‍ ‍DATA Protection Complaints Notice‍ ‍

This notice explains your rights, how to raise a concern with us, what to expect when you do, and what to do if you are not satisfied with our response specifically to concerns around how we store and use your data. This notice should be read alongside Heaven Sent Solutions Privacy Policy, which explains what personal data we collect, the lawful bases for processing, how long data is retained and how personal information is protected.

Your right to complain directly to us,  is a statutory right under the Data (Use and Access) Act 2025. You do not need to go to the ICO first,  we are your first point of contact, though you are always free to contact the ICO directly if you prefer. Under UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025, you have the right to:

•  Access the personal data we hold about you (sometimes called a subject access request, or SAR).

•  Ask us to correct information that is wrong or incomplete.

•  Ask us to delete your data in certain circumstances.

•  Ask us to restrict how we use your data while a complaint is being looked into.

•  Receive a copy of your data in a commonly used, portable format.

•  Object to us using your data in certain ways.

•  Not be subject to a decision made solely by automated means where that decision has a significant effect on you.

•  Under the Data (Use and Access) Act 2025, ask us to explain in plain terms how an automated decision affecting you was made, request that a person reviews that decision, and ask us to reconsider the outcome.  

If you would like to exercise any of these rights, please contact us using the details below. Data Protection Lead at Heaven Sent Solutions is Helen Heathfield-White and you can raise your complaint by emailing directly hello@heavensentsolutions.co.uk‍ ‍or by completing our complaints form https://forms.gle/yK5TzpeRGxmKkAf47

A data protection complaint is any concern you raise about how we have collected, used, stored, shared or deleted your personal data. This is broad and covers a wide range of situations, not just formal data breaches.

Examples of the types of concern we can investigate‍ ‍

•      We collected or used your personal data without a valid lawful basis, or for a purpose you were not told about.

•      We shared your personal data with someone we should not have, or without a lawful reason to do so.

•      We did not action a request to delete, correct or restrict your personal data when we were required to.

•      We kept your personal data for longer than necessary.

•      A data breach or security incident affected your personal data and we did not handle it correctly.

•      You continued to receive marketing from us after you had opted out.

•      Our privacy notice was unclear, incomplete or did not accurately describe how we use your data.

•      We used AI or an automated tool in a way that affected your personal data without proper safeguards, transparency or human oversight.

•      Requests to exercise your data rights (such as a Subject Access Request) are not complaints in themselves, although concerns about how such requests have been handled may be raised through this complaints process.

To help us investigate your concern as quickly as possible, it helps if you can tell us:

•      Your name and contact details.

•      A clear description of your data concern - what happened, when, and who was involved.

•      Any relevant reference numbers, screenshots or correspondence.

•      What outcome you would like.

You do not need to provide all of this to make a valid complaint. If you are not sure what to include, just get in touch and we will help you from there. You can email us your complaint via hello@heavensentsolutions.co.uk or complete our complaints form https://forms.gle/yK5TzpeRGxmKkAf47  

How we will handling your Data Complaint: ‍ ‍

Step 1 - Acknowledgement (within 15 working days)

We will send you a written acknowledgement within 15 working days of receiving your complaint. Day one of that period is the day after we receive it.

Our acknowledgement will confirm:

•      That we have received your complaint and the date we received it.

•      The name of the person who will be handling it.

•      What happens next and an expected timescale.

Step 2 - Investigation

We will investigate your complaint fairly and thoroughly, without undue delay. This may include reviewing records and system logs, and speaking to relevant team members or suppliers.

Step 3 - Keeping you informed

We will not go silent while we are investigating. If we need more information from you, or if anything changes, we will get in touch as soon as possible.

Step 4 - Our response

We aim to give you a full response within one calendar month of the acknowledgement of the complaint. In complex cases, we may extend this by up to a further two months. If we need to do this, we will tell you within the first month and explain why.

Our response will explain:

•      What we investigated and how.

•      What we found, and the reasons for our decision.

•      What action (if any) we have taken or will take as a result.

•      Your right to take your complaint to the ICO if you are not satisfied.

Please note: We will not charge a fee for handling your complaint, unless it is clearly unfounded or excessive - in which case we will explain this to you before proceeding.

Complaints specific to AI:

If your concern relates to how AI or an automated tool has been used in connection with your personal data, we will review:

•      Whether AI or an automated tool was used, and at what stage of the process.

•      Whether the use was lawful, fair and transparent.

•      Whether appropriate human oversight was in place at the point any decision was made.

We will not use AI alone to decide the outcome of a data protection complaint a named member of our team will handle the investigation and response personally.

Where your complaint relates to an automated or AI-assisted decision, you have additional rights under the Data (Use and Access) Act 2025, including the right to ask us to explain how the process worked in plain English, to request a human review, and to ask us to reconsider the outcome. The person carrying out that review has full authority to change the original decision, not simply confirm it.

Where our processes involve third-party tools, platforms or suppliers, we remain your single point of contact for any data protection complaint. You do not need to contact our suppliers directly - we will liaise with them on your behalf as part of our investigation and keep you informed of the outcome.

If you remain unhappy after we have responded - or at any point during our process - you have the right to refer the matter to the Information Commissioner's Office (ICO), the UK's independent data protection regulator. You do not have to wait for us to finish before contacting the ICO, and you do not have to raise your concern with us first, though we would always appreciate the opportunity to put things right.

Our ICO Number: ZB402034

ICO Helpline 0303 123 1113 (Monday to Friday, 9am to 4:30pm)

Live chat via ico.org.uk

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

For complaints of any other nature please see our Compliments & Complaints Policy

Policy reviewed and updated 01st June 2026

Next Review due 01st June 2029

Changes signed off by Helen Heathfield-White – Director/Owner of Heaven Sent Solutions