POPI - Protection of Personal Information

As per the context of the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA), the following definitions are applicable:

“Data Subject” means the person to whom personal information relates.

“Information Officer” means the person acting on behalf of the Company and discharging the duties and responsibilities assigned to the “head” of the Company by the Acts; The Information Officer is duly authorised to act as such, and such authorisation has been confirmed by the “head” of the Company in writing;

“Personal Information” means information about an identifiable individual, including, but not limited to-

a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the individual;

b) information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved;

c) any identifying number, symbol or other particular assigned to the individual;

d) the address, fingerprints or blood type of the individual;

e) the personal opinions, views or preferences of the individual, except where they are about another individual or about a proposal for a grant, an award or a prize to be made to another individual;

f) correspondence sent by the individual that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

g) the views or opinions of another individual about the individual;

h) the views or opinions of another individual about a proposal for a grant, an award or a prize to be made to the individual, but excluding the name of the other individual where it appears with the views or opinions of the other individual; and

i) the name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name itself would reveal information about the individual, but excludes information about an individual who has been dead for more than 20 years.

“Personnel” means any person who works for or provides services to or on behalf of the Company and receives or is entitled to receive any remuneration. This includes, without limitation, directors (both executive and non-executive), all permanent, temporary, and part-time staff as well as contract workers.

“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including –

a) The collection, receipt, recording, organisation, collation, storage, updating, or modification, retrieval, alteration, consultation or use;

b) Dissemination by means of transmission, distribution or making available in any other form; or

c) Merging, linking, as well as restriction, degradation, erasure or destruction of information.

“Record” means any recorded information, regardless of form or medium, which is in the possession or under the control of the Company, irrespective of whether it was created by the Company.

“Request” means a request for access to a record of the Company.

“Requestor” means any person, including a public body or an official thereof, making a request for access to a record of the Company and includes any person acting on behalf of that person.

“Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose and means for processing personal information.

“Unique Identifier” means any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party.

“SAHRC” means the South African Human Rights Commission.

2 Introduction

This Manual is published in terms of Section 51 of the Promotion of Access to Information Act (PAIA), 2 of 2000, and describes the type of records held by the organisation and also details the procedures for data subjects to access applicable personal information records.

As per Section 17 of the Protection of Personal Information Act (POPIA), 2013, a responsible party must maintain the documentation of all processing operations under its responsibility as referred to in section 14 or 51 of the Promotion of Access to Information Act.

The process of requesting information in terms of the Act is subjected to applicable legislative and/or regulatory requirements, and the applicable request forms are available as Annexures within this manual.

Enquiries regarding PAIA and POPIA, can be made via the following channels:

PAIA

The South African Human Rights Commission

PAIA Unit (the Research and Documentation Department)

Postal address: Private Bag 2700, Houghton, 2041

Telephone: +27 11 484-8300

Fax: +27 11 484-7146

Website: www.sahrc.org.za

Email: PAIA@sahrc.org.za

POPIA

The Information Regulator (South Africa)

JD House

27 Stiemens Street

Braamfontein

Johannesburg

2001

Website: www.justice.gov.za

Email: inforeg@justice.gov.za

3 Company Detail

The core activity of Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel is the provision of Web Hosting and Domain Services as well as Graphic and Web Design/Web Development Services.

Company Detail
MD/CEO	Henko Janse van Rensburg
Contact Detail	support@ramkat.info
Company Address	George, South Africa
Company Contact Detail	support@ramkat.info
Company Website	https://ramkat.info

4 Records held as per Legislations

Information is retained in terms of the following legislations and is usually available only to the persons or entities specified in such legislation. Although we have used our best efforts to supply a list of applicable legislation, it is, however, possible that this list may be incomplete.

4.1 Basic Conditions of Employment No. 75 of 1997

4.2 Companies Act No. 61 of 1973

4.3 Compensation for Occupational Injuries and Health Diseases Act No.130 of 1993

4.4 Constitution of the Republic of South Africa 2008

4.5 Consumer Affairs (Unfair Business Practices) Act No. 71 of 1988

4.6 Copyright Act, No 98 of 1978;

4.7 Debtor Collectors Act No. 114 of 1998

4.8 Electronic Communications Act, No 36 of 2005;

4.9 Employment Equity Act No. 55 of 1998

4.10 Finance Act No. 35 of 2000

4.11 Financial Services Board Act No. 97 of 1990

4.12 Financial Relations Act No. 65 of 1976

4.13 Harmful Business Practices Act No. 23 of 1999

4.14 Income Tax Act No. 95 of 1967

4.15 Insurance Act No 27 of 1943

4.16 Intellectual Property Laws Amendments Act No. 38 of 1997

4.17 Labour Relations Act No. 66 of 1995

4.18 Medical Schemes Act No. 131 of 1998

4.19 Occupational Health & Safety Act No. 85 of 1993

4.20 Pension Funds Act No. 24 of 1956

4.21 Short Term Insurance Act No. 53 of 1998

4.22 Skills Development Levies Act No. 9 of 1999

4.23 Unemployment Contributions Act No. 4 of 2002

4.24 Unemployment Insurance Act No. 63 of 2001

4.25 Value Added Tax Act No. 89 of 1991

4.26 Financial Intelligence Centre Act, no. 38 of 2001

4.27 Financial Advisory and Intermediary Services Act, no. 37 of 2002

5 Protection of Personal Information

Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel is capturing, processing, storing, and communicating Personal Identifiable Information (PII) to perform its business functions. It is accountable and a responsible party in ensuring that the PII of a Data Subject

a. is processed lawfully, fairly, and transparently.

b. is processed only for the purposes for which it was collected for.

c. will not be processed for a secondary purpose unless consent is provided.

d. is accurate and kept up to date;

e. will not be kept for longer than necessary;

f. is processed in accordance with integrity and confidentiality principles; this includes physical and organisational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, processed, and communicated.

g. is processed in accordance with the rights of Data Subjects, where applicable.

6 Rights of Data Subjects

Data subjects have the following rights:

a. To be notified that their Personal Information is being collected.

b. To be notified in the event of a data breach.

c. To know whether Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Manual.

d. To request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained personal information.

e. To object to the use of their Personal Information and request the deletion of such PII. Deletion is, however, subject to the record keeping requirement of Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel as well as the regulations and legislations to be adhered to.

f. To object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications.

g. To complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPI and to institute civil proceedings regarding the alleged noncompliance with the protection of his, her or its personal information.

7 Information security measures

Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel is committed to protect the integrity and confidentiality of personal information in its possession and under its control, by the implementation of a security strategy that includes technical and organisational measures.

Such measures includes

· Daily and Weekly WHMCS Database backups

· SSL Certificate Protection

· 2FA Login to WHMCS Client Accounts

8 Cookie Policy

For Implementation on the Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel website: https://ramkat.info

We only use functional (or required) cookies that are necessary for this site to function, including those that are necessary for Google Analytics to work. We do analyse the use of this website to measure the audience, but it is de-identified data. In other words, we don’t know who you are.

Cookies and tracking technologies are used to provide the following usability features via our website:

· Required for the website to function correctly, an provide you with an optimal experience.

· Enhance and customize functionality, so that for example, details are only entered on the first visit to the site.

· To gain understanding on how our visitors are using the site to improve functionality and the services on offer.

In the instances where we partner with third-party services that may use various tracking technologies to provide certain services or features on our sites, such as advertising, interactive content, analytics and on-site messaging, cookies are used to anonymously collect data. No personally identifiable information is collected by these cookies, and this data is kept separate from the personal information about you as a user that we collect.

Note that in the event that cookies are disabled or rejected, it may affect the website and the services may not work as it is supposed to.

9 Request for Information

In terms of POPIA, a data subject may, upon providing proof of identity, request Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel to confirm the information being held about the data subject. The data subject may also request access to the information being held, including information about the identity of third parties who have or have had access to such information. The data subject is allowed at any time, to object to the processing of information by the Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel, unless legislation provides for such processing.

The requester must comply with all the procedural requirements contained in the Act relating to the request for access to a record. In order to request the information, the prescribed form (see Form C attached to this document) must be completed, and the requester fee (if applicable) be paid to the Information Officer. The prescribed time periods will not commence until the requester has furnished all the necessary and required information. The Information Officer shall serve a record, if possible, and grant only access to that portion requested and which is not prohibited from being disclosed.

The request will be processed within a 30 (thirty) day period, and the outcome of the request will be communicated in writing. This period may be extended by an additional 30 days depending on the complexity of the request requirements.

The process to request information from the Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel is as follows:

Send a Support Ticket from within a WHMCS client account and request the Form to be completed.

10 Objection to the Processing of PII

Section 11 (3) of POPI and regulation 2 of the POPIA Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its PII by following the process stipulated in this manual.

Start the process by opening a Support ticket within a WHMCS client account

11 Request for correction or deletion of PII

Section 24 of POPI and regulation 3 of the POPI Regulations provides that a Data Subject may request for their Personal Information to be corrected / deleted in the prescribed form. To ensure the lawfulness and correctness of the data, the data subject may also request the Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel to correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or destroy or delete a record of personal information about the data subject that the company is no longer authorised to retain in terms of POPIA's retention and restriction of records provisions.

All WHMCS registered clients have access to their Information and can easily change it as is needed. Alternatively the WHMCS client account can open a support ticket and request Information to be changed manually.

12 Fees

Where an institution has voluntarily provided the Minister with a list of categories of records that will automatically be made available to any person requesting access thereto, the only charge that may be levied for obtaining such records, will be a fee for reproduction of the record in question.

PAIA provides for two types of fees, namely a request fee and an access fee:

12.1 Request fee:

This is a non- refundable administration fee paid by all requestors with the exclusion of personal requestors. It is paid before the request is considered. Where a requester submits a request for access to information held by an institution on a person other that the requester himself/herself, a request fee in the amount of R50-00 is payable up-front before the institution will further process the request received.

12.2 Access fee:

This is paid by all requestors only when access is granted. This fee is intended to reimburse the private body for the costs involved in searching for a record and preparing it for delivery to the requestor. An access fee is payable in all instances where a request for access to information is granted, except in those instances where payment of an access fee is specially excluded in terms of the Act or an exclusion is determined by the Minister in terms of Section 54(8)

Ramkat Web Hosting and Domains | Brainwave Projects 1123 T/A Besstel may withhold a record until the request fee has been paid.

Item for Reproduction and/or Access	Fee (ZAR)
For every photocopy of a a4-size page or part thereof	1.10
For every printed copy of an A4-size page or part thereof held on a Computer or in electronic or machine readable form	0.75
For a copy in computer-readable form on: - 3.5” magnetic disc - Optical compact disc	7.50 70.00
A transcription of visual images, for an A4-size page or part thereof	40.00
For a copy of visual images	60.00
A transcription of an audio record, for an A4-size page or part thereof	20.00
For a copy of an audio record	30.00

Item for Access	Fee (ZAR)
To search for a record that must be disclosed	30.00

Deposits

Where the institution receives a request for access to information held on a person other than the requester himself/herself and the Information Officer upon receipt of the request is of the opinion that the preparation of the required record of disclosure will take more than 6 (six) hours, a deposit is payable by the requester.

The amount of the deposit is equal to 1/3 (one third) of the amount of the applicable access fee.

POPI - Protection of Personal Information

Generate Password