Section 51 of the Act requires Private Bodies to compile a Manual setting out the procedure and requirements to be adhered to in seeking to obtain access to information held by that Private Body. The section also stipulates the minimum requirements a Manual has to comply with. To this end section 51 of PAIA requires the Manual to contain, amongst others, the following:
The postal and street address, phone and fax number and, if available, electronic mail address of the head of the body;
Contact details of the Head of the Private Body;
Categories of information available without formal request, if any;
A description of the records available in accordance with other legislation;
Sufficient detail to facilitate a request for access to a record of the Private Body;
A description of the categories of subjects and of the information or categories of information;
A description of the subjects on which the body holds records and the categories of records held on each subject,
Such other information as may be prescribed
POPIA requirements pertaining to the processing of information
Purpose of processing
the Protection of Personal Information Act (PoPIA), Personal Information must be processed for a specified purpose. The purpose for which Personal Information is processed by Vodacom will depend on the nature of the Personal Information and the particular Data Subject. This purpose is ordinarily disclosed, explicitly or implicitly, at the time when Personal Information is collected.
Access to Personal Information
POPIA provides that a Data Subject may, upon proof of identity, request the Responsible Party to confirm, free of charge, all the information it holds about the Data Subject and may request access to such information, including information about the identity of third parties who have or have had access to such information. Further, POPIA provides that where the Data Subject is required to pay a fee for services provided to him/her, the Responsible Party must provide the Data Subject with a written estimate of the payable amount before providing the service and may require that the Data Subject pay a deposit for all or part of the fee.
Categories of Data Subjects
Vodacom holds information and records on the following categories of Data Subjects: a) employees / personnel of Vodacom; b) clients of Vodacom; c) any third parties and/or suppliers with whom Vodacom conducts its business services; d) contractors of Vodacom; e) partners and agents f) service providers of Vodacom.
(This list of categories of Data Subjects is non-exhaustive)
The categories of recipients to whom the information is supplied
Depending on the nature of the Personal Information, Vodacom may supply information or records to the following categories of recipients: a) statutory oversight bodies, regulators, law enforcement agencies or judicial commissions of enquiry making a request for information; b) any court, administrative or judicial forum, arbitration, statutory commission, or ombudsman making a request for personal information or discovery in terms of the applicable rules (e.g the Information Regulator ); c) South African Revenue Services, or another similar authority; d) Emergency Service Organisations (if you make an emergency call), including your approximate location; e) anyone making a successful application for access in terms of PAIA; f) subject to the provisions of POPIA and the National Credit Act No. 34 of 2005, Vodacom may share information about a client's creditworthiness with any credit bureau or credit provider.
Planned transborder flows of information
If you are visiting our websites from a country other than South Africa the various communications will necessarily result in the transfer of information across international boundaries.
Vodacom may also need to transfer your information to other Vodacom or Vodafone group of companies or service providers in countries outside South Africa, in which case we will fully comply with applicable data protection legislation. This may happen if our servers or suppliers and service providers are based outside South Africa, or if our services are hosted in systems or servers in Vodafone Operating Companies outside South Africa including Europe or India and/or if you use our services and products while visiting countries outside this areas. Other countries outside South Africa may not have data protection laws which are similar to those of South Africa, however, Vodacom will ensure that your Personal Information is protected and enter into appropriate agreements to achieve this.
Security measures implemented to ensure the confidentiality and privacy of the information which is to be processed
Vodacom is committed to implementing leading data security safeguards. For this reason, Vodacom has specialised security teams who constantly review and improve its measures to protect your Personal Information from unauthorised access, accidental loss, disclosure or destruction.
If Vodacom has an agreement with another organisation to provide it with services or a service on its behalf to process your Personal Information, then Vodacom will make sure they have appropriate security measures and only process your Personal Information in the way we have authorised them to. These organisations will not be entitled to use your Personal Information for their own purposes. If necessary, our security teams will conduct a due diligence them to make sure they meet the security requirements we have set.
Communications over the internet (such as emails) are not secure unless they have been encrypted. Further, your communications may go through a number of countries before being delivered, as this is the nature of the internet. Consequently, we cannot accept responsibility for any unauthorised access or loss of Personal Information that is beyond our control.