CompuGroup Medical
Synchronizing Healthcare

Learn all about the vision, mission as well as the people who shape CompuGroup Medical worldwide.

About us

PAIA Manual 

Date of compilation: 11.12.2020



Company registration number 2005/023029/07

("CGM") PAIA MANUAL in terms of Section 51 of The Promotion of Access to Information Act 2 of 2000 (the "Act")



  1. Introduction to CGM
  2. Contact details
  3. The Act
  4. Applicable legislation
  5. Schedule of records
  6. Form of request
  7. Fees
  8. Form to request access to record of a private body



CGM is a 100% subsidiary of CompuGroup Medical SE & Co. KGaA. With our headquarters located in Cape Town and offices in Pretoria and Durban, CGM South Africa services the South African and African markets. We provide software solutions and services for medical and dental practices, allied health, pharmacies and hospitals.

More than 3 000 healthcare providers in South Africa as well as an increasing number of customers in Sub-Saharan African countries benefit from our product portfolio. Our healthcare experts have been delivering professional service and support in South Africa for over 10 years. During this time, we have introduced numerous innovative software solutions, including patient and practice administration, medical records, billing, electronic scripting and hospital information systems.



Physical Address: Block 3, Upper Ground Floor, 1 Waterhouse Building, 4 Waterford Place, Century City, Cape Town, South Africa

Telephone number: 021 4861200



Information Officers

Information Officer

Christo Groenewald   |   Telephone number: 021 486 1200


Deputy Information Officer

Paula Kingham    |    Telephone number: 021 486 1200



3.     THE ACT

This Manual has been compiled to meet the requirements of the Promotion of Access to Information Act 2 of 2000 ("the Act"), as applied in concert with the Protection of Personal Information Act 4 of 2013. The goal is to give effect to the constitutional right of individuals to access information held by a private body (in this case, CGM), if the information is required for the exercise or protection of that individual's rights. Such right of access to information is subject to justifiable limitations for the reasonable protection of privacy, commercial confidentiality, and effective, efficient good governance, balancing the right to information against other rights. . If a public body lodges a request, the public body must be acting in the public interest.

This Manual is available free of charge on CGM's website, and at the physical address listed in section 2 above.

Requests for information in terms of the Act must be made in accordance with the procedures prescribed in this document, and will be charged for at the rates outlined in section 7 below.

The South African Human Rights Commission ("SAHRC") has compiled a Guide in terms of Section 10 of the Act which gives advice on how to exercise your rights. This Guide is available from the SAHRC at:

Postal Address:            Private Bag 2700, Houghton, 2041

Telephone Number:      +27-11-877 3600

Fax Number:               +27-11-403 0625



Purpose for processing data

CGM takes the privacy and protection of personal information very seriously and will only process personal information in accordance with current South African privacy legislation.

CGM processes personal information for a variety of purposes, including, but not limited to the following:

  • to provide any information, products, services, or support requested by data subjects;
  • to help identify data subjects when they contact CGM;
  • to maintain customer records;
  • to securely transmit the data of data subjects for the purpose of providing them with integrated healthcare;
  • to manage the back up and storage of data subjects' data on behalf of some CGM customers to support the smooth and secure running of CGM's customers' practices;
  • for recruitment, internship, and employment purposes;
  • for travel purposes;
  • for general administration, financial, and tax purposes;
  • for legal or contractual purposes;
  • for health and safety purposes;
  • to monitor access, and ensure the security of CGM's premises and assets;
  • to transact with suppliers and business partners;
  • to help CGM to improve the quality of its products and services;
  • to help CGM to detect and prevent fraud and money laundering;
  • to help CGM recover debts;
  • to carry out analysis and customer profiling;
  • to identify other products and services which might be of interest to data subjects and to inform them about our products and services.


Categories of data subjects

CGM processes the personal information of a variety of kinds of data subjects, for various reasons, including the following:

Type of data subjectType of personal information processed


  • demographic information
  • health and disability information
  • employment contracts
  • performance and disciplinary matters
  • payroll
  • physical access and surveillance
  • training
  • employment history
  • criminal history
  • background checks
  • time and attendance
  • correspondence

Customers and potential customers

  • demographic information
  • contracts
  • contact, training, installation, and support history
  • banking details
  • credit record
  • account history
  • correspondence
  • practice database (exclusively for contracted support or back-up purposes)


  • demographic information of suppliers and their representatives
  • account history
  • product and service information
  • contracts
  • correspondence

Business partners

  • demographic information of business partners and their representatives
  • product and service information
  • contracts
  • correspondence
  • business negotiation and collaboration information


Categories of data recipients

We may share the personal information of our data subjects for the purposes outlined above with the following kinds of recipients:

  • contracted employees of CGM;
  • service providers and agents who perform services on CGM's behalf;
  • third parties as described below.

We do not share the personal information of data subjects with third parties unless:

  • obliged to do so for legal or regulatory purposes, or in connection with legal proceedings;
  • necessary to provide or improve a product or service for which a data subject has contracted with CGM;
  • selling a business to someone to whom CGM needs to transfer rights in relation to the data subject, in which case strict confidentiality agreements would be put in place to protect data subjects.

If required to share a data subject's private information with a third party as specified above, we would notify the data subject of such disclosure.

CGM's employees are required to data privacy and confidentiality principles, and are trained in this regard.

Planned trans-border flows of data

CGM only transfers personal information across South African borders with the explicit prior consent of data subjects. Specifically, CGM stores its customer data at CGM SE & Co. KGaA's server hub in Frankfurt, Germany, as per agreement.

No patient data is transmitted outside South Africa.

Information security measures to ensure confidentiality, integrity and availability of information to be processed

CGM has put high-level information technology security measures in place to protect all data, including personal information, processed by CGM. Such protection includes but is not limited to encryption, back-ups, anti-virus and anti-malware protection, redundancy, and disaster recovery plans.

CGM constantly monitors and implements its technical and organisational security measures to protect the integrity, security, and accessibility of data processed by it. Any third parties with whom CGM interacts for the provision of such services are required to be bound by legislation similar to that in South Africa regarding the protection of personal information, or alternatively be bound by agreements which bind them to an equivalent level of competency and care.



No. Act
1Basic Conditions of Employment Act 75 of 1997
2Broad-based Black Economic Empowerment Act 53 of 2003
3Companies Act 71 of 2008
4Compensation for Occupational Injuries and Diseases Act 130 of 1993
5Competition Act 89 of 1998
6Consumer Protection Act 68 of 2008
7Electronic Communications and Transactions Act 25 of 2002
8Employment Equity Act 55 of 1998
9Income Tax Act 58 of 1962
10Insolvency Act 24 of 1936
11Labour Relations Act 66 of 1995
12Medical Schemes Act 131 of 1998
13National Credit Act 34 of 2005
14Occupational Health Act 61 of 2003
15Prescription Act 68 of 1969
16Promotion of Access to Information Act 2 of 2000
17Protected Disclosures Act 26 of 2000
18Skills Development Act 97 of 1998
19Skills Development Levies Act 9 of 1999
20Unemployment Insurance Contributions Act 4 of 2002
21Value Added Tax Act 89 of 1991




Kind of recordSubjectAvailability


  • CIPC records (including company registration, officers, intellectual property)
  • audited financial statements
  • tax records
  • asset register
  • statutory records
  • operational records
  • internal policies and procedures
  • financial records
  • product development information
  • management planning information, budgets
  • information technology system records
  • information technology disaster recovery and implementation plans














  • product information
  • manuals
  • media releases
  • company website
  • marketing plans







  • personal information provided by personnel
  • personal information provided by third parties
  • employment contracts
  • internal evaluation, performance management and disciplinary records
  • statutory records regarding UIF, PAYE, B-BBEE, EE, Health and Safety
  • correspondence with and about personnel
  • training schedules and material
  • remuneration records
  • facilities management documentation











  • agreements and memoranda of understanding
  • litigation records
  • legal opinions
  • legal correspondence






  • personal information provided by customers about themselves and their practices
  • customer contracts
  • customer databases (including health and other personal information of customers' patients)
  • credit records
  • account records
  • correspondence with and about customers







Other parties

  • personal information provided by suppliers and contractors
  • contracts
  • accounting records





Key to record access levels

Access levelClassificationDescription
1PublicUnrestricted availability
2Internal useAdministrative records relating to the running of the business with little interest or value to outside parties, to which outside parties may be granted limited access, depending on the circumstances.
3Restricted accessPersonal information of an individual or juristic person requested by the data subject of that information.
4Highly confidentialLegally privileged document, or document likely to harm an individual, compromise the safety of individuals or property, or harm the commercial or financial interests of the company or a third party.



To facilitate the processing of your request, please use the form included as section 8 of this document.

Please address your request to the Information Officer at the details given in section 2 above.

Provide sufficient details to enable CGM to identify:

  • the record(s) requested;
  • the requester (and if an agent is lodging the request, proof of capacity);
  • the form of access required;
  • the postal, e-mail address, and contact number of the requester in the Republic of South Africa;
  • indication of whether the requester wishes to be informed of the decision, how they wish to be informed, and what kind of information they want about the decision;
  • the right which the requester is seeking to exercise or protect, with an explanation of the reason the record is required to exercise or protect the right.

Once received, CGM will assess your request taking the balance of rights into account, and the degree of access reasonably possible for the kind of record relative to the table in section 5 above. CGM will then notify you as to whether it is willing and/or able to release the requested records to you.

If you are not satisfied with the response from CGM, you can apply to the Information Regulator for relief.



When the Information Officer of CGM receives a request on the official form for information in terms of PAIA, the Information Officer will send the requester (other than a personal requester) a notice requiring the requester to pay the prescribed request fee of R50.00 before further processing the request.

A further access fee will be payable before the requested record is released. The quantum of this fee is calculated taking reproduction costs, search and preparation time, and postal costs (if relevant).

If preparation of the record requested will take more than six hours, a deposit of one third of the access fee will be payable in advance of provision of the record, with the balance payable on delivery. The Information Officer will provide the details of the account into which the payment must be made on the invoice for the access fee.


Schedule of fees

For every photocopy of an A4-sized page or part thereof                                 R1.10

For every printed copy of an A4-sized page or part thereof held electronically      R0.75

For a copy in a computer-readable form on a CD                                           R70.00

For a copy in a computer-readable form on a flash drive                                  R100.00

For a transcription of visual images for an A4-sized page or part thereof             R40.00

For a copy of a visual image                                                                     R60.00

For a transcription of an audio record per A4-sized page or part thereof            R20.00

For a copy of an audio record                                                                  R30.00

To search for and prepare the record for disclosure, R30.00 per hour or part thereof.


Click here to download form to request information.