Content

1. Mission statement and nature of the business (Cloud Property Solutions)
2. Overview and Objectives of the manual
3. Information required under Section 51 (1) (a) of the Act
4. Description of guide referred to in Section 10
5. Records available in terms of other legislation
6. Records held by Cloud Property Solutions
7. Aspects pertaining to the protection of Personal Information Act
8. The recipients or categories of recipients to whom the personal information may be supplied
9. Planned transborder flows of personal information
10. Security measures to protect personal information
11. Party to ensure the confidentiality, integrity, and availability of the information which is to be processed
12. Rights of other stakeholders, under the protection of personal information act
13. Detail on how to make a request for access
14. Fees in respect of private bodies

Request for Access to Record of Private Body (Form C). To access this form, Click here

Mission statement and nature of the business (Cloud Property Solutions)

Cloud Property Solutions offers software and related services to the property industry under the historical brand names of DataTrac Software Solutions, Property Solutions Online and FinTrac Cloud Accounting, and currently Cloud Property Solutions.

Services offered are:

• Listings Management and CRM - to provide tailored solutions for database and CRM needs to enable easy management of client relationships with sellers, buyers, landlords, tenants, investors, etc.
• Website Designing - designing of websites facilitating a stylish and comprehensive online presence to showcase property listings.
• Listings Syndication - to publish property listings to the main property portals in South Africa and fetch leads therefrom as well as from client websites.
• Financial Accounting software - to manage the financial affairs irrespective of the industry of end users.
• Rentals Management software - to manage all the requirements of the rentals operations of the client covering tenant, landlord, and property management including banking data imports and automated payments processing together with comprehensive reporting thereon.
• Scheme Management software - to provide a Financial Accounting and Communications Management System that enables Sectional Title Managers and individual Self-managed Schemes to manage all the requirements of community schemes (bodies corporate and HOA's).
• Social Media marketing - to help boost clients' online presence and in so doing reach and connect with target markets.
• Domain and Email Services - to provide domain name registration/renewal services and email services coupled to domains.
• Bespoke Software Development - to design and develop customised web-based applications.

Overview and Objectives of the manual

The Promotion of Access to Information Act (PAIA) of 2000, as amended in accordance with the Protection of Personal Information Act (POPIA) of 2013, requires that all juristic entities maintain a PAIA / POPIA Manual.

PAIA gives effect to section 32 of the Constitution, which provides that everyone has the right to access information held by the State, as well as information held by another person (or private body) when such privately held information is required for the exercise and protection of rights.

More broadly, PAIA aims to underline the importance of access to information in a democratic society by fostering a culture of transparency and accountability. PAIA does this by requiring public (government) and private (non-government) bodies to create both a manual describing the type of records they hold and procedures for others to access that information.

PAIA also sets limits on the types of information that can be accessed i.e., information requested might not be granted under various circumstances.

This manual is compiled in accordance with Section 14 of PAIA and offers an outline of Cloud Property Solutions' information, which is accessible to the public. This includes:

• Structure, functions, and objectives
• Contact details
• The procedure for requesting information
• Information that is automatically available through CPS and its website
• Fees payable when requesting access to any of these records.

Information required under Section 51 (1) (a) of the Act

Description of guide referred to in Section 10

A Guide and been compiled in terms of Section 10 of PAIA by the South African Human Rights Commission (SAHRC). It contains information required by a person wishing to exercise any right, contemplated by PAIA. It is available in all the official languages.

The guide is available for inspection, inter alia, at the office of the offices of the Human Rights Commission at 29 Princess of Wales Terrace, corner York and St Andrews Street, Parktown, Johannesburg, Gauteng, and at www.sahrc.org.za

For further information, please contact the SAHRC:

Email: PAIA@sahrc.org.za

Postal address: Private Bag 2700, Houghton, 2041

Telephone: +27 11 877 3600

Fax: +27 11 403 0668

Website: www.sahrc.org.za

Records available in terms of other legislation

Records available in terms of other legislation are as follows:

1. Basic Conditions of Employment Act 75 of 1997
2. Companies Act 71 of 2008
3. Compensation for Occupational Injuries and Diseases
4. Consumer Affairs Act, Act No. 71 of 1988
5. Consumer Protection Act 68 of 2008
6. Copyright Act 98 of 1978
7. Credit Agreements Act, 75 of 1980
8. Electronic Communications Security Act of 2002
9. Electronic Communications Act No. 36 of 2005
10. Electronic Communications and Transactions Act, 25 of 2002, Section 15
11. Employment Equity Act 55 of 1998
12. Financial Intelligence Centre Act No. 38 of 2001
13. Income Tax Act 58 of 1962
14. Insolvency Act 24 of 1936
15. Transfer Duty Act No. 40 of 1949 Section 15(1)
16. Labour Relations Act 66 of 1995
17. Manpower Training Act 56 of 1981, Section 44(3)
18. National Credit Act No. 34 of 2005
19. Occupational Health and Safety Act 85 0F 1993
20. Prescription Act 68 of 1969, Section 11c
21. Prevention of Organised Crime Act 121 of 1998

Records held by Cloud Property Solutions

Aspects pertaining to the protection of Personal Information Act

The purpose of the informationprocessing:

Software developers such as CPS are required to process Personal Information, in order to give the necessary ongoing training support. The processing of Personal Information may be required, inter alia, to keep consistent contact with clients to ensure their understanding of the software which is constantly updated and developed to provide more fulfilling and effective function use of the software.

Categories of data subjects and information relating thereto:

• Parent Data Subject - Information relating to CPS including contractual agreements, policy documents, meeting agendas, meeting minutes, any correspondence related to CPS and its actions, reports of any nature prepared for CPS including financial statements and budget reports, any advice received by CPS, or any other such detail which exists as a function of its legal existence and relevant legal requirements.
• Current Clients - Information on current clients including contact details and use of CPS services which is needed by CPS in order to carry out its mandate of providing services itemised under para 1 of this PAIA manual.
• Previous Clients - These data subjects are previous clients of CPS who wish to retain contact with CPS in order to receive newsletters, re-establish business, etc. Information relating thereto includes:
  1. All static information such as names, ID number, date of birth, gender, etc.
  2. The information which enables CPS to retain contact and invite them to participate in CPS projects current and future software development.
  3. Contact information.
• CEO - This data subject is the appointed Head of CPS in accordance with the Companies Act of 2008. Information relating to this includes name, contact information, ID number, occupation, qualifications, and training attended.
• Employees - These data subjects are appointed by CPS to render training and support to Clients. Information relating to these data subjects includes name, citizenship, contact information, ID number, qualifications, experience, and training attended.
• Information Officer - This data subject is the officer appointed in accordance with PAIA. Information relating to this data subject includes name, citizenship, contact information, ID number, qualifications, and training attended.
• Professional Partners in Property - These data subjects are businesses who have entered into legal contracts with CPS for their services offered. Information relating to these institutions includes company details, responsible individuals, contractual agreements, contact information, or any other such information as required for the successful completion of the agreed collaboration between CPS and them.
• Service Providers - These data subjects are those parties who have been appointed by the Management of CPS with the intent to perform a necessary duty to fulfil company objectives and duties as contemplated in the Articles of Association of CPS. These parties perform necessary functions for CPS and, where applicable, are remunerated for their services and include the auditor, insurers and the necessary internet service providers in broad terms required by CPS to conduct its business. Information relating to these Service Providers includes company details, responsible individuals, contractual agreements, contact information, or any other such information as required for the successful completion of the agreed duties to be provided by them.

The recipients or categories of recipients to whom the personal information may be supplied

Recipients of Personal Information (both in relation to CPS and in relation to other individuals and organisations described above) may include:

Noting that all information supplied to the above parties is done so for a specific, explicitly defined, and lawful purpose related to a function or activity of CPS. CPS seeks to ensure that Personal Information is only shared with Business Partners and Service Providers to the extent necessary for the functions that they perform for the Company.

Planned transborder flows of personal information

In certain circumstances, there may be transborder flows of Personal Information. The most likely such circumstance is the storage of Personal Information on service provider servers that may be based outside of the Republic (e.g., cloud-based storage of information). In such cases, CPS requires the service providers to ensure that suitable security measures are in place and that the storage of such information accords with both South African data protection laws as well as any foreign laws which may apply. In all cases, CPS seeks to comply with the POPIA requirements relating to transborder data flows.

Security measures to protect personal information

• Physical security measures
  1. Access controls
  2. Home and mobile measures
  3. Internal security measures
  4. Cyber security measures
  5. Anti-spam measures
  6. Anti-virus measures
  7. Firewalls
  8. Password control
• Training in information security
  1. Selective training of key staff
• Training in information security
  1. Comprehensive coverage of all IT-related issues
  2. Popia training
• Audits of information security

Further measures to protect personal information

• CPS Professional Partners / Clients being owners of the business and their staff in various capacities - This information is stored on the CPS Server, in the main, but also for SMS and WhatsApp purposes on various staff private phones.
• In respect of Server storage, Professional Partners / Clients' client confidential information can only be accessed by the staff of CPS who are called Server Users, and therefore, have specific usernames and passwords, the latter being complex. Furthermore, we (CPS staff) control both the server and our access thereto directly.
• The same applies equally to all suppliers (all categories including Professional Advisors / Consultants) with whom CPS deal, i.e. all their information stored likewise on the Server and the same explanation above regarding protection of this data, applies.
• CPS Employee information is kept on the CEO's PC in a confidential directory that only he has access to.

Party to ensure the confidentiality, integrity, and availability of the information which is to be processed

Under Section 7D (2)(a), CPS may delegate functions and duties to other parties to ensure the successful completion thereof. The CEO obtains commitment from all such parties in respect of information security and concludes formal data security agreements with such parties to ensure that appropriate references to data confidentiality, integrity, and availability of information are included. Furthermore, all service provider agreements are expected to incorporate the principles related to the POPIA, declarations are required by all service providers in terms of whether any breaches were experienced, and all service providers are required to have suitable data protection policies and procedures in place.

Additionally, besides this manual, CPS has established the following policies:

• Communications policy
• Company Code of Conduct; and
• Confidentiality policy which outlines the required practices and processes of CPS and the standards to which CPS seeks to hold its service providers and others who may process personal information as referred to above.

Rights of other stakeholders, under the protection of personal information act

The rights of “data subjects” whose Personal Information is processed are set out in Section 5 of the POPIA and include the following:

• The right to be informed that your Personal Information is being collected and processed.
• The right to be notified of any “data breaches” (when your Personal Information falls into the hands of an unauthorised party).
• The right to be told what Personal Information is held for you.

Should you want more information on the Personal Information that CPS holds for you, or specific additional information on how CPS complies with the PAIA and POPIA (beyond what is set out in this manual), please contact the Information Officer.

Detail on how to make a request for access

The requester must complete Form C and submit this form together with a request fee, to CPS' Information Officer. The form must be submitted using any of the methods noted below:

Form of request:

• The requester must use the prescribed form, as attached in terms of Article 8 of this manual, to request access to a record. This must be made to the designated head. This request must be made to the electronic mail address of the body concerned [s 53(1)].
• The requester must provide sufficient detail on the request form to enable the designated head to identify the record and the requester.
• The requester should indicate which form of access is required.
• The requester should indicate if any other manner is to be used to inform the requester and state the necessary particulars to be so informed [s 53(2)(a) and (b) and (c)].
• The requester must identify the right that is sought to be exercised or to be protected and provide an explanation of why the requested record is required for the exercise or protection of that right [s 53(2)(d)].
• If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is requesting the satisfaction of the designated head of the private body [s 53(2)(f)].
• A requester who seeks access to a record containing personal information about that requester is not required to pay the request fee.
• Every other requester, who is not a personal requester, must pay the required request fee.
• The designated head of the private body must notify the requester (other than a personal requester) by notice, requiring the requester to pay the prescribed fee (if any) before further processing the request [s 54(1)].
• The fee that the requester must pay to a private body is currently R50,00. The requester may lodge an application to the court against the tender or payment of the request fees 54(3)(b)].
• After the designated head of the private body has decided on the request, the requester must be notified in the required form.
• If the request is granted then a further access fee must be paid for the search, reproduction, and preparation for any time that has exceeded the prescribed hours to search and prepare the record for disclosure [s 54(6)].

Grounds for refusing a request:

CPS has the right to reject any request for information submitted in terms of Section 62 to 70 of Chapter 4 of the PAIA Act.

Fees in respect of private bodies

The following is a breakdown of the fees structure for the purposes of determining the way fees relating to a request for access to a record of a private body are to be calculated:

Part III of Regulation 187 published in the Government Gazette on the 15 February 2002:

Request for Access to Record of Private Body (Form C). To access this form, Click here