check the categories of records held by a body which are available without a person having to submit a formal PAIA request;
have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;
know the description of the records of the body which are available in accordance with any other legislation;
access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;
know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;
know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;
know the description of the categories of data subjects and of the information or categories of information relating thereto;
know the recipients or categories of recipients to whom the personal information may be supplied;
know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and
know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be

KEY CONTACT DETAILS FOR ACCESS TO INFORMATION OF SOLUMED

Chief Information Officer

Name: NORMAN HILTON KRETZMER

Tel: +27117192000

Email: normank@avantedge.co.za

Fax number: N/A

Deputy Information Officer (NB: if more than one Deputy Information Officer is designated, please provide the details of every Deputy Information Officer of the body designated in terms of section 17 (1) of PAIA.

Name: RAPHAEL SEGAL

Tel: +27117192000

Email: privacy@avantedge.co.za

Fax Number: N/A

Access to information general contacts

Email: privacy@avantedge.co.za

National or Head Office

Postal Address: Same as Physical Address

Physical Address: 70 Melville Road, Illovo Central Building, 6^th Floor

Telephone: +27117192000

Email: privacy@avantedge.co.za

Website: www.Solumed.co.za

GUIDE ON HOW TO USE PAIA AND HOW TO OBTAIN ACCESS TO THE GUIDE

The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.
The Guide is available in each of the official languages and in
The aforesaid Guide contains the description of-

the objects of PAIA and POPIA;
the postal and street address, phone and fax number and, if available, electronic mail address of-
the Information Officer of every public body, and
every Deputy Information Officer of every public and private body designated in terms of section 17(1) of PAIA[1] and section 56 of POPIA[2];
the manner and form of a request for-
access to a record of a public body contemplated in section 11[3]; and
access to a record of a private body contemplated in section 50[4];
the assistance available from the IO of a public body in terms of PAIA and POPIA;
the assistance available from the Regulator in terms of PAIA and POPIA;
all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging-
an internal appeal;
a complaint to the Regulator; and
an application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body;
the provisions of sections 14[5] and 51[6] requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual;
the provisions of sections 15[7] and 52[8] providing for the voluntary disclosure of categories of records by a public body and private body, respectively;
the notices issued in terms of sections 22[9] and 54[10] regarding fees to be paid in relation to requests for access; and
the regulations made in terms of section 92[11].Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.
The Guide can also be obtained-

upon request to the Information Officer;
from the website of the Regulator (https://www.justice.gov.za/inforeg/).
A copy of the Guide is also available in the following two official languages, for public inspection during normal office hours-

English

CATEGORIES OF RECORDS OF SOLUMED WHICH ARE AVAILABLE WITHOUT A PERSON HAVING TO REQUEST ACCESS

Category of records	Types of the Record	Available on Website	Available upon request
PAIA	PAIA Manuel	Yes
Disclaimer	Terms & Conditions	Yes
Privacy Documents	Privacy Policy	Yes

DESCRIPTION OF THE RECORDS OF SOLUMED WHICH ARE AVAILABLE IN ACCORDANCE WITH ANY OTHER LEGISLATION

Category of Records	Applicable Legislation
Memorandum of incorporation	Companies Act 71 of 2008
PAIA Manual	Promotion of Access to Information Act 2 of 2000

DESCRIPTION OF THE SUBJECTS ON WHICH SOLUMED HOLDS RECORDS AND CATEGORIES OF RECORDS HELD ON EACH SUBJECT BY SOLUMED

Subjects on which SOLUMED holds records	Categories of records
Customers from a commercial perspective — such as through sales or customer servicing activities	Name, surname, email address, cell phone number, ID number, employment history, education history, gender. social media account name, name, email address, phone number
Customers from an administrative perspective — such as through customer administration or customer credit activities
Debtors or creditors — such as through managing creditors’ books
Prospective customers — such as through advertising or direct marketing activities
Employees — such as through monitoring, payroll or training activities
Directors or shareholders — such as through company administration activities involving directors or shareholders
Vendors, contractors or other suppliers — such as through supply chain management
IT users — such as through IT support, data processing or other IT-related activities;
Prospective customers — such as through advertising or direct marketing activities
Customers from a commercial perspective — such as through sales or customer servicing activities
Customers from a commercial perspective — such as through sales or customer servicing activities. Vendors, contractors or other suppliers — such as through supply chain management

PROCESSING OF PERSONAL INFORMATION

Purpose of Processing Personal Information

Direct marketing of goods or services
Entering into a contract
Providing goods or services
Profiling
Paying employees
Law enforcement
Credit reporting
Entering into a contract
Historical, statistical or research
Providing goods or services
Providing medical services

Description of the categories of Data Subjects and of the information or categories of information relating thereto

Categories of Data Subjects	Personal Information that may be processed
Customers / Clients	name, address, registration numbers or identity numbers, employment status and bank details
Service Providers	names, registration number, vat numbers, address, trade secrets and bank details
Employees	address, qualifications, gender and race

The recipients or categories of recipients to whom the personal information may be supplied

Category of personal information	Recipients or Categories of Recipients to whom the personal information may be supplied
Identity number and names, for criminal checks	South African Police Services
Qualifications, for qualification verifications	South African Qualifications Authority
Credit and payment history, for credit information	Credit Bureaus

Planned transborder flows of personal information

Ireland
South Africa
India

General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information

Access control lists (subcontractors and third-parties)

Anti-virus protection, user access management, firewalls, data backup, internal awareness and training, internal policies and plans, user password management, need-to-know restrictions.

On the data centre side: Breach detection tools, intrusion detection tools, secure premises.

Email scanning, Mobile device management tools

Vendor risk management

Network authentication, Secure disposal, Regular software updates, Pseudonymization

Multi-factor authentication, penetration tests, anonymization, segmented access control, encryption.

Anti-virus protection, user access management, firewalls, data backup, internal awareness and training, internal policies and plans, user password management, need-to-know restrictions.

On the data centre side: Breach detection tools, intrusion detection tools, secure premises, data backup.
From the software side: Multi-factor authentication, penetration tests, anonymization, segmented access control, encryption.

Anti-virus protection, user access management, firewalls, internal awareness and training, internal policies and plans, user password management, need-to-know restrictions.
On the data centre side (the WebWindi data and product data are on our server on the cloud): Breach detection tools, intrusion detection tools, secure premises, data backup.
From the software side (WebWindi): Segmented access control.
From the software side (product): Multi-factor authentication, penetration tests, anonymization, segmented access control, encryption.

AVAILABILITY OF THE MANUAL

A copy of the Manual is available-

on Solumed.co.za , if any; head office of SOLUMED for public inspection during normal business hours;

to any person upon request and upon the payment of a reasonable prescribed fee; and

to the Information Regulator upon

A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be payable per each A4-size photocopy made.

UPDATING OF THE MANUAL

The head of SOLUMED will on a regular basis update this manual.

Issued by

RAPHAEL SEGAL (DPO)

[1] Section 17(1) of PAIA- For the purposes of PAIA, each public body must, subject to legislation governing the employment of personnel of the public body concerned, designate such number of persons as deputy information officers as are necessary to render the public body as accessible as reasonably possible for requesters of its records

[2] Section 56(a) of POPIA- Each public and private body must make provision, in the manner prescribed in section 17 of the Promotion of Access to Information Act, with the necessary changes, for the designation of such a number of persons, if any, as deputy information officers as is necessary to perform the duties and responsibilities as set out in section 55(1) of POPIA.

[3] Section 11(1) of PAIA- A requester must be given access to a record of a public body if that requester complies with all the procedural requirements in PAIA relating to a request for access to that record; and access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

[4] Section 50(1) of PAIA- A requester must be given access to any record of a private body if-

that record is required for the exercise or protection of any rights;
that person complies with the procedural requirements in PAIA relating to a request for access to that record; and
access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this

[5] Section 14(1) of PAIA- The information officer of a public body must, in at least three official languages, make available a manual containing information listed in paragraph 4 above.

[6] Section 51(1) of PAIA- The head of a private body must make available a manual containing the description of the information listed in paragraph 4 above.

[7] Section 15(1) of PAIA- The information officer of a public body, must make available in the prescribed manner a description of the categories of records of the public body that are automatically available without a person having to request access

[8] Section 52(1) of PAIA- The head of a private body may, on a voluntary basis, make available in the prescribed manner a description of the categories of records of the private body that are automatically available without a person having to request access

[9] Section 22(1) of PAIA- The information officer of a public body to whom a request for access is made, must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

[10] Section 54(1) of PAIA- The head of a private body to whom a request for access is made must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

[11] Section 92(1) of PAIA provides that –“The Minister may, by notice in the Gazette, make regulations regarding-

any matter which is required or permitted by this Act to be prescribed;
any matter relating to the fees contemplated in sections 22 and 54;
any notice required by this Act;
uniform criteria to be applied by the information officer of a public body when deciding which categories of records are to be made available in terms of section 15; and
any administrative or procedural matter necessary to give effect to the provisions of this ”

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.