PAIA Manual
Manual in terms of section 51 of the Promotion of Access to Information Act 2 of 2000 ("PAIA") · Last updated: 11 July 2026
1. About this manual
PAIA gives people a right of access to records held by private bodies where the record is required for the exercise or protection of a right, and — read with the Protection of Personal Information Act 4 of 2013 ("POPIA") — a right of access to their own personal information. This manual explains what records IndunAI (by In-House IT) holds and how to request access to them.
2. Contact details (section 51(1)(a))
Head of the private body: the owner of IndunAI (by In-House IT).
Requests and questions: angus@inhouseit.durban.
Postal and street addresses are available on request through the same
contact.
3. The Regulator's Guide (section 51(1)(b))
The Information Regulator publishes a Guide (section 10 of PAIA) on how to use the Act, in all official languages. It is available from the Information Regulator (South Africa): inforegulator.org.za · JD House, 27 Stiemens Street, Braamfontein, Johannesburg.
4. Categories of records we hold (section 51(1)(c))
- Customer service records: enquiries and chat conversations with our AI assistant (webchat and WhatsApp), appointment bookings, reminders and review requests, customer names and contact details.
- Marketing records: mailing lists and consents, unsubscribe records, published marketing content and its performance.
- Business and financial records: invoices, payment and banking records, tax records, supplier and service-provider agreements (including our hosting/operator agreement with In House IT).
- Company/statutory records and personnel records, where applicable.
5. Records available without a PAIA request (section 51(1)(d))
Our privacy policy, the platform's client terms, this manual, and anything we've published (website content, social media posts) can simply be read — no request needed. Your own upcoming booking details can be confirmed by asking the assistant in the same conversation channel you booked on.
6. Records available under other legislation
Some records are available to the persons or bodies entitled to them under other laws (for example tax records to SARS under the Tax Administration Act, company records under the Companies Act). Where another law governs access, that law's procedure applies.
7. How to request a record (sections 53 and 56)
1. Use Form 02 (Annexure A to the PAIA Regulations, 2021),
available from
inforegulator.org.za.
2. Send it to angus@inhouseit.durban, identifying the record, the right you seek to
exercise or protect (not needed when requesting your own personal
information), and how you'd like access (copy, inspection,
electronic).
3. Fees: the fees prescribed in Annexure B to the PAIA
Regulations, 2021 (as amended from time to time) apply — currently a
request fee of R140 for a private body's record, plus reproduction fees.
No request fee is payable when you request your own personal
information (a "personal requester"); reasonable reproduction fees
may still apply.
4. We must respond within 30 days, extendable once by up to a
further 30 days where the request is large or complex (with notice to
you, section 57 read with section 56).
8. Grounds on which access may be refused
PAIA (Chapter 4 of Part 3) requires or permits refusal in defined cases — chiefly to protect another person's privacy, confidential or commercially sensitive information of a third party, records privileged in legal proceedings, and our own commercial information where disclosure would cause harm. Where only part of a record is protected, the rest is severed and disclosed (section 65).
9. How we process personal information (PAIA Regulations, 2021)
Purposes: answering enquiries, making and managing appointments,
reminders and review requests, direct marketing with consent or to
existing customers, and ordinary business administration.
Categories of data subjects and information: customers and
prospective customers — names, contact details, conversation content,
appointment details; mailing-list subscribers — contact details and
consent records.
Recipients: our team; In House IT as our POPIA operator (hosting);
the AI model provider (message content, to generate replies, which may be
processed outside South Africa — section 72(1)(d) of POPIA); Meta
Platforms where WhatsApp is used; our calendar provider.
Security: isolated hosted environment with its own database in
Johannesburg, encrypted transport, restricted access, nightly backups
kept 14 days.
Full detail is in our privacy policy.
10. Remedies
If a request is refused or we fail to respond, you may lodge a complaint with the Information Regulator (Form 05 of the PAIA Regulations, 2021) via inforegulator.org.za, or apply to a court with jurisdiction.
11. Availability of this manual (regulation 3)
This manual is published at this address, is available for inspection at our principal place of business during business hours, and copies can be requested from angus@inhouseit.durban. It is updated whenever the underlying facts change.