This document is intended to facilitate requests for access to records of the Company as provided for in Section 51 of the South African Promotion to Access of Information Act 2 of 2000 (PAIA).

1. DEFINITIONS

The following expressions shall have the meanings assigned to them below:

“Company” means Travelport Southern Africa (Proprietary) Limited, referred in this Manual as “Travelport SA”;

“Deputy information officer” means the person duly authorised by the head of the company and appointed by the company to facilitate or assist the head of the Company with any request in terms of PAIA;

“Information officer” means the head of the Company which fulfils this function in terms of section 51 of PAIA, whose details are provided below under paragraph 4;

“Manual” means this document together with all of its appendices, as amended from time to time

“PAIA” means the Promotion of Access to Information Act No. 2 of 2000, as amended from time to time including the regulations promulgated in terms of PAIA;

“Personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to: information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; information relating to the education or the medical, financial, criminal or employment history of the person; any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person, the biometric information of the person; the correspondence of private nature of the person, the personal opinions, views or preferences of the person;

“POPIA” means the Protection of Personal Information Act, Act No 4 of 2013, as amended from time to time including the regulations promulgated in terms of POPIA;

“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use, dissemination by means of transmission, distribution or making available in any other form, or merging, linking, as well as restriction, degradation, erasure or destruction of information;

“Record” means any recorded information regardless of the form or medium, in the possession or under the control of the Company irrespective of whether or not it was created by the Company;

“Requester” means any person making a request for access to a record of the Company.

2. PURPOSE

PAIA requires us to make this Manual available to you so that you know what types of records we hold and to facilitate any requests you make to access such records.

This Manual only applies to Travelport’s operations in South Africa.

3. OUR DETAILS

Full company Name	Travelport Southern Africa (Proprietary) Limited
Registration No	2008/001783/07
Postal address	TRAVELPORT SOUTHERN AFRICA POSTNET SUITE NO.523 PRIVATE BAG X1 MELROSE ARCH 2076
Physical address	WEWORK 173 Oxford Road Rosebank Johannesburg GP 2196
Telephone	+27 10 593 0770
Website	www.travelport.com
Email	privacy@travelport.com

4. CONTACT DETAILS OF THE INFORMATION OFFICER:

4.1 Information Officer

Name: Bryan Rufener
Telephone: +27 (0)64 850 7537
Email: bryan.rufener@travelport.com

5. AVAILABILITY OF THIS MANUAL

This Manual is available to view at the Company’s premises mentioned at Paragraph 3 above, as well as on the Company’s website.

6. SOUTH AFRICAN HUMAN RIGHTS COMMISSION (“SAHRC”) GUIDE

6.1 If you would like further guidance on how to exercise your rights under PAIA, you may contact the South African Human Rights Commission (“SAHRC”). The SAHRC has compiled a guide, as contemplated in section 10 of PAIA, containing information to assist you in exercising your rights under PAIA.

6.2 The contact details of the SAHRC are as follows:

Postal address: Private Bag X2700, Houghton, 2041
Physical address: The South African Human Rights Commission, Braampark Forum 3, 33 Hoofd Street, Braamfontein
Tel: 011 877 3600 (Switchboard)
Website: https://www.sahrc.org.za/index.php/understanding-paia
Email: section51.paia@sahrc.org.za

7. VOLUNTARY DISCLOSURE

At this stage, the Company has not published a notice on the categories of records that are automatically available without a person having to request access in terms of Section 52 (2) of PAIA.

8. RECORDS THAT ARE AUTOMATICALLY AVAILABLE TO EMPLOYEES

8.1 The following records are automatically available to certain employees and need not be requested in accordance with the access procedure outlined below in paragraph 11:

Personnel records are available to the employee whose file it is;
Records of disciplinary hearings and related matters are available to the employee concerned.

8.2 The following records are automatically available to all employees and do not need to be requested in accordance with the access procedure outlined below in paragraph 11:

The Company’s employment equity plan;
The Company’s policies and procedures manuals.

9. RECORDS HELD BY THE COMPANY AND SUBJECT TO A REQUEST FOR ACCESS

9.1 These records are not automatically available without a request in accordance with the procedure outlined below in paragraph 11. The requests for access made for these records may be subject to the grounds for refusal set out in this Manual. Also, records which contain confidential information of a third party will require that third party to consent to the disclosure before we will consider providing access to such information.

9.2 We hold the following categories of records:

Company’s internal records	Business Partners records^[1]	Other Parties’ records
Company’s incorporation documents	Any records a Business Partner has provided to us or a third party acting for us or on our behalf	Information regarding our third party service providers (including contractors and designated agents – “Suppliers”). The following activities are carried out by Suppliers: Black Economic Empowerment (BEE) verification services, people administration services, travel services, office management, site security, payroll, expense administration and payments, pension administration, medical insurance & EAP, employment equity and skills development reporting services, benefits provision and administration, IT and telephony services.
Financial records	Contractual documentation
Operational records	customer due diligence, including KYC and Sanctions Lists checks
Intellectual property	Credit information, including any transactional records
Marketing records
Internal correspondence
Products records
Statutory records		Information regarding other entities within our group

^[1]For the purposes of this PAIA Manual, by Business Partners we refer to travel providers (such as airline, car rental company or hotel business contacts ), our travel agency customers or other companies that subscribe to our global distribution system and other companies which we have a commercial relationship with.

Please be aware that the confidentiality of our Business Partners is very important to us, therefore the requester must motivate any request for information very carefully, having regard to the grounds for refusal of access to records as provided in this Manual under paragraph 12.

10. RECORDS HELD BY THE COMPANY IN TERMS OF OTHER LEGISLATION, ACCORDING TO SECTION 51(1) (D) OF PAIA

The Company has certain obligations to retain records and documents under national rules and regulations, as listed below. The records retained as per the below legislation are not automatically available without a request according to the procedure outlined below in paragraph 11:

Basic Conditions of Employment Act no. 75 of 1997
Broad-Based Black Economic Empowerment Act, 2003
Businesses Act no. 71 of 1991
Companies Act no. 71 of 2008
Compensation of Occupational Injuries and Diseases Act no. 130 of 1993
Competition Act no. 71 of 2008
Constitution of the Republic of South Africa 2008
Competition Act of 1998
Copyright Act no. 98 of 1978
Intellectual Property Laws Amendment Act no. 38 of 1997
Electronic Communications and Transaction Act no. 25 of 2002
Employment Equity Act no. 55 of 1998
Income Tax Act no. 58 of 1962
Insider Trading Act no. 135 of 1998
Insolvency Act no. 24 of 1936
Labour Relations Act no. 66 of 1995
National Environmental Management Act no. 107 of 1998
Occupational Health and Safety Act no. 85 of 1993
Patents Act no 57 of 1978
Pension Funds Act no. 24 of 1956
Prevention of Organised Crime Act no. 121 of 1998
Protection of Personal Information Act no. 4 of 2013 (POPIA)
Promotion of Access to Information Act no. 2 of 2000 (PAIA)
Regional Services Councils Act no. 109 of 1985
Revenue Laws Second Amendment Act no. 74 of 1997
Skills Development Act no. 97 of 1998
Skills Development Levies Act no. 9 of 1999
Taxation Laws Amendment Act no. 7 of 2010
Trademarks Act no. 194 of 1993
Securities Transfer Tax Act no. 25 of 2007
Unemployment Insurance Act no 63 of 2001
Unemployment Insurance Contributions Act 4 of 2002
Value Added Tax Act no. 89 of 1991.

11. PROCESS FOR REQUESTING ACCESS NOT AUTOMATICALLY AVAILABLE

11.1 To request access to our records, you will need to complete Form C under PAIA which is available as follows:

On the SAHRC website, by accessing the following link: https://www.sahrc.org.za/home/21/files/Form%20C.doc%20August%202013.doc

11.2 Please submit the completed form to our Information Officer by email at the contact details given above at paragraph 4.1 with a copy to privacy@travelport.com.

11.3 The Information Officer will decide whether or not to grant you access to the records you have requested, as soon as reasonably possible but not later than 30 days after we receive your request.

11.4 When we will answer your request, we will advise you of (i) the access fee to be paid for the information (in accordance with paragraph 13 below), (ii) the format in which access is to be granted and (iii) the fact that you may lodge an appeal with a court of competent jurisdiction against the access fee charged or the format in which access is to be granted.

11.5 If the request for access is refused, we will let you know in writing about (i) the adequate reasons for the refusal, in accordance with paragraph 12 below and (ii) the fact that you may lodge an appeal with a court of competent jurisdiction against our refusal to grant you access to our records.

11.6 The Information Officer may decide to extend the initial period (of 30 days) for response to the access request with another period not exceeding 30 days if: (i) the request is for a large number of records; (ii) the search for the records is to be conducted at premises not situated in the same town or city as the head office of the Company; (iii) consultation among departments of the Company is necessary; (iv) you consent to such an extension in writing and (v) we agree in any other manner with you to such an extension.

You may lodge an appeal with a court of competent jurisdiction against any extension established by the Information Officer.

12. GROUNDS FOR REFUSAL

12.1 We may refuse you access to certain records/ information in order to protect:

Someone else’s privacy;
Another Company’s commercial information;
Someone else’s confidential information;
The safety of individuals and property;
Records regarded as privileged in legal proceedings or
Research information.

12.2 If all reasonable steps have been taken to find a record, and such records cannot be found or don’t exist, then we will notify you by way of an affidavit or affirmation that it is not possible to give you access to the requested record.

13. FEES PAYABLE

13.1 You must pay us a request fee as required by PAIA when submitting a request for access to information. The prescribed fees are set out in Fee schedule which is available on SAHRC’s website at the following link: https://www.sahrc.org.za/home/21/files/PAIA%20Notice%20on%20fees.pdf and are as follows:

for every photocopy of an A4 size page or part thereof: R1,10
for every printed copy of an A4 size page or part thereof: R0,75
for a copy of a compact disc: R70,00
for a transcript of visual images for an A4 size page or part thereof: R40,00
for a copy of visual images: R60,00
for a transcript of an audio record, for an A4 size page or part thereof: R20,00
for a copy of an audio record: R30,00

13.2 When a person submits a request for information held by us regarding an individual other than the requester himself/herself, a request fee in the amount of R50,00 is payable up-front via EFT (electronic funds transfer) before the institution will further process the request received.

13.3 If we are of the opinion that six hours will be exceeded to search, reproduce and/or prepare the information requested, the requester must pay a deposit equal to one-third of R30,00 for each hour or part thereof, exceeding the six hours.

14. HOW WE PROCESS AND PROTECT PERSONAL INFORMATION IN ACCORDANCE WITH POPIA

Everyone has rights with regard to how their personal information is handled, and we recognise that the lawful and correct treatment of personal data is vital to our continued success in an increasingly regulated global marketplace.

14.1 Purposes of processing personal information

We process personal information for a variety of purposes, including but not limited to the following:

to provide our products and services and to manage any information, products and/or services requested by our data subjects, including but not limited to processing the personal data of travelers via Travelport’s Travel Commerce Platform (“GDS”);
to verify the identity of our data subjects when they contact us;
to answer questions and respond to comments, requests or queries that our Business Partners, travel agencies (“Subscribers”), job applicants, third party service providers and/or visitors on our website are sending us;
for administration and client relationship management purposes;
for recruitment purposes;
for employment purposes;
for the administration of various rewards schemes for our employees and/or our Subscribers;
for general administration, financial and tax purposes;
to meet our legal, contractual and regulatory obligations;
for corporate and investor communications purposes, in compliance with regulator’s requirements;
for health and safety purposes;
to monitor access, secure and manage our premises and facilities;
to help us improve the quality of our products and services;
to help us detect and prevent fraud, bribery and money laundering;
to help us recover debts;
for marketing purposes, including to carry out analysis and client profiling and identifying other products and services which might be of interest to our data subjects and to inform them about our products and services;
to enable our data subjects to use our website, to help us improve and develop our website, online products and services, to understand our user demographics and use of our website.

14.2 Categories of data subjects and personal information processed

Categories of data subjects and personal information processed by Travelport SA include the following:

Categories of data subjects	Personal Information processed
Travellers/Consumers[1]	contact details, such as home address, postal address, email address and telephone number personal details, such as name, gender, marital status, date of birth Credit card and payment information Visa or passport information Travel and accommodation details Special travel requests, such as a request for a wheelchair or a special meal languages spoken/preference unique online identifiers provided by the systems used (such as the corporate loyalty program number)
Employees	contact details, such as phone number, physical address, email address etc. personal details, such as name, gender, date of birth, marital status etc. special information, including disability information where provided, any medical condition, health and sickness records, information about criminal convictions and offences, race or ethnicity information provided as a result of a credit reference check employee spousal / partner information pension funds related information employment contracts employee performance records bank account details, payroll records and tax status information health and safety records training records employment history information regarding participation in any share plans information included in CV, cover letter or in the application forms unique online identifiers provided by the systems used etc.
Job applicants	contact details, such as phone number, physical address, email address etc. personal details, such as name, date of birth, marital status etc. information provided as a result of background checks employment history audio-video recording of interviews of job applicants copies of right to work documentation, information included in CV, cover letter or in the application forms
Business Partners	contact details, such as phone number and fax numbers, physical address, email address, registration number etc. contact details of the Business Partners’ representatives, including job title, photograph, as required contractual information financial and credit card information, including any transactional records passport information and information regarding the beneficial owners (where required for conducting sanction checks)
Prospects or leads	contact details, such as phone number, physical address, email address etc. analytics for targeting prospects in marketing campaigns, such as information about prospects that are visiting our website or attending our marketing webinars etc.
Suppliers (including prospective suppliers)	contact details, such as phone number, physical address, email address etc. contact details of suppliers’ representatives contractual information credit information, including any transactional records passport information and information regarding the beneficial owners (where required for conducting sanction checks) information submitted in the Request for Proposal (RFP) process (for selected suppliers only), including but not limited to parent company, if the case, affiliated companies, name of the suppliers’ CEO, CFO, COO, financial information (e.g. the suppliers’ turnover for the last 5 years, number of employees, net income, operating profit etc.), contact details for the suppliers’ key clients, contact details of the member(s) of the team to deliver the services under RFP, any other information provided by the selected suppliers in response to the Company’s questions
Visitors	physical access records, which may include personal information such as name, employer, date of visiting etc. surveillance records, including photos of visitors
Shareholders and directors	Contact details, such as phone number, physical address, email address personal information, such as name and length of office number of shares and voting instructions

[1] Individual customers of Travelport’s business customers (being the travellers/consumers that a travel agency may book and ticket travel services on behalf of) or individual travellers who use one of Travelport’s mobile applications or websites, whether white-labelled for an airline or an agency customer or otherwise.

14.3 Recipients or categories of recipients with whom personal information is shared

We may share the personal information of our data subjects for any of the purposes mentioned above with:

the companies in Travelport group;
our personnel, subcontractors, suppliers, agents and advisors who have a need for that information as they assist us in running our business;
third party vendors to satisfy our third party data payment arrangements;
third party administrators, nominees, registrars and trustees for the purposes of administering any share plans;
third party providers of HR online tools (employees data only);
public authorities, in response to lawful requests from them in order to comply with national security or law enforcement requirements for credit card processing, authentication, and fraud prevention; or as otherwise required or permitted by law, subpoena, or regulation

Where we wish to share your personal information with third parties who are not listed above, we will always ensure we have a lawful basis for doing so.

14.4 Information security measures to protect personal information

We take appropriate steps and maintain electronic, physical, procedural and organisational safeguards using industry standard techniques and controls to protect the information we hold from misuse, loss, unauthorised access, modification or disclosure.

We also take steps to ensure that operators that process personal information on behalf of Travelport SA apply adequate safeguards as outlined above.

14.5 Trans-border flows of personal information

We may also disclose personal information to other members of our corporate group located overseas. Countries in which we operate are listed in Schedule 2 – List of Travelport’s entities.

Travelport does most of its processing of GDS personal information in Travelport data centers located in the United States of America. The Travelport system sends personal information of travelers to travel providers who operate worldwide.

We will only transfer personal information across South African borders if the relevant situation requires trans-border processing, and will do so only in accordance with the POPIA requirements; or if the data subjects consent to transfer of their personal information to third parties in foreign countries.

When our operators (data processors) are located overseas, we will take steps to ensure that our operators are bound by laws, binding corporate rules or binding agreements that provide an adequate level of protection and uphold principles for reasonable and lawful processing of personal information, in accordance with POPIA.

15. UPDATING OF MANUAL

This Manual is made available in terms of Regulation no. R 187 of 15 February 2002 and it may be updated by the Company from time to time as may be deemed necessary.