By accessing and using the OneVault Pty Ltd website, you agree to be bound by the following terms:
OneVault • Intelligent Authentication Solutions
Promotion of Access to Information Act Manual
It’s about access
This manual applies to OneVault (Pty) Ltd with registration number: 2011/128265/07 (“OneVault”) and with registered address at: Unit 18, Skyview Retail Park, Strijdom Park, Randburg, Johannesburg, 2191.
Promotion of access to information policy: PAIA
This manual was prepared in accordance with section 51 of the Promotion of Access to Information Act No. 2 of 2000 (the “Act”) as well as to address requirements of the Protection of Personal Information Act No. 4 of 2013 (“POPI”). This manual is intended to assist persons wishing to access information, in terms of the Act, from OneVault .
The Act gives third parties (i.e., the public) the right to approach private bodies and the government to request information held by them, which is required to exercise and/or protection of any rights. On request, the private body or government is obliged to release such information unless the Act expressly states that the records containing such information may not be released. This manual informs requestors of procedural and other requirements which a request must meet as prescribed by the Act.
- Nature of business
OneVault offers various biometric authentication solutions in order to, amongst other things, allow clients to interact with the customers securely.
Contact details for access to information of OneVault
|Name of business||OneVault (Pty) Ltd|
|Head of private body||Paul Hutton (Director)|
|Information officer||Name: Paul Hutton
|Street address||Unit 18, Skyview Retail Park, Strijdom Park, Randburg, Johannesburg, 2191|
|Telephone number||087 310 5890|
- Guide on how to use PAIA and how to obtain access to the guide
A guide to the Act (as contemplated under section 10(1) of the Act) (the “Guide”) is available from the Information Regulator. The Act grants a requester access to records of a private body if the record is required for the exercise or protection of any right/s. The Guide contains such information as may reasonably be required by a person who wishes to exercise any right contemplated in the Act and/or POPIA.
Members of the public can inspect or make copies of the Guide from the office of the Information Regulator during normal working hours, the details of said office are: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 (firstname.lastname@example.org).
The Guide can also be obtained from the website of the Information Regulator (http://www.justice.gov.za/inforeg/).
A copy of the Guide is attached to this PAIA manual marked as Annexure “A”.
- Access to records held by OneVault
Records held by OneVault may be accessed on request only once the requirements for access have been met. A requester is any person making a request for access to a record of OneVault and in this regard, the Act distinguishes between two types of requesters:
- Personal Requester
A personal requester is a requester who is seeking access to a record containing personal information about the requester. Subject to the provisions of the Act and applicable law, OneVault will provide the requested information, or give access to any record with regard to the requester’s personal information. The prescribed fee for reproduction of the information requested will be charged by OneVault
- Other Requester
This requester (other than a personal requester) is entitled to request access to information pertaining to third parties. However, OneVault is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of the Act. The prescribed fee for reproduction of the information requested will be charged by OneVault.
- Request Procedure
A requester requiring access to information held by OneVault must complete the prescribed “Form 2” enclosed herewith in Annexure “B” (“Access Request Form”) and submit same as well as payment of a request fee and a deposit, if applicable, to the information officer at the postal or physical address, or electronic mail address stated herein.
In order to enable ourselves to provide a timely response to requests for access, all requesters should take note of the following when completing the Access Request Form:
- the Access Request Form must be completed in full;
- a full description of the records requested must be provided;
- Proof of Identity to authenticate the identity of the requester must be provided;
- the requester must state that they require the information in order to exercise or protect a right;
- the requester must clearly state the nature of the right to be exercised or protected; and
- they must specify why the record is necessary to exercise or protect such a right.
If a request is made on behalf of another person, then the requester must submit proof of the capacity in which the requester is making the request to the reasonable satisfaction of the information officer. If an individual is unable to complete the prescribed forms because of illiteracy or disability, such a person may make the request orally to the information officer.
On receipt of a duly completed Access Request Form, we will endeavour to notify you in writing within 30 days as to whether your request has been approved or declined. The 30 day period within which OneVault has to decide whether to grant or refuse a request, may be extended for a further period of not more than 30 days if the request is for a large quantity of information, or the request requires a search for information held at another site (other than the head office) and the information cannot reasonably be obtained within the original 30 day period. The information officer will notify the requester in writing should an extension be necessary.
The Act provides for two types of fees:
- A request fee,(a standard administration fee), which is paid by all requesters, (except for personal requesters), must be paid before the request can be considered. This fee is non-refundable; and
- An access fee, which is paid by all requesters after the request for access has been granted. This fee is calculated by taking into account reproduction costs, search and preparation time and cost, as well as postal costs where applicable.
If a search for the record is necessary and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the information officer shall notify the requester to pay as a deposit the prescribed portion of the access fee which would be payable if the request is granted.
The information officer shall withhold a record until the requester has paid the fee or fees as indicated. A requester whose request for access to a record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available in the request form. If a deposit has been paid in respect of a request for access, which is refused, then the information officer shall repay the deposit to the requester. Any fees or deposit payable by the requester shall be as detailed in Form “3” (marked as Annexure “C”).
- Decision and Outcome of Request
Once OneVault has processed the request, it will complete and return to the requester the prescribed “Form 3” (marked as Annexure “C”) detailing (i) whether the request has been approved or denied and the reasons therefor, (ii) the amount of the deposit (if any) payable by the requestor and (iii) any fees payable by the requester with regards to the request. For the avoidance of doubt, the requested record (or portion thereof) will only be released upon receipt of proof of full payment of any deposit and fees owing by the requester and detailed in this Form “3”.
- Categories of records held by OneVault : section 51(1)(E)
- Records Available Without Request
- PAIA Manual
- Other non-confidential records of OneVault , such as statutory records maintained at the CIPC
- Records Available Upon Request
- Companies Act 71 of 2008 (“Companies Act”) Records
- Documents of incorporation
- Minutes of board of directors meetings
- Records relating to the appointment of directors / auditor / secretary / public officer and other officers
- Written resolutions
- Share register and other statutory registers
- Other statutory records
- Financial Records
- Annual Financial Statements
- Tax Returns
- Accounting Records
- Banking Records
- Bank Statements
- Electronic banking records
- Asset Register
- Insurance Policies
- Tax Records
- Tax returns
- VAT Records
- PAYE Records
- Documents issued to employees for income tax purposes
- Records of payments made to SARS on behalf of employees
- Skills Development Levies
- Workmen’s Compensation
- Personnel Documents and Records
- List of Employees
- Employment contracts
- Medical Scheme Records (where applicable)
- Pension / Provident Fund Records (where applicable)
- Employment policies and procedures
- Any Internal Evaluations and Performance Reviews
- Disciplinary Codes and Records
- Training Records (where applicable)
- Any Personal Records provided by personnel
- Salary records
- Leave records
- Training records
- Other statutory records
- Client records
- Names/surnames of representatives/ contact persons
- Mobile number
- Email address
- Physical address
- Name and registration number of legal entity
- Communications and/or correspondence with clients
- Transactional Information (where applicable)
- Client contracts
- End Customer records
- Identity numbers/passport numbers
Any end customer records/information must requested by the end customer directly from the client.
- Processing of Personal Information in terms of POPIA
- Purpose of Processing
OneVault uses the Personal Information under its care in the following ways:
- providing software, solutions and services to clients
- manage employees
- process personal information of employees
- manage supplier contracts and merchant relationships
- market goods and services to clients and to prospective clients (with their consent)
- keeping of accounts and records
- complying with tax laws
- process customer requests or complaints
- enforce outstanding debts
- keep our customer records up to date
- for audit trail purposes
Categories of Data Subjects and their Personal Information
OneVault may process information relating to suppliers, shareholders, contractors service providers, staff and clients:
|Data Subject||Personal Information Processed|
|Clients||Names of contact persons; name of legal entity; physical and postal address and contact details; financial information (banking and/or payment details); registration number; founding documents/documents of incorporation; tax-related information; contracts; confidential correspondence; transactional information (where applicable); browsing habits via our websites visited; any other information not specified herein for the purposes of administration and business operations.|
|End customer||Identity numbers/passport numbers; biometrics|
|Partners/resellers||Names of contact persons; name of legal entity; physical and postal address and contact details; financial information (banking and/or payment details); registration number; tax-related information; authorised signatories, contracts, confidential correspondence; transactional information (where applicable); any other information not specified herein for the purposes of administration and business operations.|
|Contracted Service Providers||Names of contact persons; name of legal entity; physical and postal address and contact details; financial information (banking and/or payment details); registration number; tax-related information; authorised signatories, contracts, confidential correspondence; transactional information (where applicable); any other information not specified herein for the purposes of administration and business operations.|
|Employees/ Directors||Gender, pregnancy; marital status; colour, age, language, education information; financial information; employment history; identity/passport number; physical and postal address; contact details; opinions, criminal behaviour; well-being; contracts, confidential correspondence; any other information not specified herein for the purposes of administration and business operations.|
- Categories of Recipients for Processing the Personal Information
OneVault may supply the Personal Information to service providers who render the following services:
- Capturing and organising of data;
- Storing/hosting of data;
- Sending of emails and other correspondence to clients, service providers or partners;
- Collections and legal services;
- Conducting due diligence checks;
- Administration of any policies offered to OneVault employees.
- Actual or Planned Transborder Flows of Personal Information
Data/Personal Information may be transferred trans-border in order to provide certain agreed services to clients and to third party service providers who provide cloud hosting services.
- General Description of Information Security Measures
OneVault prioritizes robust information security measures to safeguard sensitive data, critical systems, and maintain the trust of stakeholders. OneVault employs technologies and protocols to ensure the confidentiality, integrity, and availability of its information assets. Key components of the information security measures include:
- Identity and access control
- Encryption (where possible)
- Data Backup & Recovery
- Continuity planning
- Physical Security measures
- Outsourced service providers who process Personal Information on behalf of OneVault are contracted to implement security controls.
- Remedies available if request for information is refused
- Internal Remedies
OneVault does not have internal appeal procedures. As such, the decision made by the information officer pertaining to a request is final, and requestors will have to exercise such external remedies at their disposal if a request is refused, and the requestor is not satisfied with the response provided by the information officer.
- External Remedies
A requestor that is dissatisfied with the information officer’s refusal to disclose information, may within 30 days of notification of the decision, apply to a court for relief. Likewise, a third party dissatisfied with the information officer’s decision to grant a request for information, may within 30 days of notification of the decision, apply to a court for relief. For purposes of the Act, courts that have jurisdiction over these applications are the Constitutional Court, the High Court or another court of similar status, including a Magistrate’s Court designated by the Minister of Justice and Constitutional Development and which is presided over by a designated Magistrate.
- Availability of the manual
The manual is available for inspection, on reasonable prior notice, at the office of OneVault free of charge as well as on the OneVault ’s website at www.onevault.co.za.
Last updated: 19 October 2023