@BankFodder - thank you for this. I have again phoned Halfords Customer Services Team today. They have now advised that the original repair (coolant leak) has been repaired and the other repair (which they have diagnosed as a new thermostat) they found 4 weeks after it was initially repaired, has been authorised to be repaired by the Regional Manager. I am told that the thermostat part is being delivered to the garage tomorrow and the car should be ready to be collected later that day. However, they have advised that there is an issue to do with the Ad Blue. They state that this is not connected with the original breakdown and that they are refusing to repair this issue, as they state it’s too sensitive for them to deal with. They have told me the vehicle can be driven, but they don’t know how far, and that i will need to take it to the Manufacturer for repair. I find it hard to believe that this Ad Blue issue is not issued linked to the original breakdown, and that it has taken them 6 weeks to diagnose this latest issue! The biggest issue I now have is that I will be without a vehicle to get to work whilst the vehicle is being diagnosed and repaired by the manufacturer. So i’m guessing i will need to book in my car with the manufacturer, ask them to diagnose and repair it and do a full independent inspection on the work National Tyres & Auto Centre have done.

Nope. I cobbled this together late last night. Awaiting feedback from the Forum.

I have attached my complaint letter to Halfords/National Tyre & Auto Centre. As a result of the advice previously given on this thread, I have removed all of the unnecessary detail about driving to/from and I have also removed the emotion from the letter. Unfortunately, due to the number of breakdowns, faulty repairs and overall issues, it is still five pages long (apologies in advance). Any advice on the content and next steps would be much appreciated please. National Tyre & Auto Centre Complaint Letter Redacted.pdf

Phoned Halfords Customer Services Team on 24/04/23 to chase up the online complaint I made back on 21/04/23 as I was told a Regional Manager would be contacting me. They stated that the Regional Manager was reviewing the complaint and would contact me the same day. Nothing heard. Phoned Halfords Customer Services Team on 26/04/23 to chase the complaint, was told that the Regional Manager had told the Garage to "fix the repair" on my vehicle, and that the Regional Manager would be calling me to further discuss. Nothing heard. Phoned Halfords Customer Services Team on 28/04/23 to chase the complaint, was told that the Regional Manager should have made contact with me by now, but because of the delayed response they were escalating my complaint to a senior manager ans that this manager would be in touch with me within 72 hours. That gives them until tomorrow, but i don't expect any contact because the Regional Manager hasn't bothered to contact me, and after all it's a Bank Holiday. None of their management want to talk to me. I've found the email address for the CEO of Halfords and will be copying him into my complaint letter, once posted on here and approved. Subject Access Request submitted as of 30/04/23. Email confirmation of receipt.

When it broke down again on 10/04/23 I told them they had two choices: (1) re-do the repair and fixe my vehicle or (2) take my vehicle to another garage, they do the repair at their own cost. They opted to re-do the repair. They have had my vehicle since the 10/04/23 with the proviso they were going to fix it. In the meantime I also insisted they provide me with a Hire Car as I needed to get to work and had already have to take time off because of their failure to repair my vehicle. They phoned Friday to say that the original repair is fixed but there is now another issue which they failed to diagnose initially, but because that repair will take too long, they won't carry out this repair. Instead, they want me to return the Hire Car, collect my broken down vehicle from their garage, and take it to another garage to get fixed. No call recording - they phoned me whilst I was in work. Plus, I have read the customer service guide and have an i-phone so can't record calls. This particular call was made in work hours so I wouldn't have had anyway of recording this interaction.

No as the Garage still have my car and to get an estimate to fix the new problem would mean I would have to take the vehicle to another Garage to get an estimate.

Please tell us about the vehicle – make model year and how long you have had it. Nissan Qashqai (2019 model) which I purchased from new in November 2019 (no longer under warranty) and still have 8 months finance left to pay. When did it break down? 20/03/23. What's the name of the garage? National Tyres and Autocare (now owned and part of of the Halfords Autocentre brand). What is the thought that kept occurring? Initially, when my vehicle went back for the original repair to be fixed, they have told me that they didn't know what was wrong with it, as the pressure was holding (after a pressure check). They then said it was leaking from somewhere and they thought it was to do with the o'ring on the repair they done, not be tightened enough. They said they had to be careful not to overtighten the o'ring as otherwise it would fail and leak. The last time I went in to have the repair looked at and again fixed, they told me the o'ring had failed and that they had to order in a new o'ring part and fit it. The Assistant Centre Manager said that the o'ring they had initially purchased had failed and that they had to order in a second o'ring part and fir that. He has verbally told me on the phone on Friday that they have now fixed the original repair (i.e. the leak). They still have my vehicle so I have no way to know if this original repair has now been fixed. What is the new fault they have found and which apparently is part of the original problem. The Assistant Centre Manager has told me that they have found a fault with the water pump and although this was part of the original reason for my vehicle breaking down, the job is too time consuming for them and they are not prepared to repair it. He said he has spoken to his legal team and regional manager and that he has been told to offer me a partial refund on the original repair and that I have to return my hire vehicle, collect my own vehicle, and take it to another garage. Have you got anything in writing from them or any other evidence that they are saying that the whole thing would take too long to fix? I don't have anything in writing from them as this was a phone call conversation with the Assistant Centre Manager on Friday afternoon. How much money have you spent on repairs with this garage? £516.64 (which is being paid off in 4 monthly instalments via Payment Assist Plan - 2 instalments have been made to date). We will talk about data breaches later

My vehicle broke down, i took it to a mainstream garage who diagnosed and repaired it. However, the same fault kept occurring and it kept breaking down, so i kept taking it back. They state they have now fixed the original problem, but my vehicle still isn’t repaired as they have now found another fault which is part of the original problem, but are refusing to fix the repair because it will take them too long too fix. They have told me to come and collect the car and take it to another garage. The garage have also given an employee my mobile number and they have called called me using their personnel mobile number whilst on their day off. I think that is a GDPR DPA 2018 breach.

@Bazooka Boo Agreed

Thanks for the feedback, I will make ammendments before sending this to them. In the meantime, I will post up the salient bullet points for advice shortly.

**update** I have now received the (1) the £200 Reward Incentive for opening my account with Santander, and (2) the £200 I requested in my Letter Before Claim. I am happy with this outcome and now considered this case won and settled. Thank you to all the Cag Team and others who have helped me once again.

Bristol Civic Justice Centre Claimant name and address xxxxxxxx xxxxxx xx xxxxxx xxxx xxxxxxxxxxx xxxxxxxxxxxxxx xxxx xxx Defendants name and address Santander UK Plc, Santander House, 201 Grafton Gate East, Milton Keynes, MK9 1AN Brief details of claim Damage for distress caused by the defendants data protection breaches of statutory duty Value £235 Particulars of claim 1. The Defendant is a Data Controller within the meaning of the Data Protection Act 2018 and is responsible for the processing of data of which the Claimant is a data Subject. 2. This claim is in relation to two breaches of the Data Protection Act (2018) by the Defendant. (a) Failure to comply with the statutory time limit dated 12 March 2023 (b) Failure to comply with the statutory time limit dated 28 March 2023 3. The Defendant has failed to comply with the statutory time limit on two occasions and has therefore committed two breaches of the Data Protection Act (2018). (a) On 10 February 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 12 March 2023. Despite being fully aware of the Subject Access Request, the Defendant has never made any disclosure as a result of this request. (b) On 26 February 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 28 March 2023. Despite being fully aware of the Subject Access Request, the Defendant has never made any disclosure as a result of this request. (c) On 11 March 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 08 April 2023. The Claimant received data disclosure on 29 March 2023, but only in relation to this third data disclosure request. 4. The Claimant seeks £200 damages for distress caused by virtue of the Defendant's breaches of their statutory duty to disclose personal data, within 30 days, in response to two Subject Access Requests. (a) Purpose of the Subject Access Requests The Claimant made the Subject Access Requests in order to start the process of understanding and resolving problems with his new bank account, which had been caused by the negligence and contractual breaches of the Defendant. The Defendant's negligence/breach of contract are not at the moment a subject of this court action. The failure by the Defendants to conduct the Claimant's account correctly and also to communicate with the Claimant's fairly at all is a breach of the Banking (Conduct of Business) Regulations - BCOBS - which were made pursuant to the Financial Services and Markets Act 2000 - although those breaches are not currently the subject of this present legal action. The Claimant opened a new bank account with the Defendant on 02 February 2023. The account was important to the Claimant because this was his main bank account in which he conducted all of his financial business. It had been the intention of the Claimant to move his banking business to the Defendant’s bank because they offered a £200 reward incentive and cashback on bills. An essential element of the opening of the new account was effectively the transfer of his financial life from his previous bank account to the Defendant’s bank. The Claimant relied on the Defendants use of the Current Account Switch Service (CASS) in order to achieve a seamless transfer and without any disruption to his own life, the life of his creditors or the organisations to whom he was scheduled to make regular payments. The Current Account Switch Service (CASS) is designed to let the customer switch their current account from one bank or building society to another in a simple, reliable and stress-free way. It will only take seven working days. The payments referred too include:- utilities, mobile phone, water, insurance, rent, council tax, tv licence, vehicle road tax. The Defendant failed in their duty to the Claimant in that they failed to issue online banking credentials when the account was opened. The Defendant has admitted this in there complaint response letter dated 21 February 2023. Although the claimant made several phone calls to the Defendant and received undertakings, the Defendant did not remedy there negligent behaviour, and ultimately ended up having to issue online banking credentials on 09 February 2023 (Letter one of two) and 10 February 2021 (Letter two of two), some seven to eight days after the account was opened. (b) The Subject Access Requests Subject Access Request Number One The claimant eventually decided to try and solve the problem himself and began by submitting a Subject Access Request on the 10 February 2023 in order to discover what had happened and to begin the process of sorting out the mess created by the Defendant. The defendant breached their data protection obligations by failing to respond with a statutory disclosure within the statutory time limit of 30 days. Subject Access Request Number Two The claimant made a subsequent Subject Access Request on 26 February 2023. The Defendant breached their data protection obligations a second time by failing to respond with a statutory disclosure within the statutory 30 days. In respect of both Subject Access Requests, the Claimant received no acknowledgement and no question or enquiry from the Defendant. At no point did the Defendant indicate that they required more information in order to satisfy the requirements of the Subject Access Request. At the time that each Subject Access Request was made, the Claimant had satisfied all of the Defendants requirements as to the ascertainment of his identity in that the Claimant responded to all of the Defendants security questions satisfactorily and was then allowed to discuss his account with them on the telephone. Subject Access Request Number Three The Claimant made a third subject access request on 11 March 2023. The Defendant did comply with this subject access request on 29 March 2023. The data which was disclosed as a result of this third Subject Access Request revealed that the Defendant had received the first two Subject Access Requests and had failed to do anything with them. Either the Defendant felt that the Claimant had not satisfied there identity security requirements – despite the fact that they had been happy to speak to him on the telephone about his banking account – or else the request had been incorrectly actioned by staff within the Defendant's business. In neither case did the Defendant take any action to inform the Claimant that his requests had not been correctly actioned and at the point of making the requests he was not asked for additional verification as to identity – although it is submitted that this would have been unnecessary in the circumstances. (c) Particulars of distress This caused extreme anxiety and distress as well as being very time-consuming. The process of having to deal with this has interrupted the Claimant's normal life and routines and has caused particular anxiety and worry about the possibility of direct debits and standing orders not being correctly setup and therefore falling into default with various companies and the risk of resulting negative entries on his credit file. The Claimant’s distress has been exacerbated by the continuing lack of cooperation by the Defendant, the cost of additional correspondence and time spent preparing documents and seeking legal advice.

Santander Executive Office Complaint Response Final Letter - 28-03-23.pdf

- I have sent you an email about this. Hopefully that email and audit trail will jog your memory. It was against Lloyds back in 2018. Lloyds Breach of SAR***Resolved*** - Lloyds Bank - Consumer Action Group

Bristol Civic Justice Centre Claimant name and address xxxxxxxx xxxxxx xx xxxxxx xxxx xxxxxxxxxxx xxxxxxxxxxxxxx xxxx xxx Defendants name and address Santander UK Plc, Santander House, 201 Grafton Gate East, Milton Keynes, MK9 1AN Brief details of claim Damage for distress caused by the defendants data protection breaches of statutory duty Value £235 Particulars of claim 1. The Defendant is a Data Controller within the meaning of the Data Protection Act 2018 and is responsible for the processing of data of which the Claimant is a data Subject. 2. This claim is in relation to two breaches of the Data Protection Act (2018) by the Defendant. (a) Failure to comply with the statutory time limit dated XXX (b) ditto xxxx dated XXX 3. The Defendant has failed to comply with the statutory time limit on two occasions and has therefore committed two breaches of the Data Protection Act (2018). (a) On 10 February 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 12 March 2023. Despite being fully aware of the Subject Access Request, the Defendant has never made any disclosure as a result of this request. (b) On 26 February 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 28 March 2023. Despite being fully aware of the Subject Access Request, the Defendant has never made any disclosure as a result of this request. (c) On 11 March 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 08 April 2023. The Claimant received data disclosure on 29 March 2023, but only in relation to this third data disclosure request. 4. The Claimant seeks £200 damages for distress caused by virtue of the Defendant's breaches of their statutory duty to disclose personal data, within 30 days, in response to two Subject Access Requests. (a) Purpose of the Subject Access Requests The Claimant made the Subject Access Requests in order to start the process of understanding and resolving problems with his new bank account, which had been caused by the negligence and contractual breaches of the Defendant. The Defendant's negligence/breach of contract are not at the moment a subject of this court action. The failure by the defendants to conduct the claimant's account correctly and also to communicate with the claimant fairly all at all is a breach of the Banking (Conduct of Business) Regulations –BCOBS – which were made pursuant to the Financial Services and Markets Act 2000 – although those beaches are not currently the subject of this present legal action The Claimant opened a new bank account with the Defendant on 02 February 2023. The account was important to the Claimant because this was his main bank account in which he conducted all of his financial business. It had been the intention of the Claimant to move his banking business to the Defendant’s bank because they offered a £200 reward incentive and cashback on bills. An essential element of the opening of the new account was effectively the transfer of his financial life from his previous bank account to the Defendant’s bank. The Claimant relied on the Defendants Current Account Switch Service (CASS) in order to achieve a seamless transfer and without any disruption to his own life, the life of his creditors or the organisations to whom he was scheduled to make regular payments. Describe CASS to the extend that it is a schem .... implemented by .... These included:- utilities, mobile phone, water, insurance, rent, council tax, tv licence, vehicle road tax. The Defendant failed in their duty to the claimant in that they failed to issue online banking credentials when the account was opened. Although the claimant made several phone calls to the Defendant and received undertakings, the Defendant did not remedy their negligent behaviour, and ultimately ended up having to issue online banking credentials on 08 February 2023, some six days after the account was opened. (b) The Subject Access Requests Subject Access Request Number One The claimant eventually decided to try and solve the problem himself and began by submitting a Subject Access Request on the 10 February 2023 in order to discover what had happened and to begin the process of sorting out the mess created by the Defendant. The defendant breached their data protection obligations by failing to respond with a statutory disclosure within the statutory time limit of 30 days. Subject Access Request Number Two The claimant made a subsequent Subject Access Request on 26 February 2023. The Defendant breached their data protection obligations a second time by failing to respond with a statutory disclosure within the statutory 30 days. In respect of both Subject Access Requests, the Claimant received no acknowledgement and no question or enquiry from the Defendant. At no point did the Defendant indicate that they required more information in order to satisfy the requirements of the Subject Access Request. At the time that each Subject Access Request was made, the Claimant had satisfied all of the Defendants requirements as to the ascertainment of his identity in that the Claimant responded to all of the Defendants security questions satisfactorily and was then allowed to discuss his account with them on the telephone. Subject Access Request Number Three The Claimant made a third subject access request on 11 March 2023. The Defendant did comply with this subject access request on 29 March 2023. The data which was disclosed as a result of this third Subject Access Request revealed that the Defendant had received the first two Subject Access Requests and had failed to do anything with them. Either the Defendant felt that the Claimant had not satisfied there identity security requirements – despite the fact that they had been happy to speak to him on the telephone about his banking account – or else the request had been incorrectly actioned. In neither case did the Defendant take any action to inform the Claimant or asked for additional verification as to identity – although it is submitted that this would have been unnecessary in the circumstances. (c) Particulars of distress This caused extreme anxiety and distress as well as being very time-consuming. The process of having to deal with this has interrupted the Claimant's normal life and routines and has caused particular anxiety and worry about the possibility of direct debits and standing orders not being correctly setup and therefore falling into default with various companies and the risk of resulting negative entries on his credit file. The Claimant’s distress has been exacerbated by the continuing lack of cooperation by the Defendant, the cost of additional correspondence and time spent preparing documents and seeking legal advice. How did you eventually resolve the matter

Right i see what you mean @BankFodder. I made the SAR because they messed up my account transfer from Current Account Switch Service (CASS).

Ah the light has been shone....................... So the reason for the SAR was that when i first opened my Santander current account (02 February 2023) i didn't receive my Debit Card and PIN or any access to my Online Banking. I tried to cancel the CASS switch until I was in receipt of one or the other, so that I could access my account. Despite being told by a member of Santander that I could cancel the CASS, I was later (several days later) told that I was unable to cancel the CASS and the switch would take place, even though Santander knew i would not have access to my account, as I had no Debit Card and they had failed to send me any online credentials to login to my account. I escalated a complaint about not being able to access my current account due to not having either a Debit Card/PIN or a telephone banking personal ID Number/Temporary Password. They were initially unable to explain how this happened so I asked them for a SAR so I could try and get to the bottom of it. They eventually responded to my complaint letter stating that there was a banking error on their part and the Online Banking credentials were never issued when the account was opened. I have raised around 5 complaints with Santander. Three in relation to failure to comply with my SAR and two around failure to provide me with Online Banking Credentials and poor customer service. I would have already switched to another account by now, but I have to keep this account open until the end of April, so they can pay me a £200 switch incentive. Worse banking experience i have ever had and I've been with many Banks/Building Societies. Not sure how to put that in a short paragraph for the purposes of a PoC. My LBC has tomorrow's date on it, but i am conscious that tomorrow is a Bank Holiday. Should i issue the PoC on MCOL tomorrow or wait until the following working day?

Bristol Civic Justice Centre Claimant name and address xxxxxxxx xxxxxx xx xxxxxx xxxx xxxxxxxxxxx xxxxxxxxxxxxxx xxxx xxx Defendants name and address Santander UK Plc, Santander House, 201 Grafton Gate East, Milton Keynes, MK9 1AN Brief details of claim Damage for distress caused by the defendants data protection breaches of statutory duty Value £235 Particulars of claim 1. The Defendant is a Data Controller within the meaning of the Data Protection Act 2018 and is responsible for the processing of data of which the Claimant is a data Subject. 2. This claim is in relation to two breaches of the Data Protection Act (2018) by the Defendant. (a) Failure to comply with the statutory time limit. 3. The Defendant has failed to comply with the statutory time limit and is therefore in breach of the Data Protection Act (2018). (a) On 10 February 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 12 March 2023. Despite being fully aware of the Subject Access Request, the Defendant has never made any disclosure as a result of this request. (b) On 26 February 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 28 March 2023. Despite being fully aware of the Subject Access Request, the Defendant has never made any disclosure as a result of this request. (c) On 11 March 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 08 April 2023. The Claimant received data disclosure on 29 March 2023, but only in relation to this data disclosure request. 4. The Claimant seeks £200 damages for distress caused by virtue of the Defendant's breaches of their statutory duty to disclose personal data, within 30 days, in response to two Subject Access Requests. (a) The Claimant’s distress has been exacerbated by the continuing lack of cooperation by the Defendant, the cost of additional correspondence and time spent preparing documents and seeking legal advice.

In the Bristol Civic Justice Centre Claimant name and address xxxxxxxx xxxxxx xx xxxxxx xxxx xxxxxxxxxxx xxxxxxxxxxxxxx xxxx xxx Defendants name and address Santander UK Plc, Santander House, 201 Grafton Gate East, Milton Keynes, MK9 1AN Brief details of claim Damage for distress caused by the defendants data protection breaches of statutory duty Value £235 Particulars of claim 1. The Defendant is a Data Controller within the meaning of the Data Protection Act 2018 and is responsible for the processing of data of which the Claimant is a data Subject. 2. This claim is in relation to two breaches of the Data Protection Act (2018) by the Defendant. (a) Failure to comply with the statutory time limit. 3. The Defendant has failed to comply with the statutory time limit and is therefore in breach of the Data Protection Act (2018). (a) On 10 February 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 10 March 2023. The Claimant never received any disclosure as a result of this request. (b) On 26 February 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 27 March 2023. The Claimant never received any disclosure as a result of this request. (c) On 11 March 2023, the Claimant made a request to the Defendant for a statutory data disclosure. The statutory timeframe for compliance was 08 April 2023. The Claimant received data disclosure only in relation to this data disclosure request. 4. By virtue of the Defendant's failure to comply with the Subject Access Request the Claimant has suffered distress.

No worries..........i tried to email you but i'm guessing you must have changed it as I haven't had a reply. I also tried to find the Lloyds Case Thread in the cases won section, but i can't see it in the archive section. The issue we had last time which was picked up on by the Defence was around proving the distress element of £200. Is that an appropriate amount of money to put on the POC for distress? I think it is. I will obviously add the £35 MCOL fee to this too.

No threats my end just promises. Will pin s PoC shortly. If you remember, I got caught out a few years back with the £200 value for claiming distress, so keen to ensure lessons are learned my end.