PAIA / POPIA Manual
Promotion of Access to Information Act (Act 2 of 2000), read with the Protection of Personal Information Act (Act 4 of 2013). Tap a section to expand it.
Prepared in terms of section 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000), read with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013).
| Registered name | CiTiFi (Pty) Ltd |
| Registration number | 2019/210856/07 |
| Nature of business | Internet service provider; open-source, Odoo and Linux systems integration and support |
| Registered / head office | 1167 Chamfuti Street, Moregloed, Pretoria, 0186, South Africa |
| Website | www.citifi.co.za |
| Information Officer | Jacobus Erasmus |
| Information Officer e-mail | legal@citifi.co.za |
| Telephone | +27 12 942 0150 |
| Manual last reviewed | July 2026 |
1.1 This manual is published in terms of section 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000) (“PAIA”). PAIA gives effect to section 32 of the Constitution of the Republic of South Africa, 1996, which provides for the right of access to information held by the State and to information held by another person that is required for the exercise or protection of any right.
1.2 This manual also gives effect to the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), which regulates the processing of personal information by CiTiFi (Pty) Ltd (“CiTiFi”, “we”, “us” or “our”).
1.3 The reference in this manual to any information in addition to that specifically required in terms of section 51 of PAIA does not create any right or entitlement (contractual or otherwise) to receive such information, other than in terms of PAIA.
1.4 CiTiFi supports the constitutional right of access to information and is committed to providing access to its records in accordance with PAIA and POPIA, the confidentiality it owes to third parties, and the principles of South African law.
2.1 CiTiFi is a South African private company that provides internet connectivity and related services — principally to tenants of apartment and inner-city buildings — as well as open-source software services, including Odoo implementation and support, Asterisk telephony, and Linux systems engineering.
2.2 As an internet service provider, CiTiFi is subject to, among others, the Electronic Communications and Transactions Act, 2002; the Electronic Communications Act, 2005; the Regulation of Interception of Communications and Provision of Communication-related Information Act, 2002 (“RICA”); and the codes and codes of conduct of the industry.
This manual is available:
- on our website at www.citifi.co.za (Legal section);
- at our registered office at the address set out above, on request during business hours;
- from the Information Regulator (South Africa); and
- to any person, on request to the Information Officer at legal@citifi.co.za.
This manual is reviewed and updated from time to time, as and when required.
4.1 With effect from 30 June 2021, the responsibility for administering PAIA transferred from the South African Human Rights Commission to the Information Regulator (South Africa). The Information Regulator is also responsible for enforcing POPIA.
4.2 The contact details of the Information Regulator are:
| Postal address | P.O. Box 31533, Braamfontein, Johannesburg, 2017 |
| Physical address | JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 |
| General e-mail | inforeg@inforegulator.org.za |
| PAIA complaints | PAIAComplaints@inforegulator.org.za |
| POPIA complaints | POPIAComplaints@inforegulator.org.za |
| Website | https://inforegulator.org.za |
5.1 A requester who wishes to access a record held by CiTiFi must complete the prescribed Form C — Request for Access to Record of Private Body (Regulation 10 under PAIA) and submit it to the Information Officer at legal@citifi.co.za or at the registered office.
5.2 The prescribed forms are available from CiTiFi’s website and office, and from the Information Regulator’s website (https://inforegulator.org.za).
5.3 The requester must:
- provide sufficient detail on the request form to enable the Information Officer to identify the record and the requester;
- indicate the form of access required and the manner (and particulars) in which the requester wishes to be notified;
- identify the right that the requester seeks to exercise or protect, and explain why the requested record is required for the exercise or protection of that right; and
- if the request is made on behalf of another person, submit proof of the capacity in which the request is made, to the satisfaction of the Information Officer.
5.4 A request fee and an access fee may be payable in accordance with the PAIA regulations, save that no fee is payable for a request for access to a record containing personal information about the requester. The requester will be notified of any amount payable before the request is processed.
5.5 The Information Officer will, within 30 days of receipt of a request (subject to any permitted extension), notify the requester of the decision and, where access is granted, the fee (if any) payable and the form of access.
5.6 Grounds for refusal of access are those set out in Chapter 4 of Part 3 of PAIA, including the mandatory protection of the privacy of third parties, commercial information of third parties, and certain confidential, legally privileged and safety-related information.
CiTiFi maintains records in the following categories. Recording a category or subject matter in this manual does not imply that a request for access to those records will be granted; each request is evaluated on its merits in accordance with PAIA.
6.1 Statutory and internal records — Memorandum of Incorporation; statutory registers and records maintained in terms of the Companies Act, 2008; financial and accounting records; operational records; licences and authorisations; intellectual property; internal policies, procedures and correspondence; marketing and product records.
6.2 Personnel records — records relating to directors, employees, contractors and other personnel, including employment contracts, conditions of employment, payroll records, and records required in terms of labour and tax legislation.
6.3 Customer records — records provided by, or generated in respect of, customers, including contact and RICA registration details, contractual records, billing and payment records, service and technical records, and support correspondence. These records are treated as confidential and requests for access to them are evaluated having regard to sections 63 to 67 of PAIA and to POPIA.
6.4 Technical records — network configuration and usage statistics, RADIUS and authentication logs, hardware and software performance metrics, and records required to be retained in terms of RICA.
6.5 Records of other parties — records relating to suppliers, service providers, joint-venture partners and other third parties.
Certain records are available in terms of, among others, the following legislation, to the persons or entities specified in that legislation:
- Companies Act, 2008 (Act No. 71 of 2008)
- Income Tax Act, 1962 (Act No. 58 of 1962)
- Value-Added Tax Act, 1991 (Act No. 89 of 1991)
- Basic Conditions of Employment Act, 1997 (Act No. 75 of 1997)
- Labour Relations Act, 1995 (Act No. 66 of 1995)
- Employment Equity Act, 1998 (Act No. 55 of 1998)
- Skills Development Levies Act, 1999 (Act No. 9 of 1999)
- Unemployment Insurance Act, 2001 (Act No. 63 of 2001)
- Compensation for Occupational Injuries and Diseases Act, 1993 (Act No. 130 of 1993)
- Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)
- Electronic Communications Act, 2005 (Act No. 36 of 2005)
- Independent Communications Authority of South Africa Act, 2000 (Act No. 13 of 2000)
- Regulation of Interception of Communications and Provision of Communication-related Information Act, 2002 (Act No. 70 of 2002)
- Films and Publications Act, 1996 (Act No. 65 of 1996)
- Consumer Protection Act, 2008 (Act No. 68 of 2008)
- Protection of Personal Information Act, 2013 (Act No. 4 of 2013)
8.1 Categories of data subjects and their personal information. CiTiFi processes personal information relating to customers (including RICA registration information — full name, identity or passport number, and residential/physical address), prospective customers, employees, suppliers and website users.
8.2 Purposes of processing. Personal information is processed to: provide and administer internet and related services; comply with RICA registration and record-keeping obligations; bill and collect payment; provide technical support; comply with legal and regulatory obligations; and communicate with data subjects.
8.3 Recipients. Personal information may be shared with upstream network and infrastructure providers, payment processors, and regulatory or law-enforcement authorities where required by law.
8.4 Trans-border flows. Where personal information is processed outside the Republic (for example by cloud-hosting providers), CiTiFi takes reasonable steps to ensure an adequate level of protection consistent with section 72 of POPIA.
8.5 Security safeguards. CiTiFi maintains appropriate, reasonable technical and organisational measures to secure the integrity and confidentiality of personal information in its possession or under its control.
8.6 Data subject rights. A data subject has the right to: request access to their personal information; request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained; object to the processing of their personal information; and lodge a complaint with the Information Regulator. Requests may be directed to the Information Officer at legal@citifi.co.za.
The Guide contemplated in section 10 of PAIA, containing information to assist a person wishing to exercise a right under PAIA, is available from the Information Regulator in each of the official languages, and may be obtained from https://inforegulator.org.za or by contacting the Information Regulator at the details in clause 4.2.
This manual is available free of charge on our website and at our registered office. CiTiFi will update it from time to time as required by changes in its business or in the law.
This manual is a working document prepared for CiTiFi (Pty) Ltd. It should be reviewed and approved by a qualified South African attorney before being published or relied upon.