 20 OF 2000:

FOR: SUGOII X APPAREL (PTY) LTD.

1. Introduction

This manual is developed to ensure Sugoii X Apparel complies with the Protection of Personal Information Act (POPI Act) and the Promotion of Access to Information Act (PAIA). It provides guidelines on the processing, protection, and access to personal information while ensuring transparency and accountability.

2. Company Information

Company Name: Sugoii X Apparel (PTY) Ltd
Registration Number: ****/******/**
Physical Address: Waverley Business Park,1 Wyecroft Road, Observatory, Cape Town, Western Cape, 7935
Postal Address: Same as above
Telephone Number: 061 155 3770
Email Address: info@sugoiixapparel.com
Website: www.sugoiixapparel.com
Information Officer: Jade Devon Julie
Deputy Information Officer(s): N/A

3. Purpose of the Manual

This manual outlines:

  • The categories of information collected by the company.
  • The purpose for which information is collected and processed.
  • The procedures for accessing information in terms of PAIA.
  • Measures in place to comply with the POPI Act and protect personal information.

4. Applicable Legislation

This manual is prepared in accordance with:

  • Protection of Personal Information Act, 2013 (Act No. 4 of 2013).
  • Promotion of Access to Information Act, 2000 (Act No. 2 of 2000).
  • Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002).
  • Consumer Protection Act, 2008 (Act No. 68 of 2008).

5. Definitions

Refer to Annexure A for a list of key definitions used in this manual, including "data subject," "personal information," "processing," "responsible party," "record," and "requester."

6. Information Categories and Purposes

6.1 Personal Information Collected

We collect the following categories of personal information:

  • Customers: Name, contact details, payment information, delivery address, browsing and purchase history.
  • Employees: ID numbers, contact details, banking details, employment history.
  • Service Providers: Contact details, contract details, payment information.

6.2 Purpose of Collection and Processing

  • To process and fulfill customer orders.
  • To improve customer experience through tailored recommendations.
  • To communicate with stakeholders about products, services, and updates.
  • For employment and administrative purposes.
  • To comply with legal and regulatory requirements.

7. Processing and Protection of Personal Information

7.1 Lawful Processing

All personal information is processed in accordance with the conditions for lawful processing as outlined in the POPI Act, including accountability, purpose specification, and data minimization.

7.2 Security Measures

  • Use of secure servers and encryption for data storage and transfer.
  • Regular vulnerability assessments and updates.
  • Access control measures, including role-based permissions and two-factor authentication.
  • Regular training for employees on data protection policies.

7.3 Retention and Destruction

Personal information is retained only for as long as necessary to achieve the purpose for which it was collected. Data is securely deleted or anonymized when no longer needed.

8. PAIA Compliance

8.1 Records Held by the Company

Categories of records include:

  • Financial records.
  • Operational records.
  • Customer and supplier records.
  • Employee records.
  • Marketing and research data.

8.2 Procedure to Access Records

  • A written request must be submitted using the prescribed PAIA form (Annexure B).
  • Non-refundable fee is payable of R500.00.
  • Requests must include detailed information about the record and proof of identity.
  • Submit requests to the Information Officer at info@sugoiixapparel.com .

8.3 Grounds for Refusal

Access may be refused in cases where:

  • Disclosure would result in an unreasonable invasion of privacy.
  • Disclosure would harm commercial interests.
  • Information is legally privileged.

9. Information Officer and Duties

The Information Officer is responsible for:

  • Ensuring compliance with the POPI Act and PAIA.
  • Overseeing the processing of personal information.
  • Handling requests for access to information.
  • Developing and maintaining this manual.

Contact details:
Name: Jade Devon Julie
Email: info@sugoiixapparel.com
Telephone: 061 155 3770

10. Complaints and Breach Notification

10.1 Complaints

Complaints regarding the processing of personal information or PAIA requests should be directed to the Information Officer.

10.2 Breach Notification

In the event of a data breach:

  • Affected data subjects will be notified as required by the POPI Act.
  • The Information Regulator will be informed.
  • Immediate steps will be taken to mitigate the breach.

11. Updates and Availability of the Manual

This manual will be updated as necessary to reflect changes in operations or legislation. A copy is available:

Annexures

  • Annexure A: Definitions
  • Annexure B: PAIA Request Form
  • Annexure C: Data Retention Schedule
  • Annexure D: Contact Information for the Information Regulator
  • Will be provided by the Information Officer.