← Back to Home

PAIA Manual

Date of Compilation: 19/06/2026 · Version: 1.0

Prepared in accordance with Section 51 of the Promotion of Access to Information Act, 2 of 2000 ("PAIA") and incorporating requirements of the Protection of Personal Information Act, 4 of 2013 ("POPIA")

Manual of: Akani Maluks Holdings Group t/a Grab A Program

1. Definitions

In this Manual, unless the context indicates otherwise, the following words and expressions bear the meanings assigned to them:

"Company"means Akani Maluks Holdings Group (Registration number: 2026/134653/07), a private body as defined in PAIA, operating the business directory website Grab A Program.
"Conditions for Lawful Processing"means the eight conditions for the lawful processing of personal information as fully set out in Chapter 3 of POPIA.
"Constitution"means the Constitution of the Republic of South Africa, 1996.
"Customer"refers to any natural or juristic person that uses or has used the services of the Company, including business listing subscribers and website users.
"Data Subject"has the meaning ascribed thereto in Section 1 of POPIA.
"Head of the Private Body"means the Chief Executive Officer of Akani Maluks Holdings Group.
"Information Officer"means the natural person appointed as Information Officer in accordance with Section 55 of POPIA, as referred to in clause 4.
"Manual"means this manual prepared in accordance with Section 51 of PAIA and Regulation 4(1)(d) of the POPIA Regulations.
"PAIA"means the Promotion of Access to Information Act, No. 2 of 2000, as amended.
"Personal Information"has the meaning ascribed thereto in Section 1 of POPIA.
"Personnel"refers to any person who works for, or provides services to or on behalf of the Company, including without limitation directors, employees, consultants, contractors, and interns.
"POPIA"means the Protection of Personal Information Act, No. 4 of 2013, as amended.
"Private Body"has the meaning ascribed thereto in Section 1 of both PAIA and POPIA.
"Processing"has the meaning ascribed thereto in Section 1 of POPIA.
"Record"has the meaning ascribed thereto in Section 1 of PAIA and includes any recorded information regardless of form or medium, including personal information.
"Regulator"means the Information Regulator established in terms of Section 39 of POPIA.
"Requester"has the meaning ascribed thereto in Section 1 of PAIA – being any person (including a governmental body) requesting access to a record of the Company.
"Responsible Party"has the meaning ascribed thereto in Section 1 of POPIA – being the Company which determines the purpose of and means for processing personal information.
"SAHRC"means the South African Human Rights Commission.
"Website"means the Company's website located at www.grabaprogram.com.

2. Introduction and Legal Framework

2.1 Purpose of PAIA

The Promotion of Access to Information Act, No. 2 of 2000 ("PAIA") was enacted to give effect to the constitutional right of access to information contained in Section 32 of the Bill of Rights in the Constitution of the Republic of South Africa, 1996.

Section 32 provides that everyone has the right of access to any information held by the state, and any information held by another person that is required for the exercise or protection of any rights.

2.2 Purpose of POPIA

The Protection of Personal Information Act, No. 4 of 2013 ("POPIA") was enacted to give effect to the constitutional right to privacy contained in Section 14 of the Bill of Rights. POPIA safeguards personal information by regulating the manner in which it may be processed by public and private bodies.

2.3 Relationship Between PAIA and POPIA

Section 17 of POPIA requires a responsible party to maintain documentation of all processing operations under its responsibility. This documentation must be included in the PAIA manual required under Section 51 of PAIA. Accordingly, this Manual serves a dual purpose: (1) To comply with Section 51 of PAIA by providing information on the records held by the Company and the procedures for accessing such records; and (2) To comply with Section 17 of POPIA by documenting the Company's processing activities and providing transparency regarding how personal information is handled.

2.4 Legal Obligation to Maintain This Manual

In terms of Section 51 of PAIA, every private body is required to compile a manual providing information regarding the records it holds. No private body is exempt from this requirement. From 1 January 2022, all private bodies, regardless of size or turnover, must have a PAIA manual.

Failure to comply with PAIA constitutes a criminal offence and may result in the Information Officer being liable for a fine or imprisonment for a period not exceeding two years, and/or the Company being subject to enforcement notices and fines of up to R10 million.

3. Company Particulars and Contact Details

Company NameAkani Maluks Holdings Group
Trading NameGrab A Program
Registration Number2026/134653/07
Websitewww.grabaprogram.com
Physical AddressUnit No. 15 Cordoba Flats, No. 479 Johannes Ramokhaose Street, Arcadia, Pretoria, 0007
Postal AddressUnit No. 15 Cordoba Flats, No. 479 Johannes Ramokhaose Street, Arcadia, Pretoria, 0007
Email Addressmalulekeakani0@gmail.com
Telephone Number066 081 7402
Head of Private BodyAkani Maluleke – Chief Executive Officer

4. The Information Officer

In terms of Section 55 of POPIA, the head of a private body must appoint an Information Officer. The Information Officer is responsible for ensuring the Company's compliance with both PAIA and POPIA. The Company has appointed the following natural person as its Information Officer:

NameAkani Maluleke
TitleChief Executive Officer / Information Officer
Physical AddressUnit No. 15 Cordoba Flats, No. 479 Johannes Ramokhaose Street, Arcadia, Pretoria, 0007
Postal AddressUnit No. 15 Cordoba Flats, No. 479 Johannes Ramokhaose Street, Arcadia, Pretoria, 0007
Telephone Number066 081 7402
Email Addressmalulekeakani0@gmail.com

All requests for access to records must be directed to the Information Officer using the contact details above.

5. The South African Human Rights Commission Guide

In terms of Section 10 of PAIA, the South African Human Rights Commission ("SAHRC") has compiled a guide containing information required by a person wishing to exercise any right contemplated in PAIA. The guide is available in all official languages and can be obtained from the SAHRC at the following contact details:

Physical Address29 Princess of Wales Terrace, Corner York and St Andrews Street, Parktown, Johannesburg, 2193
Postal AddressPrivate Bag X2700, Houghton, 2041
Telephone Number011 877 3600
Websitewww.sahrc.org.za
Emailinfo@sahrc.org.za

6. Records Available in Terms of Other Legislation

The Company also holds records that are available to specific persons in terms of other legislation. The following is a list of legislation in terms of which the Company may hold records and provide access:

  • Basic Conditions of Employment Act, No. 75 of 1997
  • Companies Act, No. 71 of 2008
  • Compensation for Occupational Injuries and Diseases Act, No. 130 of 1993
  • Consumer Protection Act, No. 68 of 2008
  • Copyright Act, No. 98 of 1978
  • Electronic Communications and Transactions Act, No. 25 of 2002
  • Employment Equity Act, No. 55 of 1998
  • Income Tax Act, No. 58 of 1962
  • Labour Relations Act, No. 66 of 1995
  • National Credit Act, No. 34 of 2005
  • Skills Development Levies Act, No. 9 of 1999
  • Unemployment Insurance Act, No. 63 of 2001
  • Value-Added Tax Act, No. 89 of 1991

Note: This list is not exhaustive and is provided for guidance purposes only.

7. Categories of Records Held by the Company

7.1 Company Secretarial and Statutory Records

  • Founding statements (if applicable)
  • Memorandum of Incorporation
  • Minutes of meetings of directors and members
  • Resolutions passed
  • Statutory registers
  • Company policies and procedures

7.2 Financial Records

  • Annual financial statements
  • Accounting records
  • Bank statements and payment confirmations
  • Invoices and receipts
  • Tax returns and assessments
  • Asset registers
  • Budgets and forecasts
  • Audit reports

7.3 Personnel Records

  • Employment contracts
  • Personnel files
  • Payroll records
  • Leave records
  • Training records
  • Performance appraisals
  • Disciplinary records
  • Workplace policies acknowledged by employees
  • Pension fund and benefit information
  • Recruitment and selection records

7.4 Customer and Business Listing Records

  • Business listing information (business names, descriptions, contact details)
  • Customer registration forms
  • Subscription agreements and contracts
  • Payment history
  • Correspondence with customers
  • Support tickets and queries
  • Customer feedback and reviews

7.5 Website and Digital Platform Records

  • User account information
  • Website usage logs
  • IP addresses of visitors
  • Cookie consent records
  • Email subscriber lists
  • Newsletter distribution records
  • Social media interactions

7.6 Supplier and Service Provider Records

  • Supplier contracts and agreements
  • Service level agreements
  • Purchase orders
  • Supplier invoices
  • Correspondence with suppliers
  • Supplier due diligence records

7.7 Marketing and Promotional Records

  • Marketing strategies and plans
  • Promotional materials
  • Advertising records
  • Market research data
  • Competitor analysis
  • Branding materials

7.8 Information Technology Records

  • Software licenses
  • IT support logs
  • System access records
  • Cybersecurity incident reports
  • Backup logs
  • Database records
  • Website development documentation

7.9 Administrative and Operational Records

  • General correspondence
  • Insurance policies and claims
  • Office lease agreements
  • Asset maintenance records
  • Security records
  • Health and safety records

8. Particulars Regarding Processing of Personal Information Under POPIA

8.1 Categories of Data Subjects

CategoryDescription
CustomersIndividuals and businesses who use the Grab A Program directory services
PersonnelEmployees, directors, consultants, contractors, and interns
Suppliers and Service ProvidersNatural persons representing juristic entities that provide goods or services to the Company
Website VisitorsIndividuals who visit the Grab A Program website
Marketing RecipientsIndividuals who have subscribed to newsletters or marketing communications

8.2 Categories of Personal Information Processed

For Customers:

  • Contact details (name, surname, email address, phone number, physical address)
  • Business information (business name, registration number, business address)
  • Payment information (processed through third-party payment gateways)
  • Communication history
  • Website usage data

For Personnel:

  • Biographical information (name, surname, identity number, date of birth)
  • Contact details (address, phone number, email)
  • Employment history and qualifications
  • Financial information (banking details for payroll)
  • Medical information (where required for employment purposes)
  • Performance records

For Website Visitors:

  • IP addresses
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website addresses

8.3 Purpose of Processing

Personal information is processed for the following purposes:

  • Providing and managing business directory listings
  • Administering customer accounts and subscriptions
  • Processing payments and invoices
  • Communicating with customers regarding their listings
  • Marketing and promoting the Company's services (with consent)
  • Improving the website and user experience
  • Complying with legal and regulatory obligations
  • Managing employment relationships
  • Conducting business operations and administration

8.4 Recipients of Personal Information

The Company may share personal information with the following categories of recipients:

  • Service Providers: Third-party operators who provide services such as website hosting, payment processing, email distribution, and analytics
  • Professional Advisors: Lawyers, accountants, and consultants
  • Regulatory Authorities: Where required by law or to comply with legal processes
  • Business Partners: Where necessary for the operation of the directory service

8.5 Cross-Border Transfers

Where personal information is transferred to recipients outside of South Africa, the Company ensures that appropriate safeguards are in place, including transferring only to countries that provide adequate levels of protection, or concluding binding agreements with recipients to uphold the principles of POPIA.

8.6 Security Measures

The Company has implemented appropriate technical and organisational security measures to protect personal information. These measures include:

  • Secure Socket Layer (SSL) encryption for data transmission
  • Firewalls and intrusion detection systems
  • Access controls and authentication protocols
  • Regular security assessments
  • Staff training on data protection

8.7 Data Subject Rights Under POPIA

RightDescription
Right to AccessRequest confirmation of whether the Company holds personal information and request a copy thereof
Right to RectificationRequest correction or updating of inaccurate or incomplete personal information
Right to ErasureRequest deletion of personal information where no longer required for lawful purposes
Right to ObjectObject to the processing of personal information on reasonable grounds
Right to Withdraw ConsentWithdraw consent at any time where processing is based on consent
Right to Lodge a ComplaintLodge a complaint with the Information Regulator

To exercise these rights, data subjects must contact the Information Officer using the details in Section 4.