PAIA manual

PAIA manual

As required by section 51 of the Promotion of Access to Information Act 2 of 2000 (as amended)

Effective Date: 24 June 2025
Next Review Date: 24 June 2028

INTRODUCTION
1. HBGSchindlers is a South African law firm operating as a partnership, with offices in Johannesburg and Ballito.
2. Ms SJ Thackwell has been appointed as the Information Officer, responsible for compliance with the Promotion of Access to Information Act 2 of 2000 (“PAIA”) and the Protection of Personal Information Act 4 of 2013 (“POPIA”).
3. This manual sets out the procedure for accessing records held by HBGSchindlers, in compliance with PAIA.
CONTACT DETAILS
Chief Information Officer: Ms SJ Thackwell
Email: thackwell@hbgschindlers.com
Telephone: +27 (11) 568 8500Address: Third Floor, 3 Melrose Boulevard, Melrose Arch, 2076
Website: www.hbgschindlers.com
GUIDE ON HOW TO USE PAIA
A guide on how to exercise rights under PAIA and POPIA is available from the Information Regulator:Information RegulatorJD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Website: https://inforegulator.org.za/
Email: enquiries@inforegulator.org.za / PAIAComplaints.IR@justice.gov.za
Tel: 010 023 5200
RECORDS AVAILABLE WITHOUT FORMAL REQUEST
1. Public content on www.hbgschindlers.com
2. Marketing brochures and profiles
3. B-BBEE certificate
4. Standard letter of engagement (on request)
RECORDS AVAILABLE IN TERMS OF OTHER LEGISLATION
HBGSchindlers maintains records as required under the following (non-exhaustive):
1. Basic Conditions of Employment Act, 75 of 1997
2. Broad-Based Black Economic Empowerment Act 53 of 2003
3. Compensation for Occupational Injuries and Diseases Act 130 of 1993
4. Electronic Communications and Transactions Act 25 of 2002
5. Employment Equity Act 55 of 1998
6. Financial Intelligence Centre Act 38 of 2001
7. Income Tax Act 58 of 1962
8. Labour Relations Act 66 of 1995
9. Legal Practice Act 28 of 2014
10. Protection of Personal Information Act 4 of 2013
11. Value Added Tax Act 89 of 1991.
SUBJECTS AND CATEGORIES OF RECORDS HELD
1. Corporate and Governance Records
  - Partnership agreement
  - Records of partners and committee resolutions
  - Policies and procedures
2. Financial Records
  - Annual financial statements
  - Tax returns and SARS correspondence
  - Invoices, creditors and debtors ledgers
  - Audit reports
3. Human Resource Records
  - Employee contracts and disciplinary records
  - Leave records and payroll data
  - Equity plans, skills development and training logs
4. Client and Matter Files
  - Engagement letters
  - FICA documentation
  - Legal opinions, pleadings, correspondence
  - Confidential client records (access subject to privilege)
5. Information Technology and IP
  - Software licences
  - User access logs and cybersecurity policies
  - Trademark and domain registrations
6. Insurance Records
  - Professional indemnity and fidelity cover
7. Asset Records
  - Lease agreements
  - Asset registers
8. Legal ProceedingsRecords relating to current or historic litigation and arbitration (subject to privilege)

PROCESSING OF PERSONAL INFORMATION (POPIA COMPLIANCE)

HBGSchindlers processes personal information in order to:
1. provide legal and related services to clients;
2. fulfil employment and HR-related obligations;
3. perform FICA and other statutory compliance functions;
4. engage with service providers, suppliers and counterparties;
5. undertake business development, marketing and client relationship management;
6. comply with regulatory and professional requirements (e.g., SARS, Legal Practice Council); and
7. maintain internal security, IT infrastructure, and office administration.

Categories of Data Subjects and the Personal Information Processed

Categories of Data Subjects	Personal Information that may be Processed
Natural Persons	Names and surname; contact details (cellphone, email, telephone); residential and business address; ID/passport number; confidential correspondence
Juristic Persons	Name of contact persons; company/trust name; registration number; physical and postal address; contact details; financial and technical data; trade secrets
Employees	Name, gender, marital status, pregnancy, race, age, nationality, ID/passport number, qualifications, employment history, salary and banking details, contact details, criminal background, disciplinary history, medical and biometric data, dependents and next-of-kin information
Job Applicants	CVs, qualifications, ID/passport number, criminal and credit history, reference checks, interview notes
Clients and Counterparties	FICA documents; agreements; financial and personal records; correspondence; confidential information provided for legal advice or litigation
Suppliers and Consultants	B-BBEE credentials, banking details, contact details, company registration and tax information

Categories of Recipients to Whom Personal Information May Be Supplied

Categories of Personal Information	Recipients or Categories of Recipients
Identity documents and criminal history	South African Police Service (SAPS)
Qualifications and certifications	South Africa Qualifications Authority (SAQA), educational institutions
Credit history and payment profile	Registered credit bureaus and financial institutions
Tax and registration details	South African Revenue Service (SARS)
Legal documentation and opinions	Courts, opposing legal counsel (with consent), regulators, CIPC, Deeds Office
Employment-related information	Payroll service providers, pension/provident fund administrators, medical aid administrators

Planned Transborder Flows of Personal Information
Personal information may be transferred outside the Republic of South Africa, including but not limited to:
1. cloud-based data hosting (e.g., Microsoft 365, Google Cloud, Dropbox) with servers located in jurisdictions offering adequate data protection;
2. international legal service providers, consultants or experts engaged on cross-border matters;
3. foreign regulators, courts or authorities as required in international disputes or transactions. All transborder flows are subject to the safeguards required under section 72 of POPIA.
Information Security Safeguards
HBGSchindlers has implemented appropriate, reasonable technical and organisational measures to safeguard personal information, including:
1. encrypted storage and secure servers;
2. role-based access control and password protection;
3. endpoint security (anti-virus and malware detection);
4. multi-factor authentication on remote systems;
5. secure destruction and archiving policies;
6. confidentiality undertakings by all staff, service providers and counsel.
These safeguards are regularly reviewed to ensure continued protection of the confidentiality, integrity, and availability of personal information under the firm’s care.

REQUEST PROCEDURE
1. Requests must be submitted in the prescribed Form C (Annexure A) .Include:
  1. Description of record
  2. Proof of identity and authority
  3. Form of access requested (electronic, physical)
  4. Reason why the record is needed to protect or exercise a right
2. Email or deliver to the Information Officer.
RESPONSE TIME
HBGSchindlers will respond 30 days from receipt. This period may be extended by a further 30 days as permitted under section 26(1) of PAIA, with reasons provided in writing.

FEES (as prescribed by the Regulator)

Description	Fee (incl. VAT)
Request Fee (non-personal)	R 140.00
A4 copy per page	R 2.30
CD copy	R 69.00
Flash drive copy	R 46.00 (if supplied)
Search & prep (per hour)	R 166.75 (after 1st hour)
Postage	Actual cost

Records may be withheld until payment is made. A deposit may be required for large requests (exceeding 6 hours of preparation).
Fees may be waived in specific cases or if the requester is a data subject.

AVAILABILITY OF MANUAL
- Available on our website, at our offices, and on request
- This Manual may be reviewed and amended periodically, and any amendments will comply with PAIA and POPIA

Issued by

SJ THACKWELL
PARTNER

PAIA manual

PAIA manual

Get in touch

Useful links