Data Protection Complaints Policy

1. Purpose

This policy sets out how Calibre One Ltd handles complaints relating to the processing of personal data. It ensures that all concerns are addressed promptly, fairly, and in line with applicable data protection laws, including the UK GDPR and Data Protection Act 2018.

2. Scope

This policy applies to:

  • All employees, contractors, and representatives of the organisation
  • All individuals whose personal data is processed by Calibre One Ltd
  • Any data protection-related complaint received from candidates, clients, staff, or third parties

3. Definition of a Data Protection Complaint

A data protection complaint is any expression of dissatisfaction regarding how personal data is collected, stored, used, shared, or protected. Examples include:

  • Unauthorised disclosure of personal data
  • Failure to comply with a data subject rights request
  • Concerns about data accuracy
  • Excessive data retention
  • Security breaches or suspected misuse of personal data

4. Roles and Responsibilities

  • GDPR Responsible Person – Responsible for overseeing complaint handling, investigations, and ensuring compliance.
  • All Staff – Must promptly report data protection complaints or concerns to the DPO.

5. How to Make a Complaint

Complaints can be submitted by downloading and filling out our Data Protection Complaint Form. Complainants should provide:

  • Name and contact details
  • Description of the issue
  • Relevant dates and supporting information

6. Complaint Handling Process

6.1 Acknowledgement

  • Complaints will be acknowledged within 10 days of receipt.

6.2 Investigation

  • The complaint will be assessed and investigated by the GDPR designated person.
  • Relevant departments may be involved where necessary.
  • The organisation may contact the complainant for further information.

6.3 Response

  • A formal response will be provided within one month of receipt.
  • If the complaint is complex, the response period may be extended by up to two additional months. The complainant will be informed of any delay.

6.4 Outcome

Possible outcomes include:

  • Explanation of findings
  • Rectification of inaccurate data
  • Changes to processes or procedures
  • Disciplinary action (if applicable)
  • Notification of data breaches, where required

7. Escalation

If the complainant is not satisfied with the response, they may escalate the complaint internally or contact the Information Commissioner’s Office (ICO):

ICO Contact Details:
Website: https://ico.org.uk

Helpline: 0303 123 1113

8. Confidentiality

All complaints will be handled confidentially. Information will only be shared where necessary to investigate and resolve the issue.

9. Record Keeping

  • All complaints and related actions will be documented and retained securely.
  • Records will be kept in accordance with the organisation’s data retention policy.

10. Continuous Improvement

Complaint trends will be reviewed periodically to:

  • Identify recurring issues
  • Improve data protection practices
  • Strengthen staff training and awareness

This policy will be reviewed annually or when required due to legislation changes.

Last updated June 2026