Botshilu Private Hospital Proprietary Limited (“Botshilu”/”we”/ “us” /“our”) is a healthcare service provider. Botshilu is committed to sound business practices in compliance with relevant legislation, which, for purposes of this Manual, includes the Promotion of Access to Information Act 2 of 2000 (PAIA) read with the Protection of Personal Information Act 4 of 2013 (POPI) and Protection of Personal Information Act: Regulations relating to the processing of personal information.



This manual was prepared in terms of section 51 of PAIA. This manual serves to provide to the public guidance and information on:

  • Which information is held by Botshilu.
  • The way information may be requested from Botshilu.
  • The guide and how to use PAIA.
  • All contact information of the Information Officer and the Deputy Information Officer who are responsible for assisting the public on how to request and/or access information processed by Botshilu.
  • The purpose of processing of personal information by Botshilu.
  • Whether we have appropriate security measures to ensure the confidentiality, integrity and availability of the personal information we process.
  • Whether we plan to transfer or process personal information outside the Republic of South Africa.
  • The description of the data subjects and the information of categories of information relating to thereto.
  • The recipients or categories of recipients to whom the personal information may be supplied.


    • “information officer” means the head of the private body, and may include the deputy information officer, if delegated.
    • “in writing” means includes in the form of a data message and accessible in a manner usable for subsequent reference as contemplated in section 12 of the Electronic Communications and Transactions Act 25 of 2002, (“ECTA”).
    • “head” of, or in relation to, a private body means in the case of a juristic person the chief executive officer or equivalent officer of the juristic person, or any person duly authorised by that officer; or the person who is acting as such or any person duly authorised by such acting person.
    • “PAIA/the Act” means the Promotion of Access to Information Act 02 of 2002.
    • “POPI/POPIA” means the Protection of Personal Information Act 04 of 2013.
    • “private body” means a natural person who carries or has carried on any trade, business or profession, but only in such capacity; a partnership which carries or has carried on any trade, business or profession; or any former or existing juristic person but excludes a public body.
    • “record” of, or in relation to, a public or private body, means any recorded information regardless of form or medium; in the possession or under the control of that public or private body, respectively; and whether it was created by that public or private body, respectively.
    • “signature” includes a signature contemplated in section 13 of ECTA.


    • Information Officer/ Head:

Name:                                          Dr Mabitje Jackson Rampedi

Tel:                                               012 798 7000

Email address:                   


  • Deputy Information Officer:

Name:                                          Sam Ndobe

Tel:                                               012 798 7000

Email address:                   


  • Access to information general contacts:



    • The Information Regulator has in terms of section 10(1) of PAIA amended and updated and made the Guide on how to use PAIA, available and accessible for persons who wish to exercise any right contemplated in PAIA and POPI.
    • The Guide is available in each of the official languages and in braille.
    • The aforesaid Guide contains the description of:
      • The objects of PAIA and POPIA.
      • The postal and street address, phone and fax number, and if available the electronic mail address of:
        • The Information Officer of every public body, and
        • Every Deputy Information Officer of every public and private body designated in terms of section 17(1) of PAIA and section 56 of POPIA.
      • The manner and form of a request for:
        • Access to a record of a public body contemplated in section 11, and
        • Access to a record of a private body contemplated in section 50 of POPIA.
      • The assistance available from a public body or private body in terms of PAIA and POPIA.
      • The assistance available from the Information Regulator in terms of PAIA and POPIA.
      • All remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging:
        • An internal appeal.
        • A complaint to the Regulator, and
        • An application with a court against a decision by the information officer of a public body, a decision on internal a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body.
      • The provisions of sections 14 and 51 requiring a public body and private body respectively, to compile a manual and how to obtain access to a manual.
      • The provisions of sections 15 and 52 providing for the voluntary disclosure of categories if records by a public body and a private body, respectively.
      • The notices issued in terms of sections 22 and 54 regarding fees to be paid in relation to requests for access, and
      • The regulations made in terms of section 92.
    • Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Information Regulator, during normal working hours.
    • The Guide can also be obtained:
    • A copy of the Guide is also available in English and Setswana for a public inspection during Botshilu normal office hours at our offices at 212 Block IA, Buitenkant Street, Soshanguve.


Category of records Types of record Available on Website
Policies, Procedures and Charters POPI Policy, Privacy Policy, PAIA Manual and PAIA Forms. Available on the website and may be requested from the information officer at our offices or the Information Regulator.
About us Our Services, Address and Contact Information. Yes
Marketing Material Announcements, Invites and Awareness information. Not all of the information is available on our website.
Third Party Contacts Botshilu hospital directory list. Yes


    • The following information must be formally requested or accessed or downloaded from our website as indicated below.
Subjects on which the Botshilu holds records Categories of records Formal Request Website Access
Human resources Employee records, Advertised posts, HR Policies and Procedures, Learning and Development, EE Plan, Records of Disciplinary processes. Yes No
Strategic ESG Reports, Annual Reports, Strategy Documents. Yes No
Corporate governance Charters, Terms of Reference, MOI, shareholders agreements, minutes, resolutions, Board and sub-committee member appointments, Member fees. Yes No
Marketing material Announcements, Invites, Awareness information. No Yes
Media/News Announcements, Statements. Yes Yes
Manual and Policies POPI Policy, Privacy Policy, PAIA Manual. Yes Yes
Policies and Procedures Protocols Agreements, Supply Chain Management, Procurement Plans, Specific Tenders & Contracts, Donations, Funds, Suppliers, Risk Management, Audit, IT, Finance Management, Human Resources, Marketing and Branding, Records Management Yes No
Finances Financial Accounting, Financial Reporting, Contracts and Tender
Administration, Asset Management / Register, Management Accounting,
Estimates, Statements, Budgets, Reports, Audit Records, Revenue Statements, Reports and Returns
Yes No
IT Incidents and Service Requests, Asset Issuing and Custodian Information, System Event Logs, System Performance Logs, Systems Maintenance Check lists, Monthly Operations Reports, Service Level Agreements, ICT Policies and Procedures and Manuals, Network maintenance, System Development lifecycle documents. Yes No
Supply Chain Contracts, Orders, Quotations, Lease Agreements, Contracts Registers. Yes No
Legal Research and Opinion Yes No




  • Purpose of Processing Personal Information:

Botshilu Private Hospital processes personal information for the following purposes in fulfilling its business purposes:

  • Patient admission and treatment – Patient treatment and payment records.
  • Receiving and investigating patient and visitor complaints and compliments.
  • Procurement process – contracting with third parties.
  • Human Resources – staff administration and job applications.
  • Accounting records and retention thereof.
  • Visitor records.
  • Compliance and conducting compliance assessments with applicable legislation such as National Health Act, SANC, POPI, etc.
  • Staff administration and job applications.
  • COVID 19 Compliance documents.
  • Categories of Data Subjects and of the information or categories of information relating thereto:

Categories of Data Subjects


Personal Information that may be processed

Customers / Patients Name, physical and postal address, contact numbers, email addresses, identity numbers, employment status, employers name, contact details and address, health and biometric information, religion, language, occupation, medical scheme details
Patient employers Names, address, contact details.
Next of kin Names and contact numbers,  postal address, relationship with patient.
Person responsible for patient account Names, id/passport number, physical address, relationship with patient.
Contracted Service Providers Names of contact persons, name of entity, name of directors and shareholders, physical and postal address and contact details (contact number(s), fax number, email address), financial information, registration number; founding documents, tax related information; authorised signatories, broad-based Black economic empowerment (B-BBEE) status,
affiliates entities, business strategies, membership with regulators/societies and membership number, practice number.
Consultants / Advisors Names of contact persons, Name of Entity, Physical and Postal address and contact details (contact number(s), fax number, email address), Registration Number/identity number.
Employees Gender, pregnancy, marital status; race, age, language, education information (qualifications), financial information, ID numbers, physical and postal address, contact details (contact number(s), fax number, email address), criminal record, well-being and family members, medical, nationality, ethnic or social origin, physical or mental health, disability, biometric information of the person, employment history/conduct, professional affiliation and references.


  • The recipients or categories of recipients to whom the personal information may be supplied by Botshilu:
    • Botshilu supplies personal information of data subjects to its employees for the execution of Botshilu’s rights and obligations in relation thereto.
    • Botshilu may also share personal information of data subjects with the following service providers to provide the following services:
      • Capturing and organising of personal information.
      • Storing of personal information.
      • Sending of emails and other correspondence to the public.
      • Conducting due diligence checks.
      • Conducting criminal checks.
      • Conducting qualification verifications.
      • Investigations relating to the activities of Botshilu, e.g., medical scheme investigations and verifications.
      • Negotiation of scheme rates on behalf of Botshilu (e.g., National Hospital Network).
      • Administration of the Provident, Pension Funds and medical aids.
      • ICT Infrastructure.
    • Botshilu may also share personal information with:
      • Any regulatory authority or tribunal in respect of a matter under such authority’s jurisdiction, such as South African Health Products Regulatory Authority (“SAHPRA”), Council for Medical Schemes (“CMS”), Health Professions Council of South Africa (‘HPCSA”), Department of Health, Department of Employment and Labour, and South African Nursing Council, (“SANC”).
      • Any person against whom a complaint has been lodged.
      • Law enforcement agencies, e.g., South African Police Services, National Prosecuting Authority, etc.
      • Courts of law with jurisdiction.
    • Planned transborder flows of personal information:

Botshilu performs transborder flows of information, only where necessary and for any lawful purposes. Botshilu will ensure that anyone to whom it passes personal information is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection, and the third party agrees to treat that personal information with the same level of protection as Botshilu is obliged under POPIA. We transfer personal information abroad as follows:

  • All personal Information stored on the cloud via Microsoft 365: Country: European Union:
    • Microsoft is ISO 27001 accredited, which confirms that Microsoft uses internationally recognised processes and best practices to manage the infrastructure and organization that support and deliver its services. The certificate validates that Microsoft has implemented the guidelines and general principles for initiating, implementing, maintaining, and improving the management of information security.
    • Microsoft is also subject to GDPR:
    • The processing of information in the European Union is subject to the European Union’s General Data Protection Regulations (“GDPR”).
  • General description of Information Security Measures:
    • Botshilu endeavours to achieve the level of security over personal information that is commensurate to the information it processes due to the services it provides. We continuously establish and maintain appropriate, reasonable technical and organisational measures by taking appropriate, reasonable technical and organisational measures to prevent:
      • loss of, damage to or unauthorised destruction of personal information; and
      • unlawful access to or processing of personal information.
    • Botshilu has taken and continues to take reasonable measures as required by POPIA to:
      • identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control.
      • establish and maintain appropriate safeguards against the
        risks identified.
      • regularly verify that the safeguards are effectively implemented.
      • ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
    • Botshilu has taken the following measures, among others:
      • Access Control.
      • Data encryption.
      • Defensive Measures.
      • Data Back-ups.
      • Anti-virus and anti-malware solutions.
      • Conclusion of Operator Agreements with third parties who provide the services of implementation of security controls.
      • Employee and third party training and awareness campaigns.
      • Implementation of disaster management policies and plan including in respect of Information Technology.



A requester must be given access to any record of Botshilu subject to PAIA and POPIA and provided that:

  • the record is required for the exercise or protection of any rights.
  • that the requestor complies with the procedural requirements of PAIA relating to a request for access to that record; and
  • access to that record is not refused in terms of any ground for refusal under PAIA or this Manual.


    • A request for information, includes a request for access to a record containing personal information about the requester or the person on whose behalf the request is made.
    • A request can be made the data subject personally, which is regarded as a “Personal Requester” under PAIA, or it can be made by any other person, “Other Requester” as defined by PAIA.
    • Information that is not readily available as indicated in this manual, may be requested on the prescribed Form 2, attached hereto as Annexure A, to the information officer of Botshilu at the address set out in this Manual.
    • A request can also be made orally as a result of illiteracy or disability of a requester. The requester will be assisted accordingly to comply with the requirements of PAIA.
    • The requester must provide sufficient information of the record(s) requested in order for the Information Officer or Deputy Information Officer, if any, to identify the record(s). The prescribed form must be filled in with enough particularity to at least enable the Information Officer to identify:
      • The right the requester is seeking to exercise or protect and provide an explanation of why the requested record is required for the exercise or protection of that right.
      • The identity of the requester.
      • Particulars of the records requested.
      • Type of record.
      • The preferred language of the record, (if applicable).
      • How the requester wishes to be contacted or informed of the decision on the request and the contact details.
      • Form of access.
      • Manner of access.
    • When completing the request form, the requester must follow the instructions contained in the form as far as possible to avoid delays.
    • If the request is made on behalf of another person, the copy of the signed mandate authorising such representation must also be provided.
    • As much detail as possible must be provided in respect of the description of the records requested with as much accuracy as possible to enable the information officer to identify the records accurately.
    • The requester will be notified of the decision whether or not the request has been granted, within 30 (thirty) days of the request or after the particulars required in terms of PAIA for a request have been received by Botshilu.
    • The information officer may extend the 30 (thirty) days referred to in 9, once for a further period of not more that 30 (thirty) days if:
      • The records are too large in size or number, or the search is through a large number of record and would unreasonably interfere with the activities of Botshilu.
      • The request requires a search in or collection from a place not in the same city as Botshilu’s offices.
      • Consultation within the bodies/divisions of Botshilu or another body is necessary or desirable to make a decision.
      • The information officer has to notify the third party to whom the requested information or record relates as required by PAIA, or
      • One or more of the above circumstances at 10 to10.10.4 exist that cannot reasonably be completed within the first 30 (thirty) days, or
      • The requester consents to the extension in writing.
    • A requester or a third party aggrieved by the decision of the information officer, may file a complaint to the Information Regulator within 180 (one hundred and eighty) days of the decision.


    • A fee is payable for access of records held by Botshilu as prescribed by PAIA. The prescribed fees are set out under Annexure B
    • The requester must pay the prescribed fee (if any), before Botshilu will further process the request.
    • If the search for a record in respect of a request for access has been made; and the preparation of the record for disclosure would, in the opinion of information officer of Botshilu, require more than the prescribed hours, currently 6 (six) hours, for these purposes, a portion of the access fee, in a form of a deposit will be requested by notice in terms of Form 3 of PAIA, to the requester (being no more than one third) of the access fee payable if the request is granted.
    • If a deposit has been paid in respect of a request for access which is refused, the Botshilu will repay the deposit to the requester.
    • Botshilu may withhold a record until the requester has paid the applicable fees, (if any).
    • A requester whose request for access has been granted, must pay an access fee for reproduction and for search and preparation, respectively, for any time required more than the prescribed hours to search for and prepare the record for disclosure, including making arrangements such as making copies, arranging for viewing, reproduction and listening to a record.
    • Access fees prescribed must provide for a reasonable access fee for:
      • the cost of making a copy of a record, or of a transcription of the content of a record, and, if applicable, the postal fee; and
      • the time required to search for the record and prepare the record for disclosure to the requester.



Botshilu may refuse a request for a whole or part of information that must be formally requested in terms of this Manual on, inter alia, the following basis as listed under sections 62 to 70 of PAIA:

  • Protection of personal information, including the right to privacy of a patient or other third party, to avoid the unreasonable disclosure of personal information concerning that person.
  • Protection of the commercial information of a third party.
  • Protection of confidential information of third parties if disclosure would constitute an action for breach of a duty of confidence owed to that third party in terms of an agreement or legislation.
  • Protection of the safety of individuals and the protection of property.
  • Protection of records which would be privileged from production in legal proceedings.
  • Protection of Botshilu’s commercial activities including, but not limited to records that contain trade secrets, financial, commercial, customer, scientific or technical information, the disclosure of which would be likely to cause harm to Botshilu’s commercial or commercial interests.
  • Protection of research information of Botshilu or a third party, if disclosure would expose the identity of Botshilu or the third party, the researcher, or the subject matter of the research to serious disadvantage.
  • Requests for information that are, in Botshilu’s reasonable opinion, manifestly frivolous or vexatious.
  • Requests for health records which in the opinion of the relevant health practitioner, the disclosure of which might cause serious harm to the relevant person’s physical or mental health or wellbeing, and does not, in the opinion of the information officer meet the conditions of disclosure set out under section 61 of PAIA.


    • Copies of this manual are available:
      • On our website at www.
      • At our offices for inspection, free of charge, during normal office hours.
      • To any person upon request and upon payment of a reasonable prescribed fee.
      • To the Information Regulator upon request, and
      • A fee for a copy of the Manual as contemplated under Annexure B shall be payable per each A4-size photocopy made.



This Manual will be updated on an annual basis or when required.


Annexure A




  1. Proof of identity must be attached by the requester.
  2. If request made on behalf of another person, proof of authorisation must be attached to this form.

TO:     The Information Officer






Email address:            ____________________________

Fax number:                ____________________________   

Mark with an “X”

Request is made in my own name                      Request is made on behalf of another person


                         PERSONAL INFORMATION
Fill names
Identity Number
Capacity in which request is made (when made on behalf of another person)
Street Address
Email Address

Contact Numbers

Tel. (B) Facsimile:
Full names of person on whose behalf the request is made (if applicable):
Identity Number
Postal Address
Street Address
Email address
Contact Numbers Tel. B Fascimile

Provide full particulars of the record to which access is requested, including the reference number if that is known to you, to enable the record to be located. (If the provided space is inadequate, please continue on a separate page and attach it to this form. All additional pages must be signed.)


Description of record or relevant part of the record:

Reference number

Any further particulars of record


(Mark the applicable box with an “X”)

Record is in written or printed form
Record comprises virtual images (this includes photographs, slides, video recordings, computer-generated images, sketches, etc)
Record consists of recorded words or information which can be reproduced in sound
Record is held on a computer or in an electronic, or machine-readable form

(Mark the applicable box with an “X”)

Printed copy of record (including copies of any virtual images, transcriptions and information held on computer or in an electronic or machine-readable form)
Written or printed transcription of virtual images (this includes photographs, slides, video recordings, computer-generated images, sketches, etc)
Transcription of soundtrack (written or printed document)
Copy of record on flash drive (including virtual images and soundtracks)
Copy of record on compact disc drive(including virtual images and soundtracks)
Copy of record saved on cloud storage server



(Mark the applicable box with an “X”)

Personal inspection of record at registered address of public/private body (including listening to recorded words, information which can be reproduced in sound, or information held on computer or in an electronic or machine-readable form)  
Postal services to postal address  
Postal services to street address  
Courier service to street address  
Facsimile of information in written or printed format (including transcriptions)  
E-mail of information (including soundtracks if possible)  
Cloud share/file transfer  
Preferred language (Note that if the record is not available in the language you prefer, access may be granted in the language in which the record is available)  



 If the provided space is inadequate, please continue on a separate page and attach it to this Form. The requester must sign all the additional pages


Indicate which right is to be exercised or protected

Explain why the record requested is required for the exercise or protection of the aforementioned right:  


a)    A request fee must be paid before the request will be considered

b)    You will be notified of the amount of the access fee to be paid.

c)    The fee payable for access to a record depends on the form in which access is required and the reasonable time required to search for and prepare a record.

d)    If you qualify for exemption of the payment of any fee, please state the reason for exemption


You will be notified in writing whether your request has been approved or denied and if approved the costs relating to your request, if any. Please indicate your preferred manner of correspondence:

Postal address Facsimile Electronic communication (Please specify)


Signed at _____________________ this _____________ day od ____________________ 20____



Signature of Requester/ person whose behalf request is made



Reference number:  
Request received by: (State Rank, Name And Surname of Information Officer  
Date received  
Access Fees:  
Deposit (if any):  




Signature of Information Officer

Annexure B

Fee in respect of Private Bodies


Item Description Amount
1. Request fee, payable by every requester R140.00
2. Photocopy or printed black & white copy for every A4 page R2.00 per page or part of the page
3. Printed copy of A4-size page R2.00 per page or part of the page
4. For a copy in a computer-readable form on:

  • a flash drive (provided by the requester)
  • a compact disc (CD) if the requester provides the CD to us
  • a compact disc (CD) if we give the CD to the requester



5. For a transcription of visual images, for an A4-size page or part of the page This service will be outsourced. The fee will depend on the quotation from the service provider.
6. For a copy of visual images This service will be outsourced. The fee will depend on the quotation from the service provider.
7. For a transcription of an audio record, per A4-size page R24.00
8. For a copy of an audio record on a flash drive (provided by the requester)

For a copy of an audio record on compact disc (CD) if the requester provides the CD to us

For a copy of an audio record on compact disc (CD) if we give the CD to the requester




9. For each hour or part of an hour (excluding the first hour) reasonably required to search for, and prepare the record for disclosure

The search and preparation fee cannot exceed




10. Deposit: if the search exceeds 6 hours One-third of the amount per request. It is calculated in terms of items 2 to 8 above.
11. Postage, email or any other electronic transfer Actual expense, if any.