Skip to main content

Data Complaints Handling Procedure

Home / About Redkite / Data Complaints Handling Procedure

Data Complaints Handling Procedure

For Compliance with the Data (Use and Access) Act 2025

1. Introduction and Purpose

This Data Complaints Handling Procedure is established to ensure compliance with the Data (Use and Access) Act 2025 and other related legal frameworks, including the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

The purpose of this document is to outline clear, fair, and efficient procedures for handling complaints relating to the use, access, or processing of personal or other data by Red Kite Law LLP (“the Firm”). This procedure ensures that the rights of data subjects under the law are respected and upheld while addressing any concerns promptly, appropriately, and in accordance with our legal obligations.

2. Scope

This procedure applies to:

  • Clients: Individuals or entities utilising the services of the Firm.
  • Employees: Members of staff, contractors, or consultants acting on behalf of the Firm.
  • Third Parties: Any individuals whose data is accessed or processed by the Firm in the course of its activities.

This procedure does not apply to complaints or concerns about the:

  • service provided by the Firm or its staff; or
  • the conduct of the Firm or its staff not relating to the handling of data.

Complaints about such matters are covered in the Firm’s separate Complaints Handling Procedure which is available on the Firm’s website or upon request from the Firm’s Compliance team.

3. Definitions

For the purpose of this procedure:

  • Complaint: Any expression of dissatisfaction arising from the use, processing, or access of personal data by the Firm.
  • Data Subject: An identifiable natural person whose data has been accessed, processed, or used.
  • Personal Data: Data that relates to an identified or identifiable person, as defined under the Data Protection Act 2018 and UK GDPR.

4. Rights of Complainants

Under the Data (Use and Access) Act 2025 and related legislation, complainants have the following rights:

4.1 Right to Complain: Individuals have the legal right to file complaints about how their data has been accessed or processed.

4.2 Right to Information: Complainants are entitled to access clear information about how their complaints will be processed by the Firm.

4.3 Right to Escalation: Unresolved complaints or dissatisfaction with the Firm’s response may be referred to external bodies, including the Information Commissioner’s Office (ICO).

5. Procedure for Submitting Complaints

5.1 How to Submit a Complaint:

Complaints must be submitted using one of the following methods:

  • In Writing: Address complaints to Julian Wintle, 58 Main Street, Pembroke SA71 4NP.
  • By Email: Send complaints to Compliance@redkitelaw.co.uk.
  • By Phone: Call 0333 0144455; a follow-up in writing may be requested.

The complaint should include:

  • The complainant’s full name and contact details;
  • A clear description of the issue(s) being raised; and
  • Any supporting documentation or information relevant to the complaint.

5.2 Acknowledgement of Complaints:

  • Complaints will be acknowledged in writing within five working days of receipt, confirming that the issue is under review.

6. Investigation of Complaints

6.1 Responsibility:

  • Investigations will be handled by Julian Wintle (the Data Protection Officer (DPO)) or an authorised person within the Firm’s Compliance team.

6.2 Investigation Process:

  • All complaints will be reviewed impartially, and reasonable steps will be taken to gather and assess all relevant information to determine the facts.
  • Investigative steps may include:
    1. Interviewing internal staff involved in the complaint;
    2. Reviewing any relevant data and documentation; and
    3. Conducting a risk assessment to determine potential legal or operational implications.

6.3 Timeframe for Conclusion:

  • A full response will be provided to the complainant within eight weeks of receipt. Should the investigation require additional time, a written explanation will be sent to the complainant, outlining the reason for the delay and the expected date for resolution.

7. Resolution and Remedies

Where a complaint is upheld, appropriate actions may include:

  • Issuing an apology to the complainant;
  • Correcting or deleting data where errors or unauthorised access have occurred;
  • Adjusting internal practices to prevent future occurrences;
  • Providing financial or non-financial remedies in accordance with applicable legal requirements, where warranted.

8. Escalation and External Reporting

8.1 Internal Escalation:

  • If the complainant is dissatisfied with the resolution provided, the matter may be escalated internally by contacting Julian Wintle, the Data Protection Officer (DPO).

8.2 External Escalation:

  • If the issue remains unresolved, the complainant may escalate their concerns to the following external bodies:
    • Information Commissioner’s Office (ICO):
      • Website: https://ico.org.uk
      • Phone: 0303 123 1113
      • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
    • Solicitors Regulation Authority (SRA):
      • Website: https://www.sra.org.uk
      • Contact information for complaints guidance is available on their website.

9. Record-Keeping

9.1 Retention of Records:

  • All complaints and related correspondence will be documented and retained for a minimum of six years, or longer if required by legal or regulatory obligations.

9.2 Contents of Records:

  • Records will include:
    1. Copies of complaints received;
    2. Notes, emails, and documents associated with the investigation process; and
    3. Outcomes communicated to the complainant.

10. Monitoring and Review

10.1 Monitoring Complaints:

  • Complaints will be regularly reviewed to identify recurring patterns, systemic issues, or areas requiring improvement.

10.2 Review of Procedure:

  • This procedure will be reviewed annually or sooner if necessitated by significant changes in the firm’s operations or applicable legislation.

Additional References

This procedure is governed by and aligned with the following legal and professional regulations:

    • Data (Use and Access) Act 2025;
    • Data Protection Act 2018;
    • UK General Data Protection Regulation (UK GDPR);
    • Solicitors Regulation Authority Principles and Code of Conduct.

Contact Information

All queries, complaints, or concerns about this procedure may be directed to:

Name:                  Julian Wintle (Data Protection Officer)

Email:                  Compliance@redkitelaw.co.uk
Phone:                0333 0144455

Address:             58 Main Street, Pembroke SA71 4NP

Effective Date

This procedure takes effect as of 19 June 2026