PAIA MANUAL

CFS is an Authorised Financial Service Provider

Prepared in terms of section 51 of the Promotion of Access to Information Act 2 of 2000 (as amended)

DATE OF COMPILATION: October 2023

1. LIST OF ACRONYMS AND ABBREVIATIONS

  1. “CEO” Chief Executive Officer
  2. “KI” Key Individual
  3. “DIO” Deputy Information Officer;
  4. “IO“ Information Officer;
  5. “Minister” Minister of Justice and Correctional Services;
  6. “PAIA” Promotion of Access to Information Act No. 2 of 2000 as Amended;
  7. “POPIA” Protection of Personal Information Act No.4 of 2013;
  8. “Regulator” Information Regulator; and
  9. “Republic” Republic of South Africa

2. PURPOSE OF PAIA MANUAL

This PAIA Manual is useful for the public to-

  • check the categories of records held by a body which are available without a person having to submit a formal PAIA request;
  • have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;
  • know the description of the records of the body which are available in accordance with any other legislation;
  • access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;
  • know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;
  • know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;
  • know the description of the categories of data subjects and of the information or categories of information relating thereto;
  • know the recipients or categories of recipients to whom the personal information may be supplied;
  • know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and
  • know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.

3. KEY CONTACT DETAILS FOR ACCESS TO INFORMATION OF CROWIE FINANCIAL SERVICES

Information Officer

Name:         Meera Vala        

Tel:               082 601 5795                   

Email:          meera@khiliana.co.za                  

  • Access to information general contacts

Email: admin@cfsbrokers.co.za

  • Head Office

Postal Address:  Unit 125, Sandton Village Estate, 2 Holkam Road, Paulshof Ext 51, 2196

Physical Address: Unit 125, Sandton Village Estate, 2 Holkam Road, Paulshof Ext 51, 2196

Telephone: (011) 673-0636               

Email:  admin@cfsbrokers.co.za      

Website:     www.cfsbrokers.co.za                  

4. GUIDE ON HOW TO USE PAIA AND HOW TO OBTAIN ACCESS TO THE GUIDE

  • The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guideon how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.
  • The Guide is available in English.
  • The aforesaid Guide contains the description of-
  • the objects of PAIA and POPIA;
  • the postal and street address, phone and, if available, electronic mail address of-
  • the Information Officer of every private body, and
  • every Deputy Information Officer of every private body (if applicable);
  • the manner and form of a request for-
  • access to a record of a private body contemplated in section 11[1]; and
  • access to a record of a private body contemplated in section 50[2];
  • the assistance available from the IO of a public body in terms of PAIA and POPIA;
  • the assistance available from the Regulator in terms of PAIA and POPIA;
  • all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging-
  • an internal appeal;
  • a complaint to the Regulator; and
  • an application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body;
  • the provisions of sections 14[3] and 51[4] requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual;
  • the provisions of sections 15[5] and 52[6] providing for the voluntary disclosure of categories of records by a public body and private body, respectively;
  • the notices issued in terms of sections 22[7] and 54[8] regarding fees to be paid in relation to requests for access; and
  • the regulations made in terms of section 92[9].
  • Members of the public can inspect or make copies of the Guide from the offices of the private body, including the office of the Regulator, during normal working hours.
  • The Guide can also be obtained-
  •  upon request to the Information Officer.

CATEGORIES OF RECORDS OF CROWIE FINANCIAL SERVICES WHICH ARE AVAILABLE WITHOUT A PERSON HAVING TO REQUEST ACCESS

  Category of records  Types of the Record  Available on Website  Available upon request
FAIS Act & Associated Board NoticesFSP license certificateMandatory Policy Manualswww.cfsbrokers.co.zaadmin@cfsbrokers.co.za
Data ProtectionPOPIA manualPrivacy Statementwww.cfsbrokers.co.zaadmin@cfsbrokers.co.za

6. DESCRIPTION OF THE RECORDS OF CROWIE FINANCIAL SERVICES WHICH ARE AVAILABLE IN ACCORDANCE WITH ANY OTHER LEGISLATION

  Category of Records  Applicable Legislation  
Memorandum of incorporationCompanies Act 71 of 2008  
PAIA ManualPromotion of Access to Information Act 2 of 2000
POPIA ManualProtection of Personal Information Act 4 of 2013  
FICA Risk Management PlanFinancial Intelligence Centre Act 38 of 2001  
Mandatory Policy Manuals 

7. DESCRIPTION OF THE SUBJECTS ON WHICH THE BODY HOLDS RECORDS AND CATEGORIES OF RECORDS HELD ON EACH SUBJECT BY THE CROWIE FINANCIAL SERVICES

  Subjects on which the body holds records  Categories of records
Clients  Personal Information; Investment/ Insurance portfolios; FICA documentation
Employees  FICA documentation; HR Records
Key Individuals/ RepresentativesFAIS documentation  
Product Suppliers (FAIS)  FAIS documentation; Service Level Agreements  
IT Suppliers  Service Level Agreements  
External Compliance  FAIS documentation; Service Level Agreements  

8. PROCESSING OF PERSONAL INFORMATION

  • Purpose of Processing Personal Information

Personal Information of clients is processed for the purposes of carrying out our intermediary services in terms of the FAIS Act as mandated by the client.

  • Description of the categories of Data Subjects and of the information or categories of information relating thereto
  Categories of Data Subjects  Personal Information that may be processed
Customers / Clientsname, address, registration numbers or identity numbers, employment status and bank details
Service Providersnames, registration number, vat numbers, address,  trade secrets and bank details
Employeesaddress, qualifications, gender and race
  • The recipients or categories of recipients to whom the personal information may be supplied
  Category of personal information  Recipients or Categories of Recipients to whom the personal information may be supplied  
Clients  Product Suppliers  
Clients  FAIS Compliance Officer  
Clients  Regulators (FSCA/FIC)  
  • General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information
  1. Access Control: Implement strict access controls to ensure that only authorized personnel have access to sensitive information. This may involve using strong authentication methods such as passwords, biometrics, or two-factor authentication.
  1. Encryption: Utilize encryption techniques to protect data both in transit and at rest. This ensures that even if unauthorized parties gain access to the data, they cannot decipher it without the proper encryption keys.
  1. Data Backup and Recovery: Regularly backup critical data and establish procedures for data recovery in the event of data loss or system failure. Offsite backups can provide redundancy and help mitigate the impact of disasters.
  1. Security Awareness Training: Conduct regular security awareness training for employees to educate them about potential security threats and best practices for maintaining information security.
  1. Network Security: Implement firewalls, intrusion detection systems, and other network security measures to protect against unauthorized access and malicious activities on the network.
  1. Vulnerability Management: Regularly scan for vulnerabilities in systems and applications, and promptly apply patches and updates to mitigate potential security risks.
  1. Physical Security: Implement physical security measures such as access controls, surveillance systems, and secure storage facilities to protect physical assets and prevent unauthorized access to sensitive areas.
  1. Incident Response Plan: Develop and regularly test an incident response plan to ensure a timely and effective response to security incidents such as data breaches or cyber-attacks. This plan should outline roles and responsibilities, escalation procedures, and steps for mitigating the impact of the incident.
  1. Security Monitoring and Logging: Implement monitoring and logging mechanisms to track user activities, detect suspicious behaviour, and generate alerts for potential security incidents.
  1. Compliance and Regulatory Requirements: Ensure compliance with relevant laws, regulations, and industry standards pertaining to information security, depending on the nature of the organization and the data it handles.
  • A copy of the Manual is available-
  • On www.cfsbrokers.co.za, if any;
  • head office of the Crowie Financial Services for public inspection during normal business hours;
  • to any person upon request and upon the payment of a reasonable prescribed fee; and
  • to the Information Regulator upon request.
  • A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be payable per each A4-size photocopy made.

The head of Crowie Financial Services will on a regular basis update this manual.

Issued by

_______________________________________

SIMPHIWE ARNOLD MUSA MZOBE

Please refer to Form 2 (Request for access to record) and Form 3 (Outcome of request and of fees payable) attached hereto.


[1] Section 11(1) of PAIA- A requester must be given access to a record of a public body if that requester complies with all the procedural requirements in PAIA relating to a request for access to that record; and access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

[2] Section 50(1) of PAIA- A requester must be given access to any record of a private body if-

  1. that record is required for the exercise or protection of any rights;
  2. that person complies with the procedural requirements in PAIA relating to a request for access to that record; and
  3. access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

[3] Section 14(1) of PAIA- The information officer of a public body must, in at least three official languages, make available a manual containing information listed in paragraph 4 above.

[4] Section 51(1) of PAIA- The head of a private body must make available a manual containing the description of the information listed in paragraph 4 above.

[5] Section 15(1) of PAIA- The information officer of a public body, must make available in the prescribed manner a description of the categories of records of the public body that are automatically available without a person having to request access

[6] Section 52(1) of PAIA- The head of a private body may, on a voluntary basis, make available in the prescribed manner a description of the categories of records of the private body that are automatically available without a person having to request access

[7] Section 22(1) of PAIA- The information officer of a public body to whom a request for access is made, must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

[8] Section 54(1) of PAIA- The head of a private body to whom a request for access is made must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

[9] Section 92(1) of PAIA provides that –“The Minister may, by notice in the Gazette, make regulations regarding-

(a) any matter which is required or permitted by this Act to be prescribed;

(b) any matter relating to the fees contemplated in sections 22 and 54;

(c) any notice required by this Act;

(d) uniform criteria to be applied by the information officer of a public body when deciding which categories of records are to be made available in terms of section 15; and

(e) any administrative or procedural matter necessary to give effect to the provisions of this Act.”

Form 2 – Request For Access To Record

Form 3 – Outcome Of Request And Of Fees Payable