PAIA Manual

Version: 3.1.0 | Last Updated: 2026-03-11 | Prepared in accordance with: Section 51 of the Promotion of Access to Information Act 2 of 2000 ("PAIA") and Section 17 of the Protection of Personal Information Act 4 of 2013 ("POPIA")

1. Introduction

This manual is published in accordance with Section 51 of the Promotion of Access to Information Act 2 of 2000 ("PAIA"), as amended. PAIA gives effect to the right of access to information held by private bodies, as enshrined in Section 32 of the Constitution of the Republic of South Africa.

The purpose of this manual is to provide information to the public on how to make a request for access to records held by MyProtektor, as well as to describe the categories of records held and the purposes for which personal information is processed.

Section 17 of the Protection of Personal Information Act 4 of 2013 ("POPIA") requires that this manual also includes a description of the records of personal information held, the purpose of processing, and the categories of data subjects and recipients.

2. Company Information

3. Designated Contact Person

All requests for access to records or queries regarding this manual should be directed to the designated contact person:

• Name: Mike Roth
• Designation: Founder and Head of Information
• Email: info@myprotektor.co.za

4. Guide Published by the South African Human Rights Commission

Section 10 of PAIA requires the South African Human Rights Commission ("SAHRC") to compile a guide in each official language containing information to assist individuals wishing to exercise the right of access to information. This guide is available from:

• South African Human Rights Commission (SAHRC)
• Phone: 011 877 3600
• Website: www.sahrc.org.za

The SAHRC guide contains information on how PAIA works, what your rights are, and how to make a request for access to records held by private or public bodies.

5. Categories of Records Held

MyProtektor holds records that fall into the following broad categories. Not all records are subject to disclosure and some may be refused on grounds set out in PAIA (see Section 9 of this manual).

5.1 Company Records

• Business registration and operating documentation
• Intellectual property records (trademarks, copyrights, software licences)
• Insurance policies and certificates
• Agreements with service providers, partners, and vendors
• Internal policies and procedures
• Marketing and communications materials

5.2 Client and User Records

• User account information (names, email addresses, phone numbers)
• Organisation profiles and membership records
• Subscription details and plan history
• Incident reports submitted through the Platform
• Panic alert records and response logs
• Patrol checkpoint scan records
• GPS location data and tracking records
• Correspondence and support ticket records
• Consent records and opt-in/opt-out preferences

5.3 Personnel Records

• Records of contractors and service providers engaged by MyProtektor
• Contractual agreements and engagement terms
• Payment and remuneration records

5.4 Financial Records

• Accounting records and financial statements
• Bank account and payment processing records
• Invoice and billing records
• Subscription payment history
• Affiliate commission records
• Tax-related documentation

5.5 Operational and Security Records

• System architecture and technical documentation
• Security audit reports and vulnerability assessments
• Server and application logs
• Data backup and recovery records
• Cryptographic key management records
• Incident response and breach notification records

6. Purpose of Processing Personal Information

MyProtektor processes personal information for the following purposes:

• To provide and maintain the MyProtektor platform and its features, including incident management, GPS tracking, panic alerts, QR patrol verification, and role-based dashboard access.
• To create, manage, and authenticate user accounts.
• To process subscription payments and manage billing.
• To communicate with users about their accounts, service updates, and security notifications.
• To facilitate emergency response coordination and real-time location sharing during active shifts.
• To administer the affiliate programme and process commission payments.
• To analyse usage patterns and improve the Platform's features and performance.
• To comply with legal and regulatory obligations, including responding to lawful requests for information.
• To protect the security and integrity of the Platform and the safety of users.

7. Procedure to Request Access to Records

Any person may request access to records held by MyProtektor by following the procedure set out below:

7.1 Written Request (Form C)

Requests for access must be made in writing using the prescribed Form C (as published in Government Notice R187 of 15 February 2002, as amended). The completed form must be submitted to the designated contact person identified in Section 3 of this manual.

Form C is available from the website of the South African Human Rights Commission at www.sahrc.org.za or from the Department of Justice and Constitutional Development at www.justice.gov.za.

7.2 What to Include in Your Request

Your request must include:

• Your full name, contact details, and proof of identity (certified copy of ID document or passport).
• A description of the record(s) you are requesting access to, with sufficient detail to enable us to identify the record(s).
• The form in which you prefer to receive the information (e.g., printed copy, electronic copy).
• If you are requesting the record on behalf of another person, proof of authorisation to act on that person's behalf.
• The right you wish to exercise or protect, and an explanation of why the record is required to exercise or protect that right.

7.3 Response Timeline

MyProtektor will acknowledge receipt of your request and respond within 30 days of receiving a complete and valid request. If the request requires additional time due to complexity or volume, the response period may be extended by a further 30 days, in which case you will be notified in writing.

8. Applicable Fees

PAIA permits the imposition of fees for the reproduction of records and for the search and preparation of records for disclosure. The following fees may apply:

• Request fee: A non-refundable request fee may be charged when a request is submitted. The current prescribed request fee is set by regulation and is payable before the request is processed.
• Access fee: An access fee may be charged for the search, reproduction, and preparation of the record. This fee is calculated based on the time spent and the format of the record requested.
• Deposit: Where the cost of searching for and preparing a record is likely to exceed a prescribed amount, a deposit of one-third of the estimated fee may be required before processing commences.

If you are unable to pay the prescribed fees and your request relates to the protection of your fundamental rights, you may request that the fees be waived. Such a request must be supported by evidence demonstrating your financial inability to pay.

9. Grounds for Refusal

MyProtektor may refuse a request for access to records on any of the grounds set out in Sections 62 to 70 of PAIA. These grounds include, but are not limited to:

• Privacy of third parties (Section 63): Where disclosure would unreasonably reveal personal information about a third party.
• Commercial information of third parties (Section 64): Where disclosure would reveal trade secrets, financial, commercial, or technical information supplied in confidence by a third party.
• Confidential information (Section 65): Where the record contains information obtained in confidence and disclosure would breach a duty of confidence.
• Safety of individuals and property (Section 66): Where disclosure could reasonably be expected to endanger the life or physical safety of an individual.
• Mandatory protection of commercial information (Section 68): Where disclosure would cause harm to the commercial or financial interests of MyProtektor.
• Research information (Section 69): Where the record contains research information that has not yet been published.
• Requests that are manifestly frivolous or vexatious (Section 70): Where the request is clearly without merit or is made in bad faith.

If a request is refused, MyProtektor will provide written reasons for the refusal and will inform you of your right to lodge an internal appeal or a complaint with the Information Regulator.

10. Internal Remedies and Appeals

If your request for access to records is refused, you have the following remedies:

• Internal appeal: You may lodge an internal appeal with MyProtektor within 30 days of receiving the notice of refusal. The appeal should be directed to the designated contact person identified in Section 3 and should state the grounds on which you believe the refusal was unjustified. MyProtektor will review the appeal and provide a decision within 30 days.
• Complaint to the Information Regulator: If you are dissatisfied with the outcome of the internal appeal, you may lodge a complaint with the South African Information Regulator:
  • Email: POPIAComplaints@inforegulator.org.za
  • Phone: 012 406 4818
  • Website: https://inforegulator.org.za
• Court application: You may also apply to a court for appropriate relief in terms of Section 78 of PAIA.

11. Availability of This Manual

This manual is available for inspection during normal business hours at no charge. Copies of the manual are available:

• On the MyProtektor website at www.myprotektor.co.za/legal/paia-manual.
• From the designated contact person upon written request (a reasonable reproduction fee may apply for printed copies).
• From the South African Human Rights Commission, should it be filed with that body.

12. Contact Information

For any queries relating to this PAIA Manual, requests for access to records, or other information-related matters, please contact: