PAIA Manual

Prepared in terms of section 51 of the Promotion of Access to Information Act, 2000 (as amended)

Date of compilation: 7 January 2026
Date of last revision: 7 January 2026

1 Company details

1.1 Private Body: TriplicityID Pty Ltd

1.2 Company registration number: 2025/774082/07

1.3 Registered Office: 4 Fricker Road, Illovo, Sandton, 2196

2 List of Acronyms and Abbreviations

• 2.1 CEO – Chief Executive Officer
• 2.2 Company – TriplicityID Pty Ltd
• 2.3 IO – Information Officer
• 2.4 PAIA – Promotion of Access to Information Act, 2000
• 2.5 POPIA – Protection of Personal Information, 2013
• 2.6 Regulator – Information Regulator

3 Purpose of this PAIA Manual

This PAIA Manual is prepared in accordance with section 51 of PAIA and services to provide members of the public with information on how to request access to records held by the Company, the types of records held, and the processing of personal information in line with POPIA.

4 Guide on how to use PAIA

The Information Regulator has published a guide on how to use PAIA. The guide is available from the Information Regulator at https://www.justice.gov.za/inforeg/.

5 Categories of Records Automatically Available

• 5.1 Website content
• 5.2 Publicy published policies and notices
• 5.3 Marketing materials

6 Records Available in Terms of Legislation

• 6.1 Memorandum of Incorporation – Companies Act, 2008
• 6.2 PAIA Manual - PAIA

7 Subjects and Categories of Records Held

• 7.1 Corporate records – MOI and constitutional documents, shareholder and director records, corporate governance and statutory records
• 7.2 Financial records – accounting records, financial statements, tax records, tax returns, invoices, receipts, payment records, banking records, audit and financial review records
• 7.3 Operational records – internal policies, procedures, guidelines, IT and systems documentation, supplier records, business process documentation, website administration and content records, HR related documentation
• 7.4 Compliance records – PAIA and POPIA compliance documentation, risk assessments and compliance reports, policies and procedures documentation
• 7.5 Customer data related to our products and service offerings – customer relationship information, client onboarding and account information, client communications, service usage and support, records generated in the course of providing products and services

8 Purpose for Processing of Personal Information

The Company processes personal information for business operations, relationship management, compliance with legal obligations, website administration and provision of products and services.

9 Categories of Data Subjects

• 9.1 Customers / Clients – contact details, business or professional information, contractual information, communications, and service-related records
• 9.2 Prospective Clients and Business Contacts – names, contact details, professional information, and communications
• 9.3 Website Users – technical and usage information, IP addresses, browser information, device data, and website interaction data
• 9.4 Employees and Contractors – identification details, employment or engagement records, contact information, and related administrative records
• 9.5 Suppliers and Service Providers – contact details, contractual information, billing information, and communications

10 Categories of Recipients

• 10.1 Internal Recipients – authorised employees, contractors, or representatives of TriplicityID who require access to personal information for business, operational, or compliance purposes
• 10.2 Service Providers – trusted third party service providers who support our business operations, including providers of technology, hosting, communications, professional advisory, and administrative services, subject to appropriate contractual and confidentiality obligations
• 10.3 Clients – clients of the Company, where personal information is processed or shared in connection with the provision of products or services, subject to applicable legal, contractual, and confidentiality requirements
• 10.4 Regulatory and Public Authorities – regulatory bodies, law enforcement agencies, or other public authorities (such as the Information Regulator, CIPC, SARS etc) where disclosure is required or permitted by law

11 Transborder Flow of Personal Information

Personal information may be transferred to and processed by service providers or business partners located outside the Republic of South Africa for operational, technology, or service-related purposes, where such transfers are permitted by law and subject to appropriate safeguards to ensure a level of protection substantially similar to that provided under POPIA.

12 Information Security Measures

The Company implements appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal information under its control. These measures include access controls and authentication mechanisms, role-based access on a need-to-know basis, data encryption where appropriate, secure system and network configurations, anti-malware and security monitoring solutions, and ongoing review of security practices to address risks and vulnerabilities.

13 Availability of this Manual

This manual is available on the Company website and upon request to the Information Officer.

14 Updating of this Manual

This PAIA Manual will be reviewed and updated on a regular basis.

15 Contact Us

If you have any questions about this PAIA Manual or our data protection practices, please contact info@triplicityid.com.