At Multiverse, we are committed to handling personal data responsibly. We take all data protection complaints seriously and aim to handle them in a fair, transparent and timely manner.
This policy explains how you can complain to us about the way we have handled your personal data, the stages your complaint will move through, and the steps we will take to address it.
This policy has been developed in line with the Data (Use and Access) Act 2025, the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 ("DPA 2018") and guidance issued by the Information Commissioner's Office ("ICO"). The principles underpinning it are:
This policy aims to:
3.1 A data protection complaint is an expression of dissatisfaction by, or on behalf of, an individual that alleges Multiverse has not complied with data protection law in handling that individual's personal data.
You may submit a complaint if you have concerns about:
When dealing with a multi-issue complaint, the Privacy Team is responsible only for the data protection aspect, which must be resolved and communicated as soon as possible, even if the other issues remain outstanding.
3.2.1 General dissatisfaction with a product, service or decision that does not relate to the handling of personal data is dealt with under our Learner Complaints Policy rather than this policy.
3.3.1 This policy applies to people whose personal data we handle, including apprentices, learners and prospective learners; employer and client partners; candidates and applicants; suppliers and other organisations we work with; and colleagues, where the matter is not covered by a separate internal procedure (for example an HR grievance procedure).
3.3.2 It applies to the way we handle personal data across our services, programmes, systems and operations, wherever Multiverse is acting as a data controller.
3.4.1 You may authorise someone else (for example a relative, friend or organisation) to complain on your behalf. Before we investigate, we will verify that the third party is authorised to act. We will not disclose personal data to a third party unless we are satisfied they are properly authorised.
4.1 You can raise a data protection complaint at any time. Raising it promptly helps us investigate while information and recollections are fresh, but there is no deadline that prevents you from complaining.
4.2.1 We accept data protection complaints in any reasonable form and through any of the following channels:
| Channel | How to use it |
|---|---|
| Email the Data Protection Officer at privacy@multiverse.io. | |
| Post | Write to: Data Protection Officer, Multiverse, 2 Eastbourne Terrace, Floors 5+6, London W2 6LG. |
4.3.1 To help us deal with your complaint quickly, please include the below information as relevant to your complaint:
4.3.2 We will not refuse to deal with a complaint simply because some of this information is missing; where necessary we will ask you for further detail. Where you want us to investigate and respond directly to you, please give us a way to contact you.
The table below summarises what an individual can expect at each stage.
| Stage | What happens and when |
|---|---|
| Day 0 — Receipt | We receive your complaint by any channel and log it. The statutory clock starts the day after receipt (including weekends and public holidays). |
| Within 30 days — Acknowledgement | We confirm in writing that we have received your complaint, explain the next steps and give you a point of contact. |
| Without undue delay — Investigation | We start looking into your complaint promptly and carry out an investigation that is reasonable and proportionate to the complaint raised. We keep you updated on progress and tell you about any expected delays. |
| Without undue delay — Outcome | Once our investigation is complete, we tell you the outcome, what we found, and any action we are taking. We will not delay your outcome because of unrelated matters in a wider complaint. |
| If you are still unhappy — Escalation | You can ask us to review the outcome, and you can complain to the Information Commissioner's Office at any time. You may also have the right to a judicial remedy. |
Your rights throughout. You will be treated fairly and without detriment for making a complaint. We will handle your personal data securely throughout, keep you informed, and explain our decisions clearly. If you lack confidence in our handling, you do not have to wait for our outcome before contacting the regulator.
For more information please see our Privacy Notice.
6.1 If you have been through our process and remain dissatisfied, you have the right to complain to the Information Commissioner's Office (ICO), the UK's independent regulator for data protection. The ICO normally expects you to give us the chance to put things right first, although you may complain to it at any time.
6.2 You can contact the ICO on 0303 123 1113 or at ico.org.uk.
7.1 We are committed to ensuring that all complaints are handled in a confidential and secure manner:
8.1 We maintain a secure record of all data protection complaints, which the ICO can request. For each complaint, the record includes:
9.1 Lessons learned from complaints may be reported to relevant senior leadership so that we can make meaningful changes, and we are committed to being open about our reasoning — including when we are not able to uphold a complaint.
9.2 This policy is reviewed annually, or sooner if there are relevant changes in law, regulation or our services. The version in force is the one published on our website on the date your complaint is received.
| Version | Date | Owner | Summary of change |
|---|---|---|---|
| 1.0 | June 2026 | DPO | First published version in line with Data (Use and Access) Act 2025 obligations. |