Matric2Tertiary
Powered byROCVEST
Legal

PAIA Manual

Prepared in terms of Section 51 of the Promotion of Access to Information Act, 2 of 2000 ("PAIA") for ROCVEST Systems (Pty) Ltd.

Last Updated: 24 April 2026

1. INTRODUCTION AND PURPOSE

This Manual is compiled in accordance with Section 51 of PAIA to give effect to the constitutional right of access to information held by private bodies, where such access is required for the exercise or protection of any rights.

ROCVEST Systems (Pty) Ltd ("ROCVEST") operates the Matric2Tertiary platform, which facilitates educational pathway support, including learner data processing, access to third-party tutoring services, and associated payment functionality. As such, ROCVEST processes a significant volume of personal information, including information relating to minors.

This Manual is intended to:

  • Provide a clear framework for requesting access to records held by ROCVEST;
  • Describe the categories of information maintained by the organisation;
  • Outline the manner in which personal information is processed in line with applicable data protection legislation;
  • Ensure transparency and accountability in the handling of information.

This Manual should be read together with ROCVEST's Privacy Policy and other governance documents.

2. DETAILS OF THE PRIVATE BODY

Registered Name: ROCVEST Systems (Pty) Ltd

Platform: Matric2Tertiary

Registration Number: 2013/221699/07

Physical Address: 16 Culross Road, Bryanston 2191

Postal Address: PO BOX 2207 Northriding Johannesburg

Email Address: info@matric2tertiary.co.za

Telephone Number: 011 513 4290

3. INFORMATION OFFICER

In terms of PAIA read with POPIA, ROCVEST has appointed an Information Officer responsible for compliance with both statutes.

Information Officer: Lerato Bodibe

The responsibilities of the Information Officer include:

  • Oversight of compliance with PAIA and POPIA;
  • Evaluation and response to access to information requests;
  • Ensuring appropriate safeguards are in place for the protection of personal information;
  • Maintaining records of requests and decisions taken;
  • Liaising with the Information Regulator where required.

4. GUIDE ON ACCESS TO INFORMATION

In terms of Section 10 of PAIA, the Information Regulator has published a Guide to assist persons in exercising their right of access to information. While the Guide is publicly available, it is not merely a formality. In practice, it provides important context on how requests are assessed, particularly where requests involve personal information, third-party records, or commercially sensitive data.

Requesters are encouraged to familiarise themselves with the Guide before submitting a request, as it clarifies:

  • The distinction between a personal requester and a requester acting on behalf of another person;
  • The level of detail required when describing a record;
  • The requirement to demonstrate the right that is being exercised or protected, where applicable;
  • The circumstances under which a request may be refused, partially granted, or deferred;
  • The applicable fee structure and when such fees may be payable.

In circumstances where a request does not comply with the procedural requirements set out in PAIA, ROCVEST may require the requester to correct or supplement the request before it is processed. This is not to frustrate access, but to ensure that requests are properly framed and capable of being assessed in a legally compliant manner.

5. NATURE OF BUSINESS AND PROCESSING ACTIVITIES

ROCVEST operates within the digital education support space through the Matric2Tertiary platform. The platform is not a traditional content provider; rather, it functions as an intermediary system that enables users to access information, engage with third-party Tutors, and manage certain administrative processes linked to their academic journey.

From a processing perspective, the platform handles a combination of:

  • Direct user inputs (such as registration details and uploaded academic records);
  • System-generated data (including usage logs, timestamps, and activity records);
  • Transactional data (relating to bookings and payments).

A distinguishing feature of the platform is that it processes information relating to learners, including individuals who may be under the age of 18. This has practical implications for how consent is obtained, how information is shared, and how long records are retained.

In addition, the introduction of tutoring services and payment functionality means that ROCVEST:

  • Facilitates interactions between multiple parties (users, Tutors, and payment providers);
  • Processes information across different stages of a transaction lifecycle;
  • Maintains records that may be relevant for financial, contractual, and dispute resolution purposes.

It is important to note that ROCVEST does not assume the role of an educator, nor does it control the delivery of tutoring services. Its role is limited to enabling these interactions through the platform infrastructure. This distinction is relevant when considering both access to records and the scope of information held.

6. RECORDS HELD BY ROCVEST

ROCVEST maintains records in both physical and electronic formats. The categories listed below are not exhaustive but are indicative of the types of records held.

6.1 Corporate and Governance Records

Company registration documentation; Memorandum of Incorporation and amendments; Shareholder and director records; Internal governance policies.

6.2 Financial and Accounting Records

Annual financial statements; General ledgers and accounting records; Tax filings and supporting documentation; Payment and transaction records relating to platform activities.

6.3 User and Platform Records

User registration details; Identity and contact information; Academic records and supporting documents uploaded by users; Tutoring booking records; Payment confirmations and transaction histories; User activity logs and audit trails.

6.4 Tutor and Service Provider Records

Tutor onboarding information; Verification documentation (where applicable); Agreements with Tutors; Service performance and interaction records.

6.5 Human Resources Records

Employment contracts; Payroll records; Performance and disciplinary records.

6.6 IT, Security and System Records

System access logs; Security incident reports; Data backup records; Audit logs relating to system usage.

6.7 Legal and Compliance Records

Contracts and agreements; Compliance reports; Regulatory filings; Internal investigations and dispute records.

7. RECORDS AVAILABLE IN TERMS OF OTHER LEGISLATION

Certain records are available without a PAIA request where access is required in terms of applicable legislation, including but not limited to:

  • Companies Act
  • Tax Administration Act
  • Basic Conditions of Employment Act
  • Labour Relations Act
  • Protection of Personal Information Act

8. PROCESSING OF PERSONAL INFORMATION (POPIA)

ROCVEST processes personal information in accordance with the conditions for lawful processing set out in POPIA.

8.1 Categories of Data Subjects

Learners (including minors); Parents or legal guardians; Tutors and service providers; Employees and contractors.

8.2 Categories of Personal Information

Identification information; Contact details; Educational and academic information; Financial and transaction-related data; Communication records.

8.3 Purpose of Processing

Enabling access to platform services; Facilitating tutoring engagements; Processing payments and managing transactions; Providing user support and communication; Complying with legal and regulatory obligations.

8.4 Disclosure of Personal Information

Personal information may be disclosed to: Tutors for the purpose of delivering services; Payment service providers for transaction processing; IT service providers supporting platform infrastructure. Such disclosures are limited to what is necessary and are subject to contractual confidentiality and security obligations.

8.5 Cross-Border Transfers

Where required for operational purposes, personal information may be transferred outside South Africa, subject to appropriate safeguards ensuring an adequate level of protection.

8.6 Security Safeguards

ROCVEST implements appropriate, reasonable technical and organisational measures, including: Access control mechanisms; Encryption and secure transmission protocols; System monitoring and logging; Regular review of security practices.

9. REQUEST PROCEDURE

Access to records held by ROCVEST must be requested in accordance with the procedures prescribed under PAIA. Requests are assessed carefully, taking into account both the rights of the requester and the rights of any third parties whose information may be affected.

9.1 Submission of Requests

A request for access must be made in writing and directed to the Information Officer using the prescribed form, where applicable. The request must include:

  • The full name and contact details of the requester;
  • Sufficient detail to enable ROCVEST to identify the record(s) requested;
  • The form of access required (e.g. copy, electronic format, inspection);
  • Where the request is made on behalf of another person, proof of authority to act on their behalf;
  • Where applicable, a clear indication of the right the requester seeks to exercise or protect.

ROCVEST is not obliged to process vague or overly broad requests. Where a request lacks sufficient detail, the requester may be required to provide further clarification before the request is processed.

9.2 Verification of Identity and Authority

Before granting access to any record, ROCVEST may take reasonable steps to verify: The identity of the requester; The authority of a requester acting on behalf of another person. This may include requesting: Certified copies of identification documents; Written authorisation or supporting documentation. These measures are necessary to prevent unauthorised access to personal or confidential information.

9.3 Fees Payable

ROCVEST reserves the right to charge fees as permitted under PAIA, which may include: A prescribed request fee; An access fee for the reproduction, transcription, or preparation of the record. Where applicable: The requester will be notified of the amount payable before the request is processed; Processing may be suspended until payment is received. In certain circumstances, fees may be reduced or waived, particularly where the request is of a personal nature.

9.4 Timeframes and Extensions

ROCVEST will make a decision in respect of a request within 30 (thirty) days of receipt. This period may be extended in accordance with PAIA where: The request is for a large volume of records; Additional time is required to locate or retrieve the records; Consultation with third parties is necessary. Where an extension is applied, the requester will be notified of: The reasons for the extension; The additional period required.

9.5 Form of Access

Access to records will be provided in a manner that is reasonable and practical, taking into account: The nature of the record; The format in which the record is held; The requester's stated preference. ROCVEST is not required to: Create new records to satisfy a request; Convert records into formats that are not reasonably practicable. Where direct access is not possible, alternative forms of access may be offered.

10. GROUNDS FOR REFUSAL

ROCVEST considers each request on its own merits and does not adopt a blanket approach to refusal. However, PAIA recognises that access to information is not absolute, and certain categories of information are protected. Access may be refused where disclosure would:

  • Unreasonably disclose personal information relating to a third party;
  • Expose confidential commercial information, including pricing structures, internal methodologies, or contractual terms;
  • Breach a duty of confidentiality owed to another party;
  • Reveal information protected by legal privilege;
  • Compromise the integrity or security of ROCVEST's systems, including technical infrastructure and access controls;
  • Prejudice ongoing investigations, negotiations, or dispute resolution processes.

In applying these grounds, ROCVEST will consider whether: The information can be reasonably separated from protected content; Partial access can be granted without undermining the purpose of the refusal; The requester's rights outweigh the potential harm of disclosure. Where a request is refused, the decision will be communicated with sufficient detail to allow the requester to understand the basis of the refusal and to consider further remedies.

11. INTERNAL RECORD-KEEPING AND ACCOUNTABILITY

ROCVEST maintains a structured internal process for managing PAIA requests as part of its broader governance and compliance framework. All requests received are recorded in a central register, which captures:

  • The date on which the request was received;
  • The identity of the requester;
  • A summary of the records requested;
  • The decision taken and the reasons for that decision;
  • The date on which a response was issued.

This register serves both an operational and oversight function. It enables ROCVEST to: Track compliance with statutory timelines; Ensure consistency in how requests are assessed and responded to; Identify recurring issues or patterns in requests; Demonstrate accountability in the event of a regulatory review.

Decisions in respect of access requests are not taken in isolation. Where necessary, the Information Officer may consult internally with relevant personnel, particularly where requests involve: Technical system records; Financial or transactional data; Third-party information. Periodic internal reviews are conducted to assess the effectiveness of the process and to ensure that it remains aligned with both legal requirements and operational realities.

12. REMEDIES AVAILABLE TO REQUESTERS

12.1 Internal Consideration

Although private bodies are not required to provide a formal internal appeal process under PAIA, ROCVEST may, at its discretion, reconsider a decision where: Additional information is provided by the requester; There is a reasonable basis to review the initial decision. Such reconsideration does not suspend statutory timeframes unless expressly agreed.

12.2 Complaint to the Information Regulator

A requester may lodge a complaint with the Information Regulator where they believe that: Their request has been improperly refused; There has been a failure to comply with PAIA; Their rights in terms of access to information have been infringed. The Information Regulator has the authority to: Investigate complaints; Facilitate resolution between parties; Issue enforcement notices where appropriate.

12.3 Judicial Remedies

A requester may approach a competent court for relief where: Access to records has been refused; A decision is deemed to be unreasonable or unlawful. The court may: Order that access be granted; Confirm or set aside the decision of ROCVEST. Requesters are encouraged to consider all available remedies before instituting legal proceedings.

13. AVAILABILITY OF THE MANUAL

This Manual is available: On the ROCVEST website; Upon request from the Information Officer; At the registered offices of ROCVEST.

14. REVIEW AND UPDATES

This Manual is not a static document and will be reviewed periodically to ensure that it remains aligned with: Applicable legislation, including PAIA and POPIA; Operational changes within ROCVEST; Evolving regulatory expectations and best practices.

Reviews will be conducted: At reasonable intervals; Following material changes to the platform or its services (including the introduction of new features such as tutoring or payment functionality); Where required by law or regulatory guidance.

Any updates to this Manual will be: Approved internally in accordance with ROCVEST's governance processes; Published on the Platform where appropriate. ROCVEST reserves the right to amend this Manual at any time, provided that such amendments are consistent with applicable legal requirements.