PAIA - Promotion of Access to Information Act

1. LIST OF ACRONYMS AND ABBREVIATIONS

1.1 “CEO” Chief Executive Officer
1.2 “DIO” Deputy Information Officer;
1.3 “IO“ Information Officer;
1.4 “Minister” Minister of Justice and Correctional Services;
1.5 “PAIA” Promotion of Access to Information Act No. 2 of 2000( as Amended;
1.6 “POPIA” Protection of Personal Information Act No.4 of 2013;
1.7 “Regulator” Information Regulator; and
1.8 “Republic” Republic of South Africa

2. PURPOSE OF PAIA MANUAL

This PAIA Manual is useful for the public to-

2.1 check the categories of records held by a body which are available without a person having to submit a formal PAIA request;

2.2 have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;

2.3 know the description of the records of the body which are available in accordance with any other legislation;

2.4 access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;

2.5 know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;

2.6 know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;

2.7 know the description of the categories of data subjects and of the information or categories of information relating thereto;

2.8 know the recipients or categories of recipients to whom the personal information may be supplied;

2.9 know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and

2.10 know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.

3. KEY CONTACT DETAILS FOR ACCESS TO INFORMATION OF INVESTEC LTD, ITS SUBSIDIARIES AND AFFILIATES (‘INVESTEC’)

3.1. Information Officer

Name: Natalie Naicker

Tel: +27 11 291 6296

Email: Natalie.naicker@investec.com

3.2. Deputy Information Officers

*For the purpose of Special Purpose Vehicles, Natalie Naicker is the Deputy Information Officer

3.3 Access to information general contacts

Email: paia@investec.com

3.4 National or Head Office

Postal Address: PO Box 785700, Sandton 2146

Physical Address: 100 Grayston Drive, Sandown, Sandton, 2196

Telephone: +27 11 286 7000

Website: https://www.investec.com/en_za.html

4. GUIDE ON HOW TO USE PAIA AND HOW TO OBTAIN ACCESS TO THE GUIDE

4.1. The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.

4.2. The Guide is available in each of the official languages and in braille.

4.3. The aforesaid Guide contains the description of-

4.3.1. the objectives of PAIA and POPIA;

4.3.2. the postal and street address, phone and fax number and, if available, electronic mail address of-

4.3.2.1. the Information Officer of every public body, and

4.3.2.2. every Deputy Information Officer of every public and private body designated in terms of section 17(1) of PAIA and section 56 of POPIA ;

4.3.3. the manner and form of a request for-

4.3.3.1. access to a record of a public body contemplated in section 11 ; and

4.3.3.2. access to a record of a private body contemplated in section 50 ;

4.3.4. the assistance available from the IO of a public body in terms of PAIA and POPIA;

4.3.5. the assistance available from the Regulator in terms of PAIA and POPIA;

4.3.6. all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging-

4.3.6.1. an internal appeal;

4.3.6.2. a complaint to the regulator; and

4.3.6.3. an application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the regulator or a decision of the head of a private body;

[1] Section 17(1) of PAIA- For the purposes of PAIA, each public body must, subject to legislation governing the employment of personnel of the public body concerned, designate such number of persons as deputy information officers as are necessary to render the public body as accessible as reasonably possible for requesters of its records.

[2] Section 56(a) of POPIA- Each public and private body must make provision, in the manner prescribed in section 17 of the Promotion of Access to Information Act, with the necessary changes, for the designation of such a number of persons, if any, as deputy information officers as is necessary to perform the duties and responsibilities as set out in section 55(1) of POPIA.

[3] Section 11(1) of PAIA- A requester must be given access to a record of a public body if that requester complies with all the procedural requirements in PAIA relating to a request for access to that record; and access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

[4] Section 50(1) of PAIA- A requester must be given access to any record of a private body if-

a) that record is required for the exercise or protection of any rights;

b) that person complies with the procedural requirements in PAIA relating to a request for access to that record; and access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

4.3.7. the provisions of sections 14 and 51 requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual;

4.3.8. the provisions of sections 15 and 52 providing for the voluntary disclosure of categories of records by a public body and private body, respectively;

4.3.9. the notices issued in terms of sections 22 and 54 regarding fees to be paid in relation to requests for access; and4.3.10. the regulations made in terms of section 92 .

4.4. Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.

4.5. The Guide can also be obtained-

4.5.1 upon request to the Information Officer;

[5] Section 14(1) of PAIA- The information officer of a public body must, in at least three official languages, make available a manual containing information listed in paragraph 4 above.

[6] Section 51(1) of PAIA- The head of a private body must make available a manual containing the description of the information listed in paragraph 4 above.

[7] Section 15(1) of PAIA- The information officer of a public body, must make available in the prescribed manner a description of the categories of records of the public body that are automatically available without a person having to request access

[8] Section 52(1) of PAIA- The head of a private body may, on a voluntary basis, make available in the prescribed manner a description of the categories of records of the private body that are automatically available without a person having to request access

[9] Section 22(1) of PAIA- The information officer of a public body to whom a request for access is made, must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

[10] Section 54(1) of PAIA- The head of a private body to whom a request for access is made must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

[11] Section 92(1) of PAIA provides that –“The Minister may, by notice in the Gazette, make regulations regarding-

(a) any matter which is required or permitted by this Act to be prescribed;

(b) any matter relating to the fees contemplated in sections 22 and 54;

(c) any notice required by this Act;

(d) uniform criteria to be applied by the information officer of a public body when deciding which categories of records are to be made available in terms of section 15; and

(e) any administrative or procedural matter necessary to give effect to the provisions of this Act.”

4.5.2 from the website of the Regulator (https://www.justice.gov.za/inforeg/).

4.6. A copy of the Guide is also available in the following three official languages, for public inspection during normal office hours-

4.6.1 English4.6.2 Afrikaans4.6.3 SeSotho

5. CATEGORIES OF RECORDS OF INVESTEC WHICH ARE AVAILABLE WITHOUT A PERSON HAVING TO REQUEST ACCESS

Category of records	Types of the Record	Available on Website	Available upon request
Financial Statements	Investec Limited Group and Company Annual Financial Statements	X
Website	All other information freely available on Investec’s website	X

6. DESCRIPTION OF THE RECORDS OF INVESTEC WHICH ARE AVAILABLE IN ACCORDANCE WITH ANY OTHER LEGISLATION

Category of Records	Applicable Legislation
Memorandum of Incorporation	Companies Act 71 of 2008
Minutes of Meetings of Shareholders	Companies Act 71 of 2008
AGM Notice	Companies Act 71 of 2008
AGM Meeting recording	Market Practice
AGM Results and responses	JSE Listings Requirements
Board Committee Terms of Reference	King IV Code
Integrated Annual Report	King IV Code
DLC SEC report	King IV Code
Investec Limited Audit Report	King IV Code
Investec plc Audit Report	King IV Code
Directors Biographies	Market Practice
Board and Executive Roles	JSE Listings Rules Banks Act King IV Code Companies Act
Board Composition	JSE Listings Rules Banks Act King IV Code Companies Act
Governance Framework	JSE Listings Rules Banks Act King IV Code Companies Act
Board Report	King IV Code
King IV Corporate Governance Code	King IV Code
Share Register and other statutory registers and/or records and/or documents	Companies Act 71 of 2008
Records of personal information	Protection of Personal Information Act 4 of 2013

7. DESCRIPTION OF THE SUBJECTS ON WHICH THE BODY HOLDS RECORDS AND CATEGORIES OF RECORDS HELD ON EACH SUBJECT BY INVESTEC

Subjects on which the body holds records	Categories of records
Accounting	Customs, Excise and Transport, Formal Books of Account and Financial Statements, Source Documents.
Company Secretarial	Bank Account Records Banking Licence Company Records
Client Records	Auctions Banking and Deposit Taking Financial products and services Bearer Warrants Collective Investment Schemes Credit Provision Deceased Customers Financial Advisory and Intermediary Services General Insolvent Clients JSE Equities Long-Term Insurance Money Broking Pension Funds Promotional Competitions SAFEX/YIELDEX Securities Services Short-Term Insurance STRATE Trust Services
Health, Safety and Environment	Construction Electrical Machinery Elevators, escalators and passenger conveyors, Lifting Machinery & Tackle Fire Equipment General Safety Hazardous Chemical Substances Noise Pressure Equipment
People and Organisation	Recruitment, Training, Discipline, Employment Equity, and Economic Empowerment.
National Payment System	Records relating to the operation and administration of payments.

8. PROCESSING OF PERSONAL INFORMATION

Investec is a distinctive Bank that provides a diverse range of financial products and services to its client base, delivering profitable solutions for clients in its core areas of activity namely, Wealth & Investment and Banking. For more information on how Investec processes personal information belonging to clients refer to its Data Protection Statement located at https://www.investec.com/en_za/legal/data-protection-statement.html.

People and Organisation processes personal information for the purposes of management of recruitment for positions advertised as well as for the administration of human resource functions.

The personal information of visitors, service providers and suppliers are processed for the purposes of managing our suppliers and service providers, preparation of contractual arrangements, to manage our technology resources and to grant access to our facilities and/or technology.

8.2 Description of the categories of Data Subjects and of the information or categories of information relating thereto

Categories of Data Subjects	Personal Information that may be processed
Clients, Potential Clients, Trustees, Beneficiaries, Founders and Directors/Authorized Signatories	Name, address, contact details, date of birth, place of birth, identity number, passport number, bank details, details about your employment, tax number and financial information; credit history; medical records for underwriting, claims and insurance purposes; nationality; citizenship; residency status; sensitive or special categories of personal information, such as criminal behaviour and biometric information such as images, fingerprints and voiceprints.
Service Providers and Suppliers	names, registration number, vat numbers, address, bank details, directors’ information
Employees	Identification information (e.g., full name, surname, title and identification / passport number); jurisdiction information; contact information; date of birth; education history; current employment status and employment history; earnings/salary information; right to work information (including passport and visa details); background and general screening information; other information voluntarily disclosed by employees (including special personal information).
Visitors	Personal information e.g., first name, last name, email address, address, phone number, identification document, photograph and video recording.

8.3 The recipients or categories of recipients to whom the personal information may be supplied

Categories of Data Subjects	Category of personal information	Recipients or Categories of Recipients to whom the personal information may be supplied
Categories of Data Subjects	Category of personal information
Clients	Credit and payment history, for credit information	Credit Bureaus
Clients	Contact details and/or information relating to account opening and products and services offered	Other Entities within the Investec Group and an Agent acting on behalf of Investec
Clients	Transactional information and payer of funds	Financial Institutions, other entities within the Investec Group, Regulatory Bodies and Law Enforcement Agencies
Clients	Home loan and property information including personal information and information relating to the transaction or account	Insurance Companies, Conveyancing Attorneys and Property Valuers
Clients	Tax residency and tax information	Local and International Tax Authorities
Clients	Trade information	External Trade Repositories
Clients	Account information	Sureties and Guarantors, other entities within the Investec Group, Regulatory Bodies and Law Enforcement Agencies
Client	Personal and account information	Agent or any other person acting on the client’s behalf, an independent financial advisor or an introducer
Clients	Personal, financial and transactional information	Regulatory Bodies and Law Enforcement Agencies
Clients	Address and contact information	Courier Companies and Property Valuers
Employees	Identity number and names, for criminal checks	Authorised Verification Agents
Employees	Personal and employment information	Other Entities within the Investec Group
Employees	Tax information	Local Tax Authorities and governmental or administrative bodies
Employees	Personal and contribution information	Pension/Provident fund institutions
Employees	Personal and claim information	Insurance Companies
Employees	Personal, medical information	Benefit Providers
Clients and Employees	Personal, trade and account information	Administrators and Technology Systems Service Providers
Clients and Employees	Personal information and personal information relating to accounts/products/services offered	Independent public accountants and auditors and authorised representatives of internal control functions such as audit, legal and information security

8.4 Personal information including account numbers and/or contact information is sent to countries in other jurisdictions for the provision of IT hardware and software services, travel arrangements by Investec Travel, card deliveries as well as account opening at Investec branches in other jurisdictions which include Australia, Dubai, Guernsey, England, France, Germany, India, Ireland, Israel, Singapore, Sweden, Hong Kong, Tokyo, United Kingdom, United States of America, Western Europe and Mauritius.

8.5 General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information

Information is safeguarded in accordance with prevailing Investec policies, standards and practices, which are in turn based on industry-accepted good practice, through controls such as:

- Restricting access based on business need and the principle of least privilege,

- Restricting mechanisms for accessing information systems and assets to only corporate-managed channels

- Strong user and administrator account authenticating

- Devaluing data in non-production environments

- The implementation of Data Loss Prevention and Detection tools/ policies

- Secure asset disposal• Enforcing endpoint security, including Malware protection, and data security policies on PCs and mobile devices with access to corporate information assets

- Using encrypted data transmission channels for external communications

- Performing routine vulnerability scans and security penetration tests• Perimeter and network security controls

- Security incident monitoring and response

- Document protection and encryption

9. AVAILABILITY OF THE MANUAL

9.1 A copy of the Manual is available-

9.1.1 on Investec’s website here;

9.1.2 head office of Investec for public inspection during normal business hours;

9.1.3 to any person upon request and upon the payment of a reasonable prescribed fee; and

9.1.4 to the Information Regulator upon request.

9.2 A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be payable per each A4-size photocopy made.

10. UPDATING OF THE MANUAL

The Information Officer of Investec will on a regular basis update this manual.

Issued by

Natalie Naicker

(Group Compliance)

Appendix 1

PRESCRIBED FEES

No.	Description	Amount
1	The request fee payable by every requestor	R140.00
2	Photocopy printed black/white copy of A4 size page	R2.00 per page or part thereof
3	Printed copy of A4-size page	R2.00 per page or part thereof
4	For a copy in a computer-readable form on – (i) Flash Drive (to be provided by the requestor) (ii) Compact Disc - If provided by the requestor - If provided to the requestor	R40.00 R40.00 R60.00
5	For a transcription of visual images per A4-size page	Service to be outsourced. Will depend on quotation from service provider.
6	Copy of visual images
7	Transcription of an audio record per A4-size page	R24,00
8	For a copy of an audio record on – (i) Flash Drive (to be provided by the requestor) (ii) Compact Disc - If provided by the requestor - If provided to the requestor	R40.00 R40.00 R60.00
9	To search and prepare the record for disclosure for each hour or part of an hour, excluding the first hour, reasonably required for such search and preparation. To not exceed the total cost of	R145.00 R435.00
10	Deposit: If search exceeds 6 hours	One third of amount per request calculated in terms of 2 and 8
11	Postage, e-mail or any other electronic transfer	Actual expense, if any.

PAIA - Promotion of Access to Information Act

Prepared in terms of section 51 of the Promotion of Access to Information Act 2 of 2000 (as amended)

PRESCRIBED FEES