Lorem ipsum gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum. Sofisticur ali quenean.


PAI Act Manual

Cape Dermatology - Skin Concerns

Print | Download
Version 1.01 | Updated: 17.05.2023

1.     Introduction

This information manual (“Manual”) provides an outline of the types of records held by Cape Town Cosmetic Dermatology Centre CC (“CDC”, “Corporation”) and explains how one may submit requests for access to these records in terms of the Promotion of Access to Information Act 2 of 2000 (“PAIA”, “Act”) and Process your Personal Information in terms of the Protection of Personal Information Act 4 of 2013 (“POPIA”).

This Manual has been prepared in accordance with section 51 of the Act, giving effect to everyone’s constitutional right of having access to information held by private sector bodies (i.e. companies) or public bodies (i.e. Government institutions) where such access is needed for the exercise and/ or protection of the requester’s rights; this Manual aims to facilitate requests for access to the relevant or applicable records.

2.     Definitions and interpretation

2.1.      Unless the context clearly indicates otherwise, the following terms shall have the meanings assigned to them hereunder –

2.1.1.       “CDC” means Cape Town Cosmetic Dermatology Centre CC as more fully described in Overview, hereunder;

2.1.2.       “Competent person” means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child;

2.1.3.       “Data Subject” means the person to whom personal information relates;

2.1.4.       “Date Subject Request” means a request by a Data Subject as allowed under POPIA;

2.1.5.       “Information Officer” means the person acting on behalf of CDC and discharging the duties and responsibilities assigned to the head of CDC by the Act. The Information Officer is duly authorised to act as such, with such authorisation having been confirmed by the head of CDC in writing;

2.1.6.       “Information Regulator” means the Information Regulator established in terms of section 39 of POPIA;

2.1.7.       “Manual” means this manual published in compliance with section 51 of the Act;

2.1.8.       “PAIA” means the Promotion of Access to Information Act 2 of 2000, as amended from time to time;

2.1.9.       “Personal Information” shall have the meaning attributed to it in terms of POPIA;

2.1.10.    “POPIA” means the Protection of Personal Information Act 4 of 2013, as amended from time to time;

2.1.11.    “Process” or “Processed” shall have the meaning attributed to it in terms of POPIA;

2.1.12.    “Record” means any recorded information, regardless of form or medium, which is in the possession or under the control of CDC, irrespective of whether or not it was created by CDC;

2.1.13.    “Request” means a request for access to a record held by CDC;

2.1.14.    “Requester” means any person, including a public body or an official thereof, making a request for access to a record held by CDC and includes any person acting on behalf of that person;

2.1.15.    “Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means of processing personal information; and

2.1.16.    “SARS” means the South African Revenue Service.

2.2.      Unless a contrary intention clearly appears, words signifying:

2.2.1.       the singular includes the plural and vice versa;

2.2.2.       any one gender includes the other genders and vice versa; and

2.2.3.       natural persons include juristic persons.

2.3.      Unless otherwise stated, terms defined in PAIA and POPIA shall have the same meaning in this Manual.

3.     Overview of Cape Town Cosmetic Dermatology Centre

CDC is a corporation duly registered in 2008 in South Africa in terms of the Close Corporations Act, Act 69 of 1984.

CDC specialises in a variety of cosmetic dermatology procedures and treatments, consisting of:

3.1.      CDC doctors’ procedures:

3.1.1.       botox;

3.1.2.       facial lifting; and

3.1.3.       fractional lase treatment.

3.2.      CDC clinic procedures:

3.2.1.       skin consultations;

3.2.2.       fat freezing;

3.2.3.       laser hair removal;

3.2.4.       acne- rosacea treatment; and

3.2.5.       skin rejuvenation.

3.3.      CDC treatments:

3.3.1.       anti-aging;

3.3.2.       pigmentation;

3.3.3.       skin tightening;

3.3.4.       acne;

3.3.5.       birthmarks;

3.3.6.       unwanted hair;

3.3.7.       vascular lesions;

3.3.8.       warts;

3.3.9.       enlarged pores;

3.3.10.    excessive sweating;

3.3.11.    stubborn body fat;

3.3.12.    leg veins;

3.3.13.    scarring;

3.3.14.    stretchmarks;

3.3.15.    laser therapy; and

3.3.16.    Hyaluronic fillers.

4.     Particulars in terms of section 51

4.1.      CDC Contact Details (section 51(1)(a)):

Physical Address: Central Park on Esplanade

Century City

Cape Town

Western Cape


Postal Address: As above
Telephone Number: +27 21 552 7220
E-mail: admin@capederm.co.za
Website: https://capederm.co.za/

4.2.      Contact details of designated Information Officer (section 51(1)(a)):

Designated Information Officer: LINDEY VISSER
Physical Address: As above
Postal Address: As above
Telephone Number: +27 79 402 7388
Email: admin@capederm.co.za / admin1@capederm.co.za

5.     Guide to PAIA (section 51(1)(b) read with section 10)

5.1.      In terms of PAIA, a requester may be granted access to records held by a private body. This access is subject to the records being required for the exercise or protection of any right. Should a public body lodge a complaint, in order to receive access, the public body must be acting in the public interest.

5.2.      The Information Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.

5.3.      The Guide is available in each of the official languages and in braille.

5.4.      Requests for access to the Guide must be made on a form that corresponds substantially with Form 1 of Annexure 1 to this Manual, to the Information Regulator.

5.5.      The aforesaid Guide contains the description of-

5.5.1.       the objects of PAIA and POPIA;

5.5.2.       the manner and form of a request for access to a record of a private body contemplated in section 50 of PAIA;

5.5.3.       the assistance available from the IO in terms of PAIA and POPIA;

5.5.4.       the assistance available from the Information Regulator in terms of PAIA and POPIA;

5.5.5.       all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging-       an internal appeal;       a complaint to the Information Regulator; and       and application with a court against a decision on internal appeal or a decision by the Information Regulator or a decision of the head of a private body;

5.5.6.       the notices issued in terms of section 54 of PAIA regarding the fees to be paid in relation to requests for access; and

5.5.7.       the regulations made in terms of section 92 of PAIA.

5.6.      Members of the public can inspect or make copies of the Guide from the offices of CDC, including the office of the Information Regulator, during normal business hours.

5.7.      The Guide can also be obtained-

5.7.1.       upon request to the Information Officer; or

5.7.2.       from the Information Regulator:-

Physical Address JD House

27 Stiemans Street




Postal Address: P.O. Box 31533




Telephone Number 010 023 5200
E-mail: PAIAComplaints@inforegulator.org.za (complaints)

enquiries@inforegulator.org.za (general enquiries)

Website: https://www.inforegulator.org.za/

6.     Voluntary disclosure and automatic availability- categories of records available without having to request access (section 51(1)(c))

6.1.      Records that are automatically available to the public are:

6.1.1.       All records of CDC lodged in terms of government requirements with various statutory bodies, including the Companies and Intellectual Property Commission (CIPC) and the Registrar of Deeds.

6.1.2.       All records in booklets, brochures, pamphlets, and magazines (if any) published by CDC or any of its agents or representatives for distribution to the public relating CDC products and services.

6.1.3.       News and other marketing information.

6.1.4.       All records on CDC’s website https://capederm.co.za/.

6.2.      A requester may request a copy of a record referred to under 6.1 and must be provided with such copy, upon payment of the fee for reproduction, as provided for in Items 2 to 8 of Annexure 2 to this Manual.

7.     Records available in terms of other legislation (section 51(1)(d))

7.1.      CDC is required to keep particular records, in terms of certain statutes. Insofar as may be applicable, CDC keeps records of information to the extent required in terms of the following legislation, as amended, and codes of best business practice:

7.1.1.       Basic Conditions of Employment Act 75 of 1997.

7.1.2.       Broad-based Black Economic Empowerment Act 53 of 2003.

7.1.3.       Companies Act 38 of 2005.

7.1.4.       Close Corporations Act 69 of 1984.

7.1.5.       Compensation for Occupational Injuries and Diseases Act 130 of 1993.

7.1.6.       Competition Act 89 of 1998.

7.1.7.       Constitution of South Africa Act 108 of 1996.

7.1.8.       Consumer Protection Act 68 of 2008.

7.1.9.       Copyright Act 98 of 1978.

7.1.10.    Corporate Laws Amendment Act 24 of 2006.

7.1.11.    Electronic Communications & Transactions Act 25 of 2002.

7.1.12.    Employment Equity Act 55 of 1998.

7.1.13.    Employment Equity Regulations of 2006.

7.1.14.    Income Tax Act 58 of 1962.

7.1.15.    King IV Report on Corporate Governance.

7.1.16.    Labour Relations Act 66 of 1995.

7.1.17.    Medical Schemes Act 121 of 1988.

7.1.18.    National Credit Act 34 of 2005.

7.1.19.    Prescription Act 68 of 1969.

7.1.20.    Promotion of Access to Information Act 2 of 2000.

7.1.21.    Protection of Personal Information Act 4 of 2013.

7.1.22.    Tax Administration Act 28 of 2011.

7.1.23.    Value-Added Tax Act 89 of 1991.

7.2.      Information and records held by CDC in terms of any of the abovementioned legislation will be made available in terms of the provisions of the relevant legislation, but without prejudice to the provisions of the Promotion of Access to Information Act. The above list is non exhaustive.

8.     Types of records held by CDC (section 51(1)(e))

CDC maintains records on the following categories and subject matters. Please note that recording a category or subject matter in this Manual does not imply that a request for access to such records would be granted. All requests for access will be evaluated on a case by case basis in accordance with the provisions of PAIA. Please further note that the below listed records are not exhaustive.

8.1.      Personnel Documents and records.

8.1.1.       “Personnel” refers to any person who works for or provides services to or on behalf of the Company, and receives or is entitled to receive remuneration and any other person who assists in carrying out or conducting the business and operations of the Corporation. This includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff (if any), and correspondents, as well as contract workers.

8.2.      Client/ Customer related records.

8.2.1.       A “client” and “customer” refers to any natural or juristic entity that receives services and/ or products from the Corporation. These records include but are not limited to:       Records provided by clients in relation to the specific services/products required by the client/customer, medical information and personal and/ or special personal information, and in terms of the contractual arrangements between CDC and clients/customers.       Records generated by or within CDC related to its clients and customers, including transactional records.       Records pertaining to third-party information provided by clients/customers.       Records provided by third parties in the course of doing business with CDC.       Customer databases (including health and other personal information of customers’ patients).       Credit records.       Account records.       Correspondence with and about customers/ clients.

8.3.      Statutory records of the Corporation/ Corporate records.

8.3.1.       Minutes of executive and other decision-making operational bodies.

8.3.2.       Documents of Incorporation.

8.3.3.       Articles of Association.

8.3.4.       Minutes of Members’ Meetings and sub-committee Meetings.

8.3.5.       Registers of Member’s Interests and other Statutory Registers.

8.3.6.       Statutory Registers.

8.3.7.       Delegations of authority.

8.3.8.       Other statutory documents of a legal and commercial nature.

8.4.      Marketing records

8.4.1.       Product information.

8.4.2.       Manuals.

8.4.3.       Media releases.

8.4.4.       Company website.

8.4.5.       Marketing plans.

8.5.      Other Corporation records.

8.5.1.       Documents relating to the operational, commercial and financial interests of the Corporation.

8.5.2.       Commercial and other legal contracts or agreements.

8.5.3.       Client and other data bases.

8.5.4.       Information on existing and past litigation.

8.5.5.       Trade Mark and Intellectual Property applications, certificates and information.

8.5.6.       Administrative Information.

8.5.7.       Licenses.

8.5.8.       Human Resources Information.

8.5.9.       Insurance Policies.

8.5.10.    Marketing records.

8.5.11.    Internal and external correspondence.

8.5.12.    Disaster recovery plans.

8.5.13.    CDC products and services records.

8.5.14.    Internal policies and procedures.

8.5.15.    Records held by officials of the Corporation.

8.6.      Where any of the above records contain Personal Information and a request is submitted, the provisions of PAIA as well as POPIA will apply accordingly. Take note that: “Personal information”, as defined in POPIA means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to those categories as defined in section 1 of POPIA.

9.     Other information as may be prescribed (section 51(1)(f))

CDC may possess records pertaining to other parties, including without limitation contractors, suppliers, subsidiary/ holding/ sister companies, joint venture companies and service providers. Alternatively, such other companies may possess records that can be said to belong to CDC.

9.1.      These records include but are not limited to:

9.1.1.       Personnel, customer/client or private records which are held by another party as opposed to the records held by CDC.

9.1.2.       Records held by CDC pertaining to other parties, including but not limited to financial, commercial, operational and legal records, contractual records, correspondence, records provided by the other party, and records provided by third parties about franchisees/ contractors/ suppliers.

10.  Processing of personal information (including special personal information (section 11, section 26 – 33 or children information (sections 34 – 36) in terms of POPIA

Processing of Personal Information will be processed by CDC in accordance with the CDC Privacy Policy.

11.  Information Regulator

Section 39 of POPIA establishes the Information Regulator and section 40 identifies the functions of the Information Regulator. The Information Regulator is responsible for monitoring compliance with POPIA and PAIA and is tasked, amongst other powers, duties and functions, to handle complaints about the protection of Personal Information and access to information held by CDC. For complaints or general enquiries contact the Information Regulator using the contact information under 5.7.2 above.


12.  Data Subject participation and Information Officer duties and responsibilities

This PAIA Manual as well as the CDC Privacy Policy gives effect to sections 23 and 55 of POPIA.

12.1.    Section 23(1) of POPIA states that:

“A data subject, having provided adequate proof of identity, has the right to –

  • request a responsible party to confirm, free of charge, whether or not the responsible party holds personal information about the data subject;
  • request from a responsible party the record or a description of the personal information about the data subject held by the responsible party, including information about the identity of third parties, or categories of third parties, who have, or have had, access to the information-
  • within a reasonable time;
  • at a prescribed fee, if any;
  • in a reasonable manner and format; and
  • in a form that is generally understandable.”

12.2.    Section 55(1)(b) of POPIA confirms that one of the Information Officer’s responsibilities is to deal with requests for information made to the body (CDC). Address your (as Data Subject) request to the Information Officer at the address, telephone number or electronic mail address referred to at 4.2 above.

12.3.    Other Data subject rights are confirmed under the CDC Privacy Policy.

13.  Steps to consider before submitting a request

13.1.    The following steps must be considered before submitting a request:

13.1.1.    Please note that section 7(1) states that:

“This Act does not apply to a record of a public body or a private body if –

(a)   that record is requested for the purpose of criminal or civil proceedings;

(b)   so requested after the commencement of such criminal or civil proceedings, as the case may be; and

(c)   the production of or access to that records for the purpose referred to in paragraph (a) is provided for in any other law”.

13.1.2.    If section 7(1) applies, the requester may not bring a request in terms of this Act. The requester must use the rules and procedures for discovery of information of the relevant legal forum and proceedings that he/ she is involved in.

13.1.3.    CDC reserves the right to claim all expenses and other damages incurred as a result of a requester submitting a request in contravention of section 7(1).

13.2.    Step 2: Does the information requested exist in the form of a record?

13.2.1.    The Act only applies to documents that are in existence at the time of receiving the request.

13.2.2.    The Act does not compel anyone to create a record which is not yet in existence at the time the request is made.

13.3.    Step 3: Is the document in the possession or under the control of CDC?

13.3.1.    The Act provides that the requested record must be in CDC’s possession or under its control. If the document is not in CDC’s possession, the requester must request the record from the party under whose possession or control it is.

14.  Electronic communication

14.1.    The provisions of the Electronic Communications and Transactions Act (ECT Act) are applicable to all forms, records, documents or any information, which are electronically communicated. The ECT Act is especially important to businesses involved in electronic commerce.


15.  Access: procedure, availability and prescribed fees

15.1.    How to request a record (PAIA section 53):

15.1.1.    Requests for access to records contemplated in section 53(1) of the Act, must be made on a form that corresponds substantially with Form 2 of Annexure 1 to this Manual, to the Information Officer.

15.1.2.    The Information Officer must:     assist a requester with any request with regards to a request for access to information; and     if a request for access to information is made orally as a result of illiteracy or a disability of a requester, complete Form 2 of Annexure 1 to the Manual on behalf of the requester and provide a copy thereof to the requester, as contemplated in section 18(3) of the Act.

15.1.3.    The request fee payable by every requester referred to in section 54(1) of the Act, is prescribed in Item 1 of Annexure 2 to the Manual.

15.1.4.    Failure to make use of the prescribed form could result in your request being refused or delayed.

15.1.5.    Should the Information Officer be of the opinion that fulfilment of the request will require more time than the prescribe hours, the requester will be informed to pay a deposit, of no more than a third of the above request fee. In the event that the request is denied, the deposit will be refunded to the requester.

15.1.6.    The requester must provide sufficient detail on the request Form to enable the Information Officer to clearly identify:     The record(s) requested.     The requester (positive proof of identification).     The format of access required:

  1. the postal address, email address and telephone number of the requester in the Republic; and
  2. if the requester wishes to be informed of the decision in any manner (in addition to written), the manner and particulars thereof.

15.1.7.    Access is not automatic. The requester must therefore identify the right he/ she is seeking to exercise or protect and provide an explanation as to why the requested record is required for the exercise or protection of that right.

15.1.8.    If a request is made on behalf of a person, the requester must then submit proof, to the satisfaction of the Information Officer, of his/ her authority to make the request. Failure to do so will result in the request being rejected.

15.2.    Decision on request (section 56):

15.2.1.    The requester will be notified, within 30 (thirty) days, in the manner indicated by him/ her of the outcome of his/ her request, alternatively whether an extension not exceeding 30 (thirty) days is required to deal with the request.

15.2.2.    If the request for access is granted, a further access fee must be paid for the search, preparation and reproduction of the records as well as for any time that has exceeded the prescribed hours to search and prepare the record for disclosure. Access will be withheld until the requester has made payment of the applicable fee(s).

15.2.3.    If the request for access is refused, reasons for the refusal will be provided and the requester will be advised that he/ she may lodge an application with a court against the refusal of the request, as well as the procedure for lodging the application.

15.2.4.    The main grounds for refusal of a request relates to:     the unreasonable disclosure of personal information about a third party, including a deceased person (subject to section 63(2) of the Act);     disclosure that could reasonably be expected to endanger the life or physical safety of an individual;     the disclosure that would likely prejudice or impair, inter alia  –

  1. the security of a building, structure or system, including but not limited to, a computer or communication system;
  2. a means of transport; or
  • any other property;     mandatory protection of the privacy of a third party who is a natural person, which would involve unreasonable disclosure of personal information of that natural person;     mandatory protection of commercial information of a third party, if the record contains:

  1. trade secrets of that third party;
  2. financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interest of that third party; or
  • information disclosed in confidence by a third party to CDC, if the disclosure could put that third party at a disadvantage in negotiations or commercial competition;     mandatory protection of confidential information of third parties if it is protected in terms of any agreement;     mandatory protection of the safety of individuals and the protection of property;     mandatory protection of records which would be regarded as privileged in legal proceedings;     commercial activities of CDC, which may include:

  1. financial, commercial, legal or technical information which disclosure could likely cause harm to the financial or commercial interest of CDC;
  2. information which, if disclosed could put CDC at a disadvantage in negotiations or commercial competition;
  • a computer programme which is owned by CDC and which is protected by copyright; or
  1. the research information of CDC or a third party, if its disclosure would disclose the identity of CDC, the researcher or the subject matter and would place the research at a serious disadvantage; or
  2. requests for information which is clearly frivolous or vexations, or which involve unreasonable diversion of resources.

15.2.5.    The requester may lodge an internal appeal or an application to court against the tender or payment of the request fee.

15.3.    The Information Officer must, if a request for access to a record referred to under 15.1.1 to 15.1.3 above is granted or refused, inform the requester of-

15.3.1.    his or her decision; and

15.3.2.    the fees payable as provided for in Annexure 2 of the Manual: Provided that a request for a copy of the guide may not be refused.

15.4.    A person who requests-

15.4.1.    a copy of a record contemplated under 6.1 above; or

15.4.2.    access to a record as contemplated in 15.1.1 to 15.1.3 above of the Manual, may be charged the fee for reproduction and postage as prescribed in Annexure 2 of the Manual, if the request is granted.

15.5.    If-

15.5.1.    the search for the record in respect of which a request for access has been made; and

15.5.2.    the preparation of the record for disclosure, including any arrangement contemplated in section 29(2)(a) and (b)(i) and (ii)(aa) of the Act, would, in the opinion of the Information Officer, require more than 6 (six) hours for these purposes, the Information Officer must, in a form that corresponds substantially with Form 3 of Annexure 1 to this Manual, inform the requester to pay a deposit, must not exceed one third of the amount payable, if the request is granted.

15.6.    The fee for the search for and preparation of the record contemplated in section 29(2)(a) and (b)(i) or 54(2)(a) and (b)(i) of the Act is provided for in Item 9 of Annexure 2 to this Manual.

15.7.    Records that cannot be found or that are lost:

15.7.1.    If all reasonable steps have taken to find a requested record, and there are reasonable grounds to believe the record is in CDC’s possession but cannot be found or does not exist, CDC’s Information Officer will notify the requester, by way of affidavit or affirmation as prescribed by the Act, that it is not possible to give access to the requested record.

15.7.2.    If, after notice is given as per 15.7.1 above, the record is found, the requester concerned must be given access to the record, unless access is refused on any of the refusal grounds provided for in the Act.

15.8.    Remedies Available when a request is Refused:

15.8.1.    CDC does not have an internal appeal procedure.

15.8.2.    Any decision made by the Information Officer is final.

15.8.3.    Should the requester not be satisfied, the requester should exercise the external remedies provided for in the Act.

15.9.    Limitation of Liability:

15.9.1.    CDC is relieved from liability and shall have no duty whatsoever in relation to:     the integrity or accuracy of the information requested;     any delay associated with the delivery except to comply with the procedures stipulated herein; and/ or   that the information requested will conform with the requirements of the requester except that it should correspond with the title and description provided by the requester.

16.  Availability

16.1.    This manual is available on the CDC website, https://capederm.co.za/, alternatively at: Groenendal 14 Vrede Street, Durbanville, Western Cape, 7550, during office hours: 08:30 – 16:30, Monday, Tuesday, Thursday and Friday, and 08:30 – 18:00 on Wednesdays, excluding Public Holidays and Sundays in the Republic of South Africa. We operate most Saturdays at normal office hours; please enquiry at 4.1 above to confirm.

16.2.    Fees:

The fees payable in respect of access to records are attached as Annexure 2.