Skip to content

Legal / Complaints

Complaints Procedure

Last updated: 10 July 2026

How to complain

Send the complaint to info@privacycoreservices.com, use the website contact form and select “Complaint”, or write to Privacy Core Services Ltd, 124, 21st September Avenue, Naxxar NXR 1015, Malta. For a data-protection complaint, use privacy@privacycoreservices.com. For a security vulnerability, use security@privacycoreservices.com and follow the Responsible Disclosure Policy.

Please include:

  • Your name, organisation and preferred contact details.
  • The service, page, interaction or date concerned.
  • A clear description of what happened and the outcome you are seeking.
  • Relevant references or evidence, avoiding unnecessary personal or confidential data.
  • Any accessibility or communication adjustment you need.

What happens next

  • We log the complaint, assign an owner and acknowledge receipt.
  • We assess scope, conflicts, urgency, preservation of evidence and whether specialist privacy, security or legal review is needed.
  • We investigate proportionately, which may include reviewing records and speaking with relevant people.
  • We provide a written outcome, reasons and any corrective action or next step.
  • Where you remain dissatisfied, the complaint may be escalated to a senior person not materially involved in the original decision where practicable.
StageService target
AcknowledgementWithin 3 business days
Substantive responseWithin 20 business days; updates provided if the matter is complex
Data-subject rights requestsAcknowledged within 3 business days; response within one calendar month (statutory)
General website enquiriesAcknowledged within 2 business days; response within 5 business days
Urgent security or personal-data incidentImmediate internal escalation under the relevant incident procedure

Data-protection complaints and rights requests

A complaint about the handling of personal data may also include a request to exercise a GDPR right. We will route it to the privacy owner, apply the statutory response period and keep the complainant informed. You may complain to the Malta IDPC or another competent supervisory authority without first completing this procedure.

Accessibility complaints

We will consider the affected task, assistive technology and urgency, offer an accessible alternative where possible, and feed confirmed issues into remediation and regression testing.

Confidentiality, fairness and records

Complaints are shared only with people who need the information to investigate, respond or meet legal obligations. We will avoid retaliation against a person who raises a concern in good faith. Records are retained according to the approved retention schedule and may be used to identify recurring problems and corrective actions.

External escalation

ConcernPossible external route
Personal dataMalta Office of the Information and Data Protection Commissioner or another competent supervisory authority
Contractual / professional service issueThe route specified in the engagement terms, legal advice, mediation or court as applicable
Criminal or immediate safety concernAppropriate law-enforcement or emergency authority