enquiries@174familylaw.co.uk

  The Lauries, 142 Claughton Rd, Birkenhead, CH41 6EY

      

 

  Get Directions

      

Complaints Policy (Data Protection and Information Rights)

Compliant with the UK Data Protection Framework, including the Data (Use and Access) Act (DUAA), UK GDPR, Data Protection Act 2018, and ICO guidance

  1. Purpose

This Complaints Policy establishes a fair, transparent, and effective process for handling complaints relating to:

  • Personal data processing;
  • Data subject rights requests;
  • Privacy and confidentiality concerns;
  • Information governance matters;
  • Data sharing and access issues;
  • Automated decision-making concerns;
  • Direct marketing complaints;
  • Any matter falling within the scope of the Data (Use and Access) Act (DUAA), UK GDPR, Data Protection Act 2018, and associated regulations.

The organisation is committed to investigating complaints promptly and providing clear outcomes while ensuring compliance with guidance issued by the UK’s Information Commissioner’s Office.

2. Scope

This policy applies to:

  • Customers
  • Service users
  • Employees
  • Contractors
  • Volunteers
  • Suppliers
  • Data subjects
  • Representatives acting on behalf of data subjects
  • 3. Legal Framework

This policy is informed by:

  • Data (Use and Access) Act
  • UK General Data Protection Regulation
  • Data Protection Act 2018
  • Information Commissioner’s Office guidance
  • Privacy and Electronic Communications Regulations (PECR) where applicable

For further regulatory guidance, refer to:

ICO Complaints Guidance

4. Principles

All complaints will be handled:

  • Fairly
  • Impartially
  • Confidentially
  • Without retaliation
  • Within statutory timescales
  • With appropriate records maintained

The organisation will:

  • Acknowledge complaints promptly.
  • Investigate proportionately.
  • Keep complainants informed.
  • Provide reasons for decisions.
  • Explain escalation rights.
  • 5. How to Make a Complaint

Complaints may be submitted:

  • Via email
  • By post
  • In person
  • Through an authorised representative

The complainant should complete the Data Protection Complaint Form attached to this policy.

6. Complaints Procedure

Stage 1 – Receipt

Upon receiving a complaint:

  1. Record the complaint in the Complaints Register.
  2. Assess whether:
    • Identity verification is required.
    • Additional information is needed.
    • The complaint concerns personal data.

Timescale

Acknowledgement within:

5 working days

Stage 2 – Investigation

The investigating officer shall:

  • Review relevant records.
  • Consult staff involved.
  • Review applicable legislation.
  • Assess compliance obligations.
  • Consider any risks to individuals.

Where necessary, the Data Protection Officer (DPO) will be consulted.

Investigation Period

Normally completed within:

30 calendar days

Where complex, the complainant will be informed of any extension and reasons.

Stage 3 – Outcome

The organisation will issue a written response including:

  • Summary of complaint.
  • Findings.
  • Actions taken.
  • Remedial measures.
  • Rights of escalation.

Possible outcomes:

  • Complaint upheld.
  • Complaint partially upheld.
  • Complaint not upheld.
  • Informal resolution agreed.

Stage 4 – Escalation

If dissatisfied, the complainant may request an internal review within:

30 days of the decision

A senior officer not previously involved will review the matter.

Stage 5 – ICO Referral

If the complainant remains dissatisfied, they may contact:

Information Commissioner’s Office

ICO Official Website

The organisation will inform complainants of this right.

7. Record Keeping

The following records shall be maintained:

  • Complaint reference number
  • Date received
  • Complainant details
  • Nature of complaint
  • Outcome
  • Corrective actions
  • Closure date

Records shall be retained in accordance with the organisation’s retention schedule.

 

APPENDIX A – COMPLAINT FORM

DATA PROTECTION COMPLAINT FORM

Section 1 – Complainant Details

Full Name:

Address:

Postcode:

Telephone:

Email:

Section 2 – Representative Details (if applicable)

Name:

Organisation:

Relationship to Complainant:

Evidence of Authority Attached:

□ Yes

□ No

Section 3 – Complaint Details

What is your complaint about?

□ Access to my personal data

□ Incorrect personal data

□ Erasure request

□ Restriction of processing

□ Objection to processing

□ Data sharing

□ Direct marketing

□ Automated decision making

□ Data breach concern

□ Other

Please provide details:

Section 4 – Relevant Dates

Date(s) issue occurred:

Date organisation was notified:

Section 5 – Desired Outcome

What would you like the organisation to do?

Section 6 – Supporting Documents

Please attach copies of any relevant:

□ Emails

□ Letters

□ Screenshots

□ Identity documents

□ Other evidence

Declaration

I confirm that the information provided is accurate to the best of my knowledge.

Name:

Signature:

Date: