GTW SOFTWARE TECHNOLOGIES: PAIA MANUAL

(Prepared in terms of Section 51 of the Promotion of Access to Information Act 2 of 2000)
Updated: 2026-04-05

1. INTRODUCTION

This manual is drafted to provide a framework for the right to access information held by Lourens J Botha t/a GTW Software Technologies (“the Company”). It further details the Company’s commitment to the Protection of Personal Information Act (POPIA).

2. COMPANY CONTACT DETAILS (SECTION 51(1)(A))

  • Head of Body / Information Officer: Lourens J Botha
  • Registration Number (Information Regulator): 2026-005668
  • Postal/Street Address: 69 School Way, Lusthof A/H, Pretoria
  • Email: info@grabtheweb.click
  • Websites: GrabTheWeb.click / JustXhale.work / ChurchAnywhere.co.za / Vizabiliti.co.za

3. THE SECTION 10 GUIDE (SECTION 51(1)(B))

The Information Regulator has, in terms of Section 10 of PAIA, made available a Guide on how to use the Act. This guide is available on the Regulator’s website  inforegulator.org.za  (https://inforegulator.org.za)).

4. RECORDS AUTOMATICALLY AVAILABLE (SECTION 51(1)(C))

The following records are available without a formal request:

  • Standard Terms of Service (MSA)
  • Privacy Policy
  • Product Documentation and Marketing Material

5. RECORDS HELD BY THE COMPANY (SECTION 51(1)(D))

The Company maintains records relating to:

  • Operational Records: Service Level Agreements, Sub-processor contracts.
  • Financial Records: Invoices, Tax Records, Bank Statements.
  • Client Records: User account details, subscription tiers, and transaction history.

6. PROCESSING OF PERSONAL INFORMATION (POPIA SECTION 11, 23, 24, 25)

This section constitutes the Company’s Section 18 POPIA Notice, providing transparency regarding how personal information is handled across the GTW Software Technologies ecosystem.

6.1 Purpose of Processing

The Company processes personal information for the following purposes:

  • To provide and maintain the SaaS/PaaS platforms (JustXhale, ChurchAnywhere, GeneTree, etc.).
  • To facilitate professional fiduciary and property management workflows.
  • To manage client subscriptions, billing, and financial transactions.
  • To provide technical support and ensure the security and integrity of the platforms.
  • To comply with statutory obligations under South African law.

6.2 Categories of Data Subjects

The Company processes information relating to the following categories of Data Subjects:

  • Professional Clients: Fiduciary practitioners (Attorneys, Accountants, Trustees), Tax Consultants, Estate Agents, Property Managers, and SME Business Owners.
  • End-Users: Staff members, employees, and authorized agents of our Professional Clients.
  • Third-Party Stakeholders: Heirs and beneficiaries (Deceased Estates), buyers and tenants (Real Estate), and genealogy researchers.
  • Special Categories: Members of religious organizations (via ChurchAnywhere) and historical/genealogical records (via GeneTree Grave Archives).

6.3 Categories of Information

The Company processes the following types of information:

  • Biographical Data: Full names, identity numbers, and/or passport numbers.
  • Contact Data: Email addresses, physical addresses, and telephone numbers.
  • Financial & Transactional Data: Billing addresses, VAT numbers, payment portal tokens (PCI-compliant), and transaction history relating to SaaS subscriptions.
  • Fiduciary & Property Data: Case-specific data uploaded by clients, including estate records and property details.
  • Special Personal Information: Religious affiliation (where applicable) and historical family data.

6.4 Planned Transborder Flows

The Company utilizes a Hybrid-Cloud Architecture. While primary application logic and databases reside in South Africa, encrypted binary objects, documents, and backups are transferred to the United States (Backblaze B2). 

  • Security: All data is encrypted before transmission. 
  • Adequacy: This transfer is governed by a binding agreement that ensures a level of protection substantially similar to POPIA (incorporating GDPR-standard SCCs).

6.5 Information Security Measures

The Company maintains “appropriate, reasonable technical and organisational measures” as per Section 19 of POPIA. Detailed specifications are contained in our Technical & Organisational Measures (TOMs) document and include AES-256 encryption, Multi-Factor Authentication (MFA), and a Zero-Standing Access (Ghost Rule) protocol.

7. REQUEST PROCEDURE

Anyone wishing to request access to records must use Form 2 (available from the Regulator). The request must be sent to the Information Officer. A fee may be payable as prescribed by law.

8. AVAILABILITY OF THE MANUAL

This manual is available for inspection at the Company’s website and can be requested via email.