+27 11 719 2000

Academy Login

BOOK A DEMO
ISO 27001

Trust Centre

Disclaimer

PAIA

Privacy Policy

Terms and Conditions

Cookie Information

 

PAIA

Prepared in terms of section 51 of the Promotion of
Access to Information Act 2 of 2000 (as amended)

Date Of Compilation: 01/10/2021

Date Of Revision: 01/03/2025

 

List of acronyms and abbreviations

NB: Please insert relevant applicable acronyms and abbreviations

  • “DIO” Deputy Information Officer;
  • “IO“ Information Officer;
  • “Minister” Minister of Justice and Correctional Services;
  • “PAIA” Promotion of Access to Information Act 2 of 2000( as Amended;
  • “POPIA” Protection of Personal Information Act 4 of 2013;
  • “Regulator” Information Regulator; and
  • “Republic” Republic of South Africa

Purpose of PAIA manual

This PAIA Manual is useful for the public to-

  • check the categories of records held by a body which are available without a person having to submit a formal PAIA request;
  • have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;
  • know the description of the records of the body which are available in accordance with any other legislation;
  • access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;
  • know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;
  • know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;
  • know the description of the categories of data subjects and of the information or categories of information relating thereto;
  • know the recipients or categories of recipients to whom the personal information may be supplied;
  • know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and
  • know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.

Purpose of PAIA manual

This PAIA Manual is useful for the public to-

  • check the categories of records held by a body which are available without a person having to submit a formal PAIA request;
  • have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;
  • know the description of the records of the body which are available in accordance with any other legislation;
  • access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;
  • know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;
  • know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;
  • know the description of the categories of data subjects and of the information or categories of information relating thereto;
  • know the recipients or categories of recipients to whom the personal information may be supplied;
  • know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and
  • know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.

 

Key contact details for access to information of Legal Interact

 Deputy Information Officer (NB: if more than one Deputy Information Officer is designated, please provide the details of every Deputy Information Officer of the body designated in terms of section 17 (1) of PAIA.

Name:                              Raphael Segal
Tel:                                    +27117192000
Email:                                pr*****@**********co.za
Fax Number:                    N/A

 

Access to information general contacts

Email:                               pr*****@**********co.za

 

National or Head Office

Postal Address: Same as Physical Address
Physical Address: 70 Melville Road, Illovo Central Building, 6th Floor
Telephone: +27117192000
Email: pr*****@**********co.za
Website: www.Legalinteract.co.za

 

Guide on how to use PAIA and how to obtain access to the guide

  • The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.
  • The aforesaid Guide contains the description of-
    • the objects of PAIA and POPIA;
    • the postal and street address, phone and fax number and, if available, electronic mail address of-
      • the Information Officer of every public body, and
      • every Deputy Information Officer of every public and private body designated in terms of section 17(1) of PAIA1 and section 56 of POPIA2;
    • the manner and form of a request for-
      • access to a record of a public body contemplated in section 113; and
      • access to a record of a private body contemplated in section 504;
    • the assistance available from the IO of a public body in terms of PAIA and POPIA;
    • the assistance available from the Regulator in terms of PAIA and POPIA;
    • all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging-

1 Section 17(1) of PAIA- For the purposes of PAIA, each public body must, subject to legislation governing the employment of personnel of the public body concerned, designate such number of persons as deputy information officers as are necessary to render the public body as accessible as reasonably possible for requesters of its records.

2 Section 56(a) of POPIA- Each public and private body must make provision, in the manner prescribed in section 17 of the Promotion of Access to Information Act, with the necessary changes, for the designation of such a number of persons, if any, as deputy information officers as is necessary to perform the duties and responsibilities as set out in section 55(1) of POPIA.

3 Section 11(1) of PAIA- A requester must be given access to a record of a public body if that requester complies with all the procedural requirements in PAIA relating to a request for access to that record; and access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Part.

4 Section 50(1) of PAIA- A requester must be given access to any record of a private body if-

  • that record is required for the exercise or protection of any rights;
  • that person complies with the procedural requirements in PAIA relating to a request for access to that record; and
  • access to that record is not refused in terms of any ground for refusal contemplated in Chapter 4 of this Port.
  • an internal appeal;
  • a complaint to the Regulator; and
  • an application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body;
  • the provisions of sections 145 and 516 requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual;
  • the provisions of sections 157 and 528 providing for the voluntary disclosure of categories of records by a public body and private body, respectively;
  • the notices issued in terms of sections 229 and 5410 regarding fees to be paid in relation to requests for access; and
  • the regulations made in terms of section 9211.

      5 Section 14(1) of PAIA- The information officer of a public body must, in at least three official languages, make available a manual containing information listed in paragraph 4 above.

      6 Section 51(1) of PAIA- The head of a private body must make available a manual containing the description of the information listed in paragraph 4 above.

      7 Section 15(1) of PAIA- The information officer of a public body, must make available in the prescribed manner a description of the categories of records of the public body that are automatically available without a person having to request access

      8 Section 52(1) of PAIA- The head of a private body may, on a voluntary basis, make available in the prescribed manner a description of the categories of records of the private body that are automatically available without a person having to request access

      9 Section 22(1) of PAIA- The information officer of a public body to whom a request for access is made, must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

      10 Section 54(1) of PAIA- The head of a private body to whom a request for access is made must by notice require the requester to pay the prescribed request fee (if any), before further processing the request.

      11 Section 92(1) of PAIA provides that –“The Minister may, by notice in the Gazette, make regulations regarding-

        • any matter which is required or permitted by this Act to be prescribed;
        • any matter relating to the fees contemplated in sections 22 and 54;
        • any notice required by this Act;
        • uniform criteria to be applied by the information officer of a public body when deciding which categories of records are to be made available in terms of section 15; and
        • any administrative or procedural matter necessary to give effect to the provisions of this ”
      • Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.
      • The Guide can also be obtained-
      • A copy of the Guide is also available in the following two official languages, for public inspection during normal office hours-
        •       English

       

      Categories of records of Legal Interact which are available without a person having to request access

       

      Category of records Types of the Record Available on Website Available upon request
      Disclaimer Disclaimer Yes Yes
      Privacy Policy Privacy Policy Yes Yes
      Privacy Document Terms & Conditions Yes Yes
      Paia Paia Manual Yes Yes

       

      Description of the records of legal interact which are available in accordance with any other legislation

       

      Category of Records Applicable Legislation
      Memorandum of incorporation Companies Act 71 of 2008
      PAIA Manual Promotion of Access to Information Act 2 of 2000

       

      Description of the subjects on which Legal Interact holds records and categories of records held on each subject by Legal Interact

      Subjects on which
      Lega Interact holds records      		 Categories of records
      Customers and their customers First Name, Last Name, Organisation Name, Email, Phone Number, Username, Contact Numbers, Identity Numbers in screenshots, environment information
      Customers from a commercial perspective – such as through sales or customer servicing activities Name, Surname, Email Address, Organisation Details, and any personal details that may be contained in the uploaded data, relevant communication and/or document used by the client.
      Customers from a commercial perspective – such as through sales or customer servicing activities First Name, Last Name, Organisation Name, Email, Phone Number, Organisation Details, Contact Numbers
      Debtors or creditors – such as through managing creditors’ books Name, Surname, Organisation Details, Contact Numbers, Email Address, and other personal information that may be contained in contracts
      Prospective customers – such as through advertising or direct marketing activities Name, Surname, Email Address, Organisation Details, and any personal details that may be contained in the uploaded data
      Employees – such as through monitoring, payroll or training activities Email, names, phone numbers, financial details, banking details, and other personal information that may be contained in Invoices
      Employment candidates — such as through recruitment, interviewing or background checking activities Name, Surname, Email Address, Organisation details
      Vendors, contractors or other suppliers – such as through supply chain management Name, Surname, Email Address, password (encrypted)
      IT users – such as through IT support, data processing or other IT-related activities Name, Surname, Email Address, Organisation details, and any personal details that may be contained in the relevant communication and/or document template used by the client.
      Directors or Shareholders – such as through company administration activities involving directors or shareholders Names, ID Numbers, Contact Details, Qualifications, Leave Records, Expenses, Bank details, Salary Details, Deductions (PAYE, UIF, SDL), Bonuses, Leave Records, Tax Numbers, Tax Submissions, Reimbursement Details, Demographic Details, Employment Status, Audit Records
      Clients (individuals and business representatives) Name, Surname, Email Address, Organisation Details, and any personal details that may be contained in the uploaded data, relevant communication and/or document template used by the client.
      Suppliers (business representatives) Name, Surname, Email Address, Organisation Details, and any personal details that may be contained in the uploaded data, relevant communication and/or document template used by the client.
      Employees, company financial records Names, ID Numbers, Contact Details, Qualifications, Leave Records, Expenses, Bank details, Salary Details, Deductions (PAYE, UIF, SDL), Bonuses, Leave Records, Tax Numbers, Tax Submissions, Reimbursement Details, Demographic Details, Employment Status, Audit Records

       

       

      Processing of personal information

      Purpose of Processing Personal Information

      • Manage the user functions to process their relevant activities on the system
      • Manage the users and permissions within the systems and integrations
      • Manage the users and permissions within the systems and integrations
      • Audit user activity for client use. Manage and respond to issues and measure throughput of the systems
      • Manage the users and permissions within the systems and integrations
      • Manage permissions and limit/expand functions to specific users
      • Enable functionality througout the systems
      • Enable functionality througout the systems
      • Follow internal policies, or policies of clients depending on industry/individual clients
      • The system has functionality to allow user’s to capture unstructured notes or text that get’s stored by and displayed the system.
      • To comply with GDPR requirements by automating the removal or anonymization of personal data once retention periods are met.
      • Manage customer contract obligations
      • Manage the user functions to process legal matter management, contracting, and obligations thereof
      • Enable functionalities for Users to manage their contractual obligations
      • Enable notifications and communications from the system to users
      • Enable Contract/Document and legal process functionalites, such as key data points, summarisations, clause extractions and comparisions
      • Enable the functionality for Invoice extraction and management thereof
      • Enable authorisations and authentications to already configured user profiles in any client’s environment
      • Manage the users and permissions within the systems and integrations
      • Manage and respond to issues and measure throughput of the systems
      • Manage situations of lost data and restore points for retreival after any given event of loss of data
      • Manage permissions and limit/expand functions to specific users
      • Enable functionality througout the systems without replicating functionality (master data)
      • Follow internal policies, or policies of clients depending on industry/individual clients
      • Enable the ability to manage a legal matter, a contract life cycle or contract review from end-to-end
      • To facilliate search features and as part of our data processing pipeline we require Elastic Search to help us extract data.
      • To facilliate payment features in the system, we use Paypal as a payment solution provider.
      • To facilliate payment features in the system, we use MCB (Mauritius Merchantile Bank) as a payment solution provider.
      • To facilliate payment features in the system, we use Microsoft Marketplace as a payment solution provider.
      • The system has functionality to allow user’s to capture unstructured notes or text that get’s stored by and displayed the system.
      • Billing and revenue collection to ensure timely payments for services provided.
      • Payment processing for goods and services received from suppliers.
      • Salary payments, employee benefits administration, tax compliance, and leave tracking.
      • Employee data management, leave tracking, payroll integration, and system maintenance.
      • Calculation and submission of employee tax (PAYE, UIF, etc.) to SARS.
      • BEE certificate maintenance for certain companies in the group.
      • Annual financial audits, provisional and income tax submissions, and client-requested reports.
      • Direct marketing of goods or services
      • Entering into a contract
      • Providing goods or services
      • Historical, statistical or research
      • Paying employees
      • Law enforcement
      • Credit reporting
      • Profiling

       

      Description of the categories of Data Subjects and of the information or categories of information relating thereto

       

      Categories of
      Data Subjects      		 Personal Information that may be processed
      Customers / Clients

      name,  address, registration numbers or identity

      numbers, employment status and bank details
      Service Providers

      names, registration number, vat numbers, address,

      trade secrets and bank details
      Employees address, qualifications, gender and race

      The recipients or categories of recipients to whom the personal information may be supplied

       

      Category of personal information Recipients or Categories of Recipients to whom the personal information may be supplied
      Identity number and names, for criminal checks South African Police Services
      Qualifications,   for qualification verifications South African Qualifications Authority
      Credit and payment history, for credit information Credit Bureaus

       

      Planned transborder flows of personal information

      • Adequacy – transfer to Israel
      • If suppliers are international, transfers occur under standard banking regulations.
      • Limited to payment information through standard integrations with payment providers
      • Azure (Hosting) – Azure services in South Africa region; others in their default regions
      • Not applicable

       

      General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information

      • Role-based access controls for Azure DevOps, Training for support staff on handling personal data in bug reports, Minimization of personal data in bug tracking, Multi-factor authentication for DevOps, User Access Management, Internal awareness and training, User password management, Data backup
      • Role-based access controls for Azure DevOps, Training for support staff, User Access Management, Internal awareness and training, User password management
      • Role based access control for Azure SQL Server, Training, User Access Management, Internal awareness and training, Entra ID authentication
      • Annual penetration testing, standard access controls through ASP.NET Identity framework, Regular software updates, Secure premises, Anonymization, Segmented access control, User password management, Role based permissions, Network authentication tools (SQL), Multi-factor authentication, Firewalls, Internal Awareness and training, Data backups, Code vulnerability scanning, Code Review System.
      • Role-based access controls for Azure DevOps, Training for support staff on handling personal data in bug reports, Minimization of personal data in bug tracking, Multi-factor authentication for DevOps, User Access Management, Internal awareness and training, User password management, Data backup
      • Role-based access controls for Azure DevOps, Training for support staff, User Access Management, Internal awareness and training, User password management
      • API Keys, Encrypted Data Transfer, Secure Key Storage in Key Vault, Two-factor authentication, Limited Access for organisation employees, Access Keys, Secure premises, Firewalls
      • Annual penetration testing, standard access controls through ASP.NET Identity framework, Regular software updates, Secure premises, Anonymization, Segmented access control, User password management, Role based permissions, Network authentication tools (SQL), Multi-factor authentication, Firewalls, Internal Awareness and training, Data backups, Code vulnerability scanning, Code Review System.
      • API Keys, Encrypted Data Transfer, Secure Key Storage in Key Vault, Two-factor authentication, Limited Access for organisation employees, Access Keys, Secure premises, Firewalls
      • API Keys, TLS, Encrypted Data Transfer, Limited Access for organisation employees, Access Keys, Secure premises, Firewalls
      • Annual penetration testing, standard access controls through ASP.NET Identity framework, Regular software updates, Secure premises, Anonymization, Segmented access control, User password management, Role based permissions, Network authentication tools (SQL), Multi-factor authentication, Firewalls, Internal Awareness and training, Data backups, Code vulnerability scanning, Code Review System.
      • Role-based access controls for Azure DevOps, Training for support staff on handling personal data in bug reports, Minimization of personal data in bug tracking, Multi-factor authentication for DevOps, User Access Management, Internal awareness and training, User password management, Data backup
      • Role-based access controls for Azure DevOps, Training for support staff, User Access Management, Internal awareness and training, User password management
      • API Keys, Encrypted Data Transfer, Secure Key Storage in Key Vault, Two-factor authentication,
      • Role-based access, encryption of financial data, secure authentication.
      • Supplier bank details are loaded onto banking platform only, payments require multi-factor authentication.
      • Role-based access, payroll encryption, two-factor authentication.
      • Access control, encryption, system activity logging.
      • Encryption, secure access controls, audit logs.
      • Access restrictions, audit trails, encryption.
      • Data access logs, encryption, secure transmission.
      • Access control lists (subcontractors and third-parties)
      • Encryption
      • Anti-virus protection
      • Breach Detection Tools
      • Data backup
      • Email scanning
      • User access management
      • Firewalls
      • Internal awareness & training
      • Internal policies and plans
      • Intrusion detection tools
      • Vendor risk management
      • User password management
      • Mobile device management tools
      • Multi-factor authentication
      • Need-to-know restrictions
      • Network authentication
      • Segmented access control
      • Penetration tests
      • Pseudonymization
      • Regular software updates
      • Secure disposal
      • Secure premises
      • Anonymization

       

      Availability of the manual

      • A copy of the Manual is available-
        • on https://legalinteract.com/ , if any;
        • head office of LEGAL INTERACT for public inspection during normal business hours;
        • to any person upon request and upon the payment of a reasonable prescribed fee; and
        • to the Information Regulator upon
      • A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be payable per each A4-size photocopy made.

      Updating of the manual

      The head of LEGAL INTERACT will on a regular basis update this manual.