ITC INFOTECH INDIA LIMITED (INCORPORATED IN INDIA) (Registration number: 2009/017294/10) 
MANUAL ISSUED IN TERMS OF:
SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT 2 OF 2000
(PAIA) READ WITH THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013 (POPIA)

 

CONTENTS 

  1. Introduction  
  2. Contact details  
  3. Guide on how to use PAIA 
  4. Records available in terms of any other legislation 
  5. Access to records  
  6. The request procedure and fees 
  7. Other information as may be prescribed 
  8. Availability of the Manual 
  9. Acknowledgment

 

1. Introduction

This Manual (the Manual) has been compiled in accordance with the requirements of PAIA, read with the relevant sections of POPIA.

ITC Infotech India Limited (Incorporated in India) (the Company) is a private body as defined in PAIA, and this Manual contains the information specified in section 51 of PAIA, which is applicable to such a private body.

ITC Infotech is a leading global technology services and solutions provider, led by Business and Technology Consulting. ITC Infotech provides business-friendly solutions to help clients succeed and be future-ready, by seamlessly bringing together digital expertise, strong industry specific alliances and the unique ability to leverage deep domain expertise from ITC Group businesses. The Company provides technology solutions and services to enterprises across industries such as Banking & Financial Services, Healthcare, Manufacturing, Consumer Goods, Travel and Hospitality, through a combination of traditional and newer business models, as a long-term sustainable partner.

ITC Infotech is a wholly owned subsidiary of ITC Ltd. ITC is one of India’s leading private sector companies and a diversified conglomerate with businesses spanning Consumer Goods, Hotels, Paperboards and Packaging, Agri Business and Information Technology.

A copy of the Manual will be made available to the Information Regulator, upon request, and will be published on the Company’s website. The Manual will be updated on a regular basis in accordance with the requirements of section 51(2) of PAIA.

2. Contact Details

In accordance with his letter of authorisation dated 28 Sep,2022, Reetesh Agarwal is regarded as the head of the Company for purposes of PAIA, as well as the Company’s information officer for purposes of POPIA.

In addition, Saurabh Singh has been designated as deputy information officer for purposes of PAIA and POPIA (referred to as Deputy Information Officer or DIO).

The contact details of the information officers are as follows:

Information Officer:

Telephone: +91 80 22988848
Email: reetesh.agarwal@itcinfotech.com, DPO@itcinfotech.com

Deputy Information Officer (DIO):

Telephone:  +27-763185395
Email: saurabh.singh@itcinfotech.com, DPO@itcinfotech.com

Physical and Postal address:

Center 36, Regus Sandton,
2nd floor West Tower, Nelson Mandela Square,
Maude Street, Sandton,
Johannesburg, 2196,
South Africa

3. Guide on how to use PAIA

3.1  PAIA grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights. If a public body lodges a request for information from the Company, the public body must be acting in the public interest. Requests in terms of PAIA shall be made in accordance with the prescribed procedures, at the rates provided.

3.2  The Regulator has, in terms of section 10(1) of PAIA, updated and made available the

revised guide on how to use PAIA (the Guide), in an easily and comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.

3.3 The Guide is available in each of the official languages and in braille.

3.4 The Guide contains a description of –

3.4.1 the objects of PAIA and POPIA;

3.4.2 the postal and street address, phone and fax number and, if available, electronic mail address of-

3.4.2.1 the information officer of every public body, and

3.4.2.2 every deputy information officer of every public and private body designated in terms of section 17(1) of PAIA and section 56 of POPIA;

3.4.3 the manner and form of a request for-

3.4.3.1  access to a record of a public body contemplated in section 11 of PAIA; and

3.4.3.2 access to a record of a private body contemplated in section 50 of PAIA;

3.4.4 the assistance available from the information officer of a public body in terms of PAIA and POPIA;

3.4.5 the assistance available from the Regulator in terms of PAIA and POPIA;

3.4.6 all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging-

3.4.6.1 an internal appeal;

3.4.6.2 a complaint to the Regulator; and

3.4.6.3  an application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body;

3.4.7 the provisions of sections 14 and 51 of PAIA requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual;

3.4.8 the provisions of sections 15 and 52 of PAIA providing for the voluntary disclosure of categories of records by a public body and private body, respectively;

3.4.9  the notices issued in terms of sections 22 and 54 of PAIA regarding fees to be paid in relation to requests for access; and

3.4.10  the regulations made in terms of section 92 of PAIA.

3.5 Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.

3.6  The Guide can also be obtained-

3.6.1  upon request to the Information Officer of the Company;

3.6.2  from the website of the Information Regulator (https://inforegulator.org.za/).

3.7 A copy of the Guide is also available in the following two official languages, for public inspection during normal office hours-

3.7.1 English and IsiZulu.   

3.8 The contact details for the Information Regulator are (at present) as follows:

The Information Regulator (South Africa)

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Postal Address: P.O Box 31533, Braamfontein, Johannesburg, 2017

Telephone number: +27 (0)10 023-5200 / +27 (0)82 746-4173

Website: https://inforegulator.org.za/

E-mail: enquiries@inforegulator.org.za

4. Records available in terms of any other legislation

4.1  The Company holds details of its own registration, together with information pertaining to its directors and shareholders and other corporate information required to be retained in terms of the Companies Act, 2008.

4.2 It holds information relating to its tax affairs in terms of the Income Tax Act, 1962 (the ITA), the Tax Administration Act, 2011, the Value Added Tax Act, 1991 as well as the Unemployment Insurance Contributions Act, 2002 and the Skills Development Levies Act, 1999.

4.3  The Company holds information pertaining to its employees as required in terms of applicable employment and other relevant legislation including the Basic Conditions of Employment Act, 1997, the Labour Relations Act, 1995, the Employment Equity Act, 1998, the Occupational Health and Safety Act, 1993, the Compensation for Occupational Injuries and Diseases Act, 1993, the Immigration Act, 2002 and the ITA.

5. Access to records

5.1  For purposes of facilitating a request in terms of PAIA, the information below includes a description of the subjects on which the Company holds records and the categories into which these fall. This information is not exhaustive and may be amended from time to time.

5.2  Certain records are available without having to be requested in terms of the request procedures set out in PAIA and detailed in paragraph 6 of the Manual below.

5.3  Subject to the provisions of PAIA, information may be inspected, collected, purchased or copied at the offices of the Company and, unless the records are available on the Company’s website, an appointment to view the records will have to be made with the information officer or the deputy information officer.

5.4 Categories of records of the Company which are available to a person without having to request access in terms of PAIA:

Category Description Format Retention period
Information in the public domain Incorporation documents Hard copy and electronic copy Indefinite
Annual reports Hard copy and electronic copy 8 years
Audited financial statements Hard copy and electronic copy 8 years
Public statements and communications Hard copy and electronic copy Indefinite
General information pertaining to the Company and information regarding the services rendered Hard copy and electronic copy Indefinite

5.5 The records listed below, which need to be requested in terms of PAIA and/or POPIA, will not in all instances be provided to a requester. In other words, the records held under the various subjects are not automatically available and access to them is subject to the nature of the information contained in the record, as well as the grounds of refusal as set out in PAIA that may be applicable to a request for such records. (See also paragraph 6.1.6 below.)  The procedure in terms of which such records may be requested from the Company is set out in paragraph 6.1 below.

5.6 Categories of records that may be requested in terms of PAIA and/or POPIA:

Subjects on which the body holds records Category / description of record Format Retention period
Finance and administration  Company registration records;

Bank account records;

Books and records of account and financial statements;

VAT, SITE and PAYE records;

Details of auditors;

Minutes of the meetings of the Company (non- confidential parts);

Minutes of staff meetings and/or management meetings.

 Hard copy and electronic copy Indefinite / as required in terms of applicable legislation / as required in terms of applicable contracts
Management Internal correspondence;

Policies, procedures, and codes;

Travel management and arrangements.

 Hard copy and electronic copy Indefinite / as required in terms of applicable legislation / as required in terms of applicable contracts
Human Resources Organisational information (organisational structure, etc.);  Personnel files;

Contracts, conditions of service and other agreements;

Statutory employee records;

Records of background checks (including qualification, credit and criminal record checks);

Immigration documentation;

Medical aid records;

Employee leave records;

Employee payments and benefits (statutory and contractual);

Correspondence with or about employees;

Performance management records;

Records of disciplinary hearings and findings incapacity and proceedings.

 Hard copy and electronic copy As required in terms of applicable legislation / contracts of employment
Relationships with third parties Service level agreements with providers;

Tender and bid documentation;

Licences and general conditions for conducting business.

 Hard copy and electronic copy Indefinite / as required in terms of applicable legislation / as required in terms of applicable contracts
Information technology Computer software;

Support and maintenance agreements;

Records regarding computer systems and programmes.

 Hard copy and electronic copy Indefinite / as required in terms of applicable legislation / as required in terms of applicable contracts
Property Lease agreements in respect of immoveable property;

Records regarding insurance in respect of movable or immoveable property.

 Hard copy and electronic copy Indefinite / as required in terms of applicable legislation / as required in terms of applicable

contracts
Legal Litigation;

Contracts and memoranda of understanding;

Regulatory permissions, licenses, and/or exemptions.

 Hard copy and electronic copy Indefinite / as required in terms of applicable legislation / as required in terms of applicable contracts

5.7   For purposes of POPIA:

5.7.1 For the purposes of facilitating a request for personal information, the information below includes details of the purpose of the processing of personal information by the Company, a description of the categories of data subjects and of the information or categories of information relating to data subjects held by the Company, the recipients or categories of recipients to whom personal information may be supplied, planned transborder flows of personal information, and a general description allowing a preliminary assessment of the suitability of the information security measures to be implemented by the Company to ensure the confidentiality, integrity and availability of the information which is to be processed.

5.7.2 In terms of POPIA, a requester to whom certain personal information relates may request the Company to confirm, free of charge, whether or not it holds personal information about that particular requester.

5.7.3 A requester may make a request that the Company provides the record or a description of the personal information about the requester which is held by it, including information about the identity of third parties, or categories of third parties, who have, or have had, access to the information. This request must be made within a reasonable time, in a reasonable manner, and format, at a fee, and in a form that is generally understandable.

5.7.4 Categories of data subjects and categories of personal information relating thereto:

Data subjects Categories of information
Applicants for employment Contact details

Educational qualifications

Recruitment records
Employees Human resources information (see above)
Dependents of employees Name and Contact Details

Identity numbers
Referees Contact details

Views or opinions provided about applicants for employment
Former employees Human resources information, as required to be retained post-termination of employment (see above)
Contractors / Vendors Contact details and banking details

Details of services rendered and fees paid
Visitors Name and contact details

5.7.5 Purposes of processing:

Data subject  category Broad description of purposes of processing
Applicants for employment;

 

 To carry out actions for the consideration of an application for employment;

To carry out actions necessary for the conclusion of an employment contract;

To ensure compliance with an obligation imposed by law on the Company;
To pursue the legitimate interests of the Company.
Employees To carry out actions necessary for the performance of the employment contract;

To ensure compliance with an obligation imposed by law on the Company;

To pursue the legitimate interests of the Company or a third party to whom the information is supplied.
Dependents of employees To carry out actions necessary for the performance of the employment contract;

To pursue the legitimate interests of the data subject and the Company
Referees To carry out actions for the consideration of an application for employment.
Former employees To ensure compliance with an obligation imposed by law on the Company;

To pursue the legitimate interests of the Company.
Contractors / Vendors To carry out actions necessary for the performance of the services contract;

To ensure compliance with an obligation imposed by law on the Company;

To pursue the legitimate interests of the Company or a third party to whom the information is supplied.
Visitors To pursue the legitimate interests of the Company.

5.7.6 Likely recipients:

Data subjects Likely recipients (including external third parties)
Applicants employment;  Employees;

Dependents employees;

Former employees

 Human resources department

Finance department

Recruitment department and agencies

The Group
Referees Human resources department

Recruitment department and agencies
Contractors providers / Service Human resources department

Finance department

The Group

5.7.7 Planned transborder flows of personal information:

Yes
The Company transfers personal information to other companies within the Group. In this regard, the Company transfers personal information to, and stores personal information at, its head offices in India.

5.7.8 General description of information security measures:

Technical measures Organisational measures
All laptops are password protected backed up with encryption. All electronic personal information is stored in a secured repository system with access control. Access to personal information is limited to relevant personnel. Limited personal information is retained in hard copy which is stored under lock and key with access control.

6. The request procedure

6.1 Form of request

6.1.1 A request for access to records held by the Company in terms of section 53 of PAIA must be made on a form that corresponds substantially with Form 2 of Annexure A to the Regulations Relating to the Promotion of Access to Information, 2021. A copy of the form can be downloaded from this link: Request for Access to Record Form. The request must be made to the information officer of the Company at the address, telefax number or e-mail address specified in paragraph 2 above.

6.1.2 The requester must provide sufficient detail on the prescribed form to enable the information officer of the Company to identify the record and the identity of the requester. The requester must submit details of the capacity in which the requester is making the request and indicate whether the request is made in their own name or on behalf of another person. Proof of identity of the requester must be attached to the request if it is in their own name. If a request is made on behalf of another person or entity, the requester must attach proof of authorisation to make the request.

6.1.3 The requester is also required to indicate what type of record s/he/it is requesting and what form of access to the relevant records is required. Additionally, the requester must provide her/his/its contact details and indicate what manner of access is requested.

6.1.4 The requester must provide particulars of the right to be exercised or protected and explain why the record requested is required for the exercise and protection of the aforementioned right.

6.1.5 For the purposes of Form 2, the requester must comply with all the procedural requirements in PAIA relating to a request for access to the relevant records.

6.1.6 The Company may, and must in certain instances, refuse access to records on any of the grounds set out in Chapter 4 of Part 3 of PAIA. These grounds include: that access would result in the unreasonable disclosure of personal information about a third party, that it is necessary to protect the commercial information of a third party or the Company itself, that it is necessary to protect the confidential information of a third party, that it is necessary to protect the safety of individuals or property, that a record constitutes privileged information for legal proceedings, or that it is necessary to protect the research information of a third party or the Company itself.

6.1.7 If all reasonable steps have been taken to find a record that a requester has requested, and there are reasonable grounds for believing that the record is in the Company’s possession but cannot be found, or it does not exist, then the information officer will, by way of an affidavit or affirmation, notify the requester that it is not possible to give access to that record.

6.1.8 The information officer must, if a request for access to a record is granted or refused, inform a requester of her/his decision and the fees payable. This must be done on a form that corresponds substantially with Form 3 of Annexure A to the Regulations. A request for a copy of the Guide may not be refused. If the requester wishes to be informed of the Company’s decision in another manner as well, this must be set out in the request and the relevant details included in order to allow the Company to inform the requester in the preferred manner.

6.1.9 The Company will make a decision in relation to a request for records within 30 days of receiving it, unless a third-party notification and intervention, as contemplated in Chapter 5 of PAIA, applies. This period may be extended in appropriate circumstances, in accordance with section 57 of PAIA.

6.2 Remedies for refusal to request for information

The Company does not have an internal appeal procedure. As such, the decision made by the information officer is final, and requestors will have to exercise such external remedies at their disposal if the request for information is refused, and the requestor is not satisfied with the answer supplied by the information officer.

7. Other information as may be prescribed

The amended Regulations published in terms of PAIA, under Government Notice R757 in Government Gazette 45057 of 27 August 2021, set out, among other things, the fees which may be charged by private bodies for the reproduction of records (provided in the table above).

8. Availability of the Manual

This Manual is available at the offices of the Company at the address set out in paragraph 2 above, as well as on the Company’s website ([www.itcinfotech.com]).

9. Acknowledgement

The Manual has been based on an original template supplied by the SAHRC and amended accordingly based on a template supplied by the Information Regulator.

To submit request through post, use the  form in the link: Request for Access to Record Form.

For official use only: Outcome of Request and of Fees Payable.