Complaints

1. Scope

This procedure addresses how Cipher Risk Limited deals with complaints from data subjects.

2. Responsibilities

All Employees/Staff are responsible for ensuring any complaints made in relation to the scope of this procedure are reported to the nominated person Dominic Guise.

Dominic Guise is responsible for dealing with all complaints in line with this procedure.

3. Procedure

Data subjects are able to complain to Cipher Risk Limited about:

• how their personal data has been processed
• how their request for access to data has been handled
• how their complaint has been handled
• appeal against any decision made following a complaint.

The firm will ensure that any complaints received by data subjects will be passed to Dominic Guise immediately for resolution.

Complaints are to be resolved within 30 days.

Appeals on the handling of complaints are to be resolved within 30 days.

If Cipher Risk Limited fails to act on a data subject’s access request within 30 days, or refuses the request, it will set out in clear and plain language the reasons it took no action/refusal. The firm will inform the data subject(s) of their right to complain directly to the supervisory authority. In doing so, the firm will provide the data subject(s) with the contact details of the supervisory authority and inform them of their right to seek a judicial remedy.