Content

1. Mission statement and nature of the business (Cloud Property Solutions)
2. Overview and Objectives of the manual
3. Information required under Section 51 (1) (a) of Act
4. Description of HRC guide to PAIA referred to in Section 10
5. Records available in terms of other legislation
6. Records held by CPS
7. Aspects about the protection of Personal Information Act
8. The recipients or categories of recipients to whom the personal information may be supplied
9. Planned transborder flows of personal information
10. Security measures to protect personal information
11. Party to ensure the confidentiality, integrity, and availability of the information which is to be processed
12. Rights of other stakeholders, under the protection of personal information act
13. Detail on how to make a request for access to record
14. Fees in respect of private bodies

Form 2 - Regulation 7 - Request for access to records of Private Bodies - to access this form, Click here

Form 3 - Regulation 8 - Outcome of request and fees payable - to access this form, Click here

Mission statement and nature of the business

Cloud Property Solutions offers software and related services to the property industry under the historical brand names of DataTrac Software Solutions, Property Solutions Online and FinTrac Cloud Accounting, and currently, Cloud Property Solutions.

Services offered are:

• Listings Management and CRM – to provide tailored solutions for database and CRM needs to enable easy management of client relationships with sellers, buyers, landlords, tenants, investors, etc.
• Website Designing – designing of websites, facilitating a stylish and comprehensive online presence to showcase property listings
• Listings Syndication – to publish property listings to the main property portals in South Africa and fetch leads therefrom, as well as from client websites.
• Financial Accounting software – to manage financial affairs irrespective of the industry of end users.
• Rentals Management software – to manage all the requirements of the rentals operations of the client, covering tenant, landlord, and property management, including banking data imports and automated payment processing, together with comprehensive reporting thereof.
• Scheme Management software – to provide a Financial Accounting and Communications Management System that enables Sectional Title Managers and individual Self-managed Schemes to manage all the requirements of community schemes (bodies corporate and HOAs).
• Social Media Marketing – to help boost clients’ online presence and, in so doing, reach and connect with target markets.
• Domain and Email Services – to provide domain name registration/renewal services and email services coupled with domains.
• Bespoke Software Development – to design and develop customised web-based applications.

Overview and Objectives of the manual

The Promotion of Access to Information Act (PAIA) of 2000, as amended in accordance with the Protection of Personal Information Act (POPIA) of 2013, requires that all juristic entities maintain a PAIA / POPIA Manual.

PAIA gives effect to section 32 of the Constitution, which provides that everyone has the right to access information held by the State and information held by another person (or private body) when such privately held information is required for the exercise and protection of rights.

More broadly, PAIA aims to underline the importance of access to information in a democratic society by fostering a culture of transparency and accountability. PAIA does this by requiring public (government) and private (non-government) bodies to create both a manual describing the type of records they hold and procedures for others to access that information.

PAIA also limits the types of information that can be accessed, i.e., information requested might not be granted under various circumstances.

This manual is compiled in accordance with Section 14 of PAIA and offers an outline of Cloud Property Solutions’ information, which is accessible to the public. This includes:

• Structure, functions, and objectives
• Contact details
• The procedure for requesting information
• Information that is automatically available through CPS and its website
• Fees payable when requesting access to any of these records.

Information required under Section 51 (1) (a) of the Act

Description of Human Rights Commission guide to PAIA referred to in Section 10

A Guide has been compiled in terms of Section 10 of PAIA by the South African Human Rights Commission (SAHRC). It contains information required by a person wishing to exercise any right contemplated by PAIA. It is available in all official languages.

The guide is available for inspection, inter alia, at the office of the Human Rights Commission at 29 Princess of Wales Terrace, corner York and St Andrews Street, Parktown, Johannesburg, Gauteng, and at www.sahrc.org.za

For further information, please contact the SAHRC:

Email: PAIA@sahrc.org.za

Postal address: Private Bag 2700, Houghton, 2041

Telephone: +27 11 877 3600

Fax: +27 11 403 0668

Website: www.sahrc.org.za

Records available in terms of other legislation

Records available in terms of other legislation are as follows:

1. Basic Conditions of Employment Act 75 of 1997
2. Companies Act 71 of 2008
3. Compensation for Occupational Injuries and Diseases
4. Consumer Affairs Act, Act No. 71 of 1988
5. Consumer Protection Act 68 of 2008
6. Copyright Act 98 of 1978
7. Credit Agreements Act, 75 of 1980
8. Electronic Communications Security Act of 2002
9. Electronic Communications Act No. 36 of 2005
10. Electronic Communications and Transactions Act, 25 of 2002, Section 15
11. Employment Equity Act 55 of 1998
12. Financial Intelligence Centre Act No. 38 of 2001
13. Income Tax Act 58 of 1962
14. Insolvency Act 24 of 1936
15. Transfer Duty Act No. 40 of 1949 Section 15(1)
16. Labour Relations Act 66 of 1995
17. Manpower Training Act 56 of 1981, Section 44(3)
18. National Credit Act No. 34 of 2005
19. Occupational Health and Safety Act 85 0F 1993
20. Prescription Act 68 of 1969, Section 11c
21. Prevention of Organised Crime Act 121 of 1998

Records held by CPS

Aspects about the protection of personal information act:

The purpose of the information processing:

Software developers, such as CPS, are required to handle personal information to provide essential ongoing training support to their clients. This processing of personal information is necessary, among other reasons, to maintain communication with clients and ensure they understand the software. The software is continuously updated and developed to enhance its effectiveness and usability for clients.

Categories of data subjects and information relating thereto:

• Parent Data Subject - Information relating to CPS including contractual agreements, policy documents, meeting agendas, meeting minutes, any correspondence related to CPS and its actions, reports of any nature prepared for CPS including financial statements and budget reports, any advice received by CPS, or any other such detail which exists as a function of its legal existence and relevant legal requirements.
• Current Clients - Details on current clients, including contact information and usage of CPS services, are necessary for CPS to fulfil its mandate as outlined in paragraph 1 of this PAIA manual.
• Previous Clients - These data subjects are previous clients of CPS who wish to retain contact with CPS to receive newsletters, re-establish business, etc. Information relating thereto includes:
  1. All static information such as names, ID numbers, date of birth, gender, etc.
  2. The information which enables CPS to retain contact and invite them to participate in CPS projects' current and future software development.
  3. Contact information.
• CEO - This data subject is the appointed Head of CPS in accordance with the Companies Act of 2008. Information relating to this includes name, contact information, ID number, occupation, qualifications, and training attended.
• Employees - These data subjects are appointed by CPS to render training and support to Clients. Information relating to these data subjects includes name, citizenship, contact information, ID number, qualifications, experience, and training attended.
• Information Officer - This data subject is the officer appointed in accordance with PAIA. Information relating to this data subject includes name, citizenship, contact information, ID number, qualifications, and training attended.
• Professional Partners in Property – These data subjects are businesses that have entered into legal contracts with CPS for their services offered. Information relating to these institutions includes company details, responsible individuals, contractual agreements, contact information, and any other such information as required for the successful completion of the agreed collaboration between CPS and them.
• Service Providers - These data subjects are those parties who have been appointed by the Management of CPS with the intent to perform a necessary duty to fulfil company objectives and duties as contemplated in the Articles of Association of CPS. These parties perform necessary functions for CPS and, where applicable, are remunerated for their services and include the auditor, insurers, and the necessary internet service providers in broad terms required by CPS to conduct its business. Information relating to these Service Providers includes company details, responsible individuals, contractual agreements, contact information, and any other such information as required for the successful completion of the agreed duties to be provided by them.

The recipients or categories of recipients to whom the personal information may be supplied

Recipients of Personal Information (both in relation to CPS and in relation to other individuals and organisations described above) may include:

• CPS
• Professional Partners/Clients
• Employees
• Information Officer
• Service Providers as described above

All information provided to the parties mentioned above is shared for a specific, clearly defined, and lawful purpose related to a function or activity of CPS. CPS is committed to ensuring that Personal Information is shared with Business Partners and Service Providers only to the extent necessary for the functions they perform on behalf of the Company.

Planned transborder flows of personal information

In certain situations, there may be transborder flows of Personal Information. The most common scenario involves storing Personal Information on service provider servers that may be located outside of South Africa, such as in cloud-based storage systems. In these cases, CPS requires service providers to implement appropriate security measures and ensure that the storage of this information complies with both South African data protection laws and any applicable foreign laws. CPS is committed to adhering to the POPIA requirements related to transborder data flows in all instances.

Security measures to protect personal information

• Physical security measures
  • Access controls
  • Home and mobile measures
  • Internal security measures
  • Cyber security measures
  • Anti-spam measures
  • Anti-virus measures
  • Firewalls
  • Password control
• Training in information security
  • Selective training of key staff
  • Comprehensive coverage of all IT-related issues
  • Popia training
• Audits of information security

Further measures are in place to protect personal information.

• CPS Professional Partners / Clients being owners of the business and their staff in various capacities – This information is stored on the CPS Server, in the main, but also for SMS and WhatsApp purposes on various staff private phones.
• In respect of Server storage, Professional Partners / Clients' client confidential information can only be accessed by the staff of CPS who are called Server Users, and therefore, have specific usernames and passwords, the latter being complex. Furthermore, we (CPS staff) directly control both the server and our access thereto.
• The same applies equally to all suppliers (all categories including Professional Advisors / Consultants) with whom CPS deal, i.e. all their information is stored likewise on the Server, and the same explanation above regarding the protection of this data applies.
• CPS Employee information is kept on the CEO's PC in a confidential directory that only he has access to.

Party to ensure the confidentiality, integrity, and availability of the information which is to be processed

Under Section 7D (2)(a), CPS may delegate its functions and duties to other parties to ensure their successful completion. The CEO secures commitments from all parties regarding information security and establishes formal data security agreements with them. These agreements include specific references to data confidentiality, integrity, and availability. Additionally, all service provider agreements must incorporate principles related to the Protection of Personal Information Act (POPIA). Service providers are required to declare any breaches they have experienced and must have suitable data protection policies and procedures in place.

Additionally, besides this manual, CPS has established the following policies:

• Communications policy
• Company Code of Conduct; and
• Confidentiality policy which outlines the required practices and processes of CPS and the standards to which CPS seeks to hold its service providers and others who may process personal information as referred to above.

Rights of other stakeholders, under the protection of personal information act

The rights of “data subjects” whose Personal Information is processed are set out in Section 5 of the POPIA and include the following:

• The right to be informed that your Personal Information is being collected and processed.
• The right to be notified of any “data breaches” (when your Personal Information falls into the hands of an unauthorised party).
• The right to be told what Personal Information is held for you.

Should you want more information on the Personal Information that CPS holds for you, or specific additional information on how CPS complies with the PAIA and POPIA (beyond what is set out in this manual), contact the CPS Information Officer.

Detail on how to make a request for access to record

The requester must complete Form 2 and submit it together with a request fee to the CPS Information Officer. The form must be submitted using any of the methods noted below:

Form of request:

• The requester must use the prescribed form, as attached in terms of Regulation 7 of this manual, to request access to a record. This must be made to the designated head. This request must be made to the electronic mail address of the body concerned [S53(1)].
• The requester must provide sufficient detail on the request form to enable the designated head to identify the record and the requester.
• The requester should indicate which form of access is required.
• The requester should indicate if any other manner is to be used to inform the requester and state the necessary particulars to be so informed [S53(2)(a) and (b) and (c)].
• The requester must identify the right that is sought to be exercised or to be protected and provide an explanation of why the requested record is required for the exercise or protection of that right [S53(2)(d)].
• If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is requesting the satisfaction of the designated head of the private body [S53(2)(f)].
• A requester who seeks access to a record containing personal information about that requester is not required to pay the request fee.
• Every other requester, who is not a personal requester, must pay the required request fee.
• The designated head of the private body must notify the requester (other than a personal requester) by notice, requiring the requester to pay the prescribed fee (if any) before further processing the request [S54(1)].
• The fee that the requester must pay to a private body is currently R50.00. The requester may lodge an application to the court against the tender or payment of the request fees [S54(3)(b)].
• After the designated head of the private body has decided on the request, the requester must be notified in the required form.
• If the request is granted, then a further access fee must be paid for the search, reproduction, and preparation for any time that has exceeded the prescribed hours to search and prepare the record for disclosure [S54(6)].

Grounds for refusing a request:

CPS has the right to reject any request for information submitted in terms of Section 62 to 70 of Chapter 4 of the PAIA Act.

Fees in respect of private bodies

The following is a breakdown of the fee structure for the purposes of determining the way fees relating to a request for access to a record of a private body are to be calculated:

Part III of Regulation 187 published in the Government Gazette on 15 February 2002: