Personal Data Policy in terms of the General Data Protection Rules (GDPR)

Download the PDF: GDPR – Personal Data Policy

Friedenskirche, Lutherische Kirche Stellenbosch/Somerset West (Friedenskirche) undertakes, as part of its church activities and in accordance with the legislation in force in Europe, to ensure the privacy, confidentiality and security of the personal data of the users of its services, as well as to respect their privacy. This Personal Data Policy defines the principles for the processing of the personal data that Friedenskirche, Lutherische Kirche Stellenbosch/Somerset West (Friedenskirche) collects from you, and which you provide to Evangelical Lutheran Church in South Africa, Cape Church (FRIEDENSKIRCHE ) on the registration page or that you yourself provide to Evangelical Lutheran Church in South Africa, Cape Church (FRIEDENSKIRCHE )

We invite you to read this Personal Data Policy carefully to understand FRIEDENSKIRCHE practices concerning the processing of your personal data. By using this application and/or by using the services offered by FRIEDENSKIRCHE you acknowledge having read the provisions of this Personal Data Policy (hereinafter the “Charter”), and you authorize us to collect, use and transfer your Personal Data and your User Data in accordance with these provisions. If you do not accept the terms of this Charter, you can decide not to use this application, and you must not communicate Personal Data on this application. This Charter forms an integral part of the Terms and Conditions of Use of the FRIEDENSKIRCHE Website. It is governed by European laws and must be interpreted in accordance with these laws.

ARTICLE 1 – DEFINITIONS

“Consent”: means the agreement of a user to add their email address to a Mailing List to receive email messages or emails from FRIEDENSKIRCHE and/or its partners. Consent is collected by a legal mechanism located on the registration page which states the disclaimer “By using this service, you agree to receive free helpful tips by email from the church and its partners. You have a right of access, modification, objection and deletion of this information.

“Personal data”: data directly or indirectly allowing the identification of the individuals to whom it applies, whose processing is carried out in any form whatsoever, by a natural person or a legal entity.

“Opt in”: personal data is designated opt-in that can be used by the entity that has collected it in order to send promotional or commercial messages to the person concerned.

ARTICLE 2 – COLLECTION OF PERSONAL DATA

FRIEDENSKIRCHE business activities require the submission of certain personalized information. The procedures for collecting and processing your personal data should accordingly respect certain fundamental rights in a spirit of loyalty and transparency. The information collected includes your name, title, address, telephone and/or fax number or email address and other similar information that you may submit when you send comments, ask questions or request information from FRIEDENSKIRCHE or after you have registered on the Website or have completed your user profile. This request for information is completely optional and you have the option to refuse to provide such information. However, in this case, FRIEDENSKIRCHE will not be able to respond to your request, or receive or process your registration on the Website or your user profile.

Your personal data is collected:

  • When you register on the Website,
  • When you make contact or communicate with us,
  • When you use or are billed for fee-based services,
  • When you agree to voluntarily participate or accept to subscribe to the FRIEDENSKIRCHE

    Newsletter.

    In case of dispute, FRIEDENSKIRCHE is also required to collect, as part of its management and for the proper use of its internet Website, the following impersonal data:

    • IP addresses with an indication of the time,
    • Cookies, local Flash data,
    • The type of browser, the operating system, the destination URL that directed you to our application, the date, time and the history of your use of our services.

FRIEDENSKIRCHE undertakes to:

Collect, process or store your personal data for the sole purpose of achieving specific, legitimate and relevant purposes for which you have given us your consent,

Keep your personal data for a period of time that is strictly in line with the purpose and the nature of our processing,

Ensure the confidentiality of your data by allowing its disclosure only to the recipients designated for its processing or, to the extent permitted or required by law, to comply with a legal, regulatory or judicial obligation or any other demand of a State authority, to detect, prevent or deal with fraudulent activities, security breaches or any technical problem, or to protect against imminent harm to the rights, property or security of FRIEDENSKIRCHE its users or the public,

Ensure your right to obtain information by responding to your questions about the processing of your data and by respecting your rights of access, correction, deletion or objection,

Keep you informed about technical measures taken to secure your personal data.
Date of Compilation: 30/06/2021 Date of Revision: 20/06/2022

ARTICLE 3 – IP ADDRESSES AND COOKIES

The FRIEDENSKIRCHE Web server automatically collects IP addresses and information relating to the use of this Website (as well as certain other information such as the type of browser used and operating system) from its users. FRIEDENSKIRCHE can also monitor the user’s use in order to measure the Website’s general activity, to analyze and make improvements to it and to disclose cumulative statistics on the number of users.

FRIEDENSKIRCHE may use cookies to record Website activity in order to manage it more effectively and to improve it for your use.

Cookies are small text files sent and stored in your computer that allow Web servers to recognize users’ habits, facilitate their access to Websites, and allow Websites to compile aggregate data that will improve the Website and its content. Cookies do not damage computers or files.

Cookies by themselves cannot be used to discover the user’s identity. If you do not want FRIEDENSKIRCHE to have access to the cookies, your web browser allows you to deny or disable the use of cookies by setting your browser accordingly. As every browser has different capabilities, please refer to the “Help” section in your browser for more information on how to deny or disable the use of cookies. However, please note that cookies may be necessary to allow FRIEDENSKIRCHE to function properly. In case of the Participant’s refusal of these cookies, FRIEDENSKIRCHE will not be able to guarantee the proper functioning of all of its Service’s features.

ARTICLE 4 – STORAGE AND PROCESSING OF DATA

Your data is processed in confidential ways and is not communicated to any third party without your consent. It is particularly possible that we may be required by law, in specific cases, to disclose your data to the authorities responsible for investigations. The transfer and disclosure of your data is carried out in accordance with the legislation in force.

Personal information collected on the Website may also be transferred to and stored in a country outside of the European Economic Area (“EEA”), for the purposes of data conservation and the operation and maintenance of the Website. These countries may not provide the same level of data protection as that conferred by the laws of your country. The transfer of data to countries not providing protection similar to that of your local law is protected by standard contractual clauses signed between FRIEDENSKIRCHE and the recipients of the data located in these countries. FRIEDENSKIRCHE will take all steps reasonably necessary to ensure that your data is processed securely and in accordance with this Personal Data Protection Charter. Unfortunately, the transmission of information via the Internet is not completely secure. Although FRIEDENSKIRCHE takes all reasonable precautions to protect your personal data, the security of data transmitted on the Website cannot be guaranteed and any transmission is at your own risk. Upon receipt of your information, FRIEDENSKIRCHE will use strict procedures and security features to try to prevent unauthorized access.

ARTICLE 5 – USE OF THE PERSONAL INFORMATION COLLECTED

The use of your data is also required for communication purposes in order to thus make a help service and support available that meets your expectations. Subject to your consent, we use your data to keep you regularly informed, by email only, about our news, events and special activities. In any case, FRIEDENSKIRCHE uses the personal identification information provided by you for the purposes for which you have provided it. FRIEDENSKIRCHE collects data when you open an FRIEDENSKIRCHE account, and when you use certain products and services. FRIEDENSKIRCHE may also receive personal information about you from its business partners, who must ensure that they are authorized to send it.

FRIEDENSKIRCHE may propose to its Participants or visitors to the Website their participation in loyalty programs, marketing or other activities taking place on a Website or a third party program. In this case, FRIEDENSKIRCHE is not responsible for the actions

or activities of such third parties and encourages its visitors to carefully consult the terms and conditions proposed by such third parties. FRIEDENSKIRCHE may also use personal identification information to transmit to third parties (such as marketing service suppliers) the metadata such as the user database and the usage patterns. Nevertheless, FRIEDENSKIRCHE will not sell or disclose the personal identification information provided by you to any third party outside of its related and partner companies, or its respective agents or consultants, who act in the name of or on behalf of FRIEDENSKIRCHE and are subject to confidentiality obligations.

In addition, FRIEDENSKIRCHE may share or transfer personal data in order to comply with laws or legal obligations, to establish or exercise rights recognized by law, or property rights, or to defend itself against legal redress, or in the case of a merger, acquisition, reorganization or a similar fact.

ARTICLE 6 – YOUR RIGHTS TO ACCESS AND CORRECT YOUR DATA

You have the right to exercise your right to object to FRIEDENSKIRCHE use of your personal data for commercial purposes. You can exercise your right in order to prevent this processing by checking certain boxes on the forms we use to collect your data. You can also exercise your right to object at any time by contacting FRIEDENSKIRCHE (see our contact details below).

FRIEDENSKIRCHE may at any time display links to or from the websites of our partners, advertisers and affiliated networks. If you follow a link to one of these websites, please note that these websites have their own Personal Data Protection Charters, and we disclaim any responsibility related thereto. Please consult these Personal Data Protection Charters before transmitting any personal data to these websites. In accordance with the GDPR, Participants registered on the Website have a right of objection, access and correction of such data (if the request for deletion of information concerns items necessary for the proper functioning of the Participant’s account, the account would be deleted).

Page | 4 Date of Compilation: 30/06/2021 Date of Revision: 20/06/2022

As a result, any Participant registered on FRIEDENSKIRCHE has the right to require that the information concerning him be corrected, supplemented, updated or deleted. This right may be exercised directly online on our website, or by mail via the contact address at the end of this policy

Any access request may be subject to a commission limited to the costs incurred to transmit to you the details of the information we hold concerning you.

ARTICLE 7 – PROTECTION OF CHILDREN

FRIEDENSKIRCHE users under the age of eighteen (18) are not allowed to disclose personal information or to use the public discussion areas without the consent of their parents or guardians.

If your children disclose personal data on FRIEDENSKIRCHE or on the public discussion areas, they may potentially receive unsolicited messages from third parties. Accordingly, you are responsible for making sure that they comply with the applicable Terms and Conditions of Use, warning them about sharing personal data and controlling their use of the Website. If you are worried about your children’s activities or respect for their confidentiality on our Websites, we encourage you to send us an email.

ARTICLE 8 – AMENDMENT TO THIS CHARTER

FRIEDENSKIRCHE may update this Personal Data Protection Charter at any time. FRIEDENSKIRCHE will notify you of significant changes regarding the processing of personal identification information by posting a notice on the FRIEDENSKIRCHE website . FRIEDENSKIRCHE encourages you to regularly consult this Personal Data Protection Charter. Amendments to this Charter will take effect immediately upon notification by any means, such as a message put online on the Website homepage, an email, or a postal letter.

However, changes to the purposes for the collection, use and disclosure of your personal data may be implemented only with your express permission, or only to the extent authorized or prescribed by law.

Contact Information

Questions, concerns or complaints related to FRIEDENSKIRCHE Privacy Policy or treatment of Personal Information should be directed to:

Pastor Felix Meylahn
Evangelical Lutheran Church in South Africa, Cape Church (FRIEDENSKIRCHE )

Office Telephone: +27 (0) 21 887 5030
Email: pastor@lutheranstellenbosch.co.za
Address: 26 Hofmeyr Street, Stellenbosch


WEBSITE PRIVACY POLICY

Download the PDF Website Privacy Policy

Our Commitment to Your Privacy

The Friedenskirche Lutheran Church Stellenbosch/Somerset West (Friedenskirche), “we” or “us) is committed to protecting your privacy. We value the trust of our Members and all others who work with us, and we recognise that maintaining your trust requires that we be transparent and accountable in how we handle your personal information. For that reason, we call our Privacy Policy and Practices “Our Commitment to Your Privacy.” This privacy policy is incorporated into and subject to the terms and conditions of the Friedenskirche

Terms of Use Agreement.

In performing our service as Friedenskirche we collect, use and disclose personal information. Anyone from whom we collect such information can expect that it will be carefully protected and that any use of or other dealing with this information is subject to consent. Our privacy practices are designed to achieve this.

The following Privacy Policy explains how we collect, use, disclose, and safeguard the personal information from Members.

Definitions

In this privacy policy Friedenskirche makes use of the following terms:

Friedenskirche” refers to The Friedenskirche Lutheran Church an independent Church entity.

“Personal Information” means all information which may be considered to be personal information or information about an identifiable individual and or existing juristic person (where applicable) in terms of the Electronic Communications and Transactions Act (“ECTA”), the Consumer Protection Act (“CPA”) and the Protection of Personal Information Act (POPIA).

“User, you or your” refers to any person who makes use of this website.

What Personal Information Do We Collect and Why?

We do not collect Personal information from the public but use our software to store data that include Personal information from our Members. This information is used to enhance your site experience and for our analytical purposes.

Obtaining Consent

We do not, except where otherwise permitted by law, collect, use or disclose your Personal Information without your consent.

Use and Disclosure of Personal Information

Friedenskirche conducts its business in accordance with South African legislation. Friedenskirche considers it imperative to protect the privacy interests of data subjects.

Retention of Personal Information

All Personal Information retained on the Friedenskirche database is in accordance with the retention provisions set out in the applicable Laws and regulations of South Africa.

Ensuring Your Personal Information is Correct and Accurate

You have a right to ensure that your Personal Information is accurate, complete and up-to-date.

Security

We have adopted an industry grade best of breed security model to protect your Personal Information. As part of our security model, we have implemented fire-wall technology, password controls, encryption processes, antivirus software as well as physical measures. We have a stringent security policy in place that every officer, employer and supplier of Friedenskirche must adhere to.

Cookies

Our site uses cookies in a limited way. Cookies are small files containing information that a website uses to track a visit. Both persistent and session cookies are used by many websites. However, Friedenskirche use cookies only to better understand how the Friedenskirche site is used, to make sure Friedenskirche information and dynamic content are served up to Members and visitors correctly, and to improve the performance of the Friedenskirche site for users, particularly the way search pages are delivered. Cookies do not remain on your computer at the end of your visit and cannot be used to obtain any personally identifiable details.

Third-Party Sites

The Friedenskirche website may contain links to third party websites. If you follow a link to any of these websites, please note that these websites have their own terms and privacy policies and that we do not accept any responsibility or liability for them. By registering at HLC you may receive follow-up contact and offers from third party companies as you have agreed to do by accepting this Privacy Policy and, while Friedenskircheonly work with selected partners, Friedenskircheis not responsible for the services or representations of third parties.

Because Friedenskirche is not responsible for any representations or information or warranties or content on any website of any third party (including websites linked to this website or websites facilitated by Friedenskirche, Friedenskirche do not exercise control over third parties’ privacy policies and you should refer to the privacy policy of any such third party before given them any of your personal information.

Updating of Privacy Policy

Friedenskirche reserve the right, in Friedenskirche sole discretion to update, modify or amend (including without limitation, by the addition of new terms and conditions) this Privacy Policy from time to time with or without notice. You therefore agree to review the Privacy Policy whenever you visit the Friedenskirche website for any such change. Save as expressly provided to the contrary in this Privacy Policy, the amended version of the Privacy Policy shall supersede and replace all previous versions thereof.

Please check our site on an on-going basis or contact the Friedenskirche for the most up-to-date information on Friedenskirche privacy practices.

Contact Information

Questions, concerns or complaints related to Friedenskirche Privacy Policy or treatment of Personal Information should be directed to:

Pator Felix Meylahn

Friedenskirche Lutheran Church Stellenbosch/Somerset West

Office Telephone: 021 887 6456

Email: pastor@lutheranstellenbosch.co.za

Address: 26 Hofmeyr Street
Stellenbosch

Promotion of Access to Information Manual

Download the PDF Information Manual

This manual was prepared in accordance with:

sections 14 and 51 of the Promotion of Access to Information Act, 2000
(hereinafter referred to as PAIA)

to address the requirements of the Protection of Personal Information Act, 2013.
(hereinafter referred to as PoPIA)

This manual applies to:

Friedenskirche Lutheran Church Stellenbosch/Somerset West an independent church

(hereinafter referred to as Friedenskirche)

Policy Statement

It is Friedenskirche policy to conduct its operations in compliance with all legal and regulatory requirements. This Manual regulates access to information and records owned, held by or otherwise under the control of Friedenskirche and the release of any such information or records by any of Friedenskirche directors, officers, employees, agents or anyone acting on its behalf.

Application

This Manual applies to information and records owned, held by or otherwise under the control of Friedenskirche and the release of any such information or records.

Objective

The objectives of this Manual are to:

  • provide a non-exhaustive list of information, records and other details held by Friedenskirche
  • set out the requirements on how to request information in terms of PAIA and PoPIA as well as the grounds on which a request may be refused; and
  • define the manner and form in which a request for information must be submitted.

PAIA provides that a person may only request information in terms thereof if that information is required for the exercise or protection of a right. PoPIA provides that a Data Subject may, upon proof of identity, request the Responsible Party to confirm, free of charge, all the information it holds about the Data Subject and may request access to such information, including information about the identity of third parties who have or have had access to such information. PoPIA further provides that where the Data Subject is required to pay a fee for services provided to him/her/it the Responsible Party must provide the Data Subject with a written estimate of the payable amount before providing the service and may require that the requestor pay a deposit for all or part of the fee.

The capacity under which a Requester requests documentation/ information will determine the category he or she falls in. Please note that the Requester category has a bearing on the conditions of access to the information.

Requesters have been classified into four categories:

  1. a Personal Requester: requests information about himself/herself/itself.
  2. a Representative Requester: requests information relating to and on behalf of someone else.
  3. a Third-Party Requester: requests information about another person.
  4. a Public Body: requests information in the public interest.

Proof of identity is required to authenticate the request and the Requester. In view hereof, a Requester will be required to submit acceptable proof of identity such as a certified copy of their Identity Document or other legal form of identification

Contents

  1. Background to the Promotion of Access to Information Act [2 of 2000] 3
  2. Definitions
  3. Friedenskirche 2
  4. Purpose of the PAIA Manual 2
  5. Contact Details of the CEO of the Board [Section 51(1)(a)] 3
  6. The Information Officer [Section 51(1)(b)] 3
  7. Guide of SA Human Rights Commission [Section 51(1) (b)] 5
  8. The Latest Notice in Terms of Section 52(2) [Section 51(1)(c)]
  9. Subjects and Categories of Records Available only on Request to Access [Section 51(1)(e)] 6
  10. Records Available without a Request to Access in terms of PAIA 8
  11. Description of the Records which are available [Section51(1)(d)] 9
  12. Detail to Facilitate a Request for Access to a Record [Section 51(1)(e)] 10
  13. Refusal of Access to Records 11
  14. Remedies available when Friedenskirche Refuses a Request 12
  15. Access to Records held byFriedenskirche 13
  16. Prescribed Fees [Section 51(1)(f)] 14
  17. Reproduction Fee 14
  18. Decision
  19. Protection of Personal Information that is Processed by Friedenskirche 16
  20. Availability and Updating of the PAIA Manual 19

Appendix 1 Access Request Form 20

Appendix 2: Part 1 – Processing of Personal Information in Accordance with PoPIA

Appendix 2: Part 2 – Categories of Data Subjects and Personal Information relating thereto

Appendix 2: Part 3 – Recipients of Personal Information

Appendix 2: Part 4 – Cross border transfers of Personal Information

Appendix 2: Part 5 – Description of information security measures

Appendix 3: Objection to the Processing of Personal Information Form [Section 11(3)]

Appendix 4: Request for: Correction or

Deletion or

Destroying of Record of Personal Information Form [Section 24(1)] 25

  1. Background to the Promotion of Access to Information Act

The Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”) was enacted on 3 February 2000, giving effect to the constitutional right in terms of section 32 of the Bill of Rights contained in the Constitution of the Republic of South Africa 108 of 1996 (the “Constitution”) of access to any information held by the state and any information that is held by another person and that is required for the exercise or protection of any rights.

In terms of section 51 of PAIA, all Private Bodies are required to compile an Information Manual (“PAIA Manual”).

Where a request is made in terms of PAIA, the body to whom the request is made is obliged to release the information, subject to applicable legislative and / or regulatory requirements, except where PAIA expressly provides that the information may be adopted when requesting information from a public or private body.

  1. Definitions

The following words as shall bear the same meaning as under PoPIA as follows:

Consent means a voluntary, specific and informed expression of will in terms of which a DS agrees to the processing of PI relating to him or her.

Data Subject or DS means the person to whom personal information relates.

Minister means the Minister of Justice and Constitutional Development.

Personal information or PI means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person including:

  1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  2. information relating to the education or the medical, financial, criminal or employment history of the person;
  3. any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;
  4. the blood type or any other biometric information of the person;
  5. the personal opinions, views or preferences of the person;
  6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  7. the views or opinions of another individual about the person; and
  8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

Private body means a natural person who carries or has carried on any trade, business or profession in that capacity, a partnership or juristic person.

Processing means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:

  1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
  2. dissemination by means of transmission, distribution or making available in any other form; or
  3. merging, linking, as well as blocking, degradation, erasure or destruction of information.

Public body means any department or state or administration in the national, provincial or local sphere of government or functionary exercising public power.

Responsible Party or RP means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information.

  1. Friedenskirche

Friedenskirche is owned by Members as reflected in the register of Friedenskirche and as such Friedenskirche is bound by and adheres to Friedenskirche Privacy Commitments.

The Friedenskirche has the following objectives:

  • The Friedenskirche main object is to manage the affairs of the Friedenskirche in terms of legislation applicable to churches.
  • The Friedenskirche has as its mission and vision the intention to act according to the Will of God for the church and thus to serve the Lord as He dictates.
  • The Friedenskirche will operate at all times within the terms of the Constitution of the Friedenskirche.
  • The Friedenskirche will manage the collective interest of all members of the Friedenskirche
  • The Friedenskirche will generally do everything in its power to manage and maintain Friedenskirche for the benefit of its members.

This PAIA Manual of Friedenskirche is available at Friedenskirche premises:

26 Hofmeyr Street, Stellenbosch

  1. Purpose of the PAIA Manual

The purpose of PAIA is to promote the right of access to information, to foster a culture of transparency and accountability within Friedenskirche by giving the right to information that is required for the exercise or protection of any right and to actively promote a society in which the people of South Africa have effective access to information to enable them to exercise and protect their rights.

In order to promote effective governance of private bodies, it is necessary to ensure that everyone is empowered and educated to understand their rights in relation to public and private bodies. Section 9 of PAIA recognises that the right to access information cannot be unlimited and should be subject to justifiable limitations, including, but not limited to:

4.1 limitations aimed at the reasonable protection of privacy;

4.2 commercial confidentiality; and

4.3 effective, efficient and good governance;

and in a manner which balances that right with any other rights, including such rights contained in the Bill of Rights in the Constitution.

This PAIA Manual complies with the requirements of the guide mentioned in section 10 of PAIA and recognises that the Information Regulator, appointed from time to time, will be responsible to regulate compliance with PAIA and its regulations by private and public bodies.

  1. Contact Details of the HLC’s Pastor [Section 51(1)(a)]

Pastor:

Name and Surname Pastor Felix Meylahn
Registered Address 6 Vrede Street, Stellenbosch, 7600
Email – address pastor@lutheranstellenbosch.co.za
Telephone number 021 8876456
Website https://www.lutheranstellenbosch.co.za/
  1. The Information Officer [Section 51(1)(b)]


PAIA
prescribes the appointment of an Information Officer for public bodies where such Information Officer is responsible to, inter alia, assess request for access to information. The head of a private body fulfils such a function in terms of section 51.

HLC has opted to appoint an Information Officer and Deputy Information Officer to assess such a request for access to information as well as to oversee its required functions in terms of PAIA.

The Information Officer appointed in terms of PAIA also refers to the Information Officer as referred to in PoPIA. The Information Officer oversees the functions and responsibilities as required for in terms of both this Act as well as the duties and responsibilities in terms of section 55 of PoPIA. The Information Officer may appoint, where it is deemed necessary, Deputy Information Officers, as allowed in terms of section 17 of PAIA as well as section 56 of PoPIA. This is in order to render HLC as accessible as reasonable possible for requesters of its records and to ensure fulfilment of its obligations and responsibilities as prescribed in terms of section 55 of the PoPIA.

All request for information in terms of this Act must be addressed to the Information Officer.

Contact Details of the Information Officer of Friedenskirche:

Name and Surname Christa Ute Berghammer-Böhmer
Registered Address 7 Almeria Street, Paarl, 7646
Email – address info@lutheranstellenbosch.co.za
Telephone number 021 8633066
Website https://www.lutheranstellenbosch.co.za/
  1. Guide of SA Human Rights Commission [Section 51(1) (b)]

PAIA grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights. If a public body lodges a request, the public body must be acting in the public interest. Requests in terms of PAIA shall be made in accordance with the prescribed procedures, at the rates provided. The forms and tariff are dealt with in paragraphs 6 and 7 of PAIA. Requesters are referred to the Guide in terms of Section 10 of PAIA which has been compiled by the South African Human Rights Commission, which will contain information for the purposes of exercising Constitutional Rights. The

Guide is available from the SAHRC.

The contact details of the South African Human Rights Commission:

Physical Address: JD House 27 Stiemens Street Braamfontein Johannesburg 2001

Postal address: Private Bag 2700 Houghton 2041

Telephone: +27 (0) 11 877 3600

E mail paia@sahrc.org.za

Website: www.sahrc.org.za

  1. The Latest Notice in Terms of Section 52(2) (if any)[Section 51(1)(c)]

No notice has been published on the categories of records that are automatically available without a person having to request access in terms of Section 52(2) of PAIA.

  1. Subjects and Categories of Records Available only on Request to Access in Terms of PAIA

[Section 51(1) (e)]

9.1. Records held by Friedenskirche

For the purposes of this clause 9.1, Personnel refers to any person who works for, or provides services to, or on behalf of Friedenskirche and receives or is entitled to receive remuneration and any other person who assist in carrying out or conducting the business of Friedenskirche .This includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff, as well as contract workers.

This clause serves as a reference to the categories of information that HLC holds. The information is classified and grouped according to records relating to the following subjects and categories:

Subject Category
Companies Act Records All trust deeds

Documents of Incorporation

Index of names of Directors

Memorandum of Incorporation

Minutes of meetings of the Board of Directors

Minutes of meetings of Members

Proxy forms

Members Register

Statutory registers and/or records and/or documents

Special resolutions

Resolutions passed at General and Special meetings

Records relating to the appointment of:

Auditors

Directors

Prescribed Officer

Public Officer

Secretary

Accounting Records

Annual Financial Reports

Annual Financial Statements

Asset Registers

Bank Statements

Banking details and bank accounts

Banking Records

Debtors / Creditors statements and invoices

General ledgers and subsidiary ledgers

General reconciliation

Invoices

Paid Cheques

Policies and procedures

Rental Agreements

Tax Returns

Buyer Member details
Credit application information
Information and records provided by a third party
PR Advertising and promotional material

Risk Management and Audit Audit reports
Risk management frameworks Risk management plans

Safety, Health and Environment Complete Safety, Health and Environment Risk Assessment Environmental Managements Plans
Inquiries, inspections, examinations by environmental authorities

IT Computer / mobile device usage policy documentation Disaster recovery plans
Hardware asset registers
Information security policies/standards/procedures Information technology systems

User manuals
Information usage policy documentation Project implementation plans
Software licensing
System documentation and manuals

CSR CSR schedule of projects/record of organisations that receive funding
Reports, books, publications and general information related to CSR spend

Records and contracts of agreement with funded organisation

9.2. Note

The accessibility of the records may be subject to the grounds of refusal set out in this PAIA manual.

Amongst other, records deemed confidential on the part of a third party, will necessitate permission from the third party concerned, in addition to normal requirements, before HLC will consider access.

  1. Records Available without a Request to Access in terms of PAIA

10.1. Records of a public nature, typically those disclosed on the HLC website and in its various annual reports, may be accessed without the need to submit a formal application.

10.2. Other non-confidential records, such as statutory records maintained at CIPC, may also be accessed without the need to submit a formal application, however, please note that an appointment to view such records will still have to be made with the Information Officer.

  1. Description of the Records of the Body which are available in accordance with any other Legislation [Section 51(1) (d)]

11.1. Where applicable to its operations, HLC also retains records and documents in terms of the legislation below. Unless disclosure is prohibited in terms of legislation, regulations, contractual agreement or otherwise, records that are required to be made available in terms of these acts shall be made available for inspection by interested parties in terms of the requirements and conditions of PAIA; the below mentioned legislation and applicable internal policies and procedures, should such interested parties be entitled to such information.

A request to access must be done in accordance with the prescriptions of PAIA.

  1. Auditing Professions Act, No 26 of 2005
  2. Basic Conditions of Employment Act, No 75 of 1997
  3. Broad- Based Black Economic Empowerment Act, No 75 of 1997
  4. Business Act, No 71 of 1991
  5. Companies Act, No 71 of 2008
  6. Compensation for Occupational Injuries & Diseases Act, 130 of 1993
  7. Competition Act, No.71 of 2008
  8. Constitution of the Republic of South Africa 2008
  9. Copyright Act, No 98 of 1978
  10. Customs & Excise Act, 91 of 1964
  11. Electronic Communications Act, No 36 of 2005
  12. Electronic Communications and Transactions Act, No 25 of 2002
  13. Employment Equity Act, No 55 of 1998
  14. Financial Intelligence Centre Act, No 38 of 2001
  15. Identification Act, No. 68 of 1997
  16. Income Tax Act, No 58 of 1962
  17. Intellectual Property Laws Amendment Act, No 38 of 1997
  18. Labour Relations Act, No 66 of 1995
  19. Long Term Insurance Act, No 52 of 1998
  20. Occupational Health & Safety Act, No 85 of 1993
  21. Pension Funds Act, No 24 of 1956
  22. Prescription Act, No 68 of 1969
  23. Prevention of Organised Crime Act, No 121 of 1998
  24. Promotion of Access to Information Act, No 2 of 2000
  25. Protection of Personal Information Act, No. 4 of 2013
  26. Regulation of Interception of Communications and Provision of Communication-Related

Information Act 70 of 2002

  1. Revenue laws Second Amendment Act. No 61 of 2008
  2. Skills Development Levies Act No. 9 of 1999
  3. Short-term Insurance Act No. 53 of 1998
  4. Trust Property Control Act 57 of 1988
  5. Unemployment Insurance Contributions Act 4 of 2002
  6. Unemployment Insurance Act No. 30 of 1966
  7. Value Added Tax Act 89 of 1991

Although we have used Friedenskirche best endeavours to supply a list of applicable legislation, it is possible that this list may be incomplete. Whenever it comes to HLC’s attention that existing or new legislation allows a Requester access on a basis other than as set out in PAIA, Friedenskirche shall update the list accordingly. If a Requester believes that a right of access to a record exists in terms of other legislation

listed above or any other legislation, the Requester is required to indicate what legislative right the request is based on, to allow the Friedenskirche Information Officer the opportunity of considering the request in light thereof.

11.2. It is further recorded that the accessibility of documents and records may be subject to the grounds of refusal set out in this PAIA Manual.

  1. Detail to Facilitate a Request for Access to a Record of HLC [Section 51(1) (e)]

12.1 The requester must comply with all the procedural requirements contained in PAIA relating to the request for access to a record.

12.2 The requester must complete the prescribed form enclosed herewith, and submit same as well as payment of a request fee and a deposit (if applicable) to the Information Officer or the Deputy Information Officer at the postal or physical address, fax number or electronic mail address as noted in clause 5 above.

12.3 The prescribed from must be filled in with sufficient information to enable the Information Officer to identify:

12.3.1 the record or records requested; and

12.3.2 the identity of the requester.

12.4 The requester should indicate which form of access is required and specify a postal address or fax number or email of the requester in the Republic;

12.5 The requester must state that he/she requires the information in order to exercise or protect a right, and clearly state what the nature of the right is so to be exercised or protected. The requester must clearly specify why the record is necessary to exercise or protect such a right [section 53(2)(d)].

12.6 HLC will process the request within 30 (thirty) days, unless the requester has stated special reasons to the satisfaction of the Information Officer that circumstances dictate that the above time periods not be complied with.

12.7 The requester shall be advised whether access is granted or denied in writing. If, in addition, the requester requires the reasons for the decision in any other manner, the requester will be obliged to state which manner and the particulars required.

12.8 If a request is made on behalf of another person, then the requester must submit proof of the capacity in which the requester is making the request to the reasonable satisfaction of the Information Officer [section 53(2)(f)].

12.9 If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.

12.10 The requester must pay the prescribed fee, before any further processing can take place.

12.11 All information as listed in clause 12 herein should be provided and failing which the process will be delayed until the required information is provided. The prescribed time periods will not commence until the requester has furnished all the necessary and required information. The Information Officer shall sever a record, if possible, and grant only access to that portion requested and which is not prohibited from being disclosed.

  1. Refusal of Access to Records

13.1. Grounds to Refuse Access

A private body such as HLC is entitled to refuse a request for information.

13.1.1. The main grounds for HLC to refuse a request for information relates to the:

  1. mandatory protection of the privacy of a third party who is a natural person or a deceased a person [section 63] or a juristic person, as included in the Protection of Personal Information Act 4 of 2013, which would involve the unreasonable disclosure of personal information of that natural or juristic person;
  2. mandatory protection of personal information and for disclosure of any personal information to, in addition to any other legislative, regulatory or contractual agreements, comply with the provisions of the Protection of Personal Information Act 4 of 2013;
  3. mandatory protection of the commercial information of a third party [section 64] if the record contains:
  4. trade secrets of the third party;
  5. financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of that third party;

iii. information disclosed in confidence by a third party to HLC, if the disclosure could put that third party at a disadvantage in negotiations or commercial competition;

  1. mandatory protection of confidential information of third parties [section 65)] if it is protected in terms of any agreement;
  2. mandatory protection of the safety of individuals and the protection of property [section 66];
  3. mandatory protection of records which would be regarded as privileged in legal proceedings

[section 67].

13.1.2. The commercial activities [section 68] of a private body, such as HLC, which may include:

  1. trade secrets of HLC;
  2. financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of HLC;

iii. information which, if disclosed could put HLC at a disadvantage in negotiations or commercial competition;

  1. a computer program which is owned by HLC, and which is protected by copyright;
  2. the research information [section 69] of HLC or a third party, if its disclosure would disclose the identity of HLC, the researcher or the subject matter of the research and would place the research at a serious disadvantage.

13.1.3. Requests for information that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources shall be refused.

13.1.4. All requests for information will be assessed on their own merits and in accordance with the applicable legal principles and legislation.

13.1.5. If a requested record cannot be found or if the record does not exist, the HLC Information Officer shall, by way of an affidavit or affirmation, notify the requester that it is not possible to give access to the requested record. Such a notice will be regarded as a decision to refuse a request for access to the record concerned for the purpose of PAIA. If the record should later be found, the requester shall be given access to the record in the manner stipulated by the requester in the prescribed form, unless the HLC Information Officer refuses access to such record.

  1. Remedies Available When HLC Refuses a Request

14.1. Internal Remedies

HLC does not have internal appeal procedures. The decision made by the HLC Information Officer is final. Requesters will have to exercise such external remedies at their disposal if the request for information is refused, and the requestor is not satisfied with the answer supplied by the Friedenskirche Information Officer.

13.2. External Remedies

13.2.1. A requestor that is dissatisfied with the Information Officer’s refusal to disclose information, may within 30 (thirty) days of notification of the decision, may apply to a Court for relief.

13.2.2. A third party dissatisfied with the Friedenskirche Information Officer’s decision to grant a request for information, may within 30 (thirty) days of notification of the decision, apply to a Court for relief.

For purposes of PAIA, the Courts that have jurisdiction over these applications are the

Constitutional Court, the High Court or another court of similar status and a Magistrate’s Court designated by the Minister of Justice and Constitutional Development and which is presided over by a designated Magistrate.

  1. Access to Records Held by Friedenskirche

15.1. Prerequisites for Access by Personal/Other Requester

15.1.1. Records held by Friedenskirche may be accessed by requests only once the prerequisite requirements for access have been met.

15.1.2. A requester is any person making a request for access to a record of Friedenskirche

There are two types of requesters:

  1. Personal Requester
  2. A personal requester is a requester who is seeking access to a record containing

personal information about the requester.

  1. Friedenskirche will voluntarily provide the requested information, or give access to any record with regard to the requester’s personal information. The prescribed fee for reproduction of the information requested will be charged.
  2. Other Requester
  3. This requester (other than a personal requester) is entitled to request access to information on third parties.
  4. In considering such a request, Friedenskirche will adhere to the provisions of PAIA.

Section 71 of PAIA requires that the Friedenskirche Information Officer take all reasonable steps to inform a third party to whom the requested record relates of the request, informing him/her that he/she may make a written or oral representation to the Friedenskirche Information Officer why the request should be refused or, where required, give written consent for the disclosure of the Information.

  1. Friedenskirche is not obliged to voluntarily grant access to such records.

The requester must fulfil the prerequisite requirements, in accordance with the requirements of PAIA and as stipulated in Chapter 5; Part 3, including the payment of a request and access fee.

  1. Prescribed Fees [Section 51(1)(f)]

16.1. Fees Provided by PAIA

16.1.1. PAIA provides for two types of fees, namely:

  1. a request fee, which is a form of administration fee to be paid by all requesters except

personal requesters, before the request is considered and is not refundable; and

  1. an access fee, which is paid by all requesters in the event that a request for access is granted.

This fee is inclusive of costs involved by the private body in obtaining and preparing a record

for delivery to the requester.

16.1.2. When the request is received by the Friedenskirche Information Officer, such officer shall by notice require the requester, other than a personal requester, to pay the prescribed request fee, before further processing of the request [section 54(1)].

16.1.3. If the search for the record has been made and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the HLC Information Officer shall notify the requester to pay as a deposit the prescribed portion of the access fee which would be payable if the request is granted.

16.1.4. The Information Officer shall withhold a record until the requester has paid the fees as indicated below.

16.1.5. A requester whose request for access to a record has been granted, must pay an access fee that is calculated to include, where applicable, the request fee, the process fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available in the request form.

16.1.6. If a deposit has been paid in respect of a request for access, which is refused, then the Friedenskirche Information Officer concerned must repay the deposit to the requester.

  1. Reproduction Fee

Where Friedenskirche has voluntarily provided the Minister with a list of categories of records that will automatically be made available to any person requesting access thereto, the only charge that may be levied for obtaining such records, will be a fee for reproduction of the record in question.

Reproduction of Information Fees

Fees to be Charged

Information in an A-4 size page photocopy or part thereof R 1,10

A printed copy of an A4-size page or part thereof R 0,75

A copy in computer-readable format, for example:

Compact disc R 70,00

A transcription of visual images, in an A4-size page or part thereof R 40,00

A copy of visual images R 60,00

A transcription of an audio record for an A4-size page or part thereof R 20,00

A copy of an audio record R 30,00

Request Fees

Where a requester submits a request for access to information held by an institution on a person other than the requester himself/herself, a request fee in the amount of R50,00 is payable up-front before the institution will further process the request received.

Access Fees

An access fee is payable in all instances where a request for access to information is granted, except in those instances where payment of an access fee is specially excluded in terms of PAIA or an exclusion is determined by the Minister in terms of section 54(8).

The applicable access fees which will be payable are:

Access of Information Fees

Fees to be Charged

Information in an A-4 size page photocopy or part thereof R 1,10

A printed copy of an A4-size page or part thereof R 0,75

A copy in computer-readable format, for example:

Compact disc R 70,00

A transcription of visual images, in an A4-size page or part thereof R 40,00

A copy of visual images R 60,00

A transcription of an audio record for an A4-size page or part thereof R 20,00

A copy of an audio record * Per hour or part of an hour reasonably required for such search

Where a copy of a record needs to be posted a pre-postal fee is payable. R 30,00*

Deposits

Where Friedenskirche receives a request for access to information held on a person other than the requester himself/herself and the Friedenskirche Information Officer upon receipt of the request is of the opinion that the preparation of the required record of disclosure will take more than 6 (six) hours, a deposit is payable by the requester.

The amount of the deposit is equal to 1/3 (one third) of the amount of the applicable access fee.

Collection Fees

The initial “request fee” of R50,00 should be deposited into the bank account below and a copy of the deposit slip, application form and other correspondence / documents, forwarded to the Friedenskirche Information Officer via fax or email.

All fees are subject to change as allowed for in PAIA and as a consequence such escalations may not always be immediately available at the time of the request being made. Requesters shall be informed of any changes in the fees prior to making a payment.

  1. Decision

18.1. Time Allowed to Institution

18.1.1. Friedenskirche will, within 30 (thirty) days of receipt of the request, decide whether to grant or decline the request and give notice with reasons (if required) to that effect.

18.1.2. The 30 (thirty) day period within which Friedenskirche has to decide whether to grant or refuse the request, may be extended for a further period of not more than (30) thirty days if the request is for a large number of information, or the request requires a search for information held at another office of Friedenskirche and the information cannot reasonably be obtained within the original 30 (thirty) day period.

18.1.3. Friedenskirche will notify the requester in writing should an extension be sought.

  1. Protection of Personal Information that is Processed by Friedenskirche

19.1 Chapter 3 of PoPIA provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in PoPIA.

19.2 Friedenskirche needs Personal Information relating to both individual and juristic persons in order to carry out its business and organisational functions. The manner in which this information is Processed and the purpose for which it is Processed is determined by Friedenskirche Friedenskirche is accordingly a Responsible Party for the purposes of PoPIA and will ensure that the Personal Information of a Data Subject:

19.2.1 is processed lawfully, fairly and transparently. This includes the provision of appropriate information to Data Subjects when their data is collected by Friedenskirche, in the form of privacy or data collection notices. Friedenskirche must also have a legal basis (for example, consent) to process Personal Information;

19.2.2 is processed only for the purposes for which it was collected;

19.2.3 will not be processed for a secondary purpose unless that processing is compatible with the original purpose.

19.2.4 is adequate, relevant and not excessive for the purposes for which it was collected;

19.2.5 is accurate and kept up to date;

19.2.6 will not be kept for longer than necessary;

19.2.7 is processed in accordance with integrity and confidentiality principles; this includes physical and organisational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, used and communicated by Friedenskirche in order to protect against access and acquisition by unauthorised persons and accidental loss, destruction or damage;

19.2.8 is processed in accordance with the rights of Data Subjects, where applicable. Data Subjects have the right to:

(i) be notified that their Personal Information is being collected by Friedenskirche.

(ii) the Data Subject also has the right to be notified in the event of a data breach;

(iii) know whether Friedenskirche holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Manual;

(iv) request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;

(v) object to Friedenskirche use of their Personal Information and request the deletion of such Personal Information (deletion would be subject to Friedenskirche record keeping requirements);

(vi) object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications; and

(vii) complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged noncompliance with the protection of his, her or its personal information.

19.3. Purpose of the Processing of Personal Information by the Company

As outlined above, Personal Information may only be processed for a specific purpose. The purposes for which Friedenskirche processes or will process Personal Information is set out in Part 1 of Appendix 2 hereto.

19.4. Categories of Data Subjects and Personal Information / Special Personal Information relating thereto

As per section 1 of PoPIA, a Data Subject may either be a natural or a juristic person. Part 2 of Appendix 2 hereto sets out the various categories of Data Subjects that Friedenskirche Processes Personal Information on and the types of Personal Information relating thereto.

19.5. Recipients of Personal Information

Part 3 of Appendix 2 hereto outlines the recipients to whom Friedenskirche may provide a Data Subjects Personal Information to.

19.6. Cross-border flows of Personal Information

19.6.1. Section 72 of PoPIA provides that Personal Information may only be transferred out of the Republic of South Africa if the:

(i) recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws must be substantially similar to the Conditions for Lawful Processing as contained in PoPIA; or

(ii) Data Subject consents to the transfer of their Personal Information; or

(iii) transfer is necessary for the performance of a contractual obligation between the Data

Subject and the Responsible Party; or

(iv) transfer is necessary for the performance of a contractual obligation between the

Responsible Party and a third party, in the interests of the Data Subject; or

(v) the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to

obtain the consent of the Data Subject, and if it were, the Data Subject, would in all likelihood provide such consent.

19.6.2. Part 4 of Appendix 2 hereto sets out the planned cross-border transfers of Personal Information and the condition from above that applies thereto.

19.7. Description of information security measures to be implemented by Friedenskirche

Part 5 of Appendix 2 hereto sets out the types of security measures to implemented by Friedenskirche in order to ensure that Personal Information is respected and protected. A preliminary assessment of the suitability of the information security measures implemented or to be implemented by Friedenskirche may be conducted in order to ensure that the Personal Information that is processed by Friedenskirche is safeguarded and Processed in accordance with the Conditions for Lawful Processing.

19.8 Objection to the Processing of Personal Information by a Data Subject

Section 11(3) of PoPIA and regulation 2 of the PoPIA Regulations provides that a Data Subject may, at any time object to the Processing of his/her/its Personal Information in the prescribed form attached to this manual as Appendix 3 subject to exceptions contained in PoPIA.

19.9 Request for correction or deletion of Personal Information

Section 24 of PoPIA and regulation 3 of the PoPIA Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form attached as Appendix 4 to this Manual .

  1. Availability and Updating of the PAIA Manual

This PAIA Manual is made available in terms of Regulation Number R.187 of 15 February 2002.

Friedenskirche will update this PAIA Manual at such intervals as may be deemed necessary. This PAIA Manual of Friedenskirche is available to view at its premises and on its website.

Appendix 1: Request for Information (https://www.justice.gov.za/forms/paia/J750_paia_Form%20A.pdf)

Appendix 2: Part 1 – Processing of Personal Information in Accordance with PoPIA

For Stakeholders:

  1. Performing duties in terms of any agreement with stakeholders.
  2. Make, or assist in making, credit decisions about stakeholders.
  3. Operate and manage stakeholders’ accounts and manage any application, agreement or

correspondence stakeholders may have with Friedenskirche

  1. Communicating (including direct marketing) with stakeholders by email, SMS, letter, telephone or in any other way about Friedenskirche products and services, unless stakeholders indicate otherwise.
  2. To form a view of stakeholders as individuals and to identify, develop or improve products and services that may be of interest to stakeholders.
  3. Carrying out market research, business and statistical analysis.
  4. Performing other administrative and operational purposes including the testing of systems.
  5. Recovering any debt stakeholders may owe Friedenskirche
  6. Complying with the HLC’s regulatory and other obligations.
  7. Any other reasonably required purpose relating to the Friedenskirche business.

For prospective Stakeholders:

  1. Verifying and updating information.
  2. Pre-scoring.
  3. Direct marketing.
  4. Any other reasonably required purpose relating to the processing of a prospect’s personal information reasonably related to the Friedenskirche business.

For employees:

  1. The same purposes as for stakeholders (above)
  2. Verification of applicant employees’ information during recruitment process
  3. General matters relating to employees:
  4. Pension
  5. Medical aid

iii. Payroll

  1. Disciplinary action
  2. Training
  3. Any other reasonably required purpose relating to the employment or possible employment relationship.

For vendors /suppliers /other businesses:

  1. Verifying information and performing checks;
  2. Purposes relating to the agreement or business relationship or possible agreement or business relationships between the parties;
  3. Payment of invoices;
  4. Complying with the Friedenskirche regulatory and other obligations; and
  5. Any other reasonably required purpose relating to the Friedenskirche business.

Appendix 2: Part 2 – Categories of Data Subjects and Categories of Personal Information relating thereto

Personnel / Employees

  1. Name and contact details
  2. Identity number and identity documents including passports
  3. Employment history and references
  4. Banking and financial details
  5. Details of payments to third parties (deductions from salary)
  6. Employment contracts
  7. Employment equity plans
  8. Medical aid records
  9. Pension Fund records
  10. Remuneration/salary records
  11. Performance appraisals
  12. Disciplinary records
  13. Leave records
  14. Training records

Stakeholders and prospective stakeholders (which may include employees)

  1. Postal and/or street address
  2. title and name
  3. contact numbers and/or e-mail address
  4. ethnic group
  5. employment history
  6. age
  7. gender
  8. marital status
  9. nationality
  10. language
  11. financial information
  12. identity or passport number
  13. browsing habits and click patterns on Friedenskirche website.

Vendors /suppliers /other businesses:

  1. Name and contact details
  2. Identity and/or company information and directors’ information
  3. Banking and financial information
  4. Information about products or services
  5. Other information not specified, reasonably required to be processed for business operations

Appendix 2: Part 3 – Recipients of Personal Information

  1. Any firm, organisation or person that Friedenskirche uses to collect payments and recover debts or to provide a service on its behalf;
  2. Any firm, organisation or person that/who provides Friedenskirche with products or services;
  3. Any payment system Friedenskirche uses;
  4. Regulatory and governmental authorities or ombudsmen, or other authorities, including tax authorities, where Friedenskirche has a duty to share information;
  5. Third parties to whom payments are made on behalf of employees;
  6. Financial institutions from whom payments are received on behalf of data subjects;
  7. Any other operator not specified;
  8. Employees, contractors and temporary staff; and
  9. Agents.

Appendix 2: Part 4 – Cross border transfers of Personal Information

Personal Information may be transmitted trans-border to Friedenskirche stakeholder and suppliers in other countries, and Personal Information may be stored in data servers hosted outside South Africa, which may not have adequate data protection laws. Friedenskirche will endeavour to ensure that its dealers and suppliers will make all reasonable efforts to secure said data and Personal Information.

Appendix 2: Part 5 – Description of information security measures

Friedenskirche undertakes to institute and maintain the data protection measures to accomplish the following objectives outlined below. The details given are to be interpreted as examples of how to achieve an adequate data protection level for each objective. Friedenskirche may use alternative measures and adapt to technological security development, as needed, provided that the objectives are achieved.

  1. Access Control of Persons

Friedenskirche shall implement suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the data are processed.

  1. Data Media Control

Friedenskirche undertakes to implement suitable measures to prevent the unauthorized manipulation of media, including reading, copying, alteration or removal of the data media used by Friedenskirche and containing personal data of Members.

  1. Data Memory Control

Friedenskirche undertakes to implement suitable measures to prevent unauthorized input into data memory and the unauthorised reading, alteration or deletion of stored data.

  1. User Control

Friedenskirche shall implement suitable measures to prevent its data processing systems from being used by unauthorised persons by means of data transmission equipment.

  1. Access Control to Data

Friedenskirche represents that the persons entitled to use Friedenskirche data processing system are only able to access the data within the scope and to the extent covered by their respective access permissions (authorisation).

  1. Transmission Control

Friedenskirche shall be obliged to enable the verification and tracing of the locations / destinations to which the personal information is transferred by utilization of Friedenskirche data communication equipment / devices.

  1. Transport Control

Friedenskirche shall implement suitable measures to prevent Personal Information from being read, copied, altered or deleted by unauthorized persons during the transmission thereof or during the transport of the data media.

  1. Organisation Control

Friedenskirche shall maintain its internal organisation in a manner that meets the requirements of this Manual.

Appendix 3:

Objection to the Processing of Personal Information in terms of Section 11(3) of PoPIA

Regulations Relating to The Protection of Personal Information, 2018

Note:

1 Affidavits or other documentary evidence as applicable in support of the objection may be attached.

2 If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.

3 Complete as is applicable

A Details of Data Subject

Unique Identifier/ Identity Number

Residential, postal or business address:

Contact number(s):

Fax number / E-mail address:

B

Details of Responsible Party

Name(s) and surname/ registered name of data subject:

Residential, postal or business address:

Contact number(s):

Fax number / E-mail address:

C

REASONS FOR OBJECTION IN

TERMS OF SECTION 11(1)(d) to (f)

(Please provide detailed reasons for

the objection)

Appendix 4:

Request for Correction or Deletion of Personal Information or Destroying or Deletion of Record of Personal Information in terms of Section 24(1) of the Protection of Personal Information Act, 2013 Regulations Relating to PoPIA [Regulation 3]

Note:

  1. Affidavits or other documentary evidence as applicable in support of the request may be

attached.

  1. If the space provided for in this Form is inadequate, submit information as an Annexure to this form and sign each page.
  2. Complete as is applicable.

Mark the appropriate box with an “x”.

Request for:

􀀀 Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party.

􀀀 Destroying or deletion of a record of personal information about the data subject which is in possession or under the control of the responsible party and who is no longer authorised to retain the record of information.

A Details of Data Subject

Name(s) and surname/ registered name of data subject:

Unique Identifier/ Identity Number

Residential, postal or business address:

Contact number(s):

Fax number / E-mail address:

B

Details of Responsible Party

Name(s) and surname/ registered name of data subject:

Residential, postal or business address:

Email:

Cell number:

Other contact number(s):

C

Reasons for Objection in Terms of Section 11(1)(D) to (F) (Please Provide Detailed Reasons for The Objection)

D

Reasons for *Correction or Deletion of the Personal Information about the Data Subject in

Terms of Section 24(1)(a) which is in Possession or Under the Control of the Responsible

Party; and or Reasons for *Destruction or Deletion of a Record of Personal Information about the Data Subject in Terms of Section 24(1)(b) which the Responsible Party is no longer Authorised to Retain. (Please Provide Detailed reasons for the request).