PAIA Manual

Promotion of Access to Information Act, 2000 (Act No. 2 of 2000)

TIS Holdings Pty Ltd

1. Introduction

1.1 Purpose of This Manual

This manual is compiled in accordance with Section 14 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000) ("PAIA") and the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ("POPIA").

The purpose of this manual is to:

1.2 Legislative Framework

This manual is prepared in terms of:

1.3 Definitions

Personal Information: Information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person.

Private Body: A natural person who carries or has carried on any trade, business, or profession, but only in such capacity; a partnership which carries or has carried on any trade, business, or profession; or any former or existing juristic person (such as TIS Holdings Pty Ltd).

Record: Any recorded information regardless of form or medium, including written, electronic, or any other form.

Requester: Any person making a request for access to a record of TIS Holdings.

2. Company Information

2.1 Company Details

Registered Name: TIS Holdings Pty Ltd

Registration Number: 2007/020605/07

Trading As: TIS-IntelliMat, ESG Navigator

Year Founded: 2007

Registered Office: 21 Woodlands Drive, Building 2, Woodmead, 2191

Phone: 011 258 8500

Email: compliance@tisholdings.com

Website: https://esgnavigator.ai

2.2 Nature of Business

TIS Holdings Pty Ltd is a leading provider of AI-powered Environmental, Social, and Governance (ESG) compliance solutions. The company specializes in:

2.3 Key Products and Services

TIS-IntelliMat ESG Navigator Platform: An AI-powered platform featuring 9 specialized agents for comprehensive ESG compliance management, supplier risk assessment, and regulatory reporting.

Strategic Partnerships:

3. Records Available Without Request

3.1 Company Registration Documents

Memorandum of Incorporation, Certificate of Incorporation, and company registration details are available from the Companies and Intellectual Property Commission (CIPC).

3.2 Privacy Policy

Available at: https://esgnavigator.ai/privacy.html

3.3 This PAIA Manual

Available at: https://esgnavigator.ai/paia.html

3.4 Terms of Service

Available on request and via the company website.

3.5 Marketing and Public Information

Product brochures, case studies, and public marketing materials are available on the company website and social media channels.

3.6 Corporate Governance Documents

3.7 Compliance Certifications

3.8 Public Reports

ESG performance reports, sustainability disclosures, and thought leadership publications (as made publicly available).

3.9 Information Technology Records

System architecture documentation, access control policies, data security frameworks (publicly shareable versions only).

3.10 Financial Records

Annual financial statements (as required by law to be publicly available).

3.11 Human Resources Records

General employment policies, health and safety policies (employee-facing versions).

4. Records Available in Terms of Other Legislation

TIS Holdings maintains records as required by various South African legislation, including but not limited to:

Companies Act 71 of 2008

  • Memorandum of Incorporation
  • Minutes of Board and Shareholder meetings
  • Annual Financial Statements
  • Register of Directors and Officers
  • Share register and certificates
  • Securities register

Income Tax Act 58 of 1962

  • Tax returns and assessments
  • PAYE records
  • VAT records
  • Supporting financial documentation
  • Records of asset disposal

Value-Added Tax Act 89 of 1991

  • VAT registration certificates
  • Tax invoices and credit notes
  • VAT returns
  • Import and export documentation

Basic Conditions of Employment Act 75 of 1997

  • Employment contracts
  • Wage and salary records
  • Leave records
  • Disciplinary records
  • Termination documentation

Labour Relations Act 66 of 1995

  • Trade union agreements
  • CCMA documentation
  • Dispute resolution records
  • Collective bargaining records

Employment Equity Act 55 of 1998

  • Employment Equity Plans
  • EE Reports submitted to Department of Labour
  • Workforce profile analysis
  • Consultation records

Occupational Health and Safety Act 85 of 1993

  • Health and safety policies
  • Incident and accident reports
  • Risk assessments
  • Training records

Broad-Based Black Economic Empowerment Act 53 of 2003

  • B-BBEE certificates
  • Verification reports
  • Transformation charters
  • Equity ownership records

Electronic Communications and Transactions Act 25 of 2002

  • Electronic records and signatures
  • Data messages
  • Cybersecurity policies
  • Website terms and conditions

Protection of Personal Information Act 4 of 2013

  • Privacy policies
  • Processing operations register
  • Data subject consent records
  • Data processing agreements
  • Security safeguard documentation
  • Breach notification records

5. Request Procedure

5.1 Access Request Form

All requests for access to records must be made using the prescribed Form A as set out in Annexure A of the PAIA Regulations. The form is available:

5.2 Submission of Request

Completed request forms must be submitted to:

Information Officer: Dr. Terry Ramabulana

TIS Holdings Pty Ltd

21 Woodlands Drive, Building 2, Woodmead, 2191

Email: compliance@tisholdings.com

Phone: +27 83 455 8115

5.3 Information Required in Request

To enable efficient processing, your request must include:

5.4 Processing Timeline

Day 0: Request received and logged
Day 1-3: Acknowledgment sent to requester
Day 4-15: Request assessment and verification
Day 16-25: Record compilation and fee calculation
Day 26-30: Decision communicated to requester

TIS Holdings will respond within 30 days from receipt of the request. This period may be extended by a further 30 days if necessary, with written notice to the requester.

5.5 Third-Party Notification

If the requested record contains information about a third party, TIS Holdings will notify that third party within 21 days of receiving the request, allowing them to make representations regarding access.

6. Fees

6.1 Request Fee

A non-refundable request fee of R50.00 is payable upon submission of the request (except for personal information requests by the data subject themselves).

6.2 Access Fees

If the request is granted, the following fees apply (as per PAIA regulations):

Service Fee
Photocopies (per A4 page) R1.10
Printed copies (per A4 page) R0.75
Copies on CD/USB (per device) R70.00
Transcription (per A4 page) R20.00
Copy of visual images (per A4 page) R60.00
Inspection of records (no fee) Free
Postage/courier (actual cost) Actual cost
Search and preparation time (per hour, after first hour) R30.00

6.3 Payment Methods

Fees must be paid before access is granted. Accepted payment methods:

6.4 Fee Waiver

The Information Officer may waive fees if:

7. Grounds for Refusal

TIS Holdings may refuse a request for access to records on the following grounds (as provided in PAIA):

7.1 Mandatory Protection of Privacy of Third Parties

If disclosure would involve the unreasonable disclosure of personal information about a third party (PAIA Section 63).

7.2 Mandatory Protection of Commercial Information

7.3 Protection of Confidential Information

If disclosure would constitute breach of duty of confidence owed to third party (Section 37).

7.4 Safety of Individuals and Protection of Property

If disclosure could endanger life or physical safety of individuals or prejudice security of property (Section 38).

7.5 Protection of Certain Confidential Communications

7.6 Commercial Information of Private Body

7.7 Research Information

If disclosure would expose TIS Holdings or third party to serious disadvantage in research activities (Section 69).

7.8 Manifestly Frivolous or Vexatious Requests

If the request is manifestly frivolous, vexatious, or involves an unreasonable diversion of resources (Section 45).

7.9 Procedure When Refusing Request

If a request is refused:

8. Remedies Available

8.1 Internal Appeal

If your request is refused, you may lodge an internal appeal:

The CEO will reconsider the decision and respond within 30 days.

8.2 Court Application

You may apply to Court for appropriate relief if:

Timeframe: Application must be made within 180 days of exhausting internal remedies.

8.3 South African Human Rights Commission (SAHRC)

You may also approach the SAHRC for assistance:

PAIA Unit - South African Human Rights Commission

PAIA Unit, Promotion of Access to Information Act

The Research and Documentation Department

Postal: Private Bag 2700, Houghton, 2041

Phone: +27 11 877 3600

Fax: +27 11 403 0625

Website: www.sahrc.org.za

Email: PAIA@sahrc.org.za

8.4 Information Regulator (for POPIA-related matters)

Information Regulator (South Africa)

SALU Building, 316 Thabo Sehume Street, Pretoria, 0002

Phone: 012 406 4818

Fax: 086 500 3351

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg

9. Information Officer Contact Details

Information Officer

Dr. Terry Ramabulana

CEO & Managing Director

TIS Holdings Pty Ltd

Registration: 2007/020605/07

 

Contact Information:

Email: compliance@tisholdings.com

Phone: +27 83 455 8115

Physical Address: 21 Woodlands Drive, Building 2, Woodmead, 2191

Deputy Information Officer

Mathilda Ramabulana

Human Capital Director

TIS Holdings Pty Ltd

 

Contact Information:

Email: compliance@tisholdings.com

Phone: 011 258 8500

Physical Address: 21 Woodlands Drive, Building 2, Woodmead, 2191

Business Hours

Monday to Friday: 08:00 - 17:00 (South African Standard Time)

Closed: Weekends and South African public holidays

Response Time

Requests received will be acknowledged within 3 business days. Full responses will be provided within 30 days as required by PAIA.

10. Availability of This Manual

10.1 Online Access

This PAIA Manual is available for free download at:

10.2 Physical Copy

A printed copy of this manual is available for inspection, free of charge, at the registered office of TIS Holdings during business hours.

10.3 Request for Copy

A copy of this manual may be requested from the Information Officer. A nominal fee may be charged for printing and delivery.

10.4 SAHRC Submission

This manual has been submitted to the South African Human Rights Commission as required by PAIA Section 14.

10.5 Updates and Revisions

This manual is reviewed annually and updated as necessary.

Current Version: 1.0

Effective Date: February 16, 2026

Last Review Date: February 16, 2026

Next Review Date: February 16, 2027

Appendix A: Processing Operations Register (POPIA Section 51)

Processing Activity Purpose Legal Basis Data Categories Data Subjects Recipients Retention Period
ESG Navigator Authentication Platform access control and security Consent + Legitimate Interest Name, Email, Role, Company, Password Hash Platform users (internal team) Internal only Account lifetime + 5 years
Supplier Risk Assessment ESG compliance monitoring and due diligence Contract + Legitimate Interest Company name, contact details, compliance records, ESG scores Supplier representatives Client organizations (with consent) Contract duration + 7 years
AI Agent Processing Automated ESG compliance analysis Consent + Legitimate Interest ESG data, compliance reports, supplier information Corporate clients, suppliers IBM Watsonx (processor), Anthropic Claude (processor) 7 years (JSE requirement)
Client Engagement & CRM Business development and relationship management Legitimate Interest Name, email, company, job title, interaction history Prospects, clients, partners Internal sales team only 3 years after last contact
Financial Transactions Invoicing, payment processing, tax compliance Contract + Legal Obligation Client details, payment information, invoices, tax records Clients, suppliers Banks, auditors, SARS 7 years (tax law)
Employee Records HR administration, payroll, performance management Contract + Legal Obligation Personal details, employment contracts, payroll, performance reviews Employees, contractors Payroll provider, pension fund, medical aid Employment + 5 years
Website Analytics Platform improvement and user experience Legitimate Interest IP addresses, browser type, page views, session duration Website visitors Analytics provider (anonymized) 2 years

Appendix B: Third-Party Data Processors

Processor Service Provided Data Shared Location Safeguards
IBM Watsonx AI orchestration and machine learning ESG data, compliance queries USA (cloud) Data Processing Agreement, SOC2, ISO 27001
Anthropic Claude AI analysis and natural language processing Compliance queries, document analysis USA Business Associate Agreement, Enterprise security
Amazon Web Services (AWS) Cloud infrastructure and serverless computing All platform data (encrypted) EU/USA (selectable regions) SOC2 Type II, ISO 27001, GDPR compliance
Neon PostgreSQL Database services All structured data EU/USA Encryption at rest/transit, SOC2
Railway Backend hosting and deployment API data, application code USA/EU Container isolation, encrypted environment
Vercel Frontend hosting and CDN User interface, static assets Global CDN DDoS protection, SSL/TLS
Cloudflare Security and DDoS protection Network traffic, DNS requests Global WAF rules, rate limiting, SSL
DRATA SOC2 compliance automation Security controls, audit logs USA SOC2 certified, access controls

Note: All third-party processors operate under signed Data Processing Agreements (DPAs) that ensure POPIA and GDPR compliance. Standard Contractual Clauses (SCCs) are in place for international data transfers.

Appendix C: Categories of Data Subjects and Personal Information

1. Employees and Contractors

2. Clients and Prospects

3. Suppliers and Business Partners

4. Platform Users (ESG Navigator)

5. Website Visitors

Appendix D: Security Safeguards

Technical Safeguards

Organizational Safeguards

Physical Safeguards

Compliance Monitoring

Manual Approval and Updates

This PAIA Manual has been approved by:

 

_________________________________

Dr. Terry Ramabulana

Chief Executive Officer & Information Officer

TIS Holdings Pty Ltd (2007/020605/07)

 

Date: February 16, 2026

 

Version: 1.0

Effective Date: February 16, 2026

Next Review Date: February 16, 2027

Revision History

Version Date Changes Made Approved By
1.0 February 16, 2026 Initial PAIA Manual creation and publication Dr. Terry Ramabulana