1. PURPOSE OF THIS MANUAL

This Manual is compiled in terms of Section 51 of the Promotion of Access to Information Act ("PAIA").

It serves to:

• Describe the records held by My Perks (Pty) Ltd trading as WoveGifts
• Outline the procedure for requesting access to such records
• Confirm compliance with PAIA and POPIA
• Describe the Company's data governance framework
• Support enterprise-level regulatory and procurement compliance

2. COMPANY OVERVIEW

My Perks (Pty) Ltd, trading as WoveGifts, is a South African digital gifting and voucher distribution platform that:

• Issues digital gift cards and voucher codes
• Facilitates redemption with participating merchants
• Integrates via API with banks, telcos, and corporate clients
• Administers enterprise reward programmes
• Holds stored value instruments for settlement with merchants

The Company operates under formal governance and security controls aligned with internationally recognised information security standards.

3. LEGAL FRAMEWORK

This Manual is compiled in compliance with:

• The Constitution of the Republic of South Africa
• Promotion of Access to Information Act (PAIA)
• Protection of Personal Information Act (POPIA)
• Electronic Communications and Transactions Act (ECTA)
• Consumer Protection Act (CPA)

4. INFORMATION OFFICER

In accordance with POPIA:

Information Officer: Dylan Des Fountain

Designation: CEO

Email: [email protected]

Registered Address: 8 Vineyard Road, Claremont, Cape Town

The Information Officer is responsible for:

• PAIA compliance
• POPIA compliance
• Data breach reporting
• Responding to access requests
• Liaising with the Information Regulator
• Ensuring internal governance alignment

The Information Officer is registered with the Information Regulator.

5. RESPONSIBLE PARTY VS OPERATOR

WoveGifts operates in dual capacity:

5.1 As Responsible Party

Where:

• Customers purchase directly via the website
• Users create accounts
• Marketing communications are issued

5.2 As Operator

Where:

• Voucher Codes are issued on behalf of corporate clients
• API integrations are used by banks or telcos
• Employee incentive programmes are administered

In Operator capacity, WoveGifts processes personal information strictly in accordance with contractual Data Processing Agreements.

6. RECORDS HELD BY THE COMPANY

The Company maintains records in the following structured categories:

6.1 Corporate Governance Records

• Memorandum of Incorporation
• Shareholder agreements
• Board resolutions
• Corporate governance policies
• Risk management frameworks
• Compliance registers
• Insurance documentation

6.2 Financial Records

• Annual Financial Statements
• General ledgers
• VAT records
• Income tax submissions
• Settlement schedules with merchants
• Float management reconciliations
• Payment processor reports
• Audit reports

6.3 Client & Merchant Records

• Merchant agreements
• Corporate client contracts
• Service Level Agreements (SLAs)
• API integration agreements
• Data Processing Agreements (DPAs)
• Non-disclosure agreements
• Onboarding due diligence documentation

6.4 Operational & Platform Records

• Gift Card issuance records
• Voucher Code generation logs
• Redemption transaction logs
• Fraud monitoring records
• Campaign performance reports
• Customer communication records

6.5 Human Resources Records

• Employment contracts
• Payroll records
• Performance records
• Disciplinary documentation
• Contractor agreements

6.6 Information Security Records

• Access control logs
• Audit logs
• Security incident reports
• Risk assessments
• Vulnerability assessments
• Disaster recovery plans
• Business continuity plans

6.7 Information Technology & Infrastructure Records

• Hosting agreements
• Cloud infrastructure documentation
• Encryption protocols
• System architecture documentation
• API documentation

7. PROCESSING OF PERSONAL INFORMATION

In accordance with Section 51(1)(c)(i) of PAIA (as amended by POPIA), the Company processes personal information in the following categories:

7.1 Categories of Data Subjects

• Customers
• Gift recipients
• Corporate employees
• Merchant representatives
• Contractors
• Service providers

7.2 Categories of Personal Information

• Identification information
• Contact details
• Transaction history
• Payment confirmation data
• Device & IP data
• Employment information (corporate programmes)
• Support & communication records

7.3 Purpose of Processing

• Contract performance
• Voucher issuance & redemption
• Payment validation
• Fraud prevention
• Legal compliance
• Customer support
• Reporting to corporate clients

8. INFORMATION SECURITY CONTROLS

WoveGifts implements enterprise-grade technical and organisational measures including:

• Encryption in transit (TLS/SSL)
• Role-based access control
• Multi-factor authentication
• Secure cloud hosting
• Access logging & monitoring
• Segregation of duties
• Incident response procedures
• Business continuity planning

The Company aligns its information security management framework with ISO 27001 principles.

9. CROSS-BORDER TRANSFERS

Where personal information is processed outside South Africa:

• Appropriate contractual safeguards are in place; or
• The recipient country provides adequate data protection.

10. ACCESS REQUEST PROCEDURE

To request access to records:

1. Complete PAIA Form 2 (Request for Access to Record of Private Body).
2. Submit to the Information Officer.
3. Pay the prescribed request fee (if applicable).
4. Await formal response within statutory timeframes.

Requests must clearly specify:

• The record requested
• The right being exercised or protected
• The form of access required

11. GROUNDS FOR REFUSAL

Access may be refused where:

• Disclosure would reveal trade secrets
• Disclosure would harm commercial interests
• Disclosure would compromise fraud prevention systems
• Disclosure would violate privacy of third parties
• Disclosure would breach contractual confidentiality

12. REMEDIES

If dissatisfied with the outcome of a request:

• A complaint may be lodged with the Information Regulator
• Legal proceedings may be instituted in a competent court

13. AVAILABILITY OF THE MANUAL

This Manual is:

• Available at the registered office
• Published on www.wovegifts.com
• Available upon written request

14. VERSION CONTROL