Data Processing Complaints Policy (GDPR)
1. Purpose
This policy sets out the procedure for handling complaints relating to the processing of personal data by the organisation in accordance with the General Data Protection Regulation (GDPR), the UK GDPR (where applicable), and relevant data protection laws.
The organisation is committed to ensuring that personal data is processed lawfully, fairly, and transparently. Any complaint regarding data processing will be handled promptly, confidentially, and fairly.
2. Scope
This policy applies to all personal data processed by the organisation, regardless of format, including electronic, paper-based, verbal, and archived records.
This policy applies to employees, contractors, customers, suppliers, business partners, website users, and any data subjects whose personal data is processed by the organisation.
This policy covers all processing activities undertaken by the organisation, including data collection, storage, access, use, sharing, retention, and deletion.
3. Types of Complaints Covered
Complaints may relate to:
• Collection of personal data without lawful basis
• Excessive or unnecessary collection of personal data
• Failure to provide privacy notices
• Unauthorised access, disclosure, or sharing of personal data
• Inaccurate or incomplete personal data
• Excessive retention of personal data
• Personal data breaches
• Failure to respond to data subject rights requests
• Unlawful international data transfers
• Profiling or automated decision-making concerns
4. How to Submit a Complaint
Complaints may be submitted via email, written correspondence, online complaint forms, or direct contact with the Data Protection Officer (DPO) or Privacy Team.
5. Complaint Handling Process
Step 1: Receipt and Logging
All complaints shall be recorded in the Data Protection Complaint Register.
Step 2: Acknowledgement
Complaints will be acknowledged within five (5) business days.
Step 3: Investigation
An appropriate investigation will be conducted by the DPO, Privacy Team, or designated personnel.
Step 4: Resolution
Appropriate corrective actions may include correction, deletion, restriction of processing, security improvements, staff retraining, and process changes.
Step 5: Response to Complainant
A formal response will explain findings, actions taken, and escalation rights.
6. Response Timelines
The organisation aims to resolve complaints within thirty (30) calendar days of receipt.
7. Escalation and External Remedies
Individuals may escalate unresolved complaints internally or lodge complaints with relevant supervisory authorities, including the ICO or EU supervisory authorities.
8. Confidentiality
All complaints shall be handled confidentially and records securely stored.
9. Non-Retaliation
No individual shall suffer retaliation for submitting a complaint in good faith.
10. Monitoring and Reporting
Complaint trends shall be reviewed periodically to identify repeated issues and improvement opportunities.
11. Policy Review
This policy shall be reviewed annually or whenever significant changes occur.
12. Contact Information
Data Protection Officer - Lisa-Marie Sikand
Email: hello@soulitude7.co.uk
Registered Address: 42 Lytton Road, Barnet, Hertfordshire EN5 5BY