About this notice

We take the privacy and security of your personal data seriously. If you have a concern about how we have collected, used, shared, stored or deleted your personal information - including how we have used any automated tools or AI in a way that affects your personal data - we want to hear from you. We will do our best to put things right.

This notice explains your rights, how to raise a concern with us, what to expect when you do, and what to do if you are not satisfied with our response.

Your right to complain directly to us is a statutory right under the Data (Use and Access) Act 2025. You do not need to go to the ICO first - we are your first point of contact, though you are always free to contact the ICO directly if you prefer.

Your rights under UK data protection law

Under UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025, you have the right to:

Access the personal data we hold about you (sometimes called a subject access request, or SAR).
Ask us to correct information that is wrong or incomplete.
Ask us to delete your data in certain circumstances.
Ask us to restrict how we use your data while a complaint is being looked into.
Receive a copy of your data in a commonly used, portable format.
Object to us using your data in certain ways.
Not be subject to a decision made solely by automated means where that decision has a significant effect on you.
Under the Data (Use and Access) Act 2025, ask us to explain in plain terms how an automated decision affecting you was made, request that a person reviews that decision, and ask us to reconsider the outcome.

If you would like to exercise any of these rights, please contact us using the details below.

Who we are and who to contact

FileCurator is operated by Yrgen and Rhian, trading as FileCurator. We are the data controller responsible for your personal data. Day-to-day responsibility for data protection sits with:

Responsible person: Rhian Beavis, Owner
Email: hello@filecurator.co.uk

We accept complaints however they reach us - by email, phone, post, social media or in person. However your complaint arrives, we will log it and handle it in the same way. You do not need to use a particular form or format to make a complaint.

What counts as a data protection complaint

A data protection complaint is any concern you raise about how we have collected, used, stored, shared or deleted your personal data. This is broad - it covers a wide range of situations, not just formal data breaches.

Examples of the types of concern we can investigate

We did not respond to a data subject access request within the required time, or the response was incomplete.
We collected or used your personal data without a valid lawful basis, or for a purpose you were not told about.
We shared your personal data with someone we should not have, or without a lawful reason to do so.
We did not action a request to delete, correct or restrict your personal data when we were required to.
We kept your personal data for longer than necessary.
A data breach or security incident affected your personal data and we did not handle it correctly.
You continued to receive marketing from us after you had opted out.
Our privacy notice was unclear, incomplete or did not accurately describe how we use your data.

What this process does not cover

General dissatisfaction with the quality of our service, where personal data is not the issue - please contact us at hello@filecurator.co.uk and we will do our best to help.
Billing or payment queries - please contact us at hello@filecurator.co.uk.
Complaints about the outcome of a data subject access request that was handled correctly and on time.
Complaints about a third party's conduct or professional practice - these should be directed to the relevant professional body or regulator.
Employment or HR grievances - these follow a separate process, even where a data request forms part of the grievance.

If you are not sure whether your concern is a data protection matter, please contact us anyway and we will help you direct it to the right place.

How to raise a complaint with us

To help us investigate your concern as quickly as possible, it helps if you can tell us:

Your name and contact details.
A clear description of your concern - what happened, when, and who was involved.
Any relevant reference numbers, screenshots or correspondence.
What outcome you would like.

You do not need to provide all of this to make a valid complaint. If you are not sure what to include, just get in touch and we will help you from there.

What happens when we receive your complaint

Step 1 - Acknowledgement (within 30 calendar days)

We will send you a written acknowledgement within 30 calendar days of receiving your complaint, including weekends and bank holidays. Day one of that period is the day after we receive it. Our acknowledgement will confirm that we have received your complaint and the date we received it, the name of the person who will be handling it, and what happens next with an expected timescale.

Step 2 - Investigation

We will investigate your complaint fairly and thoroughly, without undue delay. This may include reviewing records and system logs, and speaking to relevant team members or suppliers.

Step 3 - Keeping you informed

We will not go silent while we are investigating. If we need more information from you, or if anything changes, we will get in touch as soon as possible.

Step 4 - Our response

We aim to give you a full response within one calendar month of receiving your complaint. In complex cases, we may extend this by up to a further two months. If we need to do this, we will tell you within the first month and explain why. Our response will explain what we investigated and how, what we found and the reasons for our decision, what action (if any) we have taken or will take as a result, and your right to take your complaint to the ICO if you are not satisfied.

Third-party tools and suppliers

Where our processes involve third-party tools, platforms or suppliers, we remain your single point of contact for any data protection complaint. You do not need to contact our suppliers directly - we will liaise with them on your behalf as part of our investigation and keep you informed of the outcome.

How we keep records

We keep records of all data protection complaints we receive, the steps we take to investigate them, and the outcomes. This helps us respond consistently, identify any recurring issues, and demonstrate compliance if needed. Complaint records are held securely and only accessed by those who need to handle the matter. Please note that the Information Commissioner's Office (ICO) may request access to our complaint records as part of its regulatory role, and we are required to provide them.

If you are not satisfied with our response

If you remain unhappy after we have responded - or at any point during our process - you have the right to refer the matter to the Information Commissioner's Office (ICO), the UK's independent data protection regulator. You do not have to wait for us to finish before contacting the ICO, and you do not have to raise your concern with us first, though we would always appreciate the opportunity to put things right.

ICO website: ico.org.uk
Helpline: 0303 123 1113 (Monday to Friday, 9am to 4:30pm)
Live chat: Available at ico.org.uk
Post:Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Our ICO registration

FileCurator is registered with the Information Commissioner's Office under registration number C1959342. You can verify this at ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers.

Accessibility

We want this process to be accessible to everyone. If you need this notice in a different format - for example, in large print, or if you would like to speak to someone directly rather than communicate in writing - please let us know and we will do our best to help. Contact us at hello@filecurator.co.uk.

This notice was last reviewed in June 2026. We review it at least once a year and update it whenever our contact details or processes change.