UK Data Protection Complaints Policy
Prepared under the Data (Use and Access) Act 2025 (DUAA) and the Information Commissioner’s Office (ICO) mandates dated 19 June 2026, enforcing a strict “controller-first” resolution model.
1. Policy Statement
Seaspray Pagham takes all concerns regarding the handling of personal data seriously. In accordance with UK data protection legislation and guidance issued by the Information Commissioner’s Office (ICO), we have established a formal, statutory process for receiving, investigating, and resolving data protection complaints.
Under the Data (Use and Access) Act 2025, individuals are legally required to exhaust this internal organizational complaints procedure before escalating an issue to the regulatory authority.
2. What Constitutes a Data Protection Complaint?
A data protection complaint arises if an individual believes we have breached our obligations under the UK GDPR or Data Protection Act 2018. Complainants do not need to use specific legal terminology for their request to be valid. This policy covers expressions of dissatisfaction regarding:
- Information Rights: Failures, delays, or incomplete responses to SARs – Subject Access Requests (requests for details of personal data being held) or deletion requests.
- Security & Breaches: Personal data leaks, unauthorized access, or loss.
- Data Integrity: Inaccurate information or refusal to update outdated records.
- Retention & Lawfulness: Keeping personal details longer than legally permitted or processing them without a valid lawful basis.
3. How to Submit a Complaint
We provide accessible, dedicated channels to ensure your concern is routed immediately to our data compliance individual:
- 📧 By Email: GDPR@seaspraypagham.co.uk
- 📞 By Phone: 07956 413044
Please provide your full name, contact details, any relevant account/reference numbers, and a clear description of the data handling event you wish to challenge.
4. Statutory Handling Procedure & Timelines
We manage all reported issues through a formal, auditable compliance process:
- Step 1: Mandatory Acknowledgement (Within 30 Days)
We will formally acknowledge receipt of your data protection complaint within 30 days of receiving it, as legally required. This confirmation will state who is handling your file and outline the investigation steps. - Step 2: Investigation & Inquiries
We will investigate your concerns. We will review data held. We will keep you updated during complex investigations. - Step 3: Outcome Notification (Without Undue Delay)
We will notify you of the final outcome without undue delay once the investigation concludes. You will receive a clear, plain-language explanation of our findings, along with any remedial or corrective actions implemented.
5. Record Keeping and Accountability
To comply with ICO accountability mandates, our organization maintains a secure, centralized log of all data protection complaints. This record stores the initial submission date, copies of all correspondence, internal investigation notes, remedial logs, and final outcome notices. These logs are subject to review and can be shared with the ICO and any necessary authorities if requested under regulatory reporting rules.
6. Escalation to the Information Commissioner’s Office (ICO)
If you remain dissatisfied with our final outcome or how your complaint was handled, you have the statutory right to escalate the matter directly to the UK regulator.
- Regulatory Body: Information Commissioners Office (ICO)
- Online Reporting: https://ico.org.uk/make-a-complaint
- Helpline: 0303 123 1113]
Policy Effective Date: 19 June 2026
Next Review Date: 19 June 2027

