1. DOCUMENT MANAGEMENT

1.1 Document Details

Document Name: FINEHUB PAIA Manual

Version: 1.0

Effective Date: 15/11/2025

Next Review Date: 15/11/2026

1.2 Approvals and Authorization

This document has been approved by:

Information Officer:  Anandi De Villiers

Date of Approval: 15/11/2025

It is hereby confirmed that this document is in effect.

2. PREAMBLE

The Promotion of Access to Information Act, 2000 ("PAIA") came into operation on 9 March 2001. PAIA seeks, among other things, to give effect to the Constitutional right of access to any information held by the State or by any other person where such information is required for the exercise or protection of any right and gives natural and juristic persons the right of access to records held by either a private or public body, subject to certain limitations, in order to enable them to exercise or protect their rights.

Where a request is made in terms of PAIA to a private body, that private body must disclose the information if the requester is able to show that the record is required for the exercise or protection of any rights, and provided that no grounds of refusal contained in PAIA are applicable. PAIA sets out the requisite procedural issues attached to information requests.

Section 51 of PAIA obliges private bodies to compile a manual to enable a person to obtain access to information held by such a private body and stipulates the minimum requirements that the manual has to comply with.

This Manual constitutes FINEHUB (PTY) LTD's PAIA manual. This Manual is compiled in accordance with section 51 of PAIA as amended by the Promotion of Access to Information Amendment Act 31 of 2019 and the Protection of Personal Information Act, 2013 ("POPIA"), which gives effect to everyone's Constitutional right to privacy.

POPIA promotes the protection of personal information processed by public and private bodies, including certain conditions so as to establish minimum requirements for the processing of personal information. POPIA amends certain provisions of PAIA, balancing the need for access to information against the need to ensure the protection of personal information by providing for the establishment of an Information Regulator to exercise certain powers and perform certain duties and functions in terms of POPIA and PAIA.

This manual complies with the amended POPIA Regulations published on 17 April 2025, which provide enhanced clarity on data subject rights, complaint procedures, and direct marketing requirements.

As a traffic fines aggregation and representation services provider processing personal information and handling sensitive client and driver data, FINEHUB (PTY) LTD is committed to transparency and compliance with both PAIA and POPIA requirements while protecting legitimate business interests and client confidentiality.

3. SECTION 51(1)(A) - COMPANY CONTACT DETAILS

Name of Company: FINEHUB (PTY) LTD

Company Type: Private Company

Registration Number: 2025/564482/07

Information Officer:  Anandi De Villiers

Deputy Information Officer: N/A

Postal Address:

24 Ouplaats, 708 Old Farm Road

Faerie Glen,

Pretoria, 0081

Physical Address:

24 Ouplaats, 708 Old Farm Road

Faerie Glen,

Pretoria, 0081

Telephone Number: +27 87 265 3849

Email: [INSERT EMAIL ADDRESS]

Information Officer Email: [INSERT IO EMAIL]

Emergency Contact (Urgent Compliance Matters): [INSERT EMERGENCY PHONE]

4. SECTION 51(1)(B) - THE ACT & SECTION 10

4.1 Request for Information

The Act grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights. If a public body lodges a request, the public body must be acting in the public interest.

Requests in terms of the Act shall be made in accordance with the prescribed procedures, at the rates provided. The forms and tariff are dealt with in paragraphs 6 and 7 of the Act.

Requesters are referred to the Guide in terms of Section 10 which has been compiled by the South African Human Rights Commission, which will contain information for the purposes of exercising Constitutional Rights. The Guide is available from the SAHRC.

4.2 Commission Contact Details

South African Human Rights Commission:

Postal Address: Private Bag 2700, Houghton, 2041

Telephone Number: +27-11-877 3600

Fax Number: +27-11-403 0625

Website: www.sahrc.org.za

Information Regulator (Primary Contact for PAIA/POPIA matters):

Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Postal Address: P.O Box 31533, Braamfontein, Johannesburg, 2017

Telephone Number: 012 406 4818

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg/

5. SECTION 51(1)(C) - RECORD CATEGORIES

5.1 Latest Notice

At this stage no notice(s) has/have been published on the categories of records that are automatically available without a person having to request access in terms of PAIA.

5.2 Categories of Records Available Without Request

The following records are freely available:

• General company information and marketing materials

• Public service descriptions and pricing information

• Terms and Conditions for Platform use

• Published compliance documentation (PAIA Manual, Privacy Policy)

6. SECTION 51(1)(D) - RECORDS AVAILABLE IN ACCORDANCE WITH LEGISLATION

6.1 Records Available - Legislative Framework

Information is available in terms of the following legislation, if and where applicable:

Constitutional and Administrative Law:

• Constitution of the Republic of South Africa, 1996

• Promotion of Access to Information Act 2 of 2000

• Promotion of Administrative Justice Act 3 of 2000

• Protection of Personal Information Act 4 of 2013

Traffic and Road Safety Legislation:

• Administrative Adjudication of Road Traffic Offences Act 46 of 1998 (AARTO)

• National Road Traffic Act 93 of 1996

• Road Traffic Management Corporation Act 20 of 1999

Corporate and Tax Legislation:

• Companies Act 71 of 2008

• Income Tax Act 58 of 1962

• Value-Added Tax Act 89 of 1991

• Tax Administration Act 28 of 2011

Employment and Labour Legislation:

• Labour Relations Act 66 of 1995

• Basic Conditions of Employment Act 75 of 1997

• Employment Equity Act 55 of 1998

• Skills Development Act 97 of 1998

• Compensation for Occupational Injuries and Diseases Act 130 of 1993

• Unemployment Insurance Act 63 of 2001

Commercial and Consumer Protection:

• Consumer Protection Act 68 of 2008

• Electronic Communications and Transactions Act 25 of 2002

• National Credit Act 34 of 2005

Occupational Health and Safety:

• Occupational Health and Safety Act 85 of 1993

6.2 Schedule of Records

FINEHUB maintains the following categories of records:

Corporate Governance and Statutory Records:

• Certificate of Incorporation and Memorandum of Incorporation

• CIPC registration documents and annual returns

• Share certificates and shareholders register

• Directors' register and resolution records

• Board and shareholder meeting minutes

• Company policies and procedures

Financial and Accounting Records:

• Annual Financial Statements

• Bank statements and transaction records

• Tax returns and SARS correspondence

• VAT records and returns

• Invoices, receipts, and payment records

• Debtors and creditors ledgers

• Payroll records and PAYE documentation

Client and Commercial Records:

• Service Level Agreements with Commercial Clients

• Mandate and Appointment Letters

• Platform User Terms and Conditions

• Client account information and transaction history

• Service fee records and billing documentation

• Client correspondence and communications

Traffic Fine Management Records:

• BRNC registration documentation

• Authorized Representative/Proxy registration records

• Traffic fine data from AARTO, RTMS, NATIS, and municipal systems

• Fine payment records and remittance documentation

• Representation case files and correspondence with authorities

• Redirection requests and outcomes

• Enforcement Order documentation

• Subscription-Based Enforcement Provider records

Personal Information and POPIA Records:

• End User personal information (names, ID numbers, driver's licenses)

• Client employee information for fleet management purposes

• POPIA consent records and privacy notices

• Data subject access requests and responses

• Data breach incident reports

• Cross-border data transfer documentation

Employment Records:

• Employment contracts and letters of appointment

• Personnel files and performance records

• Leave records and time sheets

• Disciplinary and grievance records

• Training and development records

• UIF and other statutory compliance records

Technology and Systems Records:

• Platform technical documentation and system logs

• System security and access control records

• Data backup and disaster recovery documentation

• Software licensing and intellectual property records

• Integration documentation with third-party systems

Legal and Compliance Records:

• Legal opinions and correspondence

• Litigation files and court documents

• Insurance policies and claims documentation

• Regulatory compliance records and audit reports

• Non-disclosure agreements and confidentiality undertakings

• Professional indemnity insurance documentation

7. SECTION 51(1)(E) - FORM OF REQUEST

7.1 Your Request

Any request for access to other records must be made on the prescribed form (Form C), downloadable from the website of the South African Human Rights Commission at www.sahrc.org.za.

Your request for information will be evaluated and you will be notified within 30 days of receipt of your request of our decision.

For complex traffic fine management requests involving multiple systems, extensive transaction histories, or representation case files, an additional 30-day extension may be required due to the technical nature of the review process and the need for third-party consultation.

7.2 Notification of Extension Period (if required)

In terms of the Act the 30 (thirty) day period mentioned above may be extended for a further period of not more than 30 (thirty) days under certain circumstances. Should we need to extend this period, we will provide you with notification of such extension.

Extensions may be particularly necessary for requests involving:

• Traffic fine records spanning multiple issuing authorities and systems

• Representation case files requiring review of correspondence with multiple authorities

• Cross-border data transfer documentation requiring third-party consultation

• Records involving multiple client confidentiality considerations

• Complex payment and remittance records requiring financial system queries

7.3 Request Fee, Access Fee and/or Deposit

You will be informed of the request and/or access fee (if any) that is payable for making a request or having access to the records. A deposit may be requested whilst your request is being considered for the access fee, which is fully refundable should your request be refused. You must pay the request and access fee prior to the information being provided to you.

Detailed Fee Structure:

The fee structure is prescribed by PAIA regulations and is available on the website of the South African Human Rights Commission at www.sahrc.org.za

• Request fee for consideration of request

• Access fees for reproduction and copying

• Postal fees for delivery of records

• Deposit requirements for requests exceeding 6 hours of preparation time

7.4 Decision on Request

Your request for information may be granted or refused. You will be informed accordingly. Should your request be refused you will be given adequate reasons for the refusal and you may lodge an application to court against the refusal of the request. We will also provide you with details of the procedure for such application to court.

Emergency Access Procedures: For urgent compliance matters or legal proceedings involving traffic fines, expedited processing may be available with additional fees and justification requirements.

7.5 Grounds for Refusal

We may legitimately refuse to grant you access to a requested record that falls within any of the following grounds for refusal:

• We are protecting personal information that we hold about a third person (who is a natural person), including a deceased person, from unreasonable disclosure

• We are protecting commercial information that we hold about a third party (for example trade secrets, financial, commercial, scientific or technical information where disclosure may harm the commercial or financial interests of that third party)

• The disclosure of the record would result in a breach of a duty of confidence owed to a third party in terms of an agreement

• The disclosure of the record would endanger the life or physical safety of an individual

• The disclosure of the record would prejudice or impair the security of property or means of transport

• The disclosure of the record would compromise system security measures or expose vulnerabilities

• The record is privileged from production in legal proceedings, and the person entitled to legal privilege has not waived the privilege

• The disclosure of the record (where the record contains trade secrets, financial, commercial, scientific, or technical information) would harm our commercial or financial interests

• The disclosure of the record would put us at a disadvantage in contractual or other negotiations or prejudice us in commercial competition

• The record is a computer programme

• The disclosure of the record (where the record contains proprietary systems, processes, or methodologies) would expose our intellectual property or competitive advantage to serious disadvantage

• The disclosure would violate client confidentiality agreements or non-disclosure agreements

• The disclosure would compromise ongoing representation matters or legal strategies

7.6 Records That Cannot Be Found or Do Not Exist

If we have searched for a record and it is believed that the record either does not exist or cannot be found, you will be notified by way of an affidavit or affirmation of this fact. We will include information regarding the steps that were taken to try to locate the record.

For traffic fine management requests, we will specify which systems, databases, and authorities were searched, including AARTO, RTMS, NATIS, municipal systems, and Subscription-Based Enforcement Provider records.

7.7 Third Party Information

If access is requested to a record that contains information about a third party, you must provide specific written consent of the third party or show that you require the information in order to exercise or protect a right. We are obliged to attempt to contact the third party to inform them of your request. This enables the third party the opportunity to respond by either consenting to the access or by providing reasons why access should be denied. In the event of the third party furnishing reasons for the denial of access, we will consider these reasons in determining whether access should be granted or not, and advise you accordingly.

This includes client data, End User personal information, third-party system providers, and Issuing Authority information contained in the requested records.

7.8 Facilitation of Request

No request for information will be considered if not lodged on the prescribed form, available on the website of the South African Human Rights Commission at www.sahrc.org.za.

Address your request to the Information Officer.

Provide sufficient details to enable the company to identify:

• The record(s) requested

• The requester (and if an agent is lodging the request, proof of capacity)

• The form of access required

• With regard to communication: the postal address of the requester in the Republic

• If the requester wishes to be informed of the decision in any manner (in addition to written) the manner and particulars thereof

• The right which the requester is seeking to exercise or protect with an explanation of the reason the record is required to exercise or protect the right

For traffic fine management requests, please specify:

• The specific BRNC, fleet, or End User involved

• The time period relevant to the request

• Whether the request involves aggregation data, representation cases, or payment records

• Any specific Issuing Authority or enforcement provider identifiers

7.9 Right of Refusal

FINEHUB (PTY) LTD has the right to reject any request for information submitted in terms of Section 62 to 70 of Chapter 4 of the PAIA Act.

7.10 Prescribed Fees & Request Requirements

• A requestor is required to pay the prescribed fees before a request will be processed

• If the preparation of the record requested requires more than the prescribed hours (six), a deposit shall be paid (of not more than one third of the access fee which would be payable if the request were granted)

• A requestor may lodge an application with a court against the tender/payment of the request fee and/or deposit

• Records may be withheld until the fees have been paid

• The fee structure is available on the website of the South African Human Rights Commission at www.sahrc.org.za

8. SECTION 51(1)(F) - OTHER INFORMATION

8.1 Regulatory Considerations

Additional regulatory considerations apply under:

• Information Regulator guidance notes on PAIA implementation (Updated October 2021)

• POPIA codes of conduct for data processing

• POPIA Regulations as amended on 17 April 2025

• Consumer Protection Act disclosure requirements

• AARTO, NATIS, and RTMS regulations governing traffic fine administration

8.2 Current Legislative Framework Status

As at [INSERT CURRENT DATE]:

• PAIA: Current version includes amendments up to Amendment Act 31 of 2019

• POPIA: Fully in force since 1 July 2021, with amended regulations effective 17 April 2025

• Information Regulator: Established as the primary regulatory authority for both PAIA and POPIA compliance

• Annual PAIA Reporting: Required for both public and private bodies (deadline: 30 June annually)

• AARTO Amendment Act: Current status and implementation timeline to be monitored

Regulatory Updates and Monitoring: This manual will be reviewed annually to ensure compliance with legislative amendments, updated Information Regulator guidance, new regulations, court decisions affecting PAIA/POPIA interpretation, and international best practices.

9. AVAILABILITY OF THIS MANUAL (SECTION 51(3))

This Manual is available for perusal, free of charge at our offices during business hours.

Electronic copies are available:

• On our company website: [INSERT WEBSITE URL]

• Via email request to the Information Officer

• At the South African Human Rights Commission

• At the Information Regulator's offices

10. DATA RETENTION AND MANAGEMENT POLICIES

10.1 General Data Retention

Records are retained according to legal requirements and business needs as specified in the Schedule of Records above.

Traffic Fine Management Records: Retained for the duration of the client relationship plus 7 years to comply with traffic legislation prescription periods and audit requirements.

Representation Case Files: Retained for 15 years due to potential legal proceedings and prescription periods for traffic offenses.

Client Agreements: Retained for contract duration plus 5 years following termination.

Personal Information: Retained according to contractual obligations and POPIA requirements, processed in accordance with our Privacy Policy.

Financial Records: Retained for 7 years in accordance with tax legislation and statutory requirements.

10.2 Data Destruction Procedures

Secure deletion procedures apply to:

• End User personal and sensitive data

• Client confidential and commercial data

• System security credentials and access logs

• Financial and payment processing records

• Representation case files and correspondence

Data destruction is documented with certificates of destruction issued for sensitive records.

10.3 Cross-Border Data Considerations

Records relating to cross-border data transfers are subject to additional retention requirements under POPIA and international agreements. Where data is processed outside South Africa, appropriate safeguards and documentation are maintained in accordance with POPIA Chapter 9.

11. COMPLAINTS AND APPLICATIONS

If you are dissatisfied with the Information Officer's decision or the manner in which a request was handled, you may:

• Lodge a complaint with the Information Regulator (Primary)

• Apply to a court of competent jurisdiction for relief

• Contact the South African Human Rights Commission

Information Regulator Contact Details (Primary for PAIA/POPIA matters):

Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Postal Address: P.O Box 31533, Braamfontein, Johannesburg, 2017

Telephone: 012 406 4818

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg/

South African Human Rights Commission:

Postal Address: Private Bag 2700, Houghton, 2041

Telephone: 011 877 3600

Email: paia@sahrc.org.za

Website: www.sahrc.org.za

12. DOCUMENT APPROVAL AND VERSION CONTROL

Effective Date: 15/11/2025

Next Review Date: 15/11/2026

Approved by: Anandi De Villiers, Information Officer

Date of Approval: 15/11/2025

Document Version: Version 1.0