PAIA Manual 2024 - Elle Assist Pty Ltd

PAIA Manual prepared in terms of Section 51 for Elle Assist (Pty) Ltd (Company Registration number: 2019/543343/07), further to be referred to as "the Company". In terms of The Promotion of Access to Information Act 2 of 2000 (the "Act") as amended.

Download PDF

Date of review: 15/07/2024

1. Introduction

This manual is prepared in accordance with the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA). It serves to inform data subjects about the processes and policies for handling personal information by Elle Assist Pty Ltd.

ELLE ASISST (Pty) Ltd is a medical billing bureau company. We have built a reputation for providing medical practices with specialised expertise, tailored to provide our clients with sustainable value and an ongoing competitive advantage in the industry.

2. The Company

  • Company Name: Elle Assist (Pty) Ltd
  • Registration Number: Elle Assist: 2019/543343/07

3. Contact Details

Any person who wishes to request any information from the Company with the object of protecting or exercising a right may contact the Information Officer. The Information Officer has been duly authorised by the Company to deal with the matters in connection with requests for information in terms of the Promotion of Access to Information Act 2, of 2000.

The contact details are as follows:

Elle Assist (Pty) Ltd

  • Physical Address: Rosemary Forum, 356 Rosemary Street, Lynnwood, Pretoria, 0081
  • Postal Address: P.O. Box 35676, Menlopark Pretoria 0081
  • Telephone number: 0861 00 3553
  • Website: www.elle.health

4. Information Officer and Deputy Information Officer

(a) The Information Officer of the Company is:

Elle Assist Pty Ltd
Cindy Ludick    cindyl@elle.health

(b) The Deputy Information Officer of the Company is:

Elle Assist (Pty) Ltd
Angelique Vorster    angeliquev@elle.health

5. The Act, Reference to the Constitution and Purpose of the PAIA Manual

The promotion of Access to Information Act, 2000, as amended, (the "Act") gives third parties the right to approach public bodies to request information held by them, which is required in the exercise and/or protection of any rights. On request, the public body is obliged to release such information unless the Act expressly states that the records containing such information may or must not be released. This manual informs requestors of procedural and other requirements which a request must meet as prescribed by the Act, and further incorporates or addresses the requirements of the Protection of Personal Information Act, 2013 ("POPIA").

Reference to the Constitution

Section 32 of the Constitution of the Republic of South Africa, No. 108 of 1996 ("the Constitution") provides: S32(1) everyone has the right of access to -

  • a) Any information held by the state; and
  • b) Any information that is held by another person and that is required for the exercise or protection of any rights.

S32(2) National legislation must be enacted to give effect to this right, and may provide for reasonable measures to alleviate the administrative and financial burden on the state.

The Promotion of Access to Information Act, 2 of 2000 ("the Act"), was enacted on 3 February 2002 to give effect to section 32 of the constitution, that is giving effect to the constitutional right of access to any information held by the State and any information that is held by another person and that is required for the exercise or protection of any rights. Where a request is made in terms of this Act, the private or public body to which the request is made is obliged to release the information, except where the Act expressly provides that the information must not be released.

The Act sets out the requisite procedural issues attached to such request. The Act came into effect on 9 March 2001 with the exception of sections 10, 14, 16 and 51 which sections were brought into operation on 15 February 2002.

Purpose of the PAIA Manual

The purpose of PAIA is to promote the right of access to information, to foster a culture of transparency and accountability by giving the right to information that is required for the exercise or protection of any right and to actively promote a society in which the people of South Africa have effective access to information to enable them to exercise and protect their rights.

In order to promote effective governance of private bodies, it is necessary to ensure that everyone is empowered and educated to understand their rights in relation to public and private bodies.

Section 9 of the Act recognises that the right to access information cannot be unlimited and should be subject to justifiable limitations, including, but not limited to:

  • Limitations aimed at the reasonable protection of privacy;
  • Commercial confidentiality; and
  • Effective, efficient and good governance;
  • and in a manner which balances that right with any other rights, including such rights contained in the Bill of Rights in the Constitution.

This PAIA Manual complies with the requirements of guide mentioned in section 10 of the Act and recognises that upon commencement of the Protection of Personal Information Act 4 of 2013, that the appointed Information Regulator will be responsible to regulate compliance with the Act and its regulations by private and public bodies.

6. Personal Records Held by the Company

The Company processes the personal information of a variety of kinds of data subjects, for various reasons, including but not limited the following grouped according to records relating to the following subjects and categories:

  • Personal Employee Information, Employment and Payment records
    This includes but is not limited to UIF and PAYE/Demographic Information
  • Medical Practice and Practitioner
    Contact/ID/Banking details/Contract Details/ Demographic Information /Scheme Website credentials
  • Patient medical records and client practice
    Patient records, notes, results, prescriptions, referrals, billings to medical funders, receipts, VAT
  • Suppliers and Business Partners
    Contact/ID/Banking details/Contract Details/ Demographic Information

7. Operational Information Held by the Company

This information can be defined as information needed in the day-to-day running of the organization and is generally of little to no use to persons outside the organization. (Examples of such information are: internal telephone lists, address lists, company policies, contracts, employee records and general "house keeping" information).

  • Correspondence files
  • Tax files
  • Human resources files
  • Employment contracts;
  • Disciplinary records;
  • Salary records;
  • Disciplinary code;
  • Leave records;
  • Policies
  • Training records; and
  • Training Manuals
  • Financial records, including accounting records
  • Contracts & Agreements
  • Training Records

8. Processing of Personal Information / Purpose of Processing

The Company uses and stores the Personal Information under its care in the following ways for the purpose of:

  • Administration/Processing of claims to medical institutions.
  • Reconciling of accounts and follow-ups of outstanding monies
  • Keeping of accounts and records;
  • Employee administration;
  • Complying with tax laws and other applicable laws; and
  • Any other relevant administrative purposes in terms of any other law, code or standard.

Categories of Data Subjects and their Personal Information the Company may possess or possesses records relating to clients/practitioners, suppliers, contractors, service providers.

Data Subject Category Personal Information Processed
Natural Persons Names; contact details; physical and postal addresses; date of birth; ID number; Passport number; Tax related information; nationality; gender; confidential correspondence
Juristic Persons / Entities Names of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners
Contracted Service Providers Names of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners
Employees Gender; Marital Status; Ethnicity; Age; Home Language, Education information; Financial Information; Employment History; ID number; Physical and Postal address; Contact details; Opinions, Criminal behaviour; Well-being.

Categories of Recipients for Processing the Personal Information the Company may supply the Personal Information to service providers who render the following services:

  • Storing/hosting of data;
  • Sending of emails and other correspondence to clients;
  • Administration Assistance.

General Description of Information Security Measures: the Company employs up to date technology to ensure the confidentiality, integrity and availability of the Personal Information under its care. The Company may use alternative measures and adapt to technological security development, as needed, provided that the objectives are achieved.

Measures include but is not limited to:

  • Firewalls
  • Virus protection software and update protocols
  • Secure access control;
  • Secure setup of hardware and software making up the IT infrastructure;
  • Non-Disclosure Agreements

9. Access to Records & Procedure for Requesting Access to Information

Records held by the private body may be accessed on request only once the requirements for request for access have been met. A requester in terms of the Act means: (i) any person making a request to access the record of that private body; or a person acting on behalf of the person referred to in subparagraph (i).

To facilitate the processing of your request, please use the Form A included in this document.

The Act distinguishes between two types of requesters, however this Manual includes a third type of a requester:

(a) Personal Requester
A personal requester is a requester who is seeking access to a record the Company will provide the requested information, or give access to any record regarding the requested personal information. The prescribed fee for reproduction of the information requested will be charged as prescribed in the Act.

(b) Other Requester
This requester (other than a personal requester) is entitled to request access to information pertaining to third parties. However, the Company is not obliged to grant access prior to the requester fulfilling the requirements for access in terms of the Act and any other applicable law. The prescribed fee for reproduction of the information requested will be charged.

(c) Recognised and Pre-Approved Data Requester
3rd Party companies involved in the daily operating of the Company which whom the Company has signed an OPERATOR agreement with.

NB: The following procedure below does not apply to the Recognised and Pre-Approved Data Requester.

Procedure

A requester must comply with all the procedural requirements contained in the Act relating to a request for access to a record. To request information, attached Form A must be completed and sent to the Information Officer of the Company or /her Deputy at the postal or physical address, or electronic mail address stated above.

The record requested will be furnished on payment of the prescribed fee, in instances where request for information fees are levied, and a proof of deposit may be requested from the requester in respect of the access fee.

The prescribed form must be filled in with enough particularity to at least enable the information officer to identify:

  • The record or records requested;
  • The identity of the requester;
  • What form of access is required; and
  • The postal, electronic mail address of the requester.

A requester must state that he or she requires the information in order to exercise or protect the right, and clearly state what the nature of the right to be exercised or protected is. The requester must also provide an explanation as to why the requested record is required to exercise or protect that right.

The Company will process a request within the required time as prescribed in the Act, unless the requestor has stated special reasons which would satisfy the Information Officer or his/her Deputy that circumstances dictate that this time period not be complied with.

The requester will be informed in writing whether access has been granted or denied. If, in addition, the requester requires reasons for the decision in any other manner, he or she must state in writing the manner and the particulars required.

If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is making the request to the satisfaction of the Information Officer or her Deputy.

If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally to the Information Officer or her Deputy and/or should a requester require the assistance of the Information officer or her Deputy in obtaining any record held by the Company, such assistance will be provided by the Information Officer or her Deputy.

Upon receipt of the request, where applicable, the Information Officer or her Deputy will inform any third party affected by the request within 21 days of receipt of the request. The third party must inform the Information Officer or her Deputy why such information should not be made available to the requester within a specified period of time.

Decision:
The Company shall, within 30 days of receipt of a request, decide whether to grant or decline a request and give notice with reasons (if required) to that effect. The 30-day period within which HPCSA must decide whether to grant or refuse a request, may be extended for a further period of not more than 30 days if the request is for a large quantity of information, or the request requires a search for information held at another office of the Company (other than the Head Office) and the information cannot reasonably be obtained within the original 30-day period. The Information Officer will notify the requester in writing should an extension be necessary.

10. Grounds for Refusal

The Information Officer or Deputy may refuse a request for information for the following reasons:

  • Where the disclosure would amount to an unreasonable disclosure of personal information;
  • Where the disclosure would amount to disclosure of the trade secrets of a third party;
  • Where the disclosure would lead to a revelation of financial, commercial, scientific or technical information of a third party;
  • Where such information was supplied in confidence by a third party;
  • Where the disclosure would breach the duty of confidence owed to a third party;
  • Where the disclosure would endanger the life or physical safety of an individual;
  • If the disclosure is prohibited under the Criminal Procedure Act;
  • If the disclosure is privileged under legal proceedings or research conducted by or on behalf of a third party; and
  • Where the disclosure would compromise the investigation where proceedings are pending.

The following grounds of discretionary refusal will apply:

  • Where the disclosure of such information relating to a third party would prejudice the supply of similar information in the future;
  • Where the record contains information around crime prevention, detection and prosecution of alleged offenders;
  • Where the disclosure would unreasonably reveal consultative material obtained on account of deliberations over formulation of policy, exercise of power or performance of a duty; and
  • Where the request is frivolous or vexatious.

11. Prescribed Fees

The Act provides for two types of fees:

  • a request fee, which will be a standard fee, and an
  • access fee, which must be calculated by considering reproduction costs, search and preparation time and cost, as well as postal costs where applicable.

When a request is received by the Information Officer, the Information Officer or his/her Deputy shall by notice require the requester, other than a personal requester, to pay the prescribed request fee (if any), before further processing of the request.

If a search for the record is necessary and the preparation of the record for disclosure, including arrangement to make it available in the requested form, requires more than the hours prescribed in the regulations for this purpose, the Information Officer or her Deputy shall notify the requester to pay as a deposit the prescribed portion (being not more than one third) of the access fee which would be payable if the request is granted.

The Information Officer or his/her Deputy shall withhold a record until the requester has paid the fee or fees as indicated. A requester whose request for access to a record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the record for disclosure including making arrangements to make it available in the requested form. If a deposit has been paid in respect of a request for access, which is refused, then the Information Officer will repay the deposit to the requester.

Availability of the manual: The Company's manual is available for inspection, on reasonable prior notice, free of charge, at the registered address stated above and further published on the respective websites.

Request Forms

The following prescribed forms are included in the full PAIA Manual document:

  • Form 2 - Request for Access to Record [Regulation 7]
  • Form 3 - Outcome of Request and of Fees Payable [Regulation 8]
  • Form 4 - Internal Appeal Form [Regulation 9]

Download the full PDF to access the fillable request forms, or contact the Information Officer directly at cindyl@elle.health.

This PAIA Manual is effective as of and is subject to periodic review and updates.

WhatsApp Need Help?
x