GDPR Complaint Procedure
GDPR Complaint Procedure
Last Updated: 17 June 2026
- Introduction
- 1.1 Lindamood-Bell Learning Processes is a Data Controller as defined under the UK GDPR and the Data Protection Act 2018.
- 1.2 This procedure outlines the internal steps taken to manage and resolve complaints regarding personal data processing or data subject rights. This procedure is designed to support compliance with the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025, including the requirement to provide a process for handling data protection complaints.
- Scope
- 2.1 This policy covers all complaints regarding the way Lindamood-Bell Learning Processes has handled personal data or complied with data protection law, including handling of Data Subject Access Requests (DSARs), data breaches, and general non-compliance with data protection principles.
- Submission of Complaints
- 3.1 Individuals may submit a complaint via our Online Complaint Form or directly by:
- Email: privacy@lindamoodbell.com
- Post: 416 Higuera Street, Attn: HR Department, San Luis Obispo, California, 93401, United States
- 3.2 Complaints can be received through any channel (e.g., telephone, social media, in person) and will be escalated immediately to the Data Protection Officer (DPO) or the dedicated data privacy team.
- Acknowledgment
- 4.1 The data privacy team will log the complaint and send a formal acknowledgment receipt to the complainant within 30 days of receiving it.
- 4.2 The acknowledgment will detail the next steps.
- Investigation & Progress Updates
- 5.1 The DPO or a designated investigator will review the circumstances without undue delay, examining relevant systems, logs, and communications.
- 5.2 We will aim to resolve the complaint within three months of receipt, as required by the DUAA.
- 5.3 If the investigation is complex and expected to take a prolonged period, the complainant will be informed in writing, explaining the reason and expected timeframe, and will receive regular progress updates.
- Outcome and Resolution
- 6.1 Once concluded, Lindamood-Bell Learning Processes will communicate the final outcome of the complaint to the data subject “without undue delay”.
- 6.2 The response will explain in clear language the findings, any remedial actions taken, and clearly inform the individual of their right to escalate the matter to the ICO if they are unsatisfied with the outcome.
- Right to Complain to the ICO
- If you are not satisfied with our response, you can contact the ICO:
- Website: https://ico.org.uk/make-a-complaint/
- Telephone: 0303 123 1113
- Record Keeping
- We will keep an internal record of data protection complaints, including the date received, the issues raised, key actions taken, the date of acknowledgment, correspondence with the complainant, the outcome, and any follow-up actions. Records will be retained in line with our retention schedule and used to identify trends, improve compliance, and demonstrate accountability. Records will be retained for at least three years in accordance with DUAA requirements.
- Accessibility and Fairness
- We will handle complaints fairly, objectively, and in a way that is proportionate to the circumstances. No one will be disadvantaged for raising a genuine data protection concern.
- Training, Monitoring, and Review
- Relevant staff will receive training so they can recognise and escalate data protection complaints appropriately. We will monitor the operation of this procedure, review complaint trends and outcomes, and update this procedure when there are changes to the law, regulatory guidance or our organisational arrangements. This procedure will be reviewed at least annually.
