JOIN US ON TELEGRAM

Forms

Step 1: Choose Your Weapon

On the link below, you’ll see a series of buttons, each representing a different type of complaint or request.

  • Read the brief description under each button to understand its purpose (e.g., DSAR for your personal data, CCW for unresolved service issues, Letter Before Claim if you intend to sue).

  • Select the one that best fits your situation. Clicking a button will reveal the specific complaint form.

We suggest you complete and submit all the forms to find all the information you require.

Step 2: Fill in Your Details & Complaint Specifics 

Once you’ve selected your complaint type, the form will guide you through gathering necessary information in a few sections:

Your Contact Details: Provide your full name, address, and email. This is crucial for the company to respond to you.

Company Details: Select your water company from the dropdown. Depending on the complaint type, you might also need to add your account number or any previous complaint reference numbers.

Complaint Specifics: This is where you detail your grievance. The text area will be pre-filled with strong, assertive language tailored to your chosen complaint type. Crucially, replace the bracketed <<< REPLACE THIS: … >>> text with your precise, factual details, dates, and evidence. Remove any sections that aren’t relevant to your case.

Desired Outcome: Clearly state what resolution you demand. Again, this section will have pre-filled demanding language; customize the bracketed text with your specific, non-negotiable desired outcome, including any quantifiable losses if applicable (especially relevant for CCW or Letter Before Claim).

Step 3: Generate, Review, and Send! 

After filling out the form:

  • Review the Generated Complaint: The “Generated Complaint Text” box will show you the complete, formatted letter. Read it carefully to ensure all your details are correct and the tone is assertive and accurate.

  • Download as PDF: Click the “Download as PDF” button. This will create a professional PDF document of your complaint.

  • Dispatch it: Print the PDF and send it via recorded delivery to the contact address specified in the generated letter. For some complaints (like Statutory Nuisance), you might need to send it to multiple recipients (e.g., the water company and your local authority). Always keep a copy for your records.

By following these steps, you’ll create a powerful, legally informed complaint ready to demand action from the water company!

These forms are step by step with EDITABLE TEXT AREAS. We suggest you take some time to complete these forms with as much data and information as possible.

The completed forms will be SAVED LOCALLY. YOU CAN THEN COPY AND PASTE THE PROVIDED TEXT TO GIVE YOU A GREAT START IN FINDING WHAT THESE COMPANIES HOLD ON YOU AND TO ADDRESS YOUR ISSUES.

PLEASE CHECK BEFORE YOU SEND ANY OF THE DOCUMENTS – THESE HAVE BEEN DRAFTED BY AI.

CLICK HERE TO COMPLETE WATER COMPLAINTS

WE OFFER A FULL SUITE OF FORMS FOR ALL YOUR UTILTIES

No Data is kept on this site, for your protection. These forms work in the time the window is open.
Look for <<TEXT TO REPLACE>> with your own information, add your information and generate a PDF to Save/Send.

WATER

ELECTRICITY

GAS

MOBILE

LANDLINE/INTERNET

COUNCIL / OTHERS

Data Subject Access Request (DSAR)

A formal demand under UK GDPR for a complete copy of ALL your personal data held by the water company, or to command its rectification/erasure. They have 1 calendar month to comply.

Your right to uncover critical environmental information, such as extensive data on sewage discharges or comprehensive water quality reports. They have 20 working days (extendable to 40) to respond.

A formal accusation regarding the misuse or mishandling of your personal data. This demands a full investigation and immediate remedial action.

A formal complaint to Ofwat, the economic regulator, regarding serious breaches of their license conditions, economic regulation, or repeated service failures.

An independent body handling unresolved service issues with water companies. You must have complained directly to the company first and been dissatisfied with their final response. Can include Consumer Rights Act 2015 principles.

Demand access to general recorded information held by *public authorities*. **Note:** Most privatized UK water companies are NOT subject to FOIA for general information (use EIR for environmental data), but Northern Ireland Water IS.

A formal complaint regarding a Statutory Nuisance (e.g., sewage flooding, persistent odours) caused by the water company, as defined under the Environmental Protection Act 1990. Compels them to cease the nuisance.

A mandatory pre-action letter before legal proceedings, outlining your case, demanding specific damages/remedies, and setting a strict deadline. Appropriate for claims based on Consumer Rights Act 2015 breaches where you intend to sue.

A formal complaint to the DWI regarding concerns about the quality, taste, smell, appearance, or safety of your tap water.

A formal complaint to the Environment Agency (EA) or Natural Resources Wales (NRW) regarding actual environmental pollution incidents or ongoing non-compliance by the water company.

Templates for Use:

GDPR TEMPLATE
Chapter 3 Section 47 DPA 2018 Notice

[Your name]

[Your address]

[Your address]

[Your address]

[Your postcode]

[Date]

Data Protection Officer

[DCA Address 1]

[DCA Address 2]

[DCA Address 3]

[DCA Postcode]

NOTICE ISSUED PURSUANT TO CHAPTER 3 SECTION 47

OF THE DATA PROTECTION ACT 2018

I write pursuant to my rights granted by Chapter 3 Section 47 of the Data Protection Act 2018.

I hereby give you Notice that you must, within the time periods prescribed below, permanently cease processing all personal data of which I am the data subject. If you do not normally handle Data Protection Notices for your organisation, please pass this Notice to your Data Protection officer or another appropriate official.

THE MEANING OF THIS NOTICE

For the avoidance of doubt this Notice requires you to do all of the following:

(1) Within 3 days of receipt of this letter to cease or not to begin to:

(a) Obtain;

(b) Record; or

(c) Hold, any personal data of which I am the data subject (“my personal data”); and

(2) With immediate effect to cease or not to begin to carry out any operation or a series of operations involving my personal data including operations that would amount to the:

(a) Organisation, adaption or alteration;

(b) Retrieval, consultation or use;

(c) Disclosure by transmission, dissemination or otherwise making available; or

(d) Alignment or combination, of information or data.

GROUNDS FOR NOTICE

My grounds for giving you this Notice are:

(a) The processing of my personal data by you is causing or is likely to cause substantial damage to me and any person residing with me, due to a lack of ability to obtain credit caused by wrongful processing of my data

(b) The processing of my personal data by you is illegal as you do not have my consent.

(c) The processing of my personal data is illegal as we do not have a contract.

(d) The processing of my personal data is illegal as you have no proven legal obligation that applies to your organisation.

(e) The processing of my personal data is illegal as it is not necessary for you to protect my vital interests.

(f) In any case the damage and/or distress is unwarranted.

NO EXEMPTION FROM THE PROVISIONS OF CHAPTER 3 SECTION 47 OF THE DATA

PROTECTION ACT 2018

You are not excused compliance with this Notice under the provisions of Chapter 3 Section 47 of the Data Protection Act by virtue of the reasons set out below:

(1) I have not given you my consent to process my personal data.

(2) I am not a party to a contract with you.

(3) You have no proven legal obligation with which you must comply and which would permit you to process my personal data.

(4) No processing undertaken by you could be undertaken to protect my vital interests.

WHAT YOU MUST DO NEXT

In any event you must within 21 days of receiving this Notice give me Notice in writing stating:

(1) You have complied with the provisions of this Notice in full; or

(2) You have complied with the provisions of this Notice in part , stating which parts; and

(3) As to the parts not so complied with, your reasons for not doing so, including evidence that you can substantiate.

WARNING: CONSEQUENCES OF FAILURE TO COMPLY WITH THIS NOTICE

Should you fail to comply with the provisions of this Notice, I reserve absolutely the right to obtain, without further reference to you, a county court or High Court order to compel you to comply with this Notice together with an order that you pay my associated legal costs in full and for me to make an application for damages associated with your unlawful processing of my personal data.

Yours sincerely

[Your Name]

 
SUBJECT ACCESS REQUEST

Dear Sir/Madam, 

Under Article 15 of the General Data Protection Regulation 2018, I would like to submit the following subject access request to better understand how you process my personal information:

In light of recent events, I am concerned that your company’s information practices may be putting my personal information at undue risk of exposure or in fact has breached its obligation to safeguard my personal information pursuant to: 

https://www.theverge.com/2018/8/24/17776836/tmobile-hack-data-breach-personal-information-two-million-customers

I am including a copy of documentation necessary to verify my identity. If you require further information, please contact me at my address above.

I would like you to be aware at the outset, that I anticipate reply to my request within one month as required under Article 12, failing which I will be forwarding my inquiry with a letter of complaint to the Information Commissioners Office. 

Please advise as to the following:

1. Please confirm to me whether or not my personal data is being processed. If it is, please provide me with the categories of personal data you have about me in your files and databases.

a. In particular, please tell me what you know about me in your information systems, whether or not contained in databases, and including e-mail, documents on your networks, or voice or other media that you may store.

b. Additionally, please advise me in which countries my personal data is stored, or accessible from. In case you make use of cloud services to store or process my data, please include the countries in which the servers are located where my data are or were (in the past 12 months) stored.

c. Please provide me with a copy of, or access to, my personal data that you have or are processing.

2. Please provide me with a detailed accounting of the specific uses that you have made, are making, or will be making of my personal data.

3. Please provide a list of all third parties with whom you have (or may have) shared my personal data.

a. If you cannot identify with certainty the specific third parties to whom you have disclosed my personal data, please provide a list of third parties to whom you may have disclosed my personal data.

b. Please also identify which jurisdictions that you have identified in 1(b) above that these third parties with whom you have or may have shared my personal data, from which these third parties have stored or can access my personal data. Please also provide insight in the legal grounds for transferring my personal data to these jurisdictions. Where you have done so, or are doing so, on the basis of appropriate safeguards, please provide a copy.

c. Additionally, I would like to know what safeguards have been put in place in relation to these third parties that you have identified in relation to the transfer of my personal data.

4. Please advise how long you store my personal data, and if retention is based upon the category of personal data, please identify how long each category is retained.

5. If you are additionally collecting personal data about me from any source other than me, please provide me with all information about their source, as referred to in Article 14 of the GDPR.

6. If you are making automated decisions about me, including profiling, whether or not on the basis of Article 22 of the GDPR, please provide me with information concerning the basis for the logic in making such automated decisions, and the significance and consequences of such processing.

7. I would like to know whether or not my personal data has been disclosed inadvertently by your company in the past, or as a result of a security or privacy breach.

a. If so, please advise as to the following details of each and any such breach:

i. a general description of what occurred;

ii. the date and time of the breach (or the best possible estimate);

iii. the date and time the breach was discovered;

iv. the source of the breach (either your own organization, or a third party to whom you have transferred my personal data);

v. details of my personal data that was disclosed;

vi. your company’s assessment of the risk of harm to myself, as a result of the breach;

vii. a description of the measures taken or that will be taken to prevent further unauthorized access to my personal data;

viii. contact information so that I can obtain more information and assistance in relation to such a breach, and

ix. information and advice on what I can do to protect myself against any harms, including identity theft and fraud.

b. If you are not able to state with any certainty whether such an exposure has taken place, through the use of appropriate technologies, please advise what mitigating steps you have taken, such as

i. Encryption of my personal data;

ii. Data minimization strategies; or,

iii. Anonymization or pseudonymization;

iv. Any other means

8. I would like to know your information policies and standards that you follow in relation to the safeguarding of my personal data, such as whether you adhere to ISO27001 for information security, and more particularly, your practices in relation to the following:

a. Please inform me whether you have backed up my personal data to tape, disk or other media, and where it is stored and how it is secured, including what steps you have taken to protect my personal data from loss or theft, and whether this includes encryption.

b. Please also advise whether you have in place any technology which allows you with reasonable certainty to know whether or not my personal data has been disclosed, including but not limited to the following:

i. Intrusion detection systems;

ii. Firewall technologies;

iii. Access and identity management technologies;

iv. Database audit and/or security tools; or,

v. Behavioural analysis tools, log analysis tools, or audit tools;

9. In regards to employees and contractors, please advise as to the following:

a. What technologies or business procedures do you have to ensure that individuals within your organization will be monitored to ensure that they do not deliberately or inadvertently disclose personal data outside your company, through e-mail, web-mail or instant messaging, or otherwise.

b. Have you had had any circumstances in which employees or contractors have been dismissed, and/or been charged under criminal laws for accessing my personal data inappropriately, or if you are unable to determine this, of any customers, in the past twelve months.

c. Please advise as to what training and awareness measures you have taken in order to ensure that employees and contractors are accessing and processing my personal data in conformity with the General Data Protection Regulation.

If you do not normally deal with these requests, please pass this letter to your DataProtection Officer, or relevant staff member. If you need advice on dealing with this request, the Information Commissioner’s Office can assist you. Its website is ico.org.uk or it can be contacted on 0303 123 1113.

Yours Sincerely,

 
 
 

HOW LONG DO I GIVE THEM?

If they follow the rules they should respond within one-month period to advise that they will require a further two months (Article 12(3) GDPR). 

If you have not had a full response in 3 months, then you could file a complaint with the Information Commissioners Office.

STANDARD SUBJECT ACCESS REQUEST TEMPLATE

[YOUR ADDRESS & POSTCODE]

[THEIR ADDRESS & POSTCODE]

Your Ref:  [THEIR REFERENCE NUMBER IF YOU KNOW IT]

DATE: [THE DATE]

Dear Sir or Madam,

I am writing to formally make a ‘Subject Access Request’ for a copy of information that you hold about me which I am entitled under the General Data Protection Regulation 2018.

You can identify my records using the following information:

Full name:

Address:

Please supply me the data about me that I am entitled to under the data protection law including:

I look forward to receiving your response to this request for data within one calendar month, per the General Data Protection Regulation. If you do not normally deal with these requests, please pass this letter to your Data Protection Officer, or relevant staff member.

Yours faithfully,

[YOUR NAME]

 

Under the General Data Protection Regulation 2018 – They should respond within one-month period. If the request is complex they should advise that they will require a further two months (Article 12(3) GDPR).  If you have not had a full response in 3 months, then you could file a complaint with the  Information Commissioners Officer, who has the authority to issue large fines for non compliance.

 

What should my request say?

Do include:

  • an email subject line or heading for your letter which makes it clear that you are making an information request. For example, you could use ‘request for information,’ ‘freedom of information request’ or ‘Environmental Information request’;
  • the date of your request;
  • your name – a request can also be made in the name of an organisation or by one person on behalf of another, such as a solicitor on behalf of a client;
  • contact details the public authority can use to respond to you in writing;
  • how you would like to receive the information (for example by email or printed out and posted to you);
  • a clear description of the information you want; and
  • any dates or other details that will help the public authority search for the information you want.

 

Don’t include:

  • unnecessary information alongside your request, like details about a wider customer service complaint;
  • requests for information if your aim is solely to cause additional work for the public authority; or 
  • offensive or threatening language.

Cost Estimation to the Business (Per Complaint)

To estimate costs, we need to consider average loaded costs per employee hour (salary + benefits + overhead) for relevant staff. Let’s assume an average loaded cost of £50-£100 per hour for mid-level staff involved in complaint handling, and £150-£300+ per hour for senior management, legal counsel, or specialized experts.

  • DSAR/GDPR Complaints: £2,000 – £12,000+ per complaint. (High labor, high legal/compliance risk).

  • EIR/FOIA: £1,000 – £8,000. (Information retrieval, legal review).

  • Ofwat Complaint: £2,000 – £15,000+. (Senior staff involvement, high regulatory stakes).

  • CCW Complaint: £750 – £4,000. (Internal investigation, mediation).

  • Statutory Nuisance: £1,500 – £7,000+. (Investigation, potential abatement costs).

  • Letter Before Claim: £3,000 – £30,000+. (Significant legal input, pre-litigation costs, potential for settlement payouts). This cost can skyrocket if it proceeds to litigation.

  • DWI Complaint: £1,000 – £6,000. (Technical investigation, lab costs).

  • EA/NRW Complaint: £1,500 – £8,000+. (Investigation, potential for fines, and remediation costs).