- Purpose
Chambers is committed to protecting personal data and handling information in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 (“DPA 2018”), and the Data (Use and Access) Act 2025 (“DUAA”).
This procedure explains how you may raise concerns or complaints regarding the way Chambers collects, uses, stores, shares, or otherwise processes personal data.
- Who Can Make a Complaint
This procedure applies to all individuals whose personal data we process, including clients, witnesses and any other individual whose personal data is held by Chambers.
Complaints may be submitted by a representative acting on behalf of the individual where appropriate authority is provided.
- Grounds for Making a Data Protection Complaint
Complaints may relate to any aspect of Chambers’ handling of personal data, including concerns regarding access to personal data, accuracy of information, confidentiality, retention of information, use or disclosure of personal data, data security, or any alleged breach of data protection legislation.
A complaint does not need to specifically mention “data protection”, “UK GDPR”, or “DUAA” to be treated as a data protection complaint.
- How to Make a Complaint
Complaints may be submitted:
- by email;
- through Chambers’ website contact form;
- in writing; or
- verbally.
Complaints should include, where possible:
- the complainant’s name and contact details;
- details of the concern or complaint;
- relevant dates;
- any supporting documents; and
- details of the outcome sought.
Contact Details
Email: dataprotection@stjohnschambers.co.uk
Post: Data Protection Officer
St John’s Building
24a-26 St John Street
Manchester
M3 4DJ
Phone: 0161 214 1500
- Acknowledgement of Complaints
You will receive an acknowledgement confirming receipt of your data protection complaint within 30 days of receiving your complaint.
Where necessary, we will contact you to clarify the complaint, request further information, or verify your identity before progressing the matter.
- Investigation Process and Outcome
Complaints will be assessed and investigated by the Governance, Risk and Compliance Manager (Data Protection Officer), with escalation to the Chief Executive where appropriate.
Chambers will keep you appropriately informed of the progress of the complaint during the investigation phase.
As part of the investigation process, Chambers may:
- Review relevant documents and systems;
- Make enquiries of members, staff, clerks, or service providers;
- Assess compliance with data protection obligations;
- Consider applicable exemptions, confidentiality obligations, and legal professional privilege; and
- Take remedial action where appropriate.
Chambers will aim to provide a substantive written response within 30 days of acknowledging the complaint, where reasonably practicable.
Where additional time is required due to the complexity or scope of the investigation, you will be kept informed of progress, the reasons for any delay, and the revised anticipated timeframe for response.
The response will clearly set out the scope of the investigation undertaken, the steps taken to assess and investigate the complaint, the findings reached, any remedial or corrective actions implemented, the reasons for the decision, and the measures taken to resolve or mitigate the issue. Where appropriate, the response will also explain any actions taken to prevent recurrence.
- Complaints to the Information Commissioner’s Office
If you remain dissatisfied with Chambers’ handling of your complaint, you may complain to the Information Commissioner’s Office.
The ICO can be contacted at:
Information Commissioner’s Office.
If you have any questions regarding this procedure, please contact the Data Protection Officer using the contact details above.
