container for CSS updated feb 2024 - rationalising & tidying CSS after calendar changes

Home > About Us > Privacy Policy

Data Protection Complaints Policy

Data Protection Complaints Policy Version 1.0 approved May 2026

1. Purpose of this Policy

This policy sets out how we receive, handle, investigate, and respond to data protection complaints.

A data protection complaint is any expression of dissatisfaction relating to how we collect, use, store, share, secure, or otherwise process personal data.

2. How Individuals Can Make a Data Protection Complaint

We accept complaints in any format, including:

• Email

• Online form

• Letter

• Telephone

• Social media messages or posts

• In person

Information on how to complain is published in our Privacy Notice and on our website.

3. Acknowledging Complaints

We will acknowledge all data protection complaints within 30 days of receipt.

Where necessary, we may request additional information to confirm identity or clarify the issue.

4. Investigating Complaints

We will investigate complaints without undue delay, taking reasonable and proportionate steps depending on the complexity of the issue and the volume of data involved.

Our investigation may include:

• Reviewing relevant records and systems

• Speaking with staff involved

• Assessing whether data protection laws or internal policies were breached

• Making enquiries with processors or third parties where relevant

We will keep complainants informed of progress and expected timelines.

5. Responding to Complaints

Once our investigation is complete, we will provide a clear written outcome without undue delay, explaining:

• What we found

• Whether we believe data protection law was infringed

• Any steps we have taken or will take

• Options available if the complainant remains dissatisfied

6. Record-Keeping

We maintain internal records of:

• The complaint

• Actions taken

• Communications with the complainant

• Final outcomes

These records may be reviewed by the ICO if a complaint is escalated.

7. If the Complainant Is Not Satisfied

If the Complainant is unhappy with our response, they may escalate their concerns to the Information Commissioner’s Office (ICO). However, the ICO will generally expect individuals to raise the issue with us first.

8. Employee and Trustee Responsibilities

All employees and trustees must:

• Recognise and escalate potential data protection complaints

• Ensure complaints received through any channel (including social media) are forwarded promptly

• Cooperate with investigations

9. Review of This Policy

We will review this policy annually or sooner if legislation or ICO guidance changes.

Date of review: 13.05.2026

Powered by Church Edit