This procedure explains how Switchable Ltd handles complaints about how personal data is collected, used, shared, or stored. It applies to complaints from learners, training providers, prospects, mailing list subscribers, or anyone else whose personal data Switchable Ltd processes.
From 19 June 2026 the Data (Use and Access) Act 2025 requires every UK data controller to operate a documented complaints procedure. The Information Commissioner's Office (ICO) will normally expect a complainant to have raised the matter with the controller first before it will investigate.
Any allegation that Switchable Ltd has handled personal data in a way that breaches UK data protection law. Examples:
A general service complaint (e.g. "the form did not work", "I did not like the email I received") is not a data protection complaint. If a complaint mixes service and data issues, the data part is handled under this procedure.
A complainant may use any of the following routes. Complainants do not need to use a specific format or cite a specific law.
To help us investigate quickly, complainants are asked (but not required) to include: their name and a way to contact them, which brand the complaint relates to, what happened (with dates if known), and what outcome they are looking for. If the complainant does not provide enough information to investigate, Switchable Ltd will ask once for the missing detail. The acknowledgement clock keeps running regardless.
Step 1, Acknowledgement (within 30 days). Switchable Ltd will send a written acknowledgement within 30 calendar days of receiving the complaint. The acknowledgement will confirm the complaint has been received and assigned a reference, state who is handling it (Charlotte Harris, Director and Data Protection Officer), set out indicative next steps and likely timescale, and provide a route to contact us if anything is unclear. In practice acknowledgement will normally be within 5 working days. The 30-day figure is the statutory maximum.
Step 2, Investigation (without undue delay). Switchable Ltd will identify what personal data is involved and the lawful basis under which it is processed; review records (consent logs, ROPA, processor agreements, system logs as relevant); contact the complainant for clarification where useful; and where the complaint involves a third party (e.g. a training provider acting as their own controller), make appropriate enquiries with that party. Progress updates will be sent to the complainant if the investigation extends beyond one month, and at least monthly thereafter.
Step 3, Outcome (within 3 months). Switchable Ltd will issue a written outcome within 3 months of receiving the complaint, unless exceptional circumstances apply. Exceptional circumstances will be explained to the complainant in writing, with a revised target date. The outcome will include a summary of the complaint, what we investigated and what we found, what we have done or will do (including any change to processing, deletion, or rectification), whether the complaint is upheld, partially upheld, or not upheld with reasoning, and the complainant's right to escalate to the ICO if they are not satisfied (with the ICO's contact details).
If a complainant is not satisfied with the outcome, or if Switchable Ltd has not responded within 3 months, they may complain to the ICO:
Under the DUAA, the ICO will normally expect the complainant to have raised the matter with Switchable Ltd first.
Every complaint is logged in an internal complaints log (private to Switchable Ltd, not published). Each entry records: a reference number (format DPC-YYYY-NNN), date received and date acknowledged, brand and channel (form, email, post), complainant name (or "anonymous" if not provided), summary of complaint, lawful basis and data categories involved, investigation steps taken and dates, outcome and date issued, and whether escalated to the ICO.
Records are retained for 6 years from the date the complaint is closed, in line with the limitation period for data protection claims. After 6 years the personal data is removed but an anonymised summary is kept for trend analysis.
No complainant will be treated unfavourably for raising a complaint. Existing service (course matching, lead delivery, marketing preferences) continues unaffected unless the complaint itself requests a change.
Each complaint is reviewed at closure to identify whether any process, policy, consent mechanism, or vendor needs to change. Material findings are added to the changelog and surfaced in the next weekly review. A summary of complaint volumes and themes is included in the quarterly compliance review.
Charlotte Harris is the Data Protection Officer for Switchable Ltd and the named contact for all data protection complaints. If complaint volumes grow to a point where this is no longer practical alongside the DPO role's other duties, the complaints-handler responsibility will be reviewed and either delegated internally or escalated to external counsel.
This procedure is referenced from each brand's Privacy Policy with a direct link, and from the data complaint form on each site. The procedure is also available on request by emailing legal@switchable.careers.
Use this form to raise a data protection complaint. All fields are optional except where marked. We aim to acknowledge within 5 working days.