Jobs

AO Drivers

Search by location or truck size

2 Opportunities

Privacy Complaints Policy 

Data Protection Complaints Policy

This policy applies to all companies in the AO World PLC group (“AO”) and any individual wishing to make a complaint about AO’s handling of their personal data.

The Data Protection Officer has overall accountability for the complaints handling effectiveness.

 

Overview and Guiding Principles

AO is committed to handling data protection complaints in a fair, transparent, and timely manner. This policy sets out AO’s approach in line with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 (“DPA”), and, where relevant, the Privacy and Electronic Communications Regulations (“PECR”). It also reflects the requirements and principles introduced under the Data (Use and Access) Act (“DUAA”), where applicable, ensuring individuals have a clear and accessible way to raise concerns about how AO processes their personal data.

AO will take steps to identify and mitigate any conflicts of interest in the handling of complaints. If applicable, investigations will, where possible, be conducted by individuals independent of the subject matter of the complaint

Purpose

This policy ensures individuals have a clear and accessible way to raise concerns about how AO processes their personal data and outlines AO’s approach to handling complaints in compliance with the Information Commissioner’s Office (“ICO”) guidance.

 

Scope

This policy applies to all data protection complaints managed by AO and covers the complete process of handling such complaints, including receipt, investigation, resolution, and record keeping.

 

Definitions

A data protection complaint is any expression of dissatisfaction relating to AO’s processing of personal data, including:
Responses to data subject rights requests (SARs).
Handling of personal data (accuracy, retention, security).
Data breaches or misuse of personal information.

A non–data protection complaint is any expression of dissatisfaction that does not relate to AO’s processing of personal data. This may include, for example, complaints about products or services, delivery issues, billing queries, or employee conduct where personal data processing is not the primary concern.

Where a complaint includes both data protection and non-data protection issues, AO will handle the data protection aspects under this policy and refer other elements to the appropriate internal procedure (e.g. customer complaints or HR processes).

How to make a complaint

Under the Data (Use and Access) Act 2025, individuals should complain to AO directly before referring the complaint to the governing body, which is the Information Commissioner’s Office (ICO).

If you remain dissatisfied after our response, you may escalate your concern to the ICO.

We are committed to handling data protection complaints in a respectful and fair manner. Where behaviour is abusive or persistent in a way that unreasonably impacts staff or other users, AO may apply proportionate controls to manage communications. Any such controls will not prevent AO from properly considering the substance of the complaint, which will continue to be assessed on its merits.

Individuals can submit data protection complaints using any method or channel including but not limited to:

  • By telephone
  • Email: dataprotection@ao.com
  • Post: Data Protection Team, AO, 5A The Parklands, Bolton, BL6 4SD
  • AO will ensure that all complaints are handled securely and confidentially. This policy is published on AO’s website and is available upon request

Where complaints are received via social media or other insecure public channels, AO will request that the complainant continues the complaint via a secure channel to protect personal data

 

Complaints from Children and Vulnerable Individuals

AO recognises that children and vulnerable individuals may require additional support when raising data protection complaints. We are committed to ensuring that our complaints process is accessible, fair, and sensitive to their needs.

Where a complaint is made by, or on behalf of, a child or a vulnerable individual, AO will:

  • Use clear, plain language that is appropriate to the individual’s level of understanding.
  • Take reasonable steps to make the complaints process accessible, including providing information in alternative formats where required.
  • Consider whether the complaint raises any safeguarding concerns and, where appropriate, prioritise handling and escalate internally in line with relevant safeguarding procedures.
  • Assess whether a child has sufficient capacity to exercise their data protection rights independently and, where relevant, consider whether a parent, guardian, or authorised representative is acting on their behalf.
  • Verify the authority of any person making a complaint on behalf of another individual, where required, in line with this policy.

AO will handle complaints from children and vulnerable individuals with particular care and sensitivity, ensuring that the substance of the complaint is properly considered and that appropriate protections are applied throughout the process.

 

Complaints involving third parties

Where a complaint relates to processing carried out by a third-party processor or partner, AO will liaise with that party to obtain relevant information without undue delay.

Third parties acting on AO’s behalf must promptly forward any complaints they receive relating to AO data processing.

 

Acknowledgement

AO will take appropriate steps and investigate all complaints without undue delay.  AO will aim to acknowledge receipt of all complaints within 30 calendar days and confirm investigation details and a point of contact. The 30 day period starts the day after we receive the complaint, including weekends and public holidays. If the last day falls on a weekend or public holiday, we will acknowledge by the next working day.

AO will keep the complainant informed throughout the investigation.  AO will aim to provide updates at least every 30 days on ongoing complaints.

AO will aim to reach an outcome within 60 days, where reasonably practicable.

 

Transparency

AO is committed to transparency and will explain to any person making a complaint:

  • what information is required to investigate the complaint;
  • how that information will be used;
  • the stages of the complaints process;
  • how sensitive complaints will be handled; and
  • what timelines and updates they can expect

 

Investigation Process

  • Complaints will be investigated without undue delay, with appropriate enquiries and a review of all relevant information.
  • Additional information may be requested where necessary, such as proof of identity or documentation confirming authority for third-party complaints.
  • Authorisation for third-party complaints will be verified through appropriate evidence, including a power of attorney or a signed letter of authority. If sufficient evidence is not provided, AO will not investigate the complaint but will respond explaining why we cannot proceed.
  • Complainants will be kept informed of progress throughout the investigation, including receiving appropriate updates where a complaint remains ongoing or investigation timescales change.

Outcome Communication

AO will provide the outcome of the complaint without undue delay, including:

  • A clear explanation of findings.
  • Any corrective actions taken, where appropriate.
  • Reasons for decisions, including where a complaint is not upheld.
  • Where relevant, details of any remedy offered, such as an explanation, apology, or corrective action, or confirmation that no action is required.
  • Where possible, each point of the complaint will be itemised and responded to clearly, with supporting evidence where appropriate.
  • Information on the complainant’s right to escalate the matter if they remain dissatisfied.

Escalation and Internal Review

If you are not satisfied with how AO has handled your complaint, you may request an internal review.  The review will be conducted by an individual not involved in the original investigation.  AO will communicate the outcome of the review within a reasonable timeframe and confirm when the internal process is complete.

If you are not satisfied with the outcome of your complaint or how it was handled  you have the right to raise your concerns with the ICO. The ICO is the UK’s independent authority responsible for enforcing data protection laws and ensuring people’s access to their information. You can contact the ICO using the details below:

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Telephone: 0303  123  1113

Website: https://ico.org.uk

Record Keeping

AO will maintain records of:

  • Date the complaint was received.
  • Date the complaint was acknowledged.
  • Investigation steps taken and key communications with the complainant.
  • The outcome of the complaint, including whether it was upheld, partially upheld, or not upheld, and any remedial actions taken where appropriate.
  • Details of any escalation to the ICO, where applicable.

Complaints records will be maintained and used for compliance monitoring, auditing and identifying trends.

Complaint records will be retained in accordance with AO’s Data Retention Policy and the UK GDPR principle of storage limitation, and will not be kept for longer than necessary.

Roles & Responsibilities

Data Protection Team: Manage complaints and ensure compliance.

Data Protection Officer (“DPO”): Oversees complex cases and ensures adherence to legal requirements. The DPO maintains overall accountability for the complaints policy and processes.

All Employees: Must forward complaints to the Data Protection Team immediately.

Staff Training

AO will ensure staff can recognise data protection complaints and know how to escalate them. Training on complaint handling will form part of AO’s data protection training program.

Review & Continuous Improvement

Complaints will be reviewed on a regular basis to monitor compliance, identify recurring issues, and evaluate the effectiveness of existing processes. Outcomes of these reviews will be used to strengthen procedures, update policies, and enhance staff training to ensure continuous improvement and adherence to best practice.

Document Review Requirements

This policy will be reviewed annually or sooner if required by changes in legislation or ICO guidance.

 

Governance and Related Documents

This section outlines the roles responsible for this policy, version history, and related documents that support compliance and complaint handling.

 

15 June 2026

ao.com

© 2020 AO World All Rights Reserved