1.1. The Promotion of Access to Information Act No. 2 of 2000 as amended (“the Act”) intends to give effect to an individual’s constitutional right to access to information held by the state and information held by private bodies and that is required for the exercise or protection of any rights.
1.2. Upon request for information in terms of the Act, the state or private body is obliged to release the information, except where the Act expressly provides that the information must or may not be released.
1.3. The Promotion of Personal Information Act No. 4 OF 2013 (“POPIA”) was enacted to promote the protection of personal information of a data subject (including natural and juristic persons), which may be processed by public and private bodies. POPIA further promotes a data subjects right to access to personal information, right to correction of personal information and right to deletion of personal information held by public and private bodies.
1.4. The purpose of this Promotion of Access to Information Act Manual (“the Manual”) is:
1.4.1 to facilitate the request for access to records of the Company as provided for in the Act, as amended from time to time, and including the regulations promulgated in terms of the Act; and
1.4.2 to outline the personal information the Company may process, the purpose for processing the personal information and a data subjects rights as provided for in POPIA.
2. The Company
2.1. &Beyond is an award-winning luxury experiential travel company which tailor-makes exclusive safaris and tours in Africa, Asia and South America. The &Beyond ethos is care of the land, care of the wildlife and care of the people.
2.2. &Beyond operates offices in Johannesburg, Cape Town, Arusha, Maun, Nairobi, Miami, Delhi, Santiago, and Colombo in order to fulfil the administrative requirements of the Company.
3. Company information and contact details
3.1. Company Information:
Company Name: And Beyond South Africa Proprietary Limited
Registration Number: 1991/000918/07
Head of the Company: Mr. Hano Coetzee
164 Katherine Street,
Postal Address: Private Bag X27, Benmore, South Africa, 2010
Telephone Number: +27(0)11 809-4300
3.2 Information Officers:
Chief Information Officer: Mr. Jacques De Villiers
Telephone Number: +27(0)11 809-4425
Email Address: Jacques.firstname.lastname@example.org
4. The information regulator
4.1. The Information Regulator has made available a guide, as contemplated in section 10 of the Act, containing information to assist any person who wishes to exercise any right as contemplated in the Act and POPIA.
4.2. Please direct any enquires regarding the guide to:
4.2.1. The Information Regulator
27 Stiemens Street,
5. Categories of records held by the company
5.1. The following categories and subjects of records are held by the Company:
22.214.171.124. Secretarial records;
126.96.36.199. Minutes of management and staff meetings
188.8.131.52. Client / Guest lists/register;
184.108.40.206. Insurance contracts and policies
220.127.116.11. Delivery and collection sheets;
18.104.22.168. List of suppliers;
22.214.171.124. Brochures and publications;
126.96.36.199. Documents relating to public relation events;
188.8.131.52. Media releases.
184.108.40.206. Accounting records, books and documents;
220.127.116.11. Financial records and statements;
18.104.22.168. Audit reports;
22.214.171.124. Lists of creditors and debtors;
126.96.36.199. Bank facilities and bank account information;
188.8.131.52. Bank statements and other banking records;
184.108.40.206. Liabilities, overdrafts and other borrowing and commitments;
220.127.116.11. Stock records;
18.104.22.168. Asset registers and inventories;
22.214.171.124. Sales and fee/billing records;
126.96.36.199. Invoices in respect of creditors and debtors;
188.8.131.52. Tax returns and other documents and/or agreements relating to taxation.
5.1.3. Human Resources
184.108.40.206. Employment and other contracts with employees;
220.127.116.11. Personnel files incl. personal information, employment history and health records that the Company may hold from time to time;
18.104.22.168. Disciplinary records and other documentation pertaining to disciplinary procedures and proceedings of the Company;
22.214.171.124. Compensation and redundancy payments;
126.96.36.199. Employment equity plan;
188.8.131.52. Skills development program;
184.108.40.206. Training and development manuals and information;
220.127.116.11. General files containing information on employee remuneration and benefits, and employee recruitment and selection information.
5.1.4. Information Technology
18.104.22.168. Register of Hardware and Software;
22.214.171.124. Licence, maintenance, support and other agreements relating to the use by the company of any software and/or hardware
5.1.5. Immovable and Movable Property
126.96.36.199. Agreement(s) of Sale and Lease of Immovable Property;
188.8.131.52. Credit Agreements(s) in respect of office equipment;
184.108.40.206. Other agreements for the acquisition and sale of movable property.
220.127.116.11. Correspondence and memoranda to, from and within the Company;
18.104.22.168. Agreements to which the Company is a party including (where applicable) loan agreements, suretyships, security agreements, agreements with suppliers, confidentiality agreements;
22.214.171.124. Records/documents relating to legal proceedings involving the Company;
126.96.36.199. Documents concerning compliance by the Company, insofar as may be necessary, with legal obligations in terms of the Occupational Health and Safety Act No. 85 of 1993 and any other applicable environmental legislation.
5.2. The inclusion of any category or subject should not be construed as an indication that the Company holds any records falling within any subject or category or that such records will automatically be available under the Act. A request in terms of this section is subject to section 63(1) of the Act which provides that the head of a private body must refuse a request to a record of the company if the disclosure of the record would involve the unreasonable disclosure of personal information about a third party including a deceased individual.
6. Record available in accordance with South Africa Legislation
6.1. Basic Conditions of Employment Act No.75 of 1997;
6.2. Companies Act No. 71 of 2008;
6.3. Compensation of Occupational Injuries and Diseases Act No. 130 of 1993;
6.4. Currencies and Exchanges Act No. 9 of 1993;
6.5. Electronic Communications and Transactions Act No. 25 of 2002;
6.6. Employment Equity Act No. 55 of 1998;
6.7. Income Tax Act No. 58 of 1962;
6.8. Labour Relations Act No. 66 of 1995;
6.9. Occupational Health and Safety Act No. 85 of 1993;
6.10. Promotion of Access to Information Act No. 2 of 2000;
6.11. Prevention of Organised Crime Act No. 121 of 1998;
6.12. Skills development Levies Act No. 9 of 1999;
6.13. Trademarks Act No. 194.of 1993;
6.14. Unemployment Insurance Act No. 30 of 1966;
6.15. Value – Added Tax Act No. 89 of 1991;
6.16. The Consumer Protection Act No. 68 of 2008;
6.17. South African Reserve Bank Act No. 90 of 1989;
6.18. The Firearms Control Act No. 19 of 2000; and
6.19. The Protection of Personal Information Act No. 4 of 2013.
7. Request Procedures
7.1. The records held by the Company may be accessed on request and in accordance with the requirements as prescribed in the Act.
7.2. The requester must complete the prescribed form (Form 2) and submit same as well as payment of a request fee and deposit if applicable, to the Chief Information Officer at the physical or postal address or email address stated herein. The requester must complete the prescribed form to enable the Chief Information officer to identify:
7.2.1. the record or records being requested;
7.2.2. the identity of the requester;
7.2.3. which form of access is required (if the request is granted); and
7.2.4. the postal address or fax number of the requester.
7.3. A requester who is unable to complete the prescribed form as a result of illiteracy or disability may make a request to the Chief Information Officer orally.
7.4. The requester must identify the right that is sought to be exercised or to be protected and provide an explanation of why the requested record is required for the exercise or protection of that right.
7.5. If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is making the request to the satisfaction of the Chief Information Officer.
7.6. The Chief Information Officer will process a request received within 30 (thirty) days, unless the requester has stated special reasons which satisfies the Chief Information Officer that circumstances permit that the prescribed time period not be complied with.
7.7. The 30 (thirty) day period within which a Chief Information Officer has to consider whether to grant or deny the request, may be extended for a further period for a period of no longer than 30 (thirty) days in the event that the request is for a large quantity of information or if the request requires a search for information at another office of the Company. The requester will be informed in writing if the Chief Information Officer requires an extension of time to consider the request.
7.8. The Chief Information Officer shall inform the requester in writing or in another manner (when necessary), whether access to the records has been granted or denied by the Company.
8.1. A requester who seeks access to a record containing personal information about the requester is not required to pay the request fee. Every other requester, who is not a personal requester, must pay the required request fee in order for the Chief Information Officer to process the request.
8.2. The Chief Information Officer may withhold a record until the requester has paid the required request fee.
8.3. If the request is granted, the requester will be required to pay a further access fee for the search, reproduction, preparation and for any time that has exceeded the prescribed hours to search and prepare the record for disclosure.
9. Remedies if a request is denied
9.1. The Company currently does not have any internal appeal process for a requester to follow if a request is denied by the Chief Information Officer. The requester will have to seek external remedies if the requester is not satisfied with the decision of the Chief Information Officer.
9.2. A requester or a third party dissatisfied with the decision of the Chief Information Officer may apply to a competent court to enforce its rights as described in the Act.
10. Processing of personal information
10.1. The Company is committed to processing personal information of data subjects in accordance with POPIA. The Company processes personal information for various purposes, including but not limited to:
10.1.1. to facilitate bookings requested by its guests;
10.1.2. to maintain its guest records;
10.1.3. to facilitate bookings requested by its agents;
10.1.4. to maintain its agents records;
10.1.5. for employment purposes;
10.1.6. for administration and financial purposes;
10.1.7. for legal and contractual purposes;
10.1.8. to maintain suppliers records;
10.1.9. to maintain visitors records; and
10.1.10. for health and safety purposes.
10.2. The categories of data subjects and personal information processed by the Company
|Categories of Data Subjects||Personal Information that may be processed|
|Guests||Name, surname, identity number, passport number, address, email address, telephone number, banking details and medical information|
|Agents||Name, company registration number, address, email address, telephone number, VAT number and banking details|
|Suppliers/Service Providers||Name, company registration number, address, email address, telephone number, VAT number and banking details|
|Employees||Name, surname, identity number, passport number, address, email address, telephone number, banking details, medical information, qualifications and employment history|
|Visitors||Name, surname, identity number, passport number, email address and telephone number|
10.3. The Company may share the relevant and necessary personal information of data subjects as outlined in 10.2 above, with the following recipients:
10.3.1. it’s agents whom perform services on its behalf;
10.3.2. it’s suppliers/service providers whom perform services on its behalf;
10.3.3. it’s business partners whom perform services on its behalf; and
10.3.4. any government department which requires the personal information for regulatory purposes.
10.4. The Company has implemented various technical and organisational safety measures to ensure the confidentiality and integrity of the personal information which the Company processes, which technical and organisational safety measures include:
10.4.1. Cyber security measures; and
10.4.2. Physical security measures.
10.5. The Company will only transfer personal information of a data subject across South African borders if the transfer is required to facilitate a business transaction on behalf of the data subject.
10.6. A data subject may object the Company processing its personal information and/or request the Company to correct or delete its personal information. A data subject may address any objection and/or request to the Chief Information Officer.
11. Availability of the manual
The Manual is available for inspection at the Company’s offices (free of charge) at the physical address of the Company, as well as on the Company’s website and to the Information Regulator upon request.
12. Updating of the manual
The head of &Beyond will update the Manual on a regular basis.
13. Request form
A request for records of the Company must be submitted by a requester on the prescribed form which can be accesses via – https://inforegulator.org.za/paia-forms/
14. Promotion of access to information act manual updates
Mr. Hano Coetzee
Head of the Company
20 December 2021
Original signed document available for inspection upon request at the Company’s office.