Unless the context clearly indicates otherwise, the following terms shall have the meanings assigned to them hereunder, namely –


  • “Act” means the Promotion of Access to Information Act, Act 2 of 2000, as amended from time to time;

  • “Company” means Koms Consulting (Pty) Ltd as more fully described in the overview hereunder;

  • “Information Officer” means the person acting on behalf of the Company and discharging the duties and responsibilities assigned to the head of the Company by the Act.  The Information Officer is duly authorised to act as such and such authorisation has been confirmed by the “head” of the Company in writing;

  • “Manual” means this manual published in compliance with Section 51 of the Act;

  • “Record” means any recorded information, regardless of form or medium, which is in the Possession or under the control of the Company, irrespective of whether or not it was created by the Company;

  • “Request” means a request for access to a Record of the Company;

  • “Requestor” means any person, including a public body or an official thereof, making a Request for access to a Record of the Company and includes any person acting on behalf of that person; and

  • “SAHRC” means the South African Human Rights Commission.

  • Unless a contrary intention clearly appears, words signifying: -

    • the singular includes the plural and vice versa;

    • any one gender includes the other genders and vice versa; and

    • natural persons include juristic persons.


Unless otherwise stated, terms defined in the Act shall have the same meaning in this Manual.




Koms Consulting (Pty) Ltd is a Company incorporated in accordance with the company laws of South Africa.


The Founder is, Charel Jacobus Richter and the history of the Company involves the following: Koms Consulting (Pty) Ltd was established in 1997, providing top South African fruit producers with consulting engineering and project management solutions for their fruit pack house and cooling facilities.

Our core business is the design and project management of fruit pack house and agricultural developments. We provide engineering excellence by translating our client’s needs to assist them in developing a world class facility. 

We specialize in the following areas:

  • Fruit pack houses

  • Citrus pack houses

  • Table grape pack houses

  • Table grape infrastructure

  • Agricultural development

  • Agricultural consulting engineering

Since inception Koms Consulting (Pty) Ltd has also successfully completed international pack house developments in neighbouring African countries.

Koms Consulting (Pty) Ltd strives to develop pack house and agricultural projects that are innovative, effective and functional.





The Chief Executive of the Company, as head of the private body, has delegated his powers to the Company Secretary, as Information Officer, whose details appear hereunder for purposes of dealing with all matters in connection with Requests for information on the Company’s behalf and to ensure compliance with the Act.


Group Company Secretary: Zanelle van Wyk


Postal address: P.O Box 630, Keimoes, 8860          








The SAHRC has compiled a guide, as required by Section 10 of the Act, containing such information as may reasonably be required by a person who wishes to exercise any right contemplated in this Act.


The guide is available on the SAHRC website,


The SAHRC can be contacted directly at: The South African Human Rights Commission: PAIA Unit


The SAHRC website at at this link: ; or

The Department of Justice and Constitutional Development website at at this link:



The following Records are automatically available without a person having to request access in terms of the Act:


  • The web page is accessible to anyone who has access to the Internet. The Company website hosts the following categories of information:


  • Company info

  • Corporate Info

  • Corporate Profile

  • Product and promotional brochures/pamphlets

  • News and marketing information

  • Corporate communications




Records are kept in accordance with the following legislation:


  • Basic Conditions of Employment Act, 1997

  • Companies Act, 2008

  • Compensation for Occupational Injuries and Diseases Act, 1993

  • Electronic Communications and Transactions Act, 2002

  • Employment Equity Act, 1998

  • Income Tax Act, 1962

  • Labour Relations Act, 1995

  • Occupational Health and Safety Act, 1993

  • Unemployment Insurance Act, 2001

  • Value Added Tax Act, 1991




5.1 Statutory and Legal:


  • Statutory registers

  • Annual reports

  • Statutory Records & returns, including incorporation documents, memorandum of incorporation and share register

  • Minutes of meetings

  • Board

  • Board and statutory committees

  • Management committees

  • Contractual and legal agreements

  • Licenses


5.2 Human Resources


  • HR policies & procedures

  • Employment equity plan and report

  • Employee Records

  • Benefits


5.3 Administration, Finance & Accounting:


  • Accounting Records

  • Auditors’ reports

  • Tax returns

  • VAT returns

  • Policies & procedures


5.4 Retirement Fund


  • N/A


5.5 Insurance


  • Policies, including coverage, limits and insurers

  • Claim Records


5.6 Information technology


  • Hardware

  • Software packages

  • Licences

  • IT policies and procedures

  • Operating systems


5.7 Sales and Marketing


  • Customer Records

  • Statements of account

  • Terms & conditions


5.8 Assets


  • Leases

5.9 Operational information


This information can be defined as information needed in the day-to-day running of the organization.

  • internal telephone lists

  • address lists

  • company policies

  • industry related statistical data

  • management information reports

  • property development information such as title deeds, lease agreements, construction contracts and architectural drawings




7.1 How to Request a Record (Section 53)


  • Requests for access to Records must be made to the Information Officer in the prescribed form, Annexure 1 at the address, fax number or electronic mail address referred to in 1 above.  Failure to make use of the prescribed form could result in your Request being refused or delayed.


  • A Request for access to a Record must be accompanied by payment of an initial non- refundable Request fee of R57.00 (inclusive of VAT).  This fee is not applicable to personal Requests, i.e. individual seeking access to Records pertaining him/herself.


  • The Requestor must provide sufficient detail on the Request form to enable the Information Officer to clearly identify the Record as well as the Requestor’s identify, which is to be accompanied by positive proof of identification.

  • The Requestor must indicate which form of access is required and if he/she wishes to be informed on the decision on the Request in any other manner, to state the necessary particulars to be so informed.

  • Access is not automatic.  The Requestor must therefore identify the right he/she is seeking to exercise or protect and provide an explanation as to why the requested Record is required for the exercise or protection of that right.

  • If a Request is made on behalf of a person, the Requestor must then submit proof, to the satisfaction of the Information Officer, of his/her authority to make the Request. Failure to do so will result in the Request being rejected.


7.2 Decision on Request (Section 56)


  • The Requestor will be notified, within 30 days, in the manner indicated by him/her of the outcome of his/her Request, alternatively whether an extension not exceeding 30 days is required to deal with the Request.

  • If the Request for access is granted a further access fee must be paid for the reproduction as well as the search and preparation of the Records and for any time that has exceeded the prescribed hours to search and prepare the Record for disclosure. Access will be withheld until the Requestor has made payment of the applicable fee(s).


  • In the event that the Request for access is refused, reasons for the refusal will be provided and the Requestor will be advised the he/she may lodge an application with a court against the refusal of the Request, as well as the procedure for lodging the application.

  • The Requestor may lodge an internal appeal or an application to court against the tender

    • or payment of the Request fee.


7.3 Availability


This Manual is available on the company website, , alternatively at 175 Main Road, Keimoes, 8860 during office hours.


7.4 Fees

The fees payable in respect of access to Records are attached as Annexure 2.



Promotion of Access to Information Act: Section 51 Manual

This Manual has been prepared in accordance with section 51 of the Act and aims to facilitate a Request for access to a Record held by a private body that is required for the exercise or protection of any rights.

Privacy Policy

For the POPI Act, the Company, Koms Consulting (Pty) Ltd (Reg no 2000/031330/07), is deemed to be an organization that engages in all aspects of business. It follows that personal information could be processed in some of the following categories:


  1. Employees

  2. Clients

  3. Vendors

  4. Stakeholders, i.e. shareholders

  5. Governing bodies, i.e. directors

  6. Statutory bodies, i.e. SARS

  7. Public viewers, i.e. websites

  8. Hostile invaders i.e. hackers


The processor, person privy to the processing is Information Officer Zanelle van Wyk, Financial Accountant of Koms Consulting (Pty) Ltd. The following general information is collected from the parties above:


  1. Name

  2. Surname

  3. Address

  4. Contact Details

  5. All client information relating to accounting, products, services in common

  6. All vendor information relating to accounting, products, services in common


The Company vows to protect the information as prescribed by the POPI Act. As far as the Company understands, all personal information is private and attended to according to the POPI Act.


The Company will at all times measure the risk of breach of the POPI Act and actively manages same on a daily basis.



Data Protection Policy



The Company commits to continually uphold that the person responsible for instructing the Information Technology contractors to the Company, is the person responsible for the processing of the information.


The Company addressed all security on all personal information. Personal information is at least secure, but not limited to, in the following areas:


  1. On end-points;

  2. Data in transit;

  3. Data stored in cloud;

  4. In terms of antivirus, malware, Trojans, worms, phishing employed etc.


All Company officials, employees, vendors and clients are appropriately informed of measures taken to protect personal information and the processing of personal information. Unauthorized persons have no access to personal information and all persons who do have access, have minimum appropriate access to personal information.


Those who hold or process information consent to full surveillance of processing of personal information and consented to personal accountability for such processing. All operators and processors committed to protect personal information and to procure instruction from the responsible party on deemed processing.


The Company procured the commitment of all operators and processors of personal information to employ maximum security and secrecy on all personal information, and to personally assume the responsibility to employ measures to protect personal information on all electronic equipment.


Mobile devices are to be treated like firearms. Devices are always kept on the processor’s person. Neither the device nor any information on the device is ever given to third parties who do not hold the written consent of the data subject. Business data will always be kept separate from personal data – i.e., personal information.


Data is encrypted in order to safeguard data against unauthorized exposure to third parties. Data pertains to non-electronic files, end-point data, data in transit and hosted or cloud data. Least number of security codes are kept by least number of employees. The data specialist appointed by the Company will take into account all risk factors and address same to the satisfaction of the POPI Act. Where possible, the number of data storage is maximized.


The Company has done a risk and impact assessment on all cloud computing and is satisfied that its cloud computing adheres to the requirements of the POPI Act.


All non-electronic personal information is kept safe and rules and regulations are applicable to access of filing facilities and office spaces. Risk is reduced to the minimum on all aspects of processing personal information in that information is held behind the maximum practical guarded physical barriers as the environment allows.


All handlers of physical security acknowledged that they are responsible for compliance and undertake to ensure full compliance to the POPI Act. All personal information will always be kept and attended to in a secure manner.


Personal information is only used for the purpose obtained as instructed by the data subject.



Data Breach Incident Plan

The Company has approved procedures to manage incidents that may have an impact on the POPI Act. Roles and responsibilities are known to all responsible operators and data processors, and ready to be implemented when incidents occur.


All heads of department are in full control of all personal data and vowed to keep personal data safe and secure. Steps have been taken to reduce incidents and to increase the speed in which incidents are attended to. Operators and processors of personal information are forewarned to report incidents as soon as possible and managers are forewarned to attend to reports as soon as possible.


A data breach action plan can include the following but are not limited to:

  1. All parties related to the incident will assist one another to attend to a breach as soon as possible with maximum allowed force.

  2. When an incident occurs, the incident, in compliance with the POPI Act will not be discussed with anyone but the employee’s direct manager.

  3. Managers may only discuss incidents with the CEO.

  4. The CEO may only discuss the matter with the board of directors, whereafter the board will direct the CEO.  

  5. Once a breach is confirmed, the CEO will communicate, as prescribed by the POPI Act, with the affected data subject, the Regulator and with those who may be influenced by the breach.

  6. The following will be documented:

    1. All risks, incidents, and threats.

    2. All responses to the above.

    3. Number of data subjects involved, with their contact details

    4. Details of the breach, i.e. time, place, format of data, size of breach, reasons and possible consequences, etc.

    5. An action plan to remedy the breach with the roles and responsibilities of all parties related to the matter.

    6. The Company has forms and written procedures for all steps related to the stages of breach.



Personal Information Management


The data subject remains the owner of his or its personal information. The data subject is the sole stakeholder of his or her or its personal information and the Company acknowledges the latter facts.


The Company logs all consents obtained from the data subject in a central register. The data subject consents contain the following:


  1. The initial consent allowing Company to hold the specific personal information;

  2. Ongoing consents detailing the confirmation and changes to the personal information;

  3. Confirmation to data subject of his right to access to the personal information;

  4. The purpose for which personal information is held by the Company;

  5. Who in the Company would receive and hold the personal information;

  6. The length of time which the personal information will be held;

  7. When or in what event the personal information will be destroyed.

  8. Agreement on identity of third parties to whom the data subject ceded rights above.


The Company holds request and consent forms for data subject enquiries and instructions, and will provide these to the data subject or third party who holds instructions on behalf of data subject.

Zanelle van Wyk

Information officer