Data Protection Complaints Policy

Data Protection Complaints Policy

(Compliant with the Data (Use and Access) Act 2025, UK GDPR and the Data Protection Act 2018)

1. Purpose of This Policy

This policy explains how individuals can raise concerns or complaints about how Your Menopause Nurse processes their personal data.

It ensures we meet our legal duties under the Data (Use and Access) Act 2025, including the new requirement to operate a formal data protection complaints process, as well as UK GDPR and the Data Protection Act 2018.

2. Scope

This policy applies to:

  • All service users
  • Corporate clients
  • Website users
  • Anyone whose personal data we process
  • All directors, staff, contractors and associates working on behalf of Your Menopause Nurse

It covers all personal data, including special category data such as health information.

3. What Counts as a Data Protection Complaint?

A data protection complaint is any concern relating to:

  • How we collect, use or store personal data
  • How long we keep data
  • Accuracy of data
  • Data sharing with third parties
  • Data security or confidentiality
  • Access to personal data
  • Handling of special category data
  • Any suspected breach of data protection law
  • Any concern about our compliance with the Data (Use and Access) Act

Complaints may be formal or informal.

4. How to Make a Complaint

We accept complaints through any communication channel, including:

  • Email: support@yourmenopausenurse.co.uk
  • Website contact form
  • Verbal complaints made to any member of staff
  • Social media messages
  • Any other reasonable method

To help us respond effectively, individuals should include:

  • Name and contact details
  • Details of the concern
  • Relevant dates or evidence
  • The outcome they are seeking

We will acknowledge all complaints within 30 days, and normally within 5 working days.

5. How We Handle Complaints

Once a complaint is received, we will:

  1. Acknowledge receipt within 30 days (normally 5 working days).
  2. Record the complaint in our secure log.
  3. Review the concern and gather relevant information.
  4. Assess whether a data breach has occurred or whether our processes have not been followed.
  5. Investigate without undue delay, keeping the individual informed.
  6. Provide an outcome without undue delay, normally within three months, unless the matter is complex.

All complaints are handled by Melanie Dunwell, our Data Protection Lead (DPL) .

6. Possible Outcomes

Outcomes may include:

  • Clarification of how data is used
  • Correction or deletion of data
  • Restriction of processing
  • Changes to internal processes
  • Staff training or reminders
  • Notification of a data breach (if applicable)
  • Explanation of why no breach occurred

7. Right to Escalate

If an individual is not satisfied with our response, they may escalate their complaint to the:

Information Commissioner’s Office (ICO) 

Website: ico.org.uk

Telephone: 0303 123 1113

We will always inform individuals of this right.

8. Record Keeping

We maintain a secure log of all data protection complaints, including:

  • Date received
  • Nature of complaint
  • Actions taken
  • Outcome
  • Any changes made to processes

Records are kept for six years.

9. Staff Responsibilities & Training

All staff must:

  • Recognise when a concern may be a data protection complaint
  • Escalate complaints immediately to the Data Protection Lead
  • Support investigations as required

We provide regular training to ensure staff understand their responsibilities.

10. Accessibility & Publication

This policy and our complaints process will be:

  • Clearly signposted in our Privacy Notice
  • Available on our website
  • Provided on request in accessible formats

11. Review of This Policy

This policy will be reviewed annually, or sooner if legislation or ICO guidance changes.

Review due: 16/06/2027