Templates
Copy-paste-ready templates for every stage of the process. Replace the [PLACEHOLDER] fields with your details.
Each template cites the relevant legislation and tells you where to send it.
1 — Subject Access Request (SAR)
Request all personal data a company holds about you under GDPR Article 15. Send by email — no internal form required.
Dear Data Protection Officer, I am writing to make a Subject Access Request under Article 15 of the General Data Protection Regulation (GDPR). Please provide me with a copy of all personal data you hold about me, including but not limited to: - Account records and transaction history - Internal notes and communications regarding my account - Records of any data shared with third parties (including the Central Credit Register) - Records of any complaints or disputes - Any automated decision-making or profiling data - Correspondence records (emails, letters, call logs) My details are as follows: - Full Name: [YOUR FULL NAME] - Date of Birth: [YOUR DATE OF BIRTH] - Address: [YOUR CURRENT ADDRESS] - Account Number: [YOUR ACCOUNT NUMBER] Under GDPR, you are required to respond to this request within 30 calendar days of receipt. If you require verification of my identity, please note that I am an existing customer contacting you from my registered email address. Please provide the data in a commonly used electronic format. Yours faithfully, [YOUR NAME] [DATE]
2 — SAR Follow-Up (When They Try to Delay)
Use when a company asks you to fill their internal form or makes excessive ID requests instead of processing your SAR.
Dear [NAME/DATA PROTECTION OFFICER], I refer to my Subject Access Request sent on [DATE OF ORIGINAL SAR]. I note your request that I complete your internal form / provide [EXCESSIVE ID REQUIREMENT]. I wish to clarify that: 1. Under GDPR Article 12, a data subject request can be made "by any means." There is no requirement to use a controller's internal form. 2. I am an existing customer and I contacted you from my registered email address. Under Article 12(6), identity verification is only required where there are "reasonable doubts" — which should not apply to an existing customer using a known communication channel. 3. The 30-day response period began on [DATE THEY RECEIVED YOUR ORIGINAL SAR], not from today's date. I request that you process my Subject Access Request without further delay. If you fail to respond within the statutory timeframe, I will file a complaint with the Data Protection Commission. Yours faithfully, [YOUR NAME] [DATE]
3 — SAR Identity Verification Response
Use when a company demands identity documents after you have already been verified as an existing customer — a common stalling tactic.
Dear [NAME/DATA PROTECTION OFFICER], I refer to my Subject Access Request dated [DATE OF ORIGINAL SAR] and your response dated [DATE OF THEIR RESPONSE] requesting identity verification documents. I must point out the following: 1. I am an existing, verified customer. I opened account [ACCOUNT NUMBER] on [DATE] and have been verified through your onboarding and KYC procedures. My identity is not in doubt. 2. I am writing from my registered email address ([YOUR EMAIL]) which is linked to my account. This constitutes a known and verified communication channel. 3. Under GDPR Article 12(6), you may only request additional identity verification where there are "reasonable doubts" concerning the identity of the person making the request. The European Data Protection Board Guidelines 01/2022 on data subject rights confirm that where a data subject contacts a controller from an account already linked to them, this will normally be sufficient to confirm identity. 4. Demanding that I provide [PASSPORT / DRIVING LICENCE / UTILITY BILL / OTHER DOCUMENTS] when I am already a verified customer is disproportionate and constitutes an obstructive practice designed to delay or discourage the exercise of my data subject rights, contrary to GDPR Article 12(2). 5. The 30-day statutory deadline runs from receipt of my original request, not from the date I satisfy additional demands. You have [NUMBER] days remaining. I require you to process my SAR immediately using the identification already available to you. If my request is not fulfilled within the statutory timeframe, I will lodge a complaint with the Data Protection Commission citing obstructive identity verification practices. Yours faithfully, [YOUR NAME] [DATE]
4 — Formal Complaint to Financial Provider
Make a formal complaint covering service failures or data breaches. This triggers the 40-business-day Final Response Letter clock.
Dear Complaints Officer, I wish to make a formal complaint regarding my account with [COMPANY NAME]. Account Details: - Account Holder: [YOUR FULL NAME] - Account Number: [YOUR ACCOUNT NUMBER] - Date of Birth: [YOUR DATE OF BIRTH] - Address: [YOUR ADDRESS] Details of My Complaint: [DESCRIBE WHAT HAPPENED. Include specific dates, what the company did or failed to do, which laws or codes were breached, and what impact this has had on you.] The Outcome I Am Seeking: [STATE CLEARLY WHAT YOU WANT — correction of data, compensation amount, written apology, explanation of decisions, etc.] I note that under the Central Bank's Consumer Protection Code, you are required to: - Acknowledge this complaint within 5 business days - Issue a Final Response Letter within 40 business days - Inform me of my right to refer this matter to the Financial Services and Pensions Ombudsman (FSPO) I expect your acknowledgement within the required timeframe. Yours faithfully, [YOUR NAME] [DATE]
5 — Formal Complaint — CCR Reporting Error
Specific complaint for when a lender is reporting inaccurate data to the Central Credit Register — wrong status, wrong balance, or exceeding retention periods.
Dear Complaints Officer, I wish to make a formal complaint regarding inaccurate reporting of my personal data to the Central Credit Register (CCR). Account Details: - Account Holder: [YOUR FULL NAME] - Account Number: [YOUR ACCOUNT NUMBER] - PPSN: [YOUR PPSN — include only if required by lender for CCR queries] - Address: [YOUR ADDRESS] Nature of Complaint: I have obtained my CCR report from the Central Bank of Ireland, dated [DATE OF CCR REPORT]. The report shows the following entry for the above account: - Status reported: [e.g., ACTIVE / ARREARS / DEFAULT] - Balance reported: EUR [AMOUNT] - Date of last update: [DATE] This information is inaccurate for the following reason(s): [OPTION A — Write-off not reflected:] According to records obtained via my Subject Access Request dated [DATE], this debt was written off at board level on [DATE]. Despite this, the account continues to be reported as [STATUS] with a balance of EUR [AMOUNT]. Under Section 12 of the Credit Reporting Act 2013, credit information must accurately reflect the status of the credit agreement. [OPTION B — Retention period exceeded:] This account was closed/settled/written off on [DATE], which is more than 5 years ago. Under Section 11 of the Credit Reporting Act 2013, personal data on the CCR shall be retained for a period not exceeding 5 years from the date the information was last required to be provided. Continued reporting beyond this period is unlawful. [OPTION C — Incorrect balance/status:] The reported balance of EUR [AMOUNT] does not reflect [PAYMENTS MADE / SETTLEMENT REACHED / WRITE-OFF]. I enclose evidence of [PAYMENT RECEIPTS / SETTLEMENT LETTER / SAR DATA] confirming the correct position. This inaccurate reporting is also a breach of GDPR Article 5(1)(d), which requires that personal data be accurate and, where necessary, kept up to date. The Outcome I Am Seeking: 1. Immediate correction of the CCR entry to accurately reflect the account status 2. Written confirmation that the amendment has been submitted to the Central Bank 3. Compensation of EUR [AMOUNT] for the impact of inaccurate credit reporting on my financial standing I note your obligations under the Consumer Protection Code to acknowledge this complaint within 5 business days and issue a Final Response Letter within 40 business days. Yours faithfully, [YOUR NAME] [DATE]
6 — Formal Complaint — Unauthorised Credit Application
Use when a credit application appears on your CCR that you did not authorise, or when a lender ran a credit check without your consent.
Dear Complaints Officer / Data Protection Officer, I wish to make a formal complaint regarding an unauthorised credit enquiry and/or application that has been recorded against my name. My Details: - Full Name: [YOUR FULL NAME] - Date of Birth: [YOUR DATE OF BIRTH] - Address: [YOUR ADDRESS] - PPSN: [YOUR PPSN — if needed for CCR lookup] Details of Complaint: On reviewing my Central Credit Register report dated [DATE], I discovered that a credit enquiry / application is recorded by your organisation with the following details: - Date of enquiry/application: [DATE] - Type: [CREDIT CARD / PERSONAL LOAN / MORTGAGE / OTHER] - Amount: EUR [AMOUNT] I did not authorise this credit application or enquiry. I have no recollection of applying for this product, and I did not provide consent for you to access my credit information on the CCR. This constitutes: 1. A breach of Section 7 of the Credit Reporting Act 2013, which requires that credit information requests to the CCR be made only in connection with a bona fide credit application. 2. A breach of GDPR Article 6, as you processed my personal data (by querying the CCR) without a lawful basis. No consent was given, and no legitimate interest can apply to an unauthorised credit search. 3. A breach of GDPR Article 5(1)(a), which requires that personal data be processed lawfully, fairly, and in a transparent manner. 4. A potential breach of the Consumer Credit Act 1995 if any credit agreement was purportedly entered into without my informed consent. The Outcome I Am Seeking: 1. Immediate removal of the unauthorised enquiry/application from the CCR 2. A full explanation of how this application came to be recorded, including copies of any application form or consent documentation you hold 3. Confirmation of whether any credit was advanced, and if so, immediate cancellation of any such agreement 4. Compensation of EUR [AMOUNT] for the unauthorised processing of my data and the impact on my credit profile If you are unable to produce a signed application or record of informed consent, this will confirm that the enquiry was unauthorised and must be removed. I expect acknowledgement within 5 business days per the Consumer Protection Code. Yours faithfully, [YOUR NAME] [DATE]
7 — Formal Complaint — Insurance Claim Rejection
Challenge an insurance claim that has been declined. Cites the Consumer Protection Code obligations on insurers to act fairly and provide clear reasons.
Dear Complaints Officer, I wish to make a formal complaint regarding the rejection of my insurance claim. Policy Details: - Policy Holder: [YOUR FULL NAME] - Policy Number: [YOUR POLICY NUMBER] - Type of Policy: [HOME / MOTOR / HEALTH / TRAVEL / INCOME PROTECTION / OTHER] - Claim Reference: [CLAIM REFERENCE NUMBER] - Date of Claim: [DATE YOU SUBMITTED THE CLAIM] - Date of Rejection: [DATE OF REJECTION LETTER] Details of My Complaint: My claim was rejected by letter/email dated [DATE]. The reason given was: "[QUOTE THE EXACT REASON FROM THEIR REJECTION LETTER]" I believe this rejection is unfair and/or incorrect for the following reasons: [OPTION A — Policy exclusion wrongly applied:] The exclusion cited does not apply to my circumstances because [EXPLAIN WHY — e.g., "the incident occurred after the waiting period had expired" / "the condition was fully disclosed at application stage" / "the exclusion clause is ambiguous and under contra proferentem should be interpreted in my favour"]. [OPTION B — Non-disclosure alleged:] Under Section 8 of the Consumer Insurance Contracts Act 2019, a consumer is only required to respond honestly and with reasonable care to specific questions asked by the insurer at the time of application. I was not asked about [THE MATTER IN QUESTION] and therefore had no duty to disclose it. Furthermore, Section 9 provides that an insurer may not avoid a policy for non-disclosure unless the non-disclosure was connected to the claim. [OPTION C — Inadequate reasons given:] Under Provision 7.6 of the Consumer Protection Code 2012, where a claim is rejected, you must provide clear reasons in writing. The reason provided is vague and does not allow me to understand the basis for the decision. [OPTION D — Unreasonable delay:] Under Provision 7.4 of the Consumer Protection Code, claims must be processed promptly and fairly. My claim was submitted on [DATE] and I did not receive a decision until [DATE] — a delay of [NUMBER] weeks/months during which [DESCRIBE IMPACT]. Breaches Identified: 1. [LIST SPECIFIC CODE/ACT PROVISIONS BREACHED] 2. [LIST ADDITIONAL BREACHES] The Outcome I Am Seeking: 1. Reversal of the claim rejection and payment of my claim in the amount of EUR [AMOUNT] 2. Compensation of EUR [AMOUNT] for the distress, inconvenience, and financial impact caused by the wrongful rejection 3. A written explanation of the claims assessment process and the specific policy wording relied upon I note your obligation to acknowledge this complaint within 5 business days and issue a Final Response Letter within 40 business days under the Consumer Protection Code. Yours faithfully, [YOUR NAME] [DATE]
8 — FRL Demand (40 Business Days Passed)
Send when 40 business days have elapsed since your formal complaint and you still have not received a Final Response Letter. This letter puts them on notice and opens the door to the FSPO.
Dear Complaints Officer, RE: OUTSTANDING FINAL RESPONSE LETTER — FORMAL DEMAND I refer to my formal complaint submitted on [DATE OF ORIGINAL COMPLAINT], acknowledged by you on [DATE OF ACKNOWLEDGEMENT / or "not acknowledged despite being received on [DATE]"]. Complaint Reference: [THEIR REFERENCE IF ANY] Account Number: [YOUR ACCOUNT NUMBER] Account Holder: [YOUR FULL NAME] 40 business days have now elapsed since you received my complaint. Under Provision 10.9(d) of the Central Bank's Consumer Protection Code 2012, you are required to issue a Final Response Letter (FRL) within 40 business days of receipt of a complaint. To date, I have not received an FRL. I also note that under Provision 10.10, where the investigation is not complete within 40 business days, you must: (a) Inform me of the anticipated timeframe for the final response (b) Inform me of my right to refer the matter to the Financial Services and Pensions Ombudsman (c) Provide the contact details for the FSPO You have failed to do any of the above. I now formally demand that you: 1. Issue a Final Response Letter within 10 calendar days of this letter 2. If you are unable to do so, provide a written explanation for the delay and confirm my right to refer to the FSPO immediately Please note that under the FSPO Act 2017, I am entitled to refer a complaint to the FSPO where: - 40 business days have elapsed since the complaint was made, or - I have received a Final Response Letter As the 40-business-day period has expired, I am now entitled to refer this complaint to the FSPO regardless of whether you issue an FRL. If I do not receive your FRL within 10 calendar days, I will proceed to file my complaint with the Financial Services and Pensions Ombudsman without further notice. Yours faithfully, [YOUR NAME] [DATE]
9 — FSPO Complaint Text
Condensed complaint text designed to fit the 5,000-character FSPO portal limit. Focus on facts, dates, and breaches.
COMPLAINT AGAINST: [COMPANY NAME] ACCOUNT: [ACCOUNT NUMBER] SUMMARY: [One-sentence summary of the core complaint] TIMELINE OF EVENTS: [DATE]: [Event — e.g., "Loan taken out / account opened"] [DATE]: [Event — e.g., "Debt written off at board level (confirmed by SAR data)"] [DATE]: [Event — e.g., "Discovered CCR still reporting debt as Active"] [DATE]: [Event — e.g., "Filed CCR Amendment — declined by lender on [DATE]"] [DATE]: [Event — e.g., "Sent formal complaint to provider"] [DATE]: [Event — e.g., "Received FRL — unsatisfactory / Did not receive FRL within 40 business days"] BREACHES IDENTIFIED: 1. [BREACH — e.g., "Inaccurate CCR reporting: debt written off in [YEAR] but still reported as Active, exceeding 5-year retention period under Credit Reporting Act 2013"] 2. [BREACH — e.g., "Failure to issue adequate FRL: FRL did not inform me of my right to refer to FSPO, breaching Consumer Protection Code Provision 10.9"] 3. [BREACH — e.g., "GDPR breach: SAR response exceeded 30-day deadline / contained incomplete data"] EVIDENCE: - SAR data showing internal write-off date of [DATE] - CCR report dated [DATE] showing Active status - Correspondence with provider (attached) - FRL dated [DATE] (attached)
10 — FSPO Resolution Text
How to frame what you are seeking from the FSPO, including compensation calculations.
RESOLUTION SOUGHT: 1. CORRECTION OF DATA: - Removal/amendment of CCR entry for account [ACCOUNT NUMBER] to reflect the actual write-off date of [DATE] and closure status - [Any other data corrections needed] 2. COMPENSATION: - EUR [AMOUNT] for [specific financial loss — e.g., "credit application refused on [DATE] due to inaccurate CCR data, resulting in [specific consequence]"] - EUR [AMOUNT] for distress, inconvenience, and time spent pursuing this matter over [NUMBER] months - EUR [AMOUNT] for breach of GDPR rights (SAR delays, inaccurate data processing) Total compensation sought: EUR [TOTAL] 3. OTHER: - Written confirmation that CCR data has been corrected - Written apology for the failures identified - Confirmation of steps taken to prevent recurrence This resolution reflects the provider's sustained failure to comply with their legal obligations over a period of [NUMBER] months, the direct impact on my ability to access credit, and the significant time and effort required to pursue this complaint.
11 — FSPO Document Cover Email
Cover email for sending supporting documents to the FSPO when the online portal upload fails or file sizes exceed the limit.
Subject: Supporting Documents — Complaint Reference [YOUR FSPO REFERENCE NUMBER] Dear FSPO, I am writing to submit supporting documents for my complaint, reference number [YOUR FSPO REFERENCE NUMBER]. Complainant: [YOUR FULL NAME] Provider: [COMPANY NAME] Account Number: [YOUR ACCOUNT NUMBER] I was unable to upload these documents through the online portal due to [FILE SIZE EXCEEDED THE LIMIT / UPLOAD FUNCTION RETURNED AN ERROR / PORTAL TIMED OUT DURING UPLOAD]. I am therefore submitting them by email as permitted. The following documents are attached: 1. [DOCUMENT NAME] — [BRIEF DESCRIPTION, e.g., "SAR response from provider dated [DATE], 47 pages, showing internal write-off records"] 2. [DOCUMENT NAME] — [BRIEF DESCRIPTION, e.g., "CCR report dated [DATE] showing account still reported as Active"] 3. [DOCUMENT NAME] — [BRIEF DESCRIPTION, e.g., "Copy of formal complaint sent to provider on [DATE]"] 4. [DOCUMENT NAME] — [BRIEF DESCRIPTION, e.g., "Final Response Letter from provider dated [DATE]"] 5. [DOCUMENT NAME] — [BRIEF DESCRIPTION, e.g., "Email correspondence with provider between [DATE] and [DATE]"] Total attachments: [NUMBER] files These documents support the breaches outlined in my complaint, in particular: - [BRIEFLY STATE WHICH BREACH EACH KEY DOCUMENT SUPPORTS] Please confirm receipt and association of these documents with my complaint file. Yours faithfully, [YOUR NAME] [YOUR EMAIL ADDRESS] [YOUR PHONE NUMBER] [DATE]
12 — DPC Complaint
File a complaint with the Data Protection Commission for GDPR breaches by financial institutions.
DATA PROTECTION COMPLAINT Against: [COMPANY NAME] My Reference: [YOUR REFERENCE IF ANY] I wish to make a complaint under Article 77 GDPR regarding breaches of my data protection rights by [COMPANY NAME]. DETAILS OF BREACH: 1. [DESCRIBE THE BREACH — e.g., "Failure to respond to Subject Access Request within 30 days. SAR submitted on [DATE], response received on [DATE] — [NUMBER] days late."] 2. [DESCRIBE THE BREACH — e.g., "Processing of inaccurate personal data in breach of Article 5(1)(d). The controller reported a written-off debt as 'Active' to the Central Credit Register despite internal records showing the debt was written off on [DATE]."] 3. [DESCRIBE THE BREACH — e.g., "Excessive identity verification requirements in breach of Article 12(6). Despite being an existing customer contacting from a registered email address, the controller demanded [DESCRIBE EXCESSIVE REQUIREMENT]."] EVIDENCE ATTACHED: - Copy of SAR request dated [DATE] - Copy of SAR response dated [DATE] (showing [NUMBER] day delay) - CCR report showing inaccurate data - Internal records obtained via SAR showing contradictions IMPACT: [Describe the impact — e.g., refused credit, financial loss, distress] I request that the DPC investigate these breaches and take appropriate action. I also note my intention to pursue compensation under Article 82 GDPR for the damage caused. [YOUR NAME] [ADDRESS] [DATE]
13 — DPC Supplementary Evidence Email
Submit additional evidence to the DPC after your initial complaint, or respond to a DPC request for further information.
Subject: Supplementary Evidence — DPC Reference [YOUR DPC REFERENCE NUMBER] Dear Data Protection Commission, I am writing to submit supplementary evidence in relation to my complaint, reference number [YOUR DPC REFERENCE NUMBER]. Complainant: [YOUR FULL NAME] Data Controller: [COMPANY NAME] Date of Original Complaint: [DATE] [OPTION A — Responding to DPC information request:] I refer to your letter/email dated [DATE] requesting further information regarding my complaint. Please find my responses below: [QUESTION/REQUEST 1 FROM DPC]: [YOUR RESPONSE — be specific and factual] [QUESTION/REQUEST 2 FROM DPC]: [YOUR RESPONSE] [OPTION B — Proactively submitting new evidence:] Since filing my original complaint, the following developments have occurred which I believe are relevant: 1. [DEVELOPMENT — e.g., "On [DATE], I received the controller's SAR response which was [NUMBER] days late and contained incomplete records. The response omitted [SPECIFIC DATA CATEGORIES MISSING]."] 2. [DEVELOPMENT — e.g., "On [DATE], I submitted a CCR Amendment Request which the controller declined on [DATE] without adequate justification."] 3. [DEVELOPMENT — e.g., "On [DATE], the controller [DESCRIBE FURTHER BREACH — e.g., shared my data with a third party / continued processing inaccurate data despite my rectification request]."] ADDITIONAL DOCUMENTS ATTACHED: 1. [DOCUMENT] — [DESCRIPTION] 2. [DOCUMENT] — [DESCRIPTION] 3. [DOCUMENT] — [DESCRIPTION] These additional matters reinforce the pattern of non-compliance identified in my original complaint and demonstrate ongoing breaches of [CITE SPECIFIC GDPR ARTICLES]. I respectfully request that the DPC consider this supplementary evidence as part of its investigation. I remain available to provide any further information you may require. Yours faithfully, [YOUR NAME] [YOUR ADDRESS] [YOUR EMAIL] [DATE]
14 — Cease and Desist — Debt Collector (Statute-Barred Debt)
Demand a debt collector stop pursuing a debt that is statute-barred under the Statute of Limitations Act 1957 (6-year limit for simple contracts in Ireland).
Dear [DEBT COLLECTOR NAME / COLLECTIONS MANAGER], RE: CEASE AND DESIST — STATUTE-BARRED DEBT Account Reference: [THEIR REFERENCE NUMBER] Original Creditor: [NAME OF ORIGINAL LENDER] Alleged Debt Amount: EUR [AMOUNT THEY ARE CLAIMING] I write regarding your correspondence dated [DATE] / your phone call on [DATE] concerning the above alleged debt. I DO NOT ACKNOWLEDGE THIS DEBT. Nothing in this letter should be construed as an acknowledgement of any liability. I require you to cease all contact regarding this matter for the following reasons: 1. STATUTE-BARRED: Under Section 11(1)(a) of the Statute of Limitations Act 1957, the limitation period for actions founded on simple contract is six years. The last payment on this account was made on or around [DATE OF LAST PAYMENT / "no payment was ever made by me"]. More than six years have elapsed since the cause of action accrued. This debt is therefore statute-barred and unenforceable through the courts. 2. NO ACKNOWLEDGEMENT: I have not made any payment towards this debt, nor have I acknowledged it in writing at any point within the limitation period. Under Section 56 of the Statute of Limitations Act 1957, the limitation period has not been reset. 3. HARASSMENT: Your repeated [PHONE CALLS / LETTERS / EMAILS / VISITS] regarding this statute-barred debt constitute harassment. I draw your attention to Section 10 of the Non-Fatal Offences Against the Person Act 1997, which makes it an offence to harass another person by persistently following, watching, pestering, or communicating with them. 4. DATA PROTECTION: Under GDPR Article 5(1)(e), personal data must not be kept in a form that permits identification for longer than necessary. Processing my personal data in connection with a statute-barred, unenforceable debt has no lawful basis. I require you to erase all personal data you hold about me under GDPR Article 17, as the data is no longer necessary for the purpose for which it was collected. I DEMAND THAT YOU: (a) Cease all contact with me regarding this alleged debt immediately (b) Remove my personal data from your systems under GDPR Article 17 (c) Confirm in writing within 14 days that you have done both of the above (d) Do not sell, assign, or transfer this alleged debt to any third party If you continue to contact me after receiving this letter, I will: - Report the harassment to An Garda Siochana - File a complaint with the Data Protection Commission - File a complaint with the Competition and Consumer Protection Commission (CCPC) - Seek an injunction in the District Court This letter is sent without prejudice to my legal rights. Yours faithfully, [YOUR NAME] [YOUR ADDRESS] [DATE] Sent by: [EMAIL] and [REGISTERED POST — retain proof of posting]
15 — CCR Amendment Supporting Statement
Supporting statement to accompany a CCR Amendment Request submitted through the Central Bank portal. Explains why the data is inaccurate and what evidence supports the correction.
CCR AMENDMENT REQUEST — SUPPORTING STATEMENT Submitted by: [YOUR FULL NAME] PPSN: [YOUR PPSN] Date: [DATE] Credit Information Concerned: - Lender: [LENDER NAME] - Account Number: [ACCOUNT NUMBER] - Entry currently showing: [STATUS — e.g., "Active, balance EUR X"] - What it should show: [CORRECT STATUS — e.g., "Written off / Closed / Balance EUR 0"] GROUNDS FOR AMENDMENT: 1. FACTUAL INACCURACY: The CCR currently reports this account as [CURRENT STATUS]. This is factually inaccurate. [EXPLAIN THE INACCURACY IN DETAIL — e.g., "The debt was written off at board level by the lender on [DATE], as confirmed by internal records obtained through my Subject Access Request dated [DATE]. Despite this, the lender continues to report the account as Active with an outstanding balance."] 2. EVIDENCE SUPPORTING AMENDMENT: I have the following evidence demonstrating the correct position: (a) SAR Response dated [DATE] — page [NUMBER] shows [DESCRIBE SPECIFIC EVIDENCE — e.g., "internal note confirming board-level write-off on [DATE]"] (b) [ADDITIONAL EVIDENCE — e.g., "Correspondence from lender dated [DATE] confirming account closure"] (c) [ADDITIONAL EVIDENCE — e.g., "Settlement agreement dated [DATE] confirming debt was settled for EUR [AMOUNT] on [DATE]"] (d) [ADDITIONAL EVIDENCE — e.g., "Court order dated [DATE] — if applicable"] 3. LEGAL BASIS FOR AMENDMENT: (a) Under Section 12 of the Credit Reporting Act 2013, credit information submitted to the CCR must be accurate and reflect the true position of the credit agreement. (b) Under Section 17, where a consumer believes credit information is inaccurate, they may request an amendment. The credit information provider is required to investigate and respond. (c) Under Section 11, personal data on the CCR shall not be retained beyond the statutory retention period of 5 years from when the information was last required to be provided. [If applicable: "This account was closed/written off on [DATE], more than 5 years ago."] (d) Under GDPR Article 16, I have the right to rectification of inaccurate personal data without undue delay. 4. IMPACT OF INACCURATE REPORTING: The inaccurate CCR entry has caused the following harm: - [e.g., "Credit application for [PRODUCT] with [LENDER] refused on [DATE]"] - [e.g., "Mortgage application delayed / refused"] - [e.g., "Higher interest rate offered due to impaired credit score"] - [e.g., "Significant distress and anxiety regarding financial reputation"] 5. PREVIOUS ATTEMPTS TO RESOLVE: - [DATE]: Submitted formal complaint to lender - [DATE]: Received FRL — [OUTCOME] - [DATE]: [Any other steps taken] I request that this amendment be processed as a matter of urgency given the ongoing harm caused by the inaccurate reporting. If the lender declines this amendment request, I intend to refer the matter to the Financial Services and Pensions Ombudsman. [YOUR NAME] [YOUR ADDRESS] [YOUR EMAIL] [DATE]
16 — Account Frozen / Closed Without Explanation
Formal complaint when your bank or fintech freezes or closes your account without adequate notice or written reasons.
Dear Complaints Officer, I wish to make a formal complaint regarding the freezing / closure of my account without adequate notice or explanation. Account Details: - Account Holder: [YOUR FULL NAME] - Account Number / IBAN: [YOUR ACCOUNT NUMBER / IBAN] - Account Type: [CURRENT ACCOUNT / SAVINGS ACCOUNT / E-MONEY ACCOUNT / OTHER] - Date Account Was Frozen / Closed: [DATE] - Date You Became Aware: [DATE] Details of My Complaint: On [DATE], I discovered that my account had been [FROZEN / CLOSED / RESTRICTED] without prior notice. I was not provided with any written explanation for this action. [DESCRIBE THE IMPACT — e.g., "Direct debits for my mortgage, utilities, and insurance were returned unpaid. I was unable to access EUR [AMOUNT] in funds. I was left without access to any means of payment for [NUMBER] days."] This action is in breach of the following: 1. Consumer Protection Code 2012, Provision 6.6: A regulated entity must not withdraw a service from a consumer in an inequitable or unfair manner. Closing or freezing an account without written reasons or adequate notice is inherently unfair. 2. Payment Accounts Regulations 2016, Regulation 22: Where a payment service provider terminates a framework contract (i.e., closes an account), it must provide at least two months' notice. [If applicable: "I received no notice whatsoever."] 3. Payment Services Regulations 2018: A payment service provider must execute authorised payment transactions without undue delay. Freezing my account prevented execution of standing orders and direct debits I had authorised. 4. Consumer Protection Code 2012, Provision 2.3: A regulated entity must not, through its conduct or its terms of business, make it unduly difficult for a consumer to avail of a service. The Outcome I Am Seeking: 1. A full written explanation of the specific reasons for the account freeze / closure, including the legal or contractual basis relied upon 2. Immediate return of all funds held in the account — current balance of EUR [AMOUNT] 3. [If frozen:] Immediate lifting of the freeze and restoration of full account functionality 4. [If closed:] Adequate notice period of at least two months from the date of written notification, as required by law 5. Compensation of EUR [AMOUNT] for the financial loss, distress, and inconvenience caused, including [RETURNED DIRECT DEBIT FEES / LATE PAYMENT CHARGES / INABILITY TO ACCESS FUNDS] I note your obligations under the Consumer Protection Code to acknowledge this complaint within 5 business days and issue a Final Response Letter within 40 business days. Yours faithfully, [YOUR NAME] [DATE]
17 — Unauthorised Direct Debit
Dispute an unauthorised or incorrect direct debit taken from your account. Demand an immediate refund under SEPA rules.
Dear Complaints Officer, I wish to make a formal complaint and request an immediate refund regarding an unauthorised / incorrect direct debit taken from my account. Account Details: - Account Holder: [YOUR FULL NAME] - Account Number / IBAN: [YOUR ACCOUNT NUMBER / IBAN] - Bank: [YOUR BANK NAME] Details of the Unauthorised Direct Debit: - Date of Debit: [DATE] - Amount: EUR [AMOUNT] - Originator / Creditor Name: [NAME OF COMPANY THAT TOOK THE DEBIT] - Mandate Reference (if known): [REFERENCE] Nature of Dispute: [OPTION A — No mandate exists:] I have never authorised a SEPA Direct Debit mandate in favour of [COMPANY NAME]. This debit was taken from my account without my consent. I did not sign, agree to, or otherwise authorise any direct debit instruction. [OPTION B — Mandate was cancelled:] I cancelled the direct debit mandate with [COMPANY NAME / YOUR BANK] on [DATE]. Despite this cancellation, a debit of EUR [AMOUNT] was taken on [DATE]. I enclose a copy of my cancellation confirmation dated [DATE]. [OPTION C — Incorrect amount:] While I do have an active direct debit mandate with [COMPANY NAME], the amount debited (EUR [AMOUNT]) is incorrect. The correct amount should be EUR [CORRECT AMOUNT]. The mandate authorises a maximum of EUR [AUTHORISED AMOUNT]. Legal Basis for Refund: 1. Under Regulation 78 of the Payment Services Regulations 2018, where a payment transaction is not authorised, the payment service provider must refund the amount of the unauthorised payment transaction immediately, and in any event no later than by the end of the business day following the day on which the provider becomes aware of the transaction. 2. Under Regulation 79 and the SEPA Direct Debit Core Scheme Rulebook, a payer is entitled to an unconditional refund of an authorised direct debit within 8 weeks of the date the funds were debited. For an unauthorised debit, the refund right extends to 13 months. 3. Under the SEPA Direct Debit Core Scheme, the payer's bank (PSP) is obliged to process a refund request within 10 business days. I Demand: 1. An immediate refund of EUR [AMOUNT] to my account, no later than the end of the next business day (for unauthorised transactions) or within 10 business days (for authorised but disputed transactions) 2. Cancellation of any active direct debit mandate in favour of [COMPANY NAME] on my account 3. A written explanation of how this debit was processed without proper authorisation 4. Compensation of EUR [AMOUNT] for any consequential losses (e.g., returned payments, overdraft fees, charges incurred) I note your obligations under the Consumer Protection Code to acknowledge this complaint within 5 business days and issue a Final Response Letter within 40 business days. Yours faithfully, [YOUR NAME] [DATE]
18 — Mortgage Overcharging Complaint
For tracker mortgage overcharging or incorrect variable rate application. Demand recalculation and refund of overcharged interest.
Dear Complaints Officer, I wish to make a formal complaint regarding the overcharging of interest on my mortgage account. Mortgage Details: - Account Holder(s): [YOUR FULL NAME / JOINT BORROWER NAME] - Mortgage Account Number: [YOUR MORTGAGE ACCOUNT NUMBER] - Property Address: [PROPERTY ADDRESS] - Original Drawdown Date: [DATE] - Mortgage Type: [TRACKER / VARIABLE / FIXED — SPECIFY] - Original Rate: [RATE, e.g., "ECB + 1.1%"] - Current Rate Being Charged: [CURRENT RATE] Details of My Complaint: [OPTION A — Tracker mortgage overcharging:] When I drew down my mortgage on [DATE], my mortgage contract entitled me to a tracker rate of ECB + [X]%. This means my current rate should be [CORRECT RATE]% (ECB rate of [CURRENT ECB RATE]% + margin of [X]%). Instead, I am being charged [INCORRECT RATE]%, which is [AMOUNT]% above my contractual entitlement. I was moved off my tracker rate on or around [DATE] and placed on a [VARIABLE / FIXED] rate of [RATE]%. I did not consent to this change, or alternatively, any consent was obtained without full and transparent disclosure of the consequences, in breach of the Consumer Protection Code. The Central Bank's Tracker Mortgage Examination confirmed that [LENDER NAME] failed to apply tracker rates correctly to affected customers. I believe my account falls within the scope of this examination and has not been properly redressed. [OPTION B — Incorrect variable rate:] My mortgage statements show that I have been charged a rate of [RATE]% since [DATE]. However, based on the applicable rate published by [LENDER NAME] for my mortgage type, the correct rate should have been [CORRECT RATE]%. This discrepancy of [X]% over [NUMBER] months has resulted in an overcharge of approximately EUR [AMOUNT]. Calculation of Overcharge: - Period of overcharging: [START DATE] to [END DATE] — [NUMBER] months - Rate charged: [INCORRECT RATE]% - Rate that should have been charged: [CORRECT RATE]% - Estimated overcharge per month: EUR [AMOUNT] - Total estimated overcharge (principal): EUR [TOTAL] - Estimated compound interest on overcharged amounts: EUR [AMOUNT] - Total estimated redress due: EUR [GRAND TOTAL] Breaches Identified: 1. Consumer Protection Code 2012, Provision 3.1: A regulated entity must ensure that all information provided to a consumer is clear, accurate, and not misleading. 2. Consumer Protection Code 2012, Provision 4.1: A regulated entity must ensure that its terms of business are fair to the consumer. 3. Consumer Credit Act 1995: The mortgage agreement constitutes a binding contract. Charging a rate that deviates from the contractual rate is a breach of contract. The Outcome I Am Seeking: 1. Immediate recalculation of my mortgage account to the correct rate from [DATE OF OVERCHARGING] 2. A full refund of all overcharged interest, including compound interest, totalling approximately EUR [AMOUNT] 3. Restoration of my tracker rate of ECB + [X]% [if applicable] 4. Compensation of EUR [AMOUNT] for the financial loss, distress, and inconvenience caused 5. A detailed written statement showing the recalculation and corrected balance I note your obligations under the Consumer Protection Code to acknowledge this complaint within 5 business days and issue a Final Response Letter within 40 business days. Yours faithfully, [YOUR NAME] [DATE]
19 — Debt Collector Harassment Complaint
Use when a debt collector contacts your workplace or neighbours, calls excessively, or engages in intimidating behaviour. Demand cessation and compensation.
Dear [DEBT COLLECTOR NAME / MANAGING DIRECTOR], RE: FORMAL COMPLAINT — HARASSMENT AND INTIMIDATION Your Reference: [THEIR REFERENCE NUMBER] Original Creditor: [NAME OF ORIGINAL LENDER] Alleged Account: [ACCOUNT REFERENCE] I am writing to make a formal complaint about the conduct of your agents in the collection of the above alleged debt. Your behaviour constitutes harassment and is unlawful. Details of Harassment: I have experienced the following conduct from your company: [SELECT AND DETAIL ALL THAT APPLY:] 1. EXCESSIVE CONTACT: - Between [DATE] and [DATE], I received [NUMBER] phone calls from your company — an average of [NUMBER] calls per [DAY/WEEK]. Calls were made at [TIMES, e.g., "8am / 9pm / weekends"]. - I received [NUMBER] letters / emails / text messages in the period [DATE] to [DATE]. 2. CONTACT WITH THIRD PARTIES: - On [DATE], your agent contacted my [EMPLOYER / NEIGHBOUR / FAMILY MEMBER] at [LOCATION / PHONE NUMBER] and disclosed information about this alleged debt. This is a serious breach of my privacy and data protection rights. - [DETAIL WHAT WAS SAID AND TO WHOM] 3. WORKPLACE CONTACT: - On [DATE], your agent [CALLED MY WORKPLACE / VISITED MY WORKPLACE] and spoke to [NAME/ROLE OF PERSON]. This caused me significant professional embarrassment and jeopardised my employment. 4. INTIMIDATING BEHAVIOUR: - [DESCRIBE — e.g., "Your agent threatened legal action they are not entitled to take" / "Your agent misrepresented themselves as acting on behalf of a court" / "Your agent visited my home and refused to leave when asked"] Legal Breaches: 1. Section 10, Non-Fatal Offences Against the Person Act 1997: Any person who, without lawful authority or reasonable excuse, by any means including by use of the telephone, harasses another by persistently following, watching, pestering, besetting, or communicating with him or her, is guilty of an offence. Your conduct meets this threshold. 2. Consumer Protection Code 2012: Debt collectors acting on behalf of regulated entities are required to treat consumers fairly. The Code prohibits aggressive or intimidating behaviour. 3. GDPR Article 5(1)(a) and Article 6: Disclosing my personal financial information to third parties (my employer, neighbours, family members) without my consent is unlawful processing of personal data. You have no lawful basis to share details of an alleged debt with anyone other than me. 4. GDPR Article 5(1)(c) — Data Minimisation: The volume and frequency of your contact is excessive and disproportionate to any legitimate purpose. I Demand: 1. Immediate cessation of all phone calls, visits, and contact with any third parties regarding this matter 2. All future communication to be in writing only, addressed to me at [YOUR ADDRESS / EMAIL] 3. Written confirmation within 14 days that you have: (a) Ceased all third-party contact (b) Noted my account for written correspondence only (c) Disciplined or retrained the agent(s) responsible 4. Compensation of EUR [AMOUNT] for: - Distress and anxiety caused by harassment - Professional embarrassment from workplace contact - Breach of data protection rights (GDPR Article 82) If this conduct does not cease immediately, I will: - Report the harassment to An Garda Siochana under Section 10 of the Non-Fatal Offences Against the Person Act 1997 - File a complaint with the Data Protection Commission for unlawful disclosure of personal data - File a complaint with the Competition and Consumer Protection Commission (CCPC) - Seek a restraining order in the District Court This letter is sent without prejudice to any legal rights I may have. Yours faithfully, [YOUR NAME] [YOUR ADDRESS] [DATE] Sent by: [EMAIL] and [REGISTERED POST — retain proof of posting]
20 — Insurance Policy Cancellation Challenge
Challenge an unfair insurance policy cancellation. Demand reinstatement or an adequate written explanation with supporting evidence.
Dear Complaints Officer, I wish to make a formal complaint regarding the cancellation of my insurance policy, which I believe to be unfair and in breach of your regulatory obligations. Policy Details: - Policy Holder: [YOUR FULL NAME] - Policy Number: [YOUR POLICY NUMBER] - Type of Policy: [HOME / MOTOR / HEALTH / TRAVEL / INCOME PROTECTION / OTHER] - Date Policy Commenced: [DATE] - Date of Cancellation Notice: [DATE] - Effective Date of Cancellation: [DATE] - Reason Given for Cancellation: [QUOTE THEIR STATED REASON] Details of My Complaint: My policy was cancelled by notice dated [DATE], with effect from [DATE]. The reason provided was: "[QUOTE THE EXACT REASON FROM THEIR CANCELLATION LETTER]" I believe this cancellation is unfair and/or unlawful for the following reasons: [OPTION A — Non-disclosure alleged:] Under Section 8 of the Consumer Insurance Contracts Act 2019, a consumer is only required to respond honestly and with reasonable care to specific questions asked by the insurer. I was not asked about [THE MATTER RELIED UPON FOR CANCELLATION] at the time of application, and therefore had no duty to disclose it. Under Section 9, an insurer may not avoid a policy for non-disclosure unless the consumer answered a specific question dishonestly or with reckless disregard for the truth. I answered all questions honestly and to the best of my knowledge. Under Section 14, where a consumer has acted honestly and with reasonable care, the insurer may not cancel the policy but must instead adjust the terms proportionately. [OPTION B — Inadequate notice:] Under Provision 6.6 of the Consumer Protection Code 2012, a regulated entity must not withdraw a service from a consumer in an inequitable or unfair manner. The notice period of [NUMBER] days is inadequate and leaves me without cover, unable to secure alternative insurance at short notice. [OPTION C — Unfair terms relied upon:] The cancellation clause relied upon is an unfair term within the meaning of the European Communities (Unfair Terms in Consumer Contracts) Regulations 1995. It allows you to cancel unilaterally on vague grounds while I am bound by the full term. This creates a significant imbalance contrary to good faith. [OPTION D — Claim-related cancellation:] The cancellation follows my recent claim submitted on [DATE]. Under Section 12 of the Consumer Insurance Contracts Act 2019, an insurer may not penalise a consumer for making a claim where the claim was made honestly. Cancelling my policy in response to a legitimate claim is contrary to the Act. Breaches Identified: 1. Consumer Insurance Contracts Act 2019, Sections [8/9/12/14 — as applicable] 2. Consumer Protection Code 2012, Provision 6.6 (withdrawal of services) 3. Consumer Protection Code 2012, Provision 3.1 (clear and accurate information) 4. Consumer Protection Code 2012, Provision 7.1 (claims handling) The Outcome I Am Seeking: 1. Immediate reinstatement of my policy on the same terms and conditions, with no break in cover 2. Alternatively, if you maintain the cancellation: a full written explanation detailing: (a) The specific policy term or legal provision relied upon (b) The specific facts you say justify the cancellation (c) Copies of the application form and any questions I was asked at the time of application (d) Evidence that the matter relied upon was material to the risk and would have affected your underwriting decision 3. A full refund of all premiums paid if the cancellation stands, including the current policy year 4. Compensation of EUR [AMOUNT] for the distress, inconvenience, and cost of securing alternative cover at short notice I note your obligations under the Consumer Protection Code to acknowledge this complaint within 5 business days and issue a Final Response Letter within 40 business days. Yours faithfully, [YOUR NAME] [DATE]
21 — GDPR Article 82 Compensation Claim
Demand compensation for material or non-material damage caused by a GDPR breach. Cite Articles 5, 6, and 82 GDPR with a calculation of damages.
Dear Data Protection Officer, RE: DEMAND FOR COMPENSATION UNDER ARTICLE 82 GDPR Data Subject: [YOUR FULL NAME] Date of Birth: [YOUR DATE OF BIRTH] Address: [YOUR ADDRESS] Account / Reference: [YOUR ACCOUNT NUMBER OR REFERENCE] I am writing to demand compensation for the material and non-material damage I have suffered as a result of your organisation's breaches of the General Data Protection Regulation (GDPR). Summary of GDPR Breaches: The following breaches of GDPR have been identified: 1. [BREACH 1 — e.g., "Failure to respond to my Subject Access Request within 30 days. SAR submitted [DATE], response received [DATE] — [NUMBER] days late. Breach of Article 15 and Article 12(3)."] 2. [BREACH 2 — e.g., "Processing of inaccurate personal data. My data on the Central Credit Register shows [INCORRECT STATUS] despite [CORRECT POSITION]. Breach of Article 5(1)(d)."] 3. [BREACH 3 — e.g., "Processing without lawful basis. You shared my personal data with [THIRD PARTY] on [DATE] without my consent and without any other lawful basis under Article 6."] 4. [BREACH 4 — e.g., "Excessive identity verification demands contrary to Article 12(6), designed to obstruct the exercise of my data subject rights."] Legal Basis for Compensation: Article 82(1) GDPR provides: "Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor responsible for the damage." Under Article 82(3), the burden is on you to demonstrate that you are "not in any way responsible for the event giving rise to the damage." Section 117 of the Data Protection Act 2018 confirms that a data subject may seek compensation through the Circuit Court or High Court for damage suffered as a result of a GDPR infringement. Calculation of Damages: A. Material Damage: - EUR [AMOUNT]: [SPECIFIC FINANCIAL LOSS — e.g., "Credit application refused on [DATE] by [LENDER] due to inaccurate CCR data, causing me to obtain credit at a higher rate, costing EUR [AMOUNT] in additional interest"] - EUR [AMOUNT]: [ADDITIONAL LOSS — e.g., "Fees incurred obtaining certified copies of CCR reports and legal advice"] - EUR [AMOUNT]: [ADDITIONAL LOSS — e.g., "Lost income from [NUMBER] hours spent pursuing SAR and complaints"] Subtotal Material Damage: EUR [AMOUNT] B. Non-Material Damage: - EUR [AMOUNT]: Distress and anxiety caused by [DESCRIBE — e.g., "knowing inaccurate data is being reported to credit agencies and is visible to potential lenders"] - EUR [AMOUNT]: Loss of control over personal data and violation of privacy rights - EUR [AMOUNT]: Inconvenience and time spent over [NUMBER] months attempting to have breaches rectified Subtotal Non-Material Damage: EUR [AMOUNT] TOTAL COMPENSATION DEMANDED: EUR [TOTAL] This calculation is based on Irish and EU case law, including the CJEU judgment in UI v Osterreichische Post AG (C-300/21) which confirmed that non-material damage under Article 82 includes distress, anxiety, and fear arising from a GDPR infringement, without requiring a threshold of seriousness. Demand: I demand payment of EUR [TOTAL] within 21 days of this letter. If this matter is not resolved within that period, I will commence legal proceedings in the [CIRCUIT COURT / DISTRICT COURT] without further notice. I will also refer the underlying GDPR breaches to the Data Protection Commission under Article 77. This letter constitutes a formal pre-litigation demand. Please forward it to your legal team and insurers as appropriate. Yours faithfully, [YOUR NAME] [YOUR ADDRESS] [YOUR EMAIL] [DATE]
22 — GDPR Right to Erasure (Article 17)
Request deletion of your personal data under the right to be forgotten. Specify which data to erase and why retention is no longer justified.
Dear Data Protection Officer, I am writing to request the erasure of my personal data under Article 17 of the General Data Protection Regulation (GDPR) — the Right to Erasure (Right to Be Forgotten). My Details: - Full Name: [YOUR FULL NAME] - Date of Birth: [YOUR DATE OF BIRTH] - Address: [YOUR ADDRESS] - Account Number / Customer Reference: [YOUR ACCOUNT NUMBER OR REFERENCE] - Email Address Associated with Account: [YOUR EMAIL] Data I Request Be Erased: I request the erasure of the following personal data: 1. [SPECIFY DATA — e.g., "All account records, transaction history, and personal information held in connection with account [NUMBER], which was closed on [DATE]"] 2. [SPECIFY DATA — e.g., "Marketing profile and preferences, including any data used for profiling or automated decision-making"] 3. [SPECIFY DATA — e.g., "Call recordings, correspondence records, and internal notes relating to my account"] 4. [SPECIFY DATA — e.g., "Any data shared with or held by third-party processors on your behalf"] Grounds for Erasure: Under Article 17(1), I am entitled to erasure because: [SELECT ALL THAT APPLY:] (a) The personal data is no longer necessary for the purpose for which it was collected — my account was closed on [DATE] and there is no ongoing contractual relationship. (b) I withdraw my consent under Article 6(1)(a) or Article 9(2)(a), and there is no other legal ground for the processing. (c) I object to the processing under Article 21(1) on grounds relating to my particular situation, and there are no overriding legitimate grounds for the processing. [DESCRIBE YOUR PARTICULAR SITUATION.] (d) The personal data has been unlawfully processed — [DESCRIBE HOW, e.g., "data was processed without a lawful basis / data was shared with third parties without consent"]. (e) The personal data must be erased to comply with a legal obligation. I am aware that Article 17(3) provides limited exceptions to the right of erasure (e.g., compliance with a legal obligation, establishment or defence of legal claims). If you intend to rely on any exception, I require you to: 1. Identify the specific exception under Article 17(3) you are relying upon 2. Specify the exact legal obligation or legitimate reason for continued retention 3. Specify the precise data that the exception applies to — you must still erase all data not covered by the exception 4. Specify the retention period and the date on which the data will be erased Under Article 17(2), where you have made the personal data public or shared it with other controllers or processors, you are required to take reasonable steps to inform them of my erasure request. Under Article 12(3), you must respond to this request without undue delay and in any event within one calendar month of receipt. If this request is not fulfilled within the statutory timeframe, I will file a complaint with the Data Protection Commission under Article 77 GDPR and seek compensation under Article 82 for any damage caused by continued unlawful retention. Yours faithfully, [YOUR NAME] [DATE]
23 — GDPR Right to Rectification (Article 16)
Request correction of inaccurate personal data held by a company. Specify what is wrong and what the correct data should be.
Dear Data Protection Officer, I am writing to exercise my right to rectification of inaccurate personal data under Article 16 of the General Data Protection Regulation (GDPR). My Details: - Full Name: [YOUR FULL NAME] - Date of Birth: [YOUR DATE OF BIRTH] - Address: [YOUR ADDRESS] - Account Number / Customer Reference: [YOUR ACCOUNT NUMBER OR REFERENCE] Inaccurate Data Identified: I have identified the following inaccurate personal data held by your organisation: 1. Data Field: [e.g., "Account status on Central Credit Register"] Currently Recorded As: [e.g., "Active — balance EUR 15,000"] Correct Data Should Be: [e.g., "Closed — written off on [DATE], balance EUR 0"] Evidence: [e.g., "SAR response dated [DATE], page [NUMBER], showing board-level write-off on [DATE]"] 2. Data Field: [e.g., "Home address"] Currently Recorded As: [INCORRECT ADDRESS] Correct Data Should Be: [CORRECT ADDRESS] Evidence: [e.g., "Change of address notification sent on [DATE], utility bill at new address attached"] 3. Data Field: [e.g., "Employment status / Income"] Currently Recorded As: [INCORRECT DATA] Correct Data Should Be: [CORRECT DATA] Evidence: [SUPPORTING EVIDENCE] [ADD ADDITIONAL ITEMS AS NEEDED] Legal Basis: Article 16 of the GDPR states: "The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her." Article 5(1)(d) of the GDPR requires that personal data shall be "accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay." Where you have disclosed the inaccurate data to third parties (including but not limited to the Central Credit Register, credit reference agencies, or other data controllers), Article 19 requires you to communicate the rectification to each recipient, unless this proves impossible or involves disproportionate effort. I request that you inform me of those recipients. I require you to: 1. Rectify the inaccurate data listed above without undue delay 2. Provide written confirmation that the rectification has been made 3. Notify all third parties to whom the inaccurate data was disclosed, including [LIST KNOWN RECIPIENTS — e.g., "the Central Credit Register, [THIRD PARTY NAME]"] 4. Provide confirmation that third parties have been notified under Article 19 5. Provide a list of all recipients of the inaccurate data under Article 19 Under Article 12(3), you must respond to this request without undue delay and in any event within one calendar month of receipt. If you do not intend to comply with this request, you must inform me of the reasons and of my right to lodge a complaint with the Data Protection Commission. Yours faithfully, [YOUR NAME] [DATE]
24 — Central Bank Systemic Misconduct Report
Report systemic misconduct or patterns of regulatory breach to the Central Bank of Ireland. For when the same company is doing the same thing to many consumers.
Subject: Report of Systemic Misconduct by [COMPANY NAME] Dear Consumer Protection Directorate, I am writing to bring to the attention of the Central Bank of Ireland a matter which I believe constitutes systemic misconduct by [COMPANY NAME], a regulated entity under the Central Bank's supervision. I understand that the Central Bank does not resolve individual complaints (which is the role of the FSPO). However, the pattern of behaviour described below suggests a systemic issue affecting multiple consumers that warrants supervisory investigation. Reporting Party: - Name: [YOUR FULL NAME] - Address: [YOUR ADDRESS] - Email: [YOUR EMAIL] Regulated Entity: - Name: [COMPANY NAME] - Registered Address: [COMPANY ADDRESS IF KNOWN] - Regulated Activity: [e.g., "Retail credit firm / Insurance undertaking / Payment institution / Credit institution"] Nature of Systemic Misconduct: [DESCRIBE THE PATTERN — be specific about what the company is doing, not just what happened to you personally. Examples:] 1. PATTERN OF CONDUCT: [e.g., "[COMPANY NAME] appears to be systematically [refusing to process SARs within statutory deadlines / reporting written-off debts as active on the CCR / imposing excessive identity verification to obstruct data subject rights / cancelling policies after claims are made / failing to issue Final Response Letters within 40 business days]."] 2. EVIDENCE OF SYSTEMIC NATURE: [Explain why you believe this is not an isolated incident:] - [e.g., "I am aware of [NUMBER] other consumers who have experienced the same issue, as discussed on [FORUM / CONSUMER GROUP / SOCIAL MEDIA PLATFORM]"] - [e.g., "The company's own complaints data (if obtained via SAR) shows [NUMBER] similar complaints in [PERIOD]"] - [e.g., "The conduct appears to be company policy rather than individual error, because [EXPLAIN — e.g., identical template responses, consistent refusal patterns, internal policy documents obtained via SAR]"] 3. REGULATORY BREACHES IDENTIFIED: - Consumer Protection Code 2012, Provision [NUMBER]: [DESCRIBE BREACH] - [ADDITIONAL LEGISLATION]: [DESCRIBE BREACH] - [ADDITIONAL LEGISLATION]: [DESCRIBE BREACH] 4. IMPACT ON CONSUMERS: [Describe the broader impact — e.g., "This conduct results in consumers being unable to access credit / being denied their data protection rights / suffering financial loss / being harassed by debt collectors acting on inaccurate data"] Evidence Enclosed: 1. [DOCUMENT — e.g., "My own SAR response showing the company's internal practices"] 2. [DOCUMENT — e.g., "Copies of correspondence showing template refusal patterns"] 3. [DOCUMENT — e.g., "Screenshots from consumer forums showing others with identical experiences"] 4. [DOCUMENT — e.g., "My FSPO complaint reference [NUMBER] regarding my individual case"] Action Requested: I respectfully request that the Central Bank: 1. Investigate whether [COMPANY NAME] is systematically failing to comply with [SPECIFIC REGULATORY OBLIGATIONS] 2. Consider whether enforcement action is warranted under the Central Bank (Supervision and Enforcement) Act 2013 3. Consider whether a themed inspection or industry review is appropriate given the scale of the issue I am available to provide further information or evidence to assist any investigation. Yours faithfully, [YOUR NAME] [YOUR ADDRESS] [YOUR EMAIL] [DATE]
25 — Small Claims Court Application Text
Template for the particulars of claim section of the Small Claims Court online form. Covers financial loss up to EUR 2,000. Structure: parties, facts, breach, loss, remedy sought.
PARTICULARS OF CLAIM — SMALL CLAIMS COURT [This text is designed to fit the "Details of Claim" field on the courts.ie Small Claims online application form. Maximum claim: EUR 2,000.] CLAIMANT: [YOUR FULL NAME], [YOUR ADDRESS] RESPONDENT: [COMPANY NAME], [COMPANY REGISTERED ADDRESS] NATURE OF CLAIM: [e.g., "Breach of contract / Defective goods / Defective service / Minor damage to property"] FACTS: 1. On [DATE], I [purchased / contracted with / entered into an agreement with] the Respondent for [DESCRIBE THE PRODUCT OR SERVICE — e.g., "a [PRODUCT] at a price of EUR [AMOUNT]" / "a service contract for [DESCRIPTION] at a cost of EUR [AMOUNT]"]. 2. [DESCRIBE WHAT WENT WRONG — e.g., "The product was defective in that [DESCRIBE DEFECT]. The product failed on [DATE], within [NUMBER] weeks/months of purchase."] 3. [DESCRIBE WHAT WENT WRONG — e.g., "The service was not provided with reasonable skill and care in that [DESCRIBE FAILURE]. The Respondent failed to [SPECIFIC OBLIGATION]."] 4. On [DATE], I contacted the Respondent to [request a repair / replacement / refund / resolution]. [DESCRIBE THEIR RESPONSE — e.g., "The Respondent refused to provide a refund" / "The Respondent did not respond" / "The Respondent offered only a partial credit of EUR [AMOUNT], which is inadequate."] 5. On [DATE], I sent a formal complaint / letter before action to the Respondent. [DESCRIBE OUTCOME — e.g., "No satisfactory response was received."] BREACH: The Respondent is in breach of: [SELECT ALL THAT APPLY:] - Section 5(1) of the Sale of Goods Act 1893 (as amended): implied condition that goods are of merchantable quality - Section 39 of the Sale of Goods and Supply of Services Act 1980: implied term that services are supplied with due skill, care, and diligence - Section 15 of the Sale of Goods and Supply of Services Act 1980: implied condition that goods are fit for their purpose - Sections 46-56 of the Consumer Rights Act 2022: [for contracts entered after 29 November 2022] goods must be in conformity with the contract, of satisfactory quality, and fit for purpose - Consumer Protection Act 2007, Section 43: prohibition on unfair commercial practices - [SPECIFIC CONTRACT TERM]: The Respondent failed to deliver / perform as agreed LOSS AND DAMAGE: As a result of the Respondent's breach, I have suffered the following loss: 1. EUR [AMOUNT]: [DESCRIBE — e.g., "Cost of defective product" / "Cost of defective service"] 2. EUR [AMOUNT]: [DESCRIBE — e.g., "Cost of repair by alternative provider" / "Cost of replacement product"] 3. EUR [AMOUNT]: [DESCRIBE — e.g., "Consequential loss — [SPECIFY]"] TOTAL CLAIMED: EUR [TOTAL — must not exceed EUR 2,000] REMEDY SOUGHT: I seek an order that the Respondent pay me the sum of EUR [TOTAL] in respect of the above losses, together with the Small Claims Court application fee of EUR 25. EVIDENCE AVAILABLE: - Receipt / invoice dated [DATE] - Photographs of [DEFECTIVE PRODUCT / INCOMPLETE WORK] - Correspondence with Respondent dated [DATES] - [EXPERT REPORT / REPAIR QUOTATION — if applicable] - [OTHER EVIDENCE] I confirm that I have attempted to resolve this matter directly with the Respondent before making this application. [YOUR NAME] [DATE]