PAIA Manual

Registration Number: 2013/150140/07

PAIA Manual

This manual has been prepared in terms of the section 51 of the Promotion of Access to Information Act 2/2000 and to address the requirements of the Protection of Personal Information Act 4/2014.

Date Compiled: 30 June 2021

Date Updated: 30 June 2021

1. Definitions

“Client” - refers to any natural or juristic person that received or receives services from the Company;

“The Company” - shall mean REF CNAME \h \* MERGEFORMAT Error! Reference source not found.;

“Conditions for Lawful Processing” - the conditions for the lawful processing of Personal Information as fully set out in chapter 3 of POPI and in paragraph 11 of this Manual;

“Data Subject” - as ascribed thereto in section 1 of POPI;

“Information Officer” - the duly authorised Head as defined in section 1 of PAIA;

“Manual” - this manual prepared in accordance with section 51 of PAIA and regulation 4(1) (d) of the POPI Regulations;

“PAIA” - the Promotion of Access to Information Act 2 of 2000;

“Personal Information” - as ascribed thereto in section 1 of POPI;

“Personnel” - any person who works for, or provides services to or on behalf of the Company, and receives or is entitled to receive remuneration and any other person who assists in carrying out or conducting the business of the Company, which includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff as well as contract workers;

“POPI” - the Protection of Personal Information Act 4 of 2013;

“POPI Regulations”- the regulations promulgated in terms of section 112(2) of POPI;

“Private Body” - as ascribed thereto in sections 1 of both PAIA and POPI;

“Processing” - as ascribed thereto in section 1 of POPI;

“Requestor” – as ascribed thereto in section 1 of PAIA;

“Request for Access” - as ascribed thereto in section 1 of PAIA;

“SAHRC” - the South African Human Rights Commission;

Any other terms not described herein will have the meaning as ascribed to it in terms of PAIA or POPI.

2. Introduction

• For the purpose of POPI and PAIA, the Company is defined as a private body. In accordance with the Company’s obligations in terms of POPI and PAIA, the Company has produced this manual.

• This manual sets out all information required by both PAIA and POPI.

• This manual also deals with how requests are to be made in terms of PAIA.

• This manual also establishes how compliance with POPI is to be achieved.

3. Contact Details

Business Name	Steve Madden (Pty) Ltd.
Registration Number	2013/150140/07
Registered Office	Steve Madden South Africa, Head Office 3^rd Floor West Tower, Canal Walk Shopping Centre Century Boulevard, Century City, Cape Town, 7441
Postal Address	Postnet Suite 1023, Private Bag X18, Milnerton, 7436
Contact Number	021 013 4234
Email Address	davin@stevemaddensa.co.za
Director(s)	Davin Berrill
Information Officer
Name	Davin Berrill
Postal Address	Postnet Suite 1023, Private Bag X18, Milnerton, 7436
Contact Number	082 323 0446 / 021 013 4233
Email Address	davin@stevemaddensa.co.za
Deputy Information Officer
Name	Lana Kleynhans
Postal Address	Postnet Suite 1023, Private Bag X18, Milnerton, 7436
Contact Number	068 061 3235 / 021 013 4234
Email Address	lana@stevemaddensa.co.za

Background information of the Company can be found at www.stevemadden.co.za.

4. Guider of SAHRC

• A guide to PAIA has been published pursuant to section 10 of PAIA

• The guide contains information required by an individual who may wish to exercise their rights in terms of PAIA

• Should you wish to access the guide you may contact the SAHRC at the following details:

PAIA UNIT

Postal Address: Private Bag 2700, Houghton, 2041.

Telephone: (011) 877 3600

Facsimile: (011) 403 0625

Website: http://www.sahrc.org.za

Email: "mailto:PAIA@sahrc.org.za" PAIA@sahrc.org.za

5. Latest Notices in Terms of Section 52(2) of PAIA

At this stage no Notice(s) has / have been published on the categories of records that are available without having to request access to them in terms of PAIA.

6. Availability and Publication of Certain Records in Terms of PAIA

6.1. The Company hold and/or process the following records for the purposes of PAIA and POPI.

Information pertaining to products and/or services	Freely available on website at www.forevernew.co.za
Employment Contracts	On request in terms of PAIA
Personal records provided by personal and third parties	On request in terms of PAIA
Internal records, including internal evaluation of personal	On request in terms of PAIA
Correspondence relation to personal	On request in terms of PAIA
Training of personal	On request in terms of PAIA
Records relating to the Company’s clients	On request in terms of PAIA
Records generated by the Company for its clients	On request in terms of PAIA
Operational records	On request in terms of PAIA
Database	On request in terms of PAIA
Information technology	On request in terms of PAIA
Marketing records	On request in terms of PAIA
Internal Correspondence	On request in terms of PAIA
Internal Policies	On request in terms of PAIA
Financial records	On request in terms of PAIA
Trade Secrets	On request in terms of PAIA
Domain Name Registrations	On request in terms of PAIA
Tradename Registrations	On request in terms of PAIA
Trademark Registrations	On request in terms of PAIA
Company Documentation	On request in terms of PAIA
Agreements With Suppliers	On request in terms of PAIA
Supplier Agreements	On request in terms of PAIA
Customer Agreements	On request in terms of PAIA
Website Information	On request in terms of PAIA

6.2. Information is available in terms of the following legislation, if and where applicable:

1. Basic Conditions of Employment Act, No. 75 of 1997

2. Companies Act, No. 71 of 2008

3. Compensation for Occupational Injuries and Diseases Act, No. 130 of 1993

4. Competition Act, No. 89 of 1998

5. Constitution of the Republic of South Africa Act, No. 108 of 1996

6. Credit Agreement Act, No. 75 of 1980

7. The Criminal Procedure Act, No. 51 of 1977

8. Debt Collectors Act, No. 114 of 1998

9. Deed Registries Act, No. 47 of 1937

10. Employment Equity Act, No. 55 of 1998

11. Financial Intelligence Centre Act, No. 38 of 2001

12. Identification Act, No. 68 of 1997

13. National Credit Act, No. 34 of 2005

14. Insolvency Act, No. 24 of 1936

15. Inspection of Financial Institutions Act, No. 18 of 1998

16. The Labour Relations Act, No. 66 of 1995

17. The Long Term Insurance Act, No. 52 of 1998

18. Pension Funds Act, No. 24 of 1956

19. Short Term Insurance Act, No. 53 of 1998

20. Skills Development Levies Act, No. 9 of 1999

21. Unemployment Insurance Act, No. 63 of 2001

22. Unit Trust Control Act, No. 54 of 1981

23. Value Added Tax Act, No. 89 of 1991

24. Electronic Communication and Transactions Act, No. 25 of 2002

25. Financial Advisory and Intermediary Service Act, No. 37 of 2002

26. Patents, Designs and Copyright Merchandise Marks Act, No. 17 of 1941

27. Income Tax Act, No. 58 of 1962

28. Occupational Health and Safety Act No. 85 of 1993

29. Co-operatives Act No. 14 of 2005

30. Customs and Excise Act No. 91 of 1964

31. Insider Trading Act No. 135 of 1998

32. Prevention of Organised Crime Act No. 121 of 1998

33. Road Transportation Act No. 74 of 1977

34. Stock Exchanges Control Act No. 54 of 1995

35. Transfer Duty Act No. 40 of 1949

36. Machinery and Occupational Safety Amendment Act No. 181 of 1993

37. National Payment Systems Act No. 78 of 1998

38. National Water Act No. 36 of 1998

39. Prescription Act No. 68 of 1969

40. Trademark Act No. 194 of 1993

41. Intellectual Property Laws Amendment Act No.38 of 1997

42. Financial Markets Act No. 19 of 2012

7. Registers and Records

7.1. Inspection of the company registers and records pertaining to:

1. Directors and officers

2. Interests of directors

3. Shareholders

4. Allotments

5. Minutes of meetings of members (only shareholders)

6. Licences and permits

7. Stock remedies and poisonous materials

8. Weapons and ammunition

9. Trademarks and commodity brochures and relevant information

10. Annual reports

11. Interim reports

8. Subjects and Records Held by the Company

8.1. Incorporation Documents

• The Company’s registration forms

8.2. Secretarial Records

• The shares register of the Company

• Shareholders' agreements of the Company, including pre-emption, option and nominee agreements

• Minutes of general meetings of the shareholders of the Company

• Register or list of directors of the Company

• Minute books of internal resolutions of the Company

• Power of attorney agreements and a list of persons authorised to bind the Company

• Statutory registers of the Company

8.3. Financial Records of the Company

• Accounting records, books and documents of the Company

• Interim and annual financial reports of the Company

• Details of the auditors of the Company

• Auditors' reports in respect of audits conducted on the Company

• Tax returns of the Company

• Other documents and agreements pertaining to tax

• Financial records of the Company

8.4. Human Resources / Employment Records

• List of employees

• Employee benefits

• Documents in respect of share incentive scheme or trust

• Information pertaining to share options, share incentives, bonus or profit-sharing agreements of each employee

• Arbitration orders and agreements

• Attendance registers at working stations and head office

• Any other information pertaining to employees of the Company

8.5. Pension and Provident Funds

• A manual regarding the processes and rules of the pension fund

• Lists of employees who belong to the respective funds

• Minutes of meetings of trustees

• Financial records of the pension and provident funds

8.6. Insurance Records

• Family insurance

• Group life insurance

• Spouse insurance

• Disability insurance

• Retirement insurance

8.7. Immovable and movable property

• Asset register

• Title deeds of any land owned by the Company

• Agreements for the lease or sale of land and/or other immovable property by the Company

• Agreements for the lease of movable property by the Company

• Mortgage bonds, liens, notarial bonds or security interests on property

• Other agreements for the purchase, ordinary sale, conditional sale, or hire of assets

8.8. Client agreements

• Agreements for the supply of production and/or trading credit

• Security agreements, deeds, guarantees, cession and bonds for credit

• Details of clients and correspondence

• Invoices, receipts, credit and debit notes

8.9. Miscellaneous agreements of the Company

• Suretyship agreements

• Agreements for the trading activities of the Company

• Agency, management and distribution agreements

• Agreements with suppliers of the Company

• Agreements with clients of the Company

• Credit facilities and letters of credit

8.10. Correspondence

• Correspondence with clients of the Company

9. Request Process

1. An individual who wishes to place a request must comply with all the procedures laid down in PAIA. The requester must complete the prescribed form, which is attached hereto as annexure “A”. The prescribed form must be submitted as well as payment of a request fee and a deposit, if applicable to the information officer at the postal or physical address, fax number or electronic mail as is stated herein.

2. The prescribed form must be completed with enough particularity to enable the information officer to determine:

• The record(s) requested

• The identity of the requestor

• What form of access is required

• The Postal address or fax number of the requestor

3. The requestor must state that the records are required for the requestor to exercise or protect a right, and clearly state what the nature of the right is so to be exercised or protected. An explanation of why the records requested is required to exercise or protect the right.

4. The request for access will be dealt with within 30 days from date of receipt, unless the requestor has set out special grounds that satisfy the information officer that the request be dealt with sooner.

5. The period of 30 days may be extended by not more than 30 additional days, if the request is for a large quantity of information, or the request requires a search for information held at another office of the Company and the information cannot be reasonably obtained within 30 days. The information officer will notify the requestor in writing should an extension be necessary.

6. The requestor will be informed in writing whether access to the records have been granted or denied. If the requestor requires a reason for the decision the request must be expressed in the prescribed form, the requestor must be further stated what particulars of the reasoning the requestor requires.

7. If a requestor has requested the records on another individual’s behalf, the requestor must submit proof of the capacity the requestor submits the request in, to the satisfaction of the information officer.

8. If the requestor is unable to complete the prescribed form due to illiteracy or disability, the requestor may request it orally from the information officer.

10. Grounds for Refusal

The following are grounds upon which the Company may, subject to the exceptions in Chapter 4 of PAIA, refuse a request for access in accordance with Chapter 4 of PAIA:

• Mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable

• Mandatory protection of the commercial information of a third party, if the Records contain:

> Trade secrets of that third party

> Financial, commercial, scientific or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third party; and/or

> Information disclosed in confidence by a third party to The Company, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition

• Mandatory protection of confidential information of third parties if it is protected in terms of any agreement

• Mandatory protection of the safety of individuals and the protection of property

• Mandatory protection of Records that would be regarded as privileged in legal proceedings

• Protection of the commercial information of the Company, which may include:

> Trade secrets

> Financial/commercial, scientific or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of the Company

> Information which, if disclosed, could put the Company at a disadvantage in contractual or other negotiations or prejudice the Company in commercial competition; and/or

> Computer programs which are owned by the Company, and which are protected by copyright and intellectual property laws

• Research information of the Company or a third party, if such disclosure would place the research or the researcher at a serious disadvantage

• Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.

11. Remedies Should a Request be Refused

• The Company does not have an internal appeal procedure considering a denial of a request, decisions made by the information officer is final

• The requestor may in accordance with sections 56(3) (c) and 78 of PAIA, apply to a court for relief within 180 days of notification of the decision for appropriate relief

12. Fees

1. The fee for a copy of the manual as contemplated in regulation 9(2)(c) is R1,10 for every photocopy of an A4-size page or part thereof.

2. The fees for reproduction referred to in regulation 11(1) are as follows:

• For every photocopy of an A4-sized page or part thereof: R1,10

• For every printed copy of an A4-sized page or part thereof held on a computer or in electronic or machine-readable form: R0,75

• For a copy in a computer-readable form on:

> stiffy disc R7,50

> compact disc R70,00

• For visual images:

> a transcription of visual images, for an A4-size page or part thereof R40,00

> for a copy of visual images R60,00

• For an audio record:

> for a transcription of an audio record, for an A4-size page or part thereof R20,00

> for a copy on an audio record R30,00

3. The request fee payable by a requester, other than a personal requester, referred to in regulation 11(2) is R50,00.

4. The access fees payable by a requester referred to in regulation 11(3) are as follows:

• Fees are:

> For every photocopy of an A4-size page or part thereof R1,10

> For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine-readable form R0,75

> For a copy in a computer-readable form on:

○ stiffy disc R7,50

○ compact disc R70,00

> For a transcription of visual images:

○ for an A4-sized page or part thereof R40,00

○ for a copy of visual images R60,00

> For a transcription of an audio record:

○ For an A4-size page or part thereof R20,00

○ For a copy of an audio record R30,00

> To search for and prepare the record for disclosure, R30,00 for each hour or part of an hour reasonably required for such search and preparation.

• For purposes of section 54(2) of the Act, the following applies:

> six hours as the hours to be exceeded before a deposit is payable; and

> one third of the access fee is payable as a deposit by the requester

• The actual postage is payable when a copy of a record must be posted to a requester

13. POPI

1.Conditions For Lawful Processing

• POPI has eight conditions for lawful processing and include:

> Accountability

> Processing limitation

> Purpose specification

> Further processing limitation

> Information quality

> Openness

> Security safeguards

> Data subject participation

• The Company is involved in the following types of processing:

> Collection

> Recording

> Organisation

> Structuring

> Storage

> Adaptation or alteration

> Retrieval

> Consultation

> Use

> Disclosure by transmission

> Dissemination or otherwise making available

> Alignment or combination

> Restriction

> Erasure

> Destruction

• The Company processes information for the following purposes:

> to provide services to its Clients in accordance with terms agreed to by the Clients

> to undertake activities related to the provision of services, such as

○ to fulfil domestic legal, regulatory and compliance requirements

○ to verify the identity of Customer representatives who contact the Company or may be contacted by The Company

○ for risk assessment, information security management, statistical, trend analysis and planning purposes

○ to monitor and record calls and electronic communications with the Client for quality, training, investigation and fraud prevention purposes

○ to enforce or defend the Company or the Company affiliates’ rights

○ to manage the Company’s relationship with its clients, which may include providing information to its clients and its clients affiliates about the Company’s and the Company affiliates’ products and services

> the purposes related to any authorised disclosure made in terms of agreement, law or regulation

> any additional purposes expressly authorised by The Company’s client

> any additional purposes as may be notified to the Client or Data Subjects in any notice provided by the Company

2. The Company Processes Personal Information the Following Categories of Data Subjects:

• Juristic persons:

> Corporate clients

> Suppliers

• Natural persons:

> Individuals

> Staff

> Clients

> Suppliers

3. The Company Process the Following Categories Personal Information:

• Client profile information

• Bank account details

• Payment information

• Client representatives

• Names

• Email Addresses

• Telephone numbers

• Facsimile numbers

• Physical addresses

• Tax numbers

• Identity Numbers

• Passport Numbers

4. Recipients of Personal Information:

• The Company, the Company’s affiliates, their respective representatives

5. When making authorised disclosures or transfers of personal information in terms of Section 72 of POPI, personal information may be disclosed to recipients in countries that do not have the same level of protection for personal information as South Africa does.

6. The following Security measures are implemented by the Company:

• The Company implements numerous Security measures to protect personal information that is stored electronically and physically.

> All authorised company users are password protected and secured

> Confidential information remains within the control of Steve Madden

> Internal IT assess the personal computer, laptop, mobile device or server prior to connecting the device to the corporate network, to ensure it includes all the requirements as per the Minimum Access Policy

> Authorised company users are responsible for preventing access to Steve Madden computer resources or data by non-authorised users

> All physical documentation and files are stored in a lockable cabinet or room, with access to only selected authorised personnel

> Adequate backup and system recovery practices, processes and procedures are followed

> Physical security measurement to protect Steve Madden resources from unauthorized physical access and the risks associated with environmental threats and hazards

> Standards for the base configuration of internal server equipment that is owned and operated by Steve Madden

• The Company have also implemented various policies for additional security.

> Password Policy

> Minimum Access Policy

> Acceptable Use Policy

> Backup and Restore Policy

> Physical Security Policy

> Server Policy

• The personal information that is stored physically is protected as follows:

> Where physical records of the data exist, such records will be stored in a secure area that can be ‘locked-away’ as to avoid a breach of the personal information.

> Such physical data records will be ‘locked-away’ and secured when not in use.

7. The Company may share personal information with third parties and in certain instances this may result in cross border flow of the personal information. The personal information will always be subject to protection, not less than the protection it is afforded under the Protection of Personal Information Act No.4 of 2013.

8. Objection to the processing of personal information by a data subject:

• Section 11(3) of POPI and regulation 2 of the POPI regulations provides that a data subject may, at any time object to the processing of their personal information in the prescribed form attached to this manual as annexure “B”.

9. Request for correction or deletion of personal information:

• Section 24 of POPI and regulation 3 of the POPI regulations provides that a data subject may request for their personal information to be corrected and/or deleted in the prescribed form attached hereto as annexure “C”.

Information Officer Name: Davin Berrill

Signature: