1.1. The Gauteng Tourism Authority (GTA) Promotion of Access to Information Manual and Privacy Statement (“GTA Information Manual” or “this Manual”) is published in terms of Part 2 of Chapter 2 (specifically section 14) of the Promotion of Access to Information Act (2 of 2000), (“PAIA”) and Part A of Chapter 3 (specifically sections 8 to 25) of the Protection of Personal Information Act (4 of 2014), (“POPIA”).
1.2. Section 17 of POPIA requires that all Responsible Parties (a public body in this instance) must maintain the documentation of all processing operations under their responsibility as referred to in section 14 of PAIA. The purpose of this requirement is for Responsible Parties to be transparent about their processing of personal information.
- 2. Application
2.1. This Manual applies to GTA, its board members and employees and any person requesting access to a record in the possession or under the control of GTA.
2.2. In terms of records contemplated under PAIA and which records do not contain Personal
Information, this Manual shall not apply as between GTA and the:
2.2.1. GPDED as GTA’s reporting department and the MEC as the Executive Authority of GTA, which requests shall be dealt with in terms of the Shareholder Compact and such practices that direct the governance relationships in the broader GPDED group of entities.
2.2.2. Constitutional, Oversight and Regulatory Functions of government in the carrying out of statutory mandates (such as that exercised by the MEC as GTA’s Executive Authority).
2.3. In terms of records / information contemplated under POPIA, this Manual shall not apply to the processing of information as contemplated in section 6 of POPIA (Exclusions).
DEFINITIONS, INTERPRETATION, ACCESS AND REVIEW
- 3. Definitions
3.1. “Access Fee” means the prescribed fees1 2(including the Request Fee3) payable for the purposes of section 22(6) or 54(6) by a Requester to cover the costs of finding and copying the records.
3.2. “Act” means the Gauteng Tourism Act (10 of 2001).
3.3. “Authorised Person” means the person who is making a request on behalf of someone else and has been authorised in writing to do so, who may also be a Representative Requester when the request relates to the Personal Information of a Person who is a Data Subject.
3.4. “Automatically Available Records” mean records that GTA will provide to a Requester without the Requester having to file a formal request. These records are listed herein below.
3.5. “Chief Executive Officer” means the Chief Executive Officer of GTA, or the person acting as such, and Information Officer for purposes of this Manual.
3.6. “Data Subject” means the person to whom Personal Information relates.
3.7. “Deputy Information Officer” means the Deputy Information Officer, or the person acting as such, for a public body as defined in sections 1 and 17 of PAIA to whom necessary responsibility is delegated by the Information Officer to render GTA as accessible as reasonably possible for requesters of GTA’s records and the processing and access to of personal information of data subjects held by GTA, as set out in sections 55 and 56 of POPIA.
3.8. “Effective Date” means 1 January 2022, the date on which this Manual came into effect.
3.9. “GTA” means the Gauteng Tourism Authority, a statutory juristic person and provincial public entity established in terms of section 3 of the Act, read with section 49 and schedule 3 of the PFMA.
3.10. “GTA Information Manual” or “this Manual” mean this procedural Gauteng Tourism Authority
Promotion of Access to Information Manual and Privacy Statement.
1 Per Government Notice R991 of 14 October 2005, the Requester does not need to pay an Access Fee to a public body if the Requester is a single person whose annual income, after permissible deductions, such as PAYE and UIF, is less than R14,712 a year, or the person is married and the joint income with the person’s partner, after permissible deductions, such as PAYE and UIF, is less than R27,192 per year.
2 Refer Government Notice R757 of 27 August 2021 for latest regulations, forms, and Access Fees under PAIA.
3 A standard once-off, prescribed fee of R35 payable before a request can be processed and the Deputy Information Officer must notify the requester (in writing) that this fee is payable. Note that the request fee is in terms of PAIA section 22(1) not applicable in the case of a personal requester.
3.11. “Guide” means the Regulator’s Guide on how to use PAIA by any person exercising any right afforded in PAIA and POPIA, as contemplated in section 10 of PAIA.
3.12. “Human Rights Commission” means the South African Human Rights Commission referred to
in section 181 (1) (b) of the Constitution.
3.13. “Information Officer” means the Information Officer for a public body as defined in sections 1 and 17 of PAIA, for GTA it means its Chief Executive Officer or any person acting in that position from time to time.
3.14. “Regulator” means the (Office of the) Information Regulator, the independent body that handles access to information and privacy issues established in term of section 39 of POPIA.
3.15. “PAIA” means the Promotion of Access to Information Act (2 of 2000).
3.16. “Person” means a natural or juristic person.
3.17. “Personal Information” means, as defined in section 1 of POPIA, information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; information relating to the education or the medical, financial, criminal or employment history of the person; any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; the biometric information of the person; the personal opinions, views or preferences of the person; correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; the views or opinions of another individual about the person; and the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
3.18. “PFMA” means the Public Finance Management Act (1 of 1999).
3.19. “POPIA” means the Protection of Personal Information Act (4 of 2014).
3.20. ‘‘Processing’’ means, as defined in section 1 of POPIA, any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; or merging, linking, as well as restriction, degradation, erasure or destruction of information.
3.21. “Public Body” means a South African organ of state or any department of state or
administration in the national or provincial sphere of government or any municipality in the
local sphere of government; or any other functionality or institution performing a public function in terms of an Act of Parliament.
3.22. “Record” means any recorded information regardless of form and medium in the possession or under the control of GTA, whether or not it was created by GTA, including but not limited to any note or writing (howsoever produced); any copy, plan, picture, sketch or photographic or other representation of any place or article; any disc or card or other (digital, analogue or mechanical) device in or on which sound or any signal has been recorded for reproduction.
3.23. “Representative Requester” or “Third Party” means as defined in section 1 of PAIA, in relation to a request for access to a Record of GTA, means any person other than a Requester concerned including but not limited to the government of a foreign state, an international organisation, or an organ of that government or organisation; and/or, a representative requesting access to a Record or Personal Information relating to another Person on behalf of that Person; in the case of an attorney or advocate representative, it must submit a duly signed consent affidavit with the Prescribed Request Form; in case of an adult person acting on behalf of another adult or a minor or mentally incapacitated person, it must submit proof of authority, guardianship or curatorship or kinship (in the first degree of blood relationship), including but not limited to marriage certificate, birth certificate indicating parental status; court or tribunal order, or consent affidavit with certified copy of identity document or passport.
3.24. “Requester” means a personal requester or “Data Subject” or Person seeking access to a record in the possession of or under the control of GTA, containing personal information about himself or herself or itself.
3.25. “Responsible Party” means GTA, as defined in section 1 of POPIA, the public body who determines the purpose of and means for the processing of Personal Information.
3.26. “Schedule of Forms” means the schedule listing the forms to be used by Requesters to access
information held by GTA. The forms are available at https://inforegulator.org.za/.
- 4. Interpretation
4.1. Any reference to a statute, regulation or other legislation shall be a reference to that statute, regulation, or other legislation as at the date of this Manual coming into effect, and as amended or substituted from time to time.
4.2. If any provision in a definition is a substantive provision conferring a right or imposing an obligation on any party then, notwithstanding that it is only in a definition, effect shall be given to that provision as if it were a substantive provision in the body of this Manual.
4.3. Where any term is defined within a particular clause other than this, that term shall bear the meaning ascribed to it in that clause wherever it is used in this Manual.
4.4. Any reference to days (other than a reference to business days), months or years shall be a reference to calendar days, months, or years. Where any number of days is to be calculated from a particular day, such number shall be calculated as excluding that day and commencing on the next day. If the last day of such number so calculated falls on a day which is not a business day, the last day shall be deemed to be the next succeeding day which is a business day.
4.5. The use of the word “including” followed by a specific example shall not be construed as limiting the meaning of the general wording preceding it and the eiusdem generis rule shall not be applied in the interpretation of such general wording or such specific example.
4.6. If there is a conflict in the interpretation of or application of this Manual and PAIA or POPI, the legislation shall prevail.
4.7. This Manual does not purport to be exhaustive of or to comprehensively deal with every procedure provided for in PAIA and POPI. Requesters are referred to the Guide and the Regulator in this respect.
- 5. Access to this Manual
5.1. This Manual is made available in English to any person upon request and upon the payment of a reasonable prescribed fee from the Deputy / Information Officer at GTA’s offices and from
GTA’s website at www.gauteng.net.
- 6. Review of this Manual
6.1. GTA may from time to time review and/or update this Manual.
PROMOTION OF ACCESS TO INFORMATION
- 7. Overview and Purpose of the Manual
7.1. The purpose of this Manual is to inform the public of the structure and functions of GTA and how to obtain access to records held by GTA. It gives effect to section 14 of PAIA and section
32 of the Constitution, which provides that everyone has the right to access information held by the State when such information is required for the exercise and protection of rights.
7.2. PAIA underlines the importance of access to information in a democratic society by fostering a culture of transparency and accountability. PAIA does this by requiring public bodies to create both a Manual describing the type of records they hold, and procedures for others to access that information. PAIA also sets limits on the types of information that can be accessed i.e., information requested might not be granted under various circumstances.
- 8. Description of Functions and Records held by GTA
8.1. This Manual offers an outline of the GTA information, which is accessible to the public in terms of sections 14 and 15 PAIA, which includes the following:
8.1.1. Structure, Functions, and Objectives.
8.1.2. Vision, Mission, and Values.
8.1.3. Contact Details.
8.1.4. Description of the records held by GTA
8.1.5. Automatically Available Information.
8.1.6. Procedure for Requesting Information.
8.1.7. Fees Payable when Requesting Access to Records.
8.1.8. Legal Remedies
- 9. Structure, functions, and objectives of GTA
9.1. GTA is an unincorporated, statutory entity and public body (as defined in PAIA and POPIA) established as a juristic person, acting under the direction of its Accounting Authority (i.e., its Board), in terms of section 3 of the Act read with section 49 and schedule 3C of the PFMA.
9.2. The Board or Accounting Authority is made up of between seven and ten members appointed by the MEC and the CEO appointed by the Board. Board Members and the CEO are appointed
for renewable, three-years terms of office. The Board is assisted by technical, sub-committees. These are committees overseeing Audit and Risk, core Operational matters, and Ethics, Governance, and Human Resource matters.
9.3. Organisationally, GTA is made up of three programmes being Strategic Support, Destination
Marketing and Destination Development.
9.3.1. Strategic Support houses functions such as Finance; Corporate Services (including Human Resources and Wellness, Information Technology and Facilities); Stakeholder Engagement and International Relations; Governance, Risk, and Legal Compliance; Internal Audit; Business Planning; Market Intelligence and the Office of the CEO.
9.3.2. Destination Marketing is one of the two core operational programmes. It houses those “demand side” business units responsible for Bidding and Hosting of international and other large-scale and MICE events in Gauteng. It also houses the Destination Communication functions which promote Gauteng as a business and leisure tourism destination, deals with digital and other communication, trade partnerships and brand management.
9.3.3. Destination Management is the other of the two core operational programmes. It houses those “supply side” business units responsible for Destination Development which incorporates sub-programmes such as working for tourism, tourism product development and tourism infrastructure and investment. The other workstream is a Tourism Sector Support function which is responsible for enhancing the overall visitor experience, tourism human resource development, tourism qualify assurance and the Tourist Guide Registrar function.
9.4. GTA’s mandate in terms of the Act is to:
9.4.1. Promote and develop tourism in the Gauteng Province.
9.4.2. Encourage the sustainable development, provision and improvement of tourist amenities and register tourist guides.
9.4.3. Establish guidelines for tourism development in the Gauteng Province.
9.4.4. Initiate and implement activities nationally and internationally to attract tourists to the Gauteng Province.
9.4.5. Develop strategic and business partnerships and other co-operative activities with tourist organisations in civil society and other countries.
9.4.6. Coordinate, support and interact with organisations and institutions aimed at promoting and developing tourism.
9.4.7. Solicit membership with and become a member of organisations for tourism development and marketing.
9.4.8. With approval of the MEC, to provide finance for any project which will develop tourism in the Gauteng Province.
9.4.9. Receive donations (e.g., sponsorships, grants and/or other funding including revenue generated by own activities).
9.4.10. Function as a juristic person within the laws of the Republic of South Africa possessing all the powers necessary for the GTA to function as such.
9.5. Both the Act and the PFMA make provision for GTA’s overarching strategy to be determined and its performance in terms of a formal strategic plan and annal performance plans to be monitored by its Accounting and Executive Authorities. As stated, GTA’s Executive Authority is the MEC responsible for tourism matters in the Gauteng Provincial Government. In this regard, the MEC acts through the Gauteng Provincial Government Department of Economic Development (“GPDED”).
9.6. Within the broader framework of the foregoing, GTA prepares a rolling Five-Year Strategic Plan from which an Annual Performance Plan is derived. Both the Five-Year Strategic Plan and the Annual Performance Plan are shaped according to strategic direction provided by the MEC and aligned to the economic development (and recovery) plans for the Gauteng Province as a whole.
9.7. Upon approval of the Annual Performance Plan by the Accounting and Executive Authorities of GTA, it is resourced through budget allocations received from the GPDED. GTA’s operational and financial performance are measured and reported on quarterly (and audited annually by the Auditor General of South Africa) against its Annual Performance Plan.
- 10. Vision, Mission, and Values
10.1. GTA’s vision is for Gauteng to be Africa’s must see, big-city region experience. GTA’s mission
10.1.1. Grow the visitor economy and enhance visitors’ experiences by branding, marketing, and promoting tourism in Gauteng.
10.1.2. Bidding for, and hosting mega, major, significant, local and community events.
10.1.3. Providing and managing visitor information services to leverage tourism for economic development.
10.2. GTA’s values are Professionalism and Excellence, Good Corporate Governance, Integrity and Ethical Business Processes, Passion, Alliance and Partnership, and Transformation and Sustainability. Information on how GTA’s values find practical application is set out in GTA’s Annual Report.
- 11. Contact details for GTA
11.1. The contact details of the persons who will assist the public with accessing GTA’s records are: Information Officer: Chief Executive Officer
Deputy Information Officer: Company Secretary & General Counsel
Street address and head office: 12th Floor, 124 Main Street, Marshalltown, 2001
Email address: email@example.com
Postal address: PO Box 155, Newtown, 2113
Telephone: 27 (0)11 085 2500
- 12. Description of the records held by GTA
12.1. For purposes of facilitating a request in terms of PAIA, the subjects on which GTA holds records and the categories of records held on each subject are as follows:
12.1.1. Strategic: annual reports, five-year strategic plan, annual performance plans, tourism statistics (as and when kept).
12.1.2. Financial: annual financial statements, auditor-general audit reports, annual (adjustment) budgets, asset register, financial and accounting policies, back account information, salary information, supplier database registration, debtor and creditor lists, tender information, supply chain management information including tenders, requests for quotations / information / proposals / expressions of interest, tender awards, and other financial records.
12.1.3. Corporate Services: organisational structure, human resource and other policies, standard terms and conditions of employment, recognition agreements (if concluded), workplace skills plan, job grading structure, remuneration structure, and other employee personal information.
12.1.4. Governance, Risk and Legal: service level and business agreements with organs of state government organs, shareholder compacts, strategic risk register, delegations of authority, declarations of interests, certain insurances, company secretarial records, board and committee charters, applicable legislation, court orders, finalised contracts, internal audit reports, l.
12.1.5. Core operations: registrar of tourist guides records, tourism quality assurance records, tourism norms and standards, EPWP tourism programmes and working for tourism records, bidding, and hosting requests for financing proposals, stakeholder engagement plan, tourism infrastructure information, trade partner and tourism route information,
- 13. Automatically Available Records
13.1. The following records are automatically available free of charge (if provided digitally) and the
Requester does not have to complete a PAIA application form to inspect the Records:
13.1.1. Annual Reports, Five-Year Strategic Plan and Annual Performance Plans.
13.1.2. Tourism statistics (as and when kept) and research in the public domain.
13.1.3. Service Delivery / Shareholder Agreements between GTA and the GPDED
13.1.4. Supply chain management policies, requests for quotations / proposals / information and awarded tenders and requests for quotations.
13.1.5. Organisational structure, recruitment, disciplinary and grievance policies, vacancy advertisements and Recognition Agreements with organised labour.
13.1.6. GTA’s requests for event and/or tourism grant finance proposals.
13.1.7. Tourism norms and standards, tourist guide registrar, and quality assurance information.
13.2. Other records are not automatically available. These records should be made available on request as set out in this Manual; however, disclosure may be refused if covered by grounds for refusal in terms of Chapter 4 of PAIA.
- 14. Procedure for Requesting access to a Record
14.1. All requests for access to information should be submitted to GTA’s Deputy / Information
Officer on the prescribed Form 1. Requesters must ensure that:
14.1.1. They provide sufficient detail to enable GTA to identify the Requester and the Record requested.
14.1.2. They indicate the form in which they would like to access the Record, e.g., hardcopy printouts or electronic format. GTA prefers and costs would be reduced if information that is available electronically can be provided in that format.
14.1.3. They list the right that they want to exercise or protect and provide GTA with an explanation of why the requested Record is required for the exercise or protection of that right.
14.2. If Requesters are making a request on behalf of another person, submit proof of the capacity in which they make the request and their authorisation to do so.
14.3. The Deputy / Information Officer, will as soon as reasonably possible within 30 days after the request has been received, decide whether to grant the request or not. Requesters will be notified whether the request has been rejected or accepted. Requesters will also be advised on the following:
14.3.1. The Request and Access Fees (including any deposit required) to be paid for the information.
14.3.2. The format in which Records will be made available.
14.3.3. The fact that Requesters may lodge a complaint with the Regulator or an application to the High Court against the access fee charged or the format in which access is to be granted.
14.3.4. Should GTA refuse your request, the Deputy / Information Officer will give the Requester written reasons. The Requester may lodge a complaint with the Regulator or bring an application to the High Court against the refusal.
14.3.5. If GTA does not respond to a Requester within 30 days after a request has been received, the request is deemed to have been refused.
14.3.6. Whether GTA requires an extension if the request relates to large number of Records, the search for the Records is to be conducted at premises not remotely situated.
14.3.7. Kindly note that all requests which received, will be considered in accordance with PAIA. Although GTA has published this Manual and described the categories and subject matter of information or Records that held, it does not afford Requesters any rights to access information exempt from disclosure in terms of PAIA.
- 15. Granting of requests and grounds for refusal
15.1. All requests for access to records will be considered and the granting and refusal thereof will be in line with the provisions of the Act. The Information Officer is required to take the decision on a request within 30 days of receipt of a request, failing which the request is deemed to have been refused. Access to a Record can be given if:
15.1.1. The Requester has complied with all the procedural requirements in PAIA.
15.1.2. The request is properly made on the prescribed form.
15.1.3. Proof of authority has been furnished if the Requester is making the request on behalf of another.
15.1.4. The Record requested is sufficiently described to enable the Information Officer to identify it.
15.1.5. The prescribed fees have been paid.
15.1.6. Access is not refused on one or more grounds of refusal specified in PAIA.
15.2. Access to a Record may be refused on grounds falling into the following categories:
15.2.1. Mandatory protection of the privacy of third parties who are natural persons; certain records of the South African Revenue Services; of research information of third parties, and protection of research information of a public body; of the commercial information of third parties; of confidential information and that of third parties; of safety of individuals, and protection of property; of protection of law enforcement and legal proceedings and of records privileged from production in legal proceedings.
15.2.2. Defence, security, and international relations of South Africa.
15.2.3. Economic interests and financial welfare of South Africa and the commercial activities of public bodies such as GTA.
15.2.4. Operations of public bodies such as GTA.
15.2.5. Manifestly frivolous or vexatious requests or substantial and unreasonable diversion of resources.
- 16. Available legal remedies in respect of an act or a failure to act by GTA
16.1. The Requester is encouraged to make a follow-up in writing with the Information Officer on any pending decision. GTA is a statutory body and not part of the departmental structure of the Gauteng Provincial Government. An internal appeal can therefore not be lodged against a decision of GTA’s Information Officer.
Complaint to Regulator
16.2. Because there is no internal appeal procedure, the Requester or Third Party who is dissatisfied with the decision of the Information Officer, may submit a complaint directly to the Regulator within 180 days of receipt of the decision from GTA.
16.3. The complaint to the Regulator must be lodged in terms of the newly inserted section 77A of PAIA (as amended by section 110 of POPIA), in writing on a complaint form downloaded from the Regulator’s website.
16.3.1. If the Regulator decides not to take any further action on the complaint, the Regulator will inform the Requester of that decision and the reasons for not taking further action on the complaint.
16.3.2. If the Regulator decides to investigate a complaint, the Requester will receive a letter advising that the Regulator has decided to investigate the complaint.
16.3.3. Upon receipt of a compliant, the Regulator will forward the details of the complaint to the Information Oﬃcer of GTA and request the Information Oﬃcer to submit a written response to the complaint to the Regulator.
Application to Court
16.4. A Requester or Third Party who has exhausted the complaints procedure to the Regulator (referred to in section 77A) and is aggrieved by the decision of the Regulator, may within 180 days of the Regulator’s decision apply to a Court for relief in terms of section 82 (noting that GTA may similarly apply to Court if it is aggrieved by the Regulator’s decision).
16.5. However, Requester may apply directly to Court if it is aggrieved by the decision:
16.5.1. of GTA to refuse a request for access.
16.5.2. taken regarding the payment of a request fee, an access fee, or a deposit on an access fee.
16.5.3. taken regarding access being granted in a different form than requested.
16.6. Similarly, a Third Party may apply directly to a Court on the following grounds:
16.6.1. A decision of the Information Officer to grant or refuse a request for access.
16.6.2. A decision regarding payment of a Request Fee, Access Fee (including a deposit).
16.6.3. A decision taken regarding access being granted in a different form than requested.
16.7. Whilst a Requester or Third Party is in certain circumstances not compelled to approach the Regulator before approaching the Court, it is advisable that one should consider approaching the Regulator, as the Regulator has extensive and quick dispute resolution mechanisms, as opposed to the Court.
Complaints to the Public Protector
16.8. In terms of section 91 of PAIA, which amended section 6(4)(d) of the Public Protector Act, the Public Protector is competent to investigate on his or her initiative or on receipt of a complaint or on request relating to the operation or administration of PAIA, endeavour, in Public Protector’s sole discretion, to resolve any dispute by mediation, conciliation or negotiation, and advising any complainant on appropriate remedies or by any other means.
- 17. Fees payable
17.1. Access and Request Fees for Records of public body are payable per the current Regulations4.
Value-Added Tax is only payable by institutions who have registered as VAT in terms of section
23 of the Value-Added Tax Act (89 of 1991).
- 18. Guide on how to use PAIA
18.1. The Regulator has made available a Guide on how to exercise any right contemplated in PAIA
and POPIA. Electronic copies of the Guide are available from GTA or the Regulator and from the Regulator website at https://inforegulator.org.za/paia-guidelines.
18.2. The contact details of the Regulator are:
Street address: JD House, 27 Stiemens Street, Braamfontein, 2001. Postal address: PO Box 31533, Braamfontein, 2017.
Email address: firstname.lastname@example.org. Telephone: (27) 10 023 5200 / 41 / 42.
4 GNR 757 in Government Gazette 45057 dated 27 August 2021. Commencement date: 27 August 2021 available from the
Regulator at https://inforegulator.org.za/acts/.
PROTECTION OF PERSONAL INFORMATION
- 19. GTA’s POPIA obligations
19.1. GTA requires Personal Information relating to both individual and juristic Persons to carry out its statutory and organisational functions. POPIA requires GTA to inform Persons of the way their Personal Information is used, disclosed, and destroyed. The way in which this information is processed and the purpose for which it is processed is determined by GTA. GTA is therefore a Responsible Party for the purposes of POPIA and will ensure that the Personal Information of a Data Subject is:
19.1.1. Processed lawfully, fairly, and transparently including the provision of appropriate information to Data Subjects when their data is collected by GTA in the form of privacy or data collection notices. GTA must also have a legal basis (for example, consent) to process Personal Information.
19.1.2. Processed only for the purposes for which it was collected and will not be processed for a secondary purpose unless that processing is compatible with the original purpose.
19.1.3. Adequate, relevant, and not excessive for the purposes for which it was collected, is accurate and kept up to date (where reasonably possible) and will not be kept for longer than necessary.
19.1.4. Processed in accordance with integrity and confidentiality principles including measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, used, and communicated to protect against access and acquisition by unauthorised persons and accidental loss, destruction or damage.
19.1.5. Processed in accordance with the applicable rights of Data Subjects.
19.2. GTA reiterates its commitment to protecting its client’s privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws.
- 20. Rights of Data Subjects and (further) Processing limitations
20.1. Data Subjects have the right to:
20.1.1. Be notified that their Personal Information is being collected. The Data Subject also has the right to be notified in the event of an unauthorised data breach.
20.1.2. Know whether GTA holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Manual.
20.1.3. Request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained personal information.
20.1.4. Object to GTA’s use of their Personal Information and request the deletion of such Personal Information (deletion would be subject to GTA’s record keeping requirements).
20.1.5. Object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications.
20.1.6. Lodge a complaint with the Regulator regarding an alleged infringement of any of the rights protected under POPI and to institute civil proceedings regarding the alleged non-compliance with the protection of the Data Subject’s Personal Information.
- 21. Purpose and Manner of Processing
21.1. GTA uses the Personal Information of Data Subjects collected for purposes of its lawful and legitimate daily business operations, staff administration, keeping of financial and other accounts and records, facilitating programmes and projects, and complying with / given effect relevant legislation and its statutory mandates.
21.2. Information is collected, amongst others, through GTA’s employment practices, supply chain management and other mandated processes, GTA’s website, social media platforms, trade partnerships, tourism route development, (in)formal stakeholder engagement, industry audits, surveys and various tourism related data-basis compiled and/or maintained by either GTA, government or industry bodies.
21.3. GTA may also collect Cookies – alphanumeric identifiers that GTA transfers to a Data Subject’s computer’s hard drive through a web browser to enable GTA’s systems to recognise the browser and to automatically collect information such as IP addresses and other details about your computer which are automatically collected by GTA’s web server, operating system, and browser type, for system administration and to report aggregate information to us. This is statistical data about our users’ browsing actions and patterns and does not necessarily identify any individual.
21.4. GTA may disclose a Data Subject’s Personal Information for legitimate and lawful reporting purposes including to regulatory authorities, GTA’s governance structures, the Gauteng Provincial Government, and the Auditor-General of South Africa. GTA may also disclose Personal Information to service providers who render the services in relation to the capturing and organising of data, storing of data, conducting due diligence checks, employment
verification and recruitment, making travel arrangements, medical aid funds, retirement funds and/ or other trustees.
- 22. Cross-border transfer of information
22.1. GTA may need to transfer Personal Information to another country for processing or storage.
If GTA does transfer your Personal Information to third parties outside of South Africa, GTA will ensure that the recipient is subject to a law, corporate rules or binding agreement which provide an adequate level of protection.
- 23. Information Security Measures
23.1. GTA will take reasonable and appropriate technical and organisational measures to protect Personal Information from destruction, misuse, or unauthorised alteration. These measures may include firewalls, secured access, virus protection, physical controls of persons, and transmission controls.
- 24. Requesting access your Personal Information
24.1. Data Subjects who want to know if GTA holds their Personal Information may make a request on the prescribed form available from the Regulator. GTA will provide this information free of charge.
24.2. A Data Subject may request the record or a description of the Personal Information about you including information about the identity of all third parties, who have, or have had, access to the information.
24.3. Upon receipt of a request from a Data Subject, GTA will provide a written estimate of the fees to process the request. If the request is granted, the Data Subject will be required to pay the fee before GTA provides the Record or description.
- 25. Objecting to GTA processing Personal Information
25.1. A Data Subject has the right to object to GTA processing its Personal Information if it is not processed on the basis that it protects your legitimate interest, it is necessary for the proper performance of a law or duty, or processing it is necessary for pursuing our legitimate interests or of a third party to whom we supply the information to; or, if GTA Processes the Personal Information for purposes of direct marketing.
25.2. To lodge such an objection, Requesters must use Form 1 available from the Regulator’s
- 26. Requests to correct or delete Personal Information
26.1. A Data Subject has the right to request GTA to correct or delete Personal Information in its possession that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully; or destroy or delete a record of Personal Information about you that we are no longer authorised to retain.
26.2. Upon receipt of the request GTA will as soon as reasonably possible correct or destroy or delete the information or provide the Requester with credible evidence in support of the information.
26.3. Should GTA and the Requester not reach agreement in terms of correcting the Personal Information, the Data Subject may request that GTA appends a note indicating that the Data Subject has requested the correction of Personal Information, but it has not been made.
26.4. To make this request, Requesters must use Form 2 available from the Regulator’s website.
- 27. Lodging a POPIA complaint
27.1. Data Subjects aggrieved with GTA’s processing of their Personal Information or who are of the belief that GTA is unlawfully interfering with the protection of a Data Subject’s Personal Information may lodge a complaint with the Regulator on Form 5 available from the Regulator’s website.