Introduction
This manual is published in accordance with Section 51 of the Promotion of Access to Information Act, No. 2 of 2000 ("PAIA"), as amended by the Protection of Personal Information Act, No. 4 of 2013 ("POPIA"). It enables members of the public to access records held by Cymless ("the Company"), subject to justifiable limitations.
The Company provides a money transfer platform and may, in the course of its business, collect, hold, and process information belonging to its clients, employees, and service providers.
Company Information
| Business Name | Cymless (Pty) Ltd |
| Registration Number | 2020/739933/07 |
| General Email Address | info@cymless.com |
| Website | www.cymless.com |
Information Officer Details
Information Officer Registration
The Information Officer of the Company is duly appointed in terms of section 55 of POPIA and is responsible for ensuring compliance with both PAIA and POPIA.
The Information Officer is registered with the Information Regulator in accordance with applicable regulatory requirements.
Information Regulator Details
| Physical Address | Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191 |
| Website | www.inforegulator.org.za |
| Telephone Number | 010 023 5200 |
| Email (PAIA-related) | PAIAComplaints@inforegulator.org.za |
| Email (POPIA-related) | POPIAComplaints@inforegulator.org.za |
Categories of Automatically Available Records
The following records are available without a PAIA request (Section 52):
- Company brochures and product descriptions
- General company policies
- Marketing material
- Website information
- Press releases and newsletters
Records Held by the Company
6.1 Personnel Records
- Employment contracts and records
- Leave and payroll information
- Disciplinary proceedings
- Training and development documentation
6.2 Client and System User Records
- Client onboarding documentation
- System user logs and access controls
- FICA and verification documentation
- Contracts and service level agreements
- Support tickets and user correspondence
6.3 Financial and Tax Records
- Invoices, statements, and receipts
- Bank account records
- Financial reports
- Tax submissions and returns
6.4 Company Governance Records
- CIPC registration documents
- MOI and company resolutions
- Board and shareholder meeting minutes
6.5 Legal and Regulatory
- Signed contracts and legal agreements
- Compliance records (POPIA, FICA)
- Dispute and litigation records
6.6 Information Technology
- IT policies and procedures
- System logs and backup files
- Security protocols and incident reports
6.7 POPIA-Specific Records
- Consent records and privacy notices
- Operator agreements
- Records of data subject requests
Purpose of Processing Personal Information
The Company processes personal information for the following reasons:
- Contract execution and client servicing
- General compliance (e.g., FICA, POPIA)
- Payroll and HR administration
- Internal operations and support
- Security and fraud prevention
- Marketing and communication (based on consent)
- Software usage analysis and reporting
Data Subject Rights (POPIA)
In addition to the rights provided for under PAIA, data subjects have the following rights in terms of POPIA:
8.1 Right of Access
A data subject has the right to request confirmation as to whether or not personal information relating to them is held by the Company and to request access to such personal information.
8.2 Right to Correction or Deletion
A data subject may request the correction, destruction, or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained.
8.3 Right to Object to Processing
A data subject may object, on reasonable grounds relating to their particular situation, to the processing of their personal information in accordance with section 11(3) of POPIA.
8.4 Right to Object to Direct Marketing
A data subject may object at any time to the processing of personal information for purposes of direct marketing by means of unsolicited electronic communications.
8.5 Right to Lodge a Complaint
A data subject has the right to lodge a complaint with the Information Regulator if they believe that their personal information has been processed in contravention of POPIA.
The Information Regulator (South Africa)
- Website: www.inforegulator.org.za
- Email: complaints.IR@justice.gov.za
Procedure For Exercising POPIA Rights
9.1 Requests to exercise rights in terms of POPIA (including objections, correction, deletion or access requests) may be submitted in the prescribed form or in a written request containing sufficient information to enable the Company to identify the data subject and the specific right being exercised.
9.2 Such requests may be submitted via:
- Email to the Information Officer at: info@cymless.com
- Physical delivery to the Company's registered address
- Any additional communication channel made available by the Company from time to time
9.3 Requests to object to processing, or to request correction or deletion of personal information, will be processed free of charge, unless a fee is expressly permitted by applicable legislation.
9.4 The Company will acknowledge receipt of the request and inform the data subject of the outcome and any measures taken in response to the request within the timeframes prescribed by applicable legislation.
9.5 Where an objection is made telephonically (if such channel is made available), the Company will record the objection and retain such record for evidentiary and compliance purposes.
Distinction Between PAIA and POPIA Requests
10.1 Requests for access to records in terms of PAIA must be submitted using the prescribed PAIA request form (Form 2) as published by the Information Regulator.
10.2 Requests in terms of POPIA (including objections, correction, deletion or direct marketing objections) must be submitted in accordance with the applicable POPIA Regulations or in a format substantially similar to the prescribed forms.
10.3 The Company will reasonably assist data subjects in identifying the correct form and procedure where required.
Grounds for Refusal of Access
Access to a requested record may be refused on grounds including:
- Protection of third-party personal or commercial information
- Legal privilege
- Breach of duty of confidentiality
- Safety or property concerns
- Access prohibited by other legislation
Security Safeguards
The Company employs reasonable, appropriate technical and organisational measures to protect personal information in accordance with POPIA Section 19. These include:
- Access control and user authentication
- Antivirus software and firewalls
- Encryption of sensitive data
- Secure data backups
- Non-disclosure agreements with employees and operators
Availability of This Manual
This manual is:
- Available for inspection at the Company's offices during business hours
- Available on request from the Information Officer
- Available on the company's website at www.cymless.com
Updates to This Manual
This manual will be reviewed annually and updated as necessary in response to changes in the law, company operations, or data processing practices.