This policy sets out how individuals may raise a data protection complaint and how we deal with and respond to these.
Our Business is committed is committed to handling your Personal Data in compliance with the requirements of the General Data Protection Regulation 2016/679 (the “GDPR”), the UK General Data Protection Regulation brought into force by virtue of Schedule 1 of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (the “UK GDPR”), Data Protection Act 2018 (DPA) and Applicable Laws.
We are committed to providing a professional and effective service to our clients, customers or other third parties who may be affected by our data processing activities and strive to investigate complaints in a prompt and effective manner and in accordance with Data Protection Laws.
This policy sets out how individuals may raise a data protection complaint and how we deal with and respond to these.
Our Business aims to address all data protection complaints and concerns quickly and informally in the first instance. This Policy aims to:
2.1.1 Make the complaints procedure easy and accessible
2.1.2 Deal with complaints and concerns expeditiously and courteously
2.1.3 Advise how we will keep individuals informed
2.1.4 To provide a clear and timely response to concerns
3.1 This Policy applies to complaints relating to how we have handled individuals’ Personal Data or data rights. This may include (but not limited to):
3.1.1 Occasions where a Data Subject feels their Personal Data is not being Processed in line with our Privacy Notice(s) or other information or Data Protection Laws
3.1.2 Occasions where a Data Subject has adversely affected by a Personal Data Security Breach, caused by or involving our Business
3.1.3 Occasions where a Data Subject feels we have not dealt with a request to exercise their Data Subject Rights correctly
3.1.4 Occasions where a Data Subject feels we have not provided a timely response to a previously submitted Data Protection query or concern.
3.2 This Policy does not cover general service complaints where they are not related directly to Data Protection matters.
Any complaints about processing of Personal Data will be handled in line with the procedure set out in below. For illustrative purposes, a non-exhaustive list of the types of concerns which you can raise using this procedure includes:
If you have contacted us using this procedure, but the concerns you raise fall outside of the scope of this procedure, you will be notified of the most appropriate process to follow instead.
5.1 How to make a complaint
5.1.1 Individuals can make a complaint to us by:
Emailing us: iso@redflagert.com
5.2 Timescales. We will aim to acknowledge all concerns within five working days of receipt and will respond to all concerns within one calendar month. There may be some occasions where we need additional time to respond to a concern, for example, where it is complex. If this is the case, we will let the individual know in a timely manner.
5.3 Escalation to the Information Commissioner's Office
5.3.1 We are committed to dealing with all data protection complaints in a timely and courteous manner. However, we understand that there may be occasions where individuals are unhappy with the outcome.
Individuals have the right to complain directly to the UK's Privacy Regulator, the Information Commissioner's Office. This can be done by:
5.3.1.1 Writing to them: ICO, Wycliffe House Water Lane Wilmslow Cheshire SKP 5AF 8.1.2 Telephone: 0303 123 1113
5.3.1.2 Via the web: www.ico.org.uk