A: PROTECTION OF PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2015 (AS APINDED)

INTRODUCTION

The Pule Inc. (PI) PO Privacy Policy (PPP) is a document designed to ensure that PI, as an Accountable Institution (AI); is compliant with legislation and that it is able to deal with any privacy concerns that may arise during the course and scope of its business as a law firm. The PPP is designed to ensure that the Protection of Personal Information Act  is given force and effect through the risk based approach adopted by PI. It is further designed to ensure that all employees at the institution are aware of, and able to implement, the various measures contained herein to know our clients, assess their financial status and apply the relevant legislation appropriately and satisfactorily.

PI is committed to protecting its clients’ privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with the applicable laws.

This policy sets out the manner in which PI deals with their clients’ personal information and stipulates the purpose for which said information is used. The PPP shall be made available at the company website www.puleinc.co.za and by request from Idah Mushi (idah@puleinc.co.za).

SCOPE AND DEFINITIONS

• All documents and electronic transactions generated within and/or received by PI.
• Definitions:
• Clients includes, but are not limited to, Directors, shareholders, debtors, creditors as well as affected personnel and/or departments related to PI.
• Confidential Information refers to all information or data disclosed to or obtained by PI by any means whatsoever and shall include, but not be limited to:
• financial information and records;
• Documents regarding legal personae;
• discussions relating to ongoing or past litigation
• discussions relating to advice given
• all other information including information relating to the structure, operations, processes, intentions, product information, know-how, trade secrets, market opportunities, customers and business affairs but excluding the exceptions listed in clause 4.1 hereunder.
  • Constitution: Constitution of the Republic of South Africa 108 of 1996.
  • Data: refers to electronic representations of information in any form.
  • Documents include books, records, pleadings, affidavits, accounts, printed letters, printed emails, printed company data, printed personal data, and any information which has been stored or recorded electronically, photographically, magnetically, mechanically or electro-mechanically, or in any other form.
  • ECTA: Electronic Communications and Transactions Act 25 of 2002.
  • Electronic communication refers to communications by means of data messages.
  • Electronic signature refers to data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature.
  • Electronic transactions include e-mails sent and received.
  • PAIA: Promotion of Access to Information Act 2 of 2000.
  • Data subject means the person to whom personal information relates.
  • Group undertakings means a controlling undertaking and its controlled undertakings.
  • Operator means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under direct control of that party.
  • Person means a natural or juristic person
  • Personal information means information relating to an identifiable, living, natural or juristic person including, but not limited to:

Information relating to race, gender, sex, pregnancy, martial status, nationality, ethnic or social origin, sexual orientation, age, physical or mental health, well being, disability, religion, conscience, belief, culture, language, and birth of the person;

Information relating to the education or medical, financial, criminal or employment history of the individual;

Any identifying number, symbol, email address, telephone number, location, biometric information, online identifier or other particular assignment of a person;

The personal onions, views or preferences of a person;

Correspondence sent by the person which would reveal the contents of the original correspondence;

The views or onions of another individual of the person;

The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

• Processing means any operation or activity or any set of operations whether or not by automatic means, concerning personal information, including-

The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;

Dissemination by means of transmission, distribution, or making available in any other form;

Merging, linking, as well as restriction, degradation, erasure or destruction of information.

• Responsible party means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.
• restriction means to withhold from circulation, use or publication any personal information that forms part of a filing system, but not to delete or destroy such information.
• public record means a record that is accessible in the public domain and which is in the possession of or under the control of a public body, whether or not it was created by that body.
• record means any recorded information;

1. Regardless of form or medium, including any of the following:
2. Writing on any material;
3. Information produced, recorded, or stored by means of any tape recorder, computer equipment, whether hardware, software or both, or other device, and any material subsequently divided from information so produced, recorded or stored;

• Label, marking or other writing that identifies or describes anything which it forms part of;

1. Book, plan, map, graph, or drawing;
2. Photograph, film, negative, tape or other device which one or more visual images are embodied so as to be capable of being reproduced;
3. In the possession or under the control of a responsible party, regardless of when it came into existence.
   • PO policy means personal information processing policies, which are adhered to by the business or operation within that group of undertakings when transferring personal information to a business or operator.

PERSONAL INFORMATION COLLECTED

Section 9 of PO states, “Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.”

PI collects and processes clients personal information pertaining to the clients needs. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Whenever possible, PI will inform the client as to the information required and the information deemed optional.

PI aims to have agreements in place with all product suppliers, insurers and third party service providers to ensure mutual understanding with regard to protection of the clients personal information and all suppliers will be subject to the same regulations applicable to PI.

With the clients consent, PI may also supplement the information provided with information PI receives from publicly available information and from other sources to ensure the clients legal needs are met.

For purposes of this policy, clients include potential and existing clients.

THE USAGE OF PERSONAL INFORMATION

The clients personal information will only be used for the purpose for which it was collected and agreed.

This may include:

• To provide accurate services and production to the data subject;
• To ensure accurate legal advice;
• To ensure that all documents contain the correct information;
• for the detection and prevention of fraud, crime, money laundering or other offences, including but not limited to all those contained in the Financial Intelligence Centre Act (FICA)
• For billing purposes;
• For audit and record keeng purposes;
• providing communication to clients about regulatory matters which may affect them;
• In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.

According to Section 10 of PO, personal information may only be processed if certain conditions, listed below are met along with supporting information for PI processing of Personal Information:

1. The client consents to the processing of the information- this consent will be obtained during the introductory appointment and needs analysis stage of the relationship;
2. The necessity of processing: in order to conduct an accurate analysis of the clients needs for purposes of legal advice;
3. Processing complies with an obligation imposed by law on PI;
4. Processing protects a legitimate interest of the client;

DISCLOSURE OF PERSONAL INFORMATION

PI may disclose a client’s personal information to any Advocate legitimately hired to Defend a client’s interests in court. In addition, third party platform suppliers of PI may require the information to process any IT platform maintenance work and for bookkeeping purpose. PI has a duty to ensure personal information is only used in terms of the processing limitations and. Any IT third party or bookkeeper will have an agreement in place with PI ensuring confidentiality.

PI may also disclose a clients information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary to protect PI’s rights.

SAFEGUARDING CLIENT INFORMATION

It is a requirement of PO to adequately protect personal information. PI will continuously review its security controls and processes to ensure that personal information is secure.

The following procedures are in place in order to protect personal information:

1.5.1 The PI Information Officer (IO) is Idah, whose details are available below and who is responsible for compliance with the conditions of lawful   processing of personal information and other provisions of PO.

1.5.2 This policy has been put in place at all PI offices and training on this policy and the PO Act has already taken place and will be conducted on an ongoing basis annually.

1.5.3 Each new employee will be required to sign an employment contract containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of PO.

1.5.4 Every employee currently employed by PI will be required to sign an addendum to their employment contract containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of PO.

1.5.5 PI archived information that is stored on site, shall only be accessible by authorised personnel.

1.5.6 Off site storage facilities will be required to sign a service level agreement guaranteeing their commitment to the protection of personal information; this shall be conducted as and when required.

1.5.7 All electronic files are backed up by PI’s IT service provider; which also provides system security that protects third party access. They are also responsible for electronic information security.

Consent to process client information is obtained from clients (or a person who has been given authorisation from the client to provide the clients personal information) during the introductory, appointment and needs based analysis stage of the relationship.

1.5.8 The Information Officer details are as follows:

Name: Idah Mushi

TEL: +27 11 482 1044

EMAIL: idah@puleinc.co.za

1.5.9 Head Office details are as follows:

TEL: +27 11 482 1044

ADDRESS: 29A Jan Smuts Avenue, Park Town, Johannesburg

EMAIL: info@puleinc.co.za

WEBSITE: www.puleinc.co.za

1.5.10 The Information Officer and deputies will encourage compliance with PO by the business and ensure lawful processing of information;

1.5.11 Deal with requests from the public.

1.5.12 Any power or duty conferred by PO on the Information Officer is bestowed upon the Deputy Information Officer

• ACCESS AND CORRECTION OF PERSONAL DATA

Clients have the right to access the personal information PI holds about them. Clients also have the right to ask PI to update, correct or delete their personal information on reasonable grounds. Once a client objects to the processing of their personal information, PI may no longer process said information. PI will take all reasonable steps to confirm its clients identity before providing details of their personal information or making changes to their personal information.

2. APINDPINTS TO THIS POLICY

Amendments to, or a review of this policy, will take place on an annual basis or as and when changes to applicable legislation takes place. Clients are advised to access PI’s website periodically to keep abreast of any changes. Where material changes take place, clients will be notified directly or changes will be stipulated on the PI website.

3. AVAILABILITY OF THE MANUAL

This manual is made available in terms of the regulations of PO. The manual is available on request at all material times at the offices of PI or by contacting the IO.

4. ACCOUNTABILITY

All personal information being processed by the business must be identified and processed lawfully. PI accepts that it exercises control over the information; even when such information is passed onto a third party for processing.

5. PROCESSING LIMITATION

All information will be process in a lawful and reasonable manner.

5.1 PI may not act unlawfully in collecting data.

5.2 All processing will be done in a reasonable manner; taking into account the interests and reasonable expectations of a data subject as well as the provisions of PO.

5.3 Personal information will only be processed in an adequate manner, where relevant and not excessively. As such, it will only be used for the purpose collected.

6. FURTHER PROCESSING LIMITATION

6.1 PI will take into account the purpose for which the data was collected originally, should further processing be required.

6.1.1 PI will take into account the purpose of the intended further processing and the purpose for which the information has been collected

6.1.2 The nature of the information concerned will also be taken into account;

6.1.3 The consequences for the data subject will be taken into account;

6.1.4 The manner in which the data was collected will be taken into account;

6.1.5 Any contractual rights or obligations will be taken into account.

6.2 Further processing will only take place if;

6.2.1 The data subject has consented to such;

6.2.2 The information is available in, or derived from, a public record or has deliberately been made public by the data subject;

6.2.3 Further processing is necessary to:

– Avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution or punishment of any offences;

– To comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue;

– For the conduct of any court or tribunal proceedings that have commence or are reasonably expected to commence;

– In the interests of national security

– If it is necessary to prevent or mitigate a serious and imminent threat to public health or public safety;

– The life or health of the data subject is in serious or imminent threat.

7. PROCESS SPECIFICATION

PI will only collect information for the purpose specified that is explicitly defined and lawful and which relates to the function or activity of the business.

8. INFORMATION QUALITY

8.1 PI will take reasonably practicable steps to ensure personal information is complete, accurate, not misleading and updated where necessary.

8.2 Information will be safeguarded to ensure the information remains in compliance with 8.1 above.

9. OPENNESS

9.1 PI will ensure it complies with Sections 14 and 51 of PAIA.

10. RECORDS THAT CANNOT BE FOUND

If PI searches for a record and it is believed that the record either does not exist or cannot be found, the requestor will be notified by way of an affidavit or affirmation. This will include the steps that were taken to locate the record.

11. THE PRESCRIBED FORM AND FEES

The prescribed forms and fees are available on the website of the Department of Justice and Constitutional Development at www.doj.gov.za under the PO section.

B: POLICY ON THE RETENTION AND CONFIDENTIALITY OF DOCUMENTS, INFORMATION AND ELECTRONIC TRANSACTIONS

1. PURPOSE

• To exercise effective control over the retention of documents and electronic transactions:
• as prescribed by legislation; and
• as dictated by business practice.
• Documents need to be retained in order to prove the existence of facts and to exercise rights PI may have. Documents are also necessary for defending legal action, for establishing what was said or done in relation to the business of PI and to minimize PI’s reputation risks.
• To ensure that PI’s interests are protected and that its and the clients rights to privacy and confidentiality are not breached.
• Queries may be referred to the IO in this regard.

2. ACCESS TO DOCUMENTS

• All company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances:
  • where disclosure is under compulsion of law;
  • where there is a duty to the public to disclose;
  • where the interests of PI require disclosure; and
  • where disclosure is made with the express or implied consent of the client.
• Disclosure to 3^rdparties:

All employees have a duty of confidentiality in relation to PI and to clients. In addition to the provisions of clause 4.1 above, the following are also applicable:

2.2.2 Requests for company information:

2.2.2.1 These are dealt with in terms of PAIA, which gives effect to the constitutional right of access to information held by the State or any person (natural or juristic) that is required for the exercise or protection of rights. Private bodies, like PI, must however refuse access to records if disclosure would constitute and action for breach of the duty of secrecy owed to a 3^rd party.

2.2.2.2 In terms hereof, requests must be made in writing on the prescribed form to the Information Officer in terms of PAIA. The requesting party has to state the reason for wanting the information and has to pay the prescribed fee.

2.2.2.3 PI’s manual in terms of PAIA, which contains the prescribed forms and details of the prescribed fees is available on www.puleinc.co.za.

2.2.3 Confidential company and/or business information may not be disclosed to third parties as this could constitute industrial espionage. The affairs of the company must be kept strictly confidential at all times.

• The company views any contravention of this policy very seriously and employees who are guilty of contravening the policy will be subject to disciplinary procedures, which may lead to penalties on the guilty party up to and including dismissal.

3. STORAGE OF DOCUMENTS

3.1 HARD COPIES

3.1.1 Documents are stored in an access controlled office and only authorised personnel have access to same. Off site archival storage will have a Service Level Agreement (SLA) preventing access to non-PI personnel put in place.

3.1.2 Companies Act 71 of 2008

With regard to the Companies Act 71 of 2008 and the Companies Amendment Act 3 of 2011, hard-copies of the documents mentioned below must be retained for 7 years:

• Any documents, accounts, books, writing, records or other information that a company is required to keep in terms of the Act;
• Notice and minutes of all shareholders meetings, including resolutions adopted and documents made available to holders of securities;
• Copies of reports presented at the annual general meeting of the company;
• Copies of annual financial statements required by the Act;
• Copies of accounting records as required by the Act;
• Record of directors and past directors, after the director has retired from the company.
• Written communication to holder of securities and
• Minutes and resolutions of directors’ meetings, audit committee and director committees.

Copies of the documents mentioned below must be retained indefinitely:

• Registration certificate;
• Memorandum of incorporation and alterations and amendments.
• Rules
• Securities registered and uncertified securities register;
• Register if company secretary and auditor and
• Regulated companies (companies to which chapter 5, part B, C and takeover regulations apply) – register of disclosure of person who holds beneficial interest equal to or in exceed of 5 % of the securities of that class issued.

 

3.1.3 consumer protection Act. No 68 of 2008

The consumer protection act seeks to promote a fair, accessible and sustainable marketplace and therefor requires a retention period of 3 years for information provided to a consumer by an intermediary such as:

• Full names, physical address, postal address and contact details.
• ID number and registration number.
• Contact details of the public officer in case of juristic person.
• Service rendered.
• Intermediary fee.
• Cost to be recovered from the consumer.
• Frequency of accounting to the consumer.
• Amounts, sums, values, charge, feed, remuneration specified in monetary terms.
• Disclosure in writing of a conflict of interest by the intermediary in relevance to goods or service to be provided.
• Records of advice.
• Records of advice furnished to the consumer reflecting the basis on which the advice was given.
• Written instruction sent by the intermediary to the consumer.
• Conducting a promotional competition refer to section 36 (11) (b) and regulation 11 of promotional competitions.
• Documents section 45 and regulation 31 for auction.

 

3.1.4 national Credit Act. No 34 of 2005

The national credit act aims to promote a fair and transparent credit industry which requires the retention of certain documents for a specified period.

Retention for 3 years from the earliest of the dated of which the registrant created, signed or received the document from the date of termination of the agreement or in case of an application for credit that is refused or not granted for any reason, from the date of receipt of the application which applies to the documents mentioned below:

Regulation 55 (1) (b):

• Records of registered activities such as an application for credit declined.
• Reasons for the decline of the application for credit.
• Pre – agreement statements and quotes.
• Documentation in support of the steps taken in terms of section 81 (2) of the Act.
• Records pf payments made.
• Documentation in support of steps taken after default by consumer.

Regulation 55 (1) (c) in respect of operation:

• Records of income, expenses and cash flow.
• Credit transaction flow.
• Management account and financial statements.

Regulation 55 (1) (d) with regard to the credit Bureau:

• All documents relating to the disputes, inclusive of but not limited to, documents from the consumer.
• Documents from the entity responsible for dispute information.
• Documents pertaining to the investigation of the dispute.
• Correspondence addressed to and received from source of information as set out in section 70 (2) of the act and regulation 18 (7) pertaining to the issues of the dispute.

Regulation 55 (1) (a) with regards to Debt counsellor:

• Application for debt review.
• Coes of all documents submitted by the consumer.
• Copy of rejection letter.
• Debt restructuring proposal.
• Copy of any order made by the tribunal and / or the court and copy of the clearance certificate.

Regulation 56 with regards to section 170 of the act:

• Application for credit.
• Credit agreement entered into with the consumer.

Regulation 17 (1) with regards to credit bureau information:

Documents with a requires retention period of the earlier of 10 years or a rehabilitation order being granted:

• Sequestrations
• Administration orders.

Documents with a required period of 5 years

• Rehabilitation order
• Payment profile.

Documents with a required retention period pf the earlier of 5 years or until Judgement is rescinded by the court or abandoned by the credit provider in terms of section 86 of the Magistrate’s Court Act No 32 of 1944:

• Civil court judgements

Documents with a required retention period of 2 years:

• Enquiries

Documents with the required retention of 1.5 years:

• Details and result of the dispute lodged by the consumers.

Documents with a required retention period of 1 year:

• Adverse information.

Documents with unlimited required retention period:

• Liquidation

Documents required to be retained until a clearance certificate is issued:

• Debt restructuring.

3.1.5 financial advisory and intermediary services Act. No 37 of 2002

Section 18 of the act requires a retention period of 5 years, except to the extent that it is exempted by the registrar for the below mentioned documents:

• Known premature cancellations of transactions or financial product of the provider by client.
• Complaints received together with as indicating whether or not any such complaint has been resolved.
• The continued compliance with this act and the reasons for such a non- compliance.
• And the continued compliance by representative with the requirement referred to in section 13 (1) and (2).

The general code of conduct for Authorized financial service provider and representative requires a retention period of 5 years for the below mentioned documents:

• Proper procedures to record verbal and written communication relating to a financial service rendered to a client as are contemplated in the act, this code pr any other code drafted in terms of section 15 of the Act.
• Store and retrieve such records and any other material documentation relating to the client and financial serves rendered to the client.
• And keep such client records and documentation safe from destruction.
• All such records must be kept for period after termination to the knowledge of the provider of the product concerned or any other case after the rendering of the financial service concerned.

3.1.6 financial intelligence centre Act No 38 of 2001

Section 22 and 23 of the acts require a retention of 5 years for the documents and records of the activities mentioned below:

• Whenever an accountable transaction is concluded with a client, the institution must keep records of the identity of the client.
• If the client is acting on behalf of another person, the identity of the person on whose behalf the client is acting and the client’s authority to act on behalf of the other person.
• If another person is acting on behalf of the client, the identity of that person and that other person’s authority to act of behalf of the client.
• The manner in which the identity of the persons referred to above was established.
• The nature of that business relationship or transaction.
• In case of a transaction, the amount involved and the parties to that transaction.
• All accounts that are involved in the transaction concluded by that accountable institution in the course of that business relationship and that single transaction.
• The name of the person who obtained the identity of the person transacting on behalf of the accountable institution.
• Any document or copy of a document obtained by the accountable institution.

The documents may also be kept in electronic format.

5.1.7 compensation for occupational injuries and diseases Act No 130 of 1993

Section 81 (1) and (2) of the compensation for occupational injuries and diseases act requires a retention period of 40 years for the documents mentioned below:

• Register, record or production of the earnings, time worked, payment for ece work and overtime and other prescribed particulars of all the employees.

Section 20 (2) documents with the requires retention period of 40 years:

• Health and safety committee recommendations made to an employed in terms of issues affecting the health of employees and any report made to an inspector in term of the recommendation.
• Records pf incident reports reported at work.

Asbestos regulation, 2001, regulation 16 (1) requires a retention period of a minimum 40 years for the documents mentioned below:

• Records of assessment and ait monitoring, and the asbestos inventory.
• Medical surveillance records.

Lead Regulations, 2001, Regulation 10:

• Records of assessments and air monitoring.

Medical surveillance records.

Noise – induced hearing los regulations, 2003, regulation 11:

• All records of assessment and noise monitoring.
• All medical surveillance records, including the baseline audiogram of every employee.

Hazardous Chemical Substance regulations, 1995, regulation 9 requires a retention period of 40 years for the documents mentioned below:

• Records of assessment and air monitoring.
• Medical surveillance records.

3.1.8 Basic conditions of employment Act No. 75 of 1997

The basic conditions of employment act require a retention of 3 years for the documents mentioned below:

Section 29 (4):

• Written particulars of an employee after termination of employment.

Section 31: employment equity Act No. 55 of 1998

Section 26 and general administrative regulations, 2009, regulation 3 (2) requires a retention period of 3 years for the documents mentioned below:

• Records in respect of the company workforce, employment equity plan and other records relevant to compliance with the Act.

Section 21 and regulation 4(10) and (11) requires a retention of a period of 3 years for the report which is sent to the director general as indicated in the act.

3.1.10 labour relations Act No 66 of 1995

3.1.11 section 53 (4), and 99 requires a retention period of 3 years for the documents mentioned below:

• The bargaining council must retain books of account, supporting vouchers, income and expenditure statements, balance sheets, auditor’s reports and minutes of the meetings.
• Registered trade Unions and registered employer’s organization must retain ballot papers.
• Records to be retained by the employer are the collective agreement and arbitration awards.

Section 99, 205 (3), schedule 8 of section 5 and schedule 3 of section 8 (a) require an indefinite retention period for the documents mentioned below:

• Registered trade unions and registered employer organizations must retain a list of its members.
• Records of each employees specifying the nature of any transgression, the actions taken by the employer and the reason for the actions.

The commission must retain books of accounts, records of income and expenditure, assets and liabilities.

3.1.12   Unemployment insurance Act. No 63 of 2002

The unemployment insurance Act, applies to all employees and employers except:

• Workers working less than 24 hours per month.
• Learners
• Public servants.
• Foreigners working on a contract basis.
• Workers who get monthly state (old age) pension.
• Workers who earn commission.

Section 56 (2) (c) requires a retention period of 5 years, from the date of submission, for the documents mentioned below:

• The income tax reference number of that employee.
• Any further prescribed information.
• Employer reconciliation return.

Schedule 6 paragraph 14 (a) – (d) requires a retention period of 5 years from the date of submission or 5 years from the end of the relevant tax year, depending on the type of transaction for documents pertaining to:

• Amounts received by that registered micro business during a year of assessment.
• Dividends declared by the registered micro business during a year of assessment.
• Each asset as at the end of the year of assessment with cost price of more than R10 000.
• Each liability as at the end of the year of assessment that exceeded R10 000.

3.1.15 value added Tax Act No. 89 of 1991:

Section 15 (9) 16 (2) and 55 (1) (a) of the Value added Tax Act and interpretation Note 31, 30 March requires a retention period of 5 years from the date of submission of the return for the documents mentioned below:

• where a vendor’s basis of accounting is changed the vendor shall prepare lists of debtors and creditors showing the amounts owing to the creditor at the end of tax period immediately preceding the changeover period.
• Importation of goods, bill of entry, other documents prescribed by the custom and excise act and proof that the Vat charge has been paid to SARS.
• Vendors are obliged to retain records of all goods and services, rate of tax applicable to the supply, list of suppliers or agents, invoices and tax invoices, credit and debit notes, bank statements, deposit slips, stock lists and paid cheques.
• Documentary proof substantiating the zero rating of suppliers.
• Where a tax invoice, credit and debit note, had been issued in relation to a supply by an agent or a bill of entry as described in the custom and excise act the agent shall maintain sufficient records to enable the name, address and VAT registration number of the principal to be ascertained.

3.2. ELECTRONIC STORAGE

3.2.1 the internal procedure requires that electronic storage of information:

Important documents and information must be referred to and discussed with IT who will arrange for the indexing, storage and retrieval thereof.

This will be done in conjunction with the departments concerned.

3.2.2  scanned documents: if documents are scanned,  the hard copy must be retained for as long as the information is used or for 1  year after the date of scanning , with the exception of documents pertaining to personnel ,  any document containing information of the written particulars od an employee, including : employee’s name and occupation ,  time worked by each employee, and date of birth of an employee under the age of 18 years;   must be retained for a period of 3  years after termination of employment.

3.2.3 section 51 of the electronic communications Act No. 25 of 2005 requires that personal information and the purpose for which the data was collected must be kept by the person who electronically requires, collects, collates, processes or store the information and record of any third party to whom the information was disclosed must be retained for a period of 1 year or for as long as the information is used.

It is also required that all personal information which has become obsolete must be destroyed.

4 DESTRUCTION OF DOCUMENTS

4.1 documents may be destroyed after the termination of the retention period specified in annexure A hereto.  Registration will request department to attend to the destruction of their documents and these requests shall be attended to as soon as possible.

4.2 each department is responsible for attending to the destruction of its documents, which must be done on a regular basis.  Files must be checked in order to make sure that they may be destroyed and also to ascertain if there are important original documents in the file.  Original documents must be returned to the holder thereof, failing which, they should be retained by the company pending such return.

4.3 after completion of the process in 6.2 above, the General manager of the department shall, in writing, authorise the removal and destruction of the document in the authorisation document.  These records will be retained by registration.

4.4 the documents are then made available for collection by the removal of the company’s documents, who will ensure that the documents are shredded before disposal. This also will help ensure confidentiality of information.

5.5 documents may also be stored off- site, in storage facilities approved by the company.