Definitions Introduction
As per the context of the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA), the following definitions are applicable:
“Data Subject” means the person to whom personal information relates.
“Information Officer” means the person acting on behalf of the Company and discharging the duties and responsibilities assigned to the “head” of the Company by the Acts; The Information Officer is duly authorised to act as such, and such authorisation has been confirmed by the “head” of the Company in writing;
“Personal Information” means information about an identifiable individual, including, but not limited to information relating to the:
race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the individual;
information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved;
any identifying number, symbol or other particular assigned to the individual;
the address, fingerprints, or blood type of the individual;
the personal opinions, views, or preferences of the individual, except where they are about another individual or about a proposal for a grant, an award, or a prize to be made to another individual;
correspondence sent by the individual that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the individual;
the views or opinions of another individual about a proposal for a grant, an award, or a prize to be made to the individual, but excluding the name of the other individual where it appears with the views or opinions of the other individual; and
the name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name itself would reveal information about the individual but excludes information about an individual who has been dead for more than 20 years.
“Personnel” means any person who works for or provides services to or on behalf of the Company and receives or is entitled to receive any remuneration. This includes, without limitation, directors (both executive and non-executive), all permanent, temporary, and part-time staff as well as contract workers.
“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
The collection, receipt, recording, organisation, collation, storage, updating, modification, retrieval, alteration, or consultation.
Dissemination by means of transmission, distribution or making available in any other form.
Merging, linking, as well as restriction, degradation, erasure, or destruction of information.
“Record” means any recorded information, regardless of form or medium, which is in the possession or under the control of the Company, irrespective of whether it was created by the Company.
“Request” means a request for access to a record of the Company.
“Requestor” means any person, including a public body or an official thereof, making a request for access to a record of the Company and includes any person acting on behalf of that person.
“Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose and means for processing personal information.
“Unique Identifier” means any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party.
“SAHRC” means the South African Human Rights Commission.
Introduction
UNIFY HEALTH is committed to the observance of and compliance with the directives of the South African Constitution and national legislation which endorse the key principles of good corporate governance, transparency, and accountability.
The Promotion of Access to Information Act No. 2 of 2000 (PAIA) gives effect to carry out section 32 of the South African Constitution, which focuses on the right to access information i.e. everyone has the right of access to information held by the state or a private body to enforce a culture of transparency and accountability.
Section 51 of PAIA obliges private bodies (including UNIFY HEALTH) to compile a manual to enable a person to obtain access to information held by such private body and stipulates the minimum requirements that the manual must comply with.
This Manual is published in terms of Section 51 of the Promotion of Access to Information Act (PAIA), 2 of 2000, and describes the type of records held by UNIFY HEALTH and the procedures for data subjects to access that information. As per Section 17 of the Protection of Personal Information Act (POPIA), 2013, a responsible party must maintain the documentation of all processing operations under its responsibility as referred to in section 14 or 51 of the Promotion of Access to Information Act.
The process of requesting information in terms of the Act is subjected to applicable legislative and/or regulatory requirements, and the applicable request forms are available as Annexures within this manual.
Enquiries regarding PAIA and POPIA, can be made via the following channels:
PAIA
The South African Human Rights Commission
PAIA Unit (the Research and Documentation Department)
Postal address: Private Bag 2700, Houghton, 2041
Telephone: +27 11 484-8300
Fax: +27 11 484-7146
Website: www.sahrc.org.za
Email: PAIA@sahrc.org.za
POPIA
The Information Regulator (South Africa)
JD House
27 Stiemens Street
Braamfontein
Johannesburg2001
Website: www.justice.gov.zaEmail: inforeg@justice.gov.za
Company Details
UNIFY ANALYTICS (PTY) LTD t/a UNIFY HEALTH
Company Address: Workshop17, 32 Kloof Street, Cape Town, 8001
Company Contact Detail: info@unifyhealth.ai
Company Website: https://unifyhealth.ai
Company Records
Categories of information held by UNIFY HEALTH, are outlined below:
Company Act
Company registration documentName & Appointment of DirectorsShare CertificatesBoard Meeting MinutesShare and statutory RegistersAppointment of Auditors
Financial Records
Accounting Records
Annual Financial Statements
Bank Accounts and statements
Asset Registers
Debtors / Creditors statements and invoices
General Ledgers
Invoices
Tax Returns
Income Tax
PAYE Records
VAT records
Skills DevelopmentLevies
SARS records
UIF
Procurement
Supplier Agreements
Supplier Lists
Policies & Procedures
Personnel
CV’s
Accident registry
Address Lists
Disciplinary codes and recordsE
mployee benefits
Employment contracts
Forms and applications Medical aid records
Leave records
Skills Development Records
Sales
Customer details
Advertising material
Information & Communication
TechnologyAsset RegistersUser ManualsSoftware Development Policies & ProceduresSoftware LicensingSystems Documentation & ManualsDatabase systems
Client Information
Client records Consent FormsFinancial Detail
Records held as per Legislation
Information is retained in terms of the following legislations and is usually available only to the persons or entities specified in such legislation. Although we have used our best efforts to supply a list of applicable legislation, it is, however, possible that this list may be incomplete.
Basic Conditions of Employment No. 75 of 1997
Companies Act No. 61 of 1973
Compensation for Occupational Injuries and Health Diseases Act No.130 of 1993
Constitution of the Republic of South Africa 200
Consumer Affairs (Unfair Business Practices) Act No. 71 of 198
Copyright Act, No 98 of 1978
Debtor Collectors Act No. 114 of 1998
Electronic Communications Act, No 36 of 2005
Employment Equity Act No. 55 of 1998
Finance Act No. 35 of 2000
Financial Services Board Act No. 97 of 1990
Financial Relations Act No. 65 of 1976
Harmful Business Practices Act No. 23 of 1999
Income Tax Act No. 95 of 1967
Insurance Act No 27 of 1943
Intellectual Property Laws Amendments Act No. 38 of 1997
Labour Relations Act No. 66 of 1995
Medical Schemes Act No. 131 of 1998
Occupational Health & Safety Act No. 85 of 1993
Pension Funds Act No. 24 of 1956
Short Term Insurance Act No. 53 of 1998
Skills Development Levies Act No. 9 of 1999
Unemployment Contributions Act No. 4 of 2002
Unemployment Insurance Act No. 63 of 2001
Value Added Tax Act No. 89 of 199
Financial Intelligence Centre Act, no. 38 of 200
Financial Advisory and Intermediary Services Act, no. 37 of 2002
Protection of Personal Information
UNIFY HEALTH is capturing, processing, storing, and communicating Personal Identifiable Information (PII) to perform its business functions. It is accountable and a responsible party in ensuring that the PII of a Data Subject is:
processed lawfully, fairly, and transparently.
processed only for the purposes for which it was collected for.
will not be processed for a secondary purpose unless consent is provided.
is accurate and kept up to date and will not be kept for longer than necessary.
processed in accordance with integrity and confidentiality principles; this includes physical and organisational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, processed, and communicated.
processed in accordance with the rights of Data Subjects, where applicable.
Rights of Data Subjects
Data subjects have the following rights:
To be notified that their Personal Information is being collected.
To be notified in the event of a data breach.
To enquire whether UNIFY HEALTH holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Manual.
To request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained personal information.
To object to the use of their Personal Information and request the deletion of such Personal Identifiable Information. Deletion is, however, subject to the record keeping requirement of UNIFY HEALTH as well as the national and international regulations and legislations to be adhered to.
To object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications.
To complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPI and to institute civil proceedings regarding the alleged noncompliance with the protection of his, her or its personal information.
Information security measures
UNIFY HEALTH is committed to protect the integrity and confidentiality of personal information in its possession and under its control, by the implementation of a security strategy that includes technical and organisational measures. These include a risk management framework to continuously guide control selection and implementation as well as assessing the effectiveness thereof. The security controls are implemented and monitored as part of the Information Security Management Systems, guided by the Information Security Charter that stipulates the Information Security Objectives of the organisation. The Information Security Policy directs the rules, policies, and procedures to ensure data, systems, networks, and users within the organisation meet the security requirements.
Request for information
In terms of POPIA, a data subject may, upon providing proof of identity, request UNIFY HEALTH to confirm the information being held about the data subject. The data subject may also request access to the information being held, including information about the identity of third parties who have or have had access to such information. The data subject is allowed at any time, to object to the processing of information by UNIFY HEALTH unless legislation provides for such processing. The requester must comply with all the procedural requirements contained in the Act relating to the request for access to a record. To request the information, the prescribed form C must be completed, and the requester fee (if applicable) be paid to the Information Officer. The prescribed time periods will not commence until the requester has furnished all the necessary and required information. The Information Officer shall serve a record, if possible, and grant only access to that portion requested and which is not prohibited from being disclosed. The request will be processed within a 30 (thirty) day period, and the outcome of the request will be communicated in writing. This period may be extended by an additional 30 days depending on the complexity of the request requirements.
The process to request information from UNIFY HEALTH is as follows:
The relevant prescribed form (Form C) must be used and completed in full to file a request for access to a record.
If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.
Please note that an application for access to information can be refused if the application does not comply with the requirements of PAIA. If access to a record or information is denied, the requestor will be notified, and adequate reasons for the refusal will be provided.
Should the requester not be satisfied with the decision of the Information Officer, the requester may apply to the court for relief. In terms of PAIA, the said application must be made within 180 days after the decision has been made by the Information Officer.
UNIFY HEALTH will require proof of identification of the data subject (requestor) or related third parties requesting information on behalf of the requestor for all requests.
The successful completion and submission of the access request does not automatically allow the requestor access to the requested records.
If access to a record/information is granted, the requestor will be notified, and an indication of the access fee (if any) will be provided.
Objection to the Processing of Personal Identifiable Information (PII)
Section 11 (3) of POPI and regulation 2 of the POPIA Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its PII by following the process stipulated in this manual.
Request for correction or deletion of Personal Identifiable Information (PII)
Section 24 of POPI and regulation 3 of the POPI Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form. To ensure the lawfulness and correctness of the data, the data subject may also request UNIFY HEALTH to correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or destroy or delete a record of personal information about the data subject that the company is no longer authorised to retain in terms of POPIA's retention and restriction of records provisions.
Where an institution has voluntarily provided the Minister with a list of categories of records that will automatically be made available to any person requesting access thereto, the only charge that may be levied for obtaining such records, will be a fee for reproduction of the record in question. PAIA provides for two types of fees, namely a request fee and an access fee. This is a non-refundable administration fee paid by all requestors with the exclusion of personal requestors. It is paid before the request is considered. Where a requester sub/it’s a request for access to information help by an institution on a person other that the requester his/self/herself, a request fee in the amount of R50-00 is payable up-front before the institution will further process the request received. This is paid by all requestors only when access is granted. This fee is intended to reimburse the private body for the costs involved in searching for a record and preparing it for delivery to the requestor. An access fee is payable in all instances where a request for access to information is granted, except in those instances where payment of an access fee is specially excluded in terms of the Act, or an exclusion is determined by the Minister in terms of Section 54(8) UNIFY HEALTH may withhold a record until the request fee has been paid.
Fees
Request fee, payable by every requester
Photocopy or printed black & white copy for every A4 page
R2.00 per page or part of the page
Printed copy of A4-size page
R2.00 per page or part of the page
For a copy in a computer-readable form on:
a flash drive (provided by the requester)
a compact disc (CD) if the requester provides the CD to us
a compact disc (CD) if we give the CD to the requester
For a transcription of visual images, for an A4-size page or part of the page
This service will be outsourced. The fee will depend on the quotation from the service provider.
For a copy of visual images
This service will be outsourced. The fee will depend on the quotation from the service provider.
For a transcription of an audio record, per A4-size page
For a copy of an audio record on a flash drive (provided by the requester)
For a copy of an audio record on compact disc (CD) if the requester provides the CD to us
For a copy of an audio record on compact disc (CD) if we give the CD to the requester
For each hour or part of an hour (excluding the first hour) reasonably required to search for, and prepare the record for disclosure. The search and preparation fee cannot exceed
Deposit: if the search exceeds 6 hours
One-third of the amount per request. It is calculated in terms of items 2 to 8 above.
Postage, email or any other electronic transfer
