Any personal data collected by the OCC will be processed in accordance with the General Data Protection Regulations (GDPR). The lawful basis upon which we collect and process information is a “legal obligation” and performing a “public task”, derived from the Financial Services Act (2012). The purpose of us collecting and processing personal data is to ensure that we can effectively log, investigate and assess complaints about the regulators.
When you contact us to make enquiries or a complaint, we will collect, hold and process your information securely and for only as long as necessary. We may need to share some or all of your data with the regulator you are complaining about, to enable us to investigate your complaint. In certain circumstances we may also be obliged to share your personal data with third parties such as public authorities and law enforcement agencies.
Special category data
We generally do not ask for special category data when collecting personal data in order to log, investigate and assess a complaint, however, it is possible that such information is provided to us by complainants in the context of a complaint. If we do receive and therefore process special category data, we do so under Article 9(2)(g) of the GDPR (it is necessary for reasons of substantial public interest).
Data retention policy
Personal data relating to those complaining about the regulators will be held for six years. Personal data about those making enquiries which do not fall within our remit will be kept for one year, after which the information will be securely disposed of.
We will not acknowledge or retain copies of correspondence which is not addressed to us but we are copied in on, and the subject matter of which does not fall within the remit of the Complaint Scheme.
Subject access requests
Individuals have a right to access their personal data held by organisations and you may do this by contacting us on firstname.lastname@example.org. We will try to process your request within 30 days, in line with our legal obligations.
Please note that the OCC is not subject to the Freedom of Information Act (2000).
Rights of individuals in relation to their personal data
The GDPR enhances the rights of individuals relating to what personal data is collected and processed and how this data is used. It also gives individuals the right to have the information held about them to be corrected or “be forgotten”. For further information about your rights, please refer to the Information Commissioner’s website, which can be accessed through the below link: