Data Protection Complaints Procedure (“DPCP”)
1. Introduction and Scope
1.1 To the extent that UK and/or EU data protection legislation applies [1] this DPCP details how Cyclr will respond to complaints from Data Subjects relating to the use of their Personal Data.
1.2 Personal Data is information that identifies you (the “Data Subject”) as an individual or relates to an identified or identifiable individual. Examples include names, email addresses, IP addresses, location data, a cookie identifier or other factors.
1.3 This DPCP supplements Cyclr’s Privacy Policy, which sets out how Cyclr collects, uses, stores, transfers and protects any Personal Data that you provide to Cyclr in online and offline interactions; and is available to view on our website: https://cyclr.com/privacy-policy
2. What is a complaint?
2.1 This DPCP addresses complaints made by Data Subjects regarding the use of their Personal Data. A complaint is an expression of dissatisfaction about Cyclr’s handling of a Data Subject’s Personal Data, or dissatisfaction with how Cyclr has responded to a previous Data Subject Access Request (DSARs).
3. Your Rights with respect to Personal Data
3.1. Under Data Protection legislation, Data Subjects are granted key rights concerning their Personal Data. These rights, which are described more fully in Cyclr’s Privacy Policy (section 24), include the following; and may be exercised at any time:
(i) request information about the processing of their data (how it will be used, how long it will be retained, whether or not it will be shared);
(ii) access their Personal Data;
(iii) correct their Personal Data;
(iv) erase their Personal Data (also known as the right to be forgotten;
(v) restrict data processing;
(vi) object to data processing, including direct marketing;
(vii) receive a copy of their Personal Data or transfer it to a third party (data portability);
(viii) not be subject to solely automated decision-making and profiling.
4. Complaints Process
4.1 Cyclr takes very seriously our legal and ethical duties and obligations with respect to Personal Data. We will acknowledge your complaint promptly, keep you informed of progress, and seek to provide a resolution at the earliest possible opportunity (typically within 30 days). We aim to resolve all issues with you, and we promote feedback to support service improvements and positive outcomes.
4.2 Complaints should be sent to Cyclr at dpo@cyclr.com, using the Complaint Form below. A member of the team will aim to acknowledge the complaint within five working days. Complaints may also be submitted by post to Cyclr Systems Limited, CO.5C Corinthian House, 17 Lansdowne Road, Croydon CR0 2BX.
4.3 If the identity of a complainant or any third party acting on behalf of the Data Subject (a “Representative”) is required, the forms of identification that are acceptable from a Data Subject are a Passport or Driving Licence. Forms of identification from a Representative will vary dependent on their relationship to the Data Subject, and will be assessed on a case by case basis. A Representative will also need to provide the Data Subject’s written consent authorising the Representative to act on the Data Subject’s behalf in relation to the complaint.
5. Investigation and Complaint Outcome
5.1 Once identification and any further requirements have been met, Cyclr will carry out the investigation. The complaint outcome will be communicated to you, normally by email, unless requested otherwise.
5.2 If you do not agree with the outcome, you may, within one month of notification of the outcome, request that Cyclr reviews its decision. If you remain dissatisfied, you may escalate your complaint to an external body: the Information Commissioner’s Office (ICO).
6. External Review
6.1 If the matter remains unresolved after a reasonable period of time, or you are unhappy with the outcome, you have the right to escalate your complaint to the ICO, which is the UK supervisory authority for data protection issues (www.ico.org.uk).
6.2 Complaints to the ICO should be submitted within three months of either the outcome to your complaint or your last meaningful contact with Cyclr. Information about how to make a complaint to the ICO can be found here https://ico.org.uk/make-a-complaint/
7. Use of Data from Complaints
7.1 Cyclr will collect data on complaint outcomes and any complaints submitted by complainants to any regulators (including the ICO); and use the data: a) internally for reporting, evaluation, learning and training; and b) externally only as may be required for discussion with regulators, and to comply with our legal obligations.
[1] The law of the United Kingdom or of a part of the United Kingdom which relates to the protection of Personal Data including the UK GDPR, the Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; and the law of the European Union or any member state of the European Union to which the customer or provider is subject, which relates to the protection of Personal Data.
