Legal / Complaints
Complaints Procedure
Last updated: 10 July 2026
How to complain
Send the complaint to info@privacycoreservices.com, use the website contact form and select “Complaint”, or write to Privacy Core Services Ltd, 124, 21st September Avenue, Naxxar NXR 1015, Malta. For a data-protection complaint, use privacy@privacycoreservices.com. For a security vulnerability, use security@privacycoreservices.com and follow the Responsible Disclosure Policy.
Please include:
- Your name, organisation and preferred contact details.
- The service, page, interaction or date concerned.
- A clear description of what happened and the outcome you are seeking.
- Relevant references or evidence, avoiding unnecessary personal or confidential data.
- Any accessibility or communication adjustment you need.
What happens next
- We log the complaint, assign an owner and acknowledge receipt.
- We assess scope, conflicts, urgency, preservation of evidence and whether specialist privacy, security or legal review is needed.
- We investigate proportionately, which may include reviewing records and speaking with relevant people.
- We provide a written outcome, reasons and any corrective action or next step.
- Where you remain dissatisfied, the complaint may be escalated to a senior person not materially involved in the original decision where practicable.
| Stage | Service target |
|---|---|
| Acknowledgement | Within 3 business days |
| Substantive response | Within 20 business days; updates provided if the matter is complex |
| Data-subject rights requests | Acknowledged within 3 business days; response within one calendar month (statutory) |
| General website enquiries | Acknowledged within 2 business days; response within 5 business days |
| Urgent security or personal-data incident | Immediate internal escalation under the relevant incident procedure |
Data-protection complaints and rights requests
A complaint about the handling of personal data may also include a request to exercise a GDPR right. We will route it to the privacy owner, apply the statutory response period and keep the complainant informed. You may complain to the Malta IDPC or another competent supervisory authority without first completing this procedure.
Accessibility complaints
We will consider the affected task, assistive technology and urgency, offer an accessible alternative where possible, and feed confirmed issues into remediation and regression testing.
Confidentiality, fairness and records
Complaints are shared only with people who need the information to investigate, respond or meet legal obligations. We will avoid retaliation against a person who raises a concern in good faith. Records are retained according to the approved retention schedule and may be used to identify recurring problems and corrective actions.
External escalation
| Concern | Possible external route |
|---|---|
| Personal data | Malta Office of the Information and Data Protection Commissioner or another competent supervisory authority |
| Contractual / professional service issue | The route specified in the engagement terms, legal advice, mediation or court as applicable |
| Criminal or immediate safety concern | Appropriate law-enforcement or emergency authority |