privacy policy 2020-02-17T13:50:28+00:00

Privacy Notice

Pinnacle Compliance Limited (Companies House Number: 11130515) otherwise known as Pinnacle Compliance Services (referred to as “we”, “us”, or “our”) is committed to protecting and respecting the personal data that we hold. Our registered office is:

Kemp House, 160 City Road, London, United Kingdom, EC1V 2NX

This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves and by others. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting personal data.

The website www.pinnaclecomplianceservices.com is owned and operated by us.

Personal Data

Under the European Union’s General Data Protection Regulation (“GDPR”): personaldata is defined as “any information relating to an identified or identifiable natural person (‘data subject’); by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Who is the Data Controller

A Data Controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. We are the data controller as defined by relevant data protection laws and regulation.

Lawful Processing

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:

(a) Consent: you have given us clear consent for your personal data to be processed for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with us has asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for us to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for our legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

What are your rights in respect of your personal data?

1. The right of access.
2. The right to rectification.
3. The right to erasure or right to be forgotten.
4. The right to restriction of processing.
5. The right to be informed.
6. The right to data portability.
7. The right to object.
8. The right not to be subject to a decision based solely on automated processing.

Under the Data Protection Act 2018 and the GDPR, you may ask for a copy of the information we hold about you and you may request changes be made to this information if it is inaccurate or not up to date. Please send us an email on dataprotection@pinnaclecomplianceservice.com in these circumstances.

Information we may collect from you:

  • We may collect personal information from you in the following ways:
  • When you make a phone call or send an e-mail to seek information about our services;
  • Recruitment and employment, including agents, suppliers and contractors;
  • Through your request for information about our services and related topics and events;
  • Through your registration for events;
  • Through your contacting us with enquiries and comments;
  • Through signing a contract with us at pre-contract, duration of the contract, and post-delivery of the contract stages;
  • If you are a contractor, sub-contractor or an employee of one of our vendors or clients, we may have your data given to us in that capacity. If you take one the steps mentioned above, we may collect and process personal information about you such as:
  • Your full name, office/work/registered company address, email address and other contact information, job title;
  • Records of your correspondence with us, if you have contacted us;
  • Financial information such as your bank account details for payment purposes and

Details of company executives such as proof of identity and address to complete due diligence.

We provide services to individuals as well as organisations. The exact data held will depend on the services to be provided. Where we engage with individuals, we may collect and process personal data in order to satisfy a contractual or operational obligation. We request that individuals only provide the personal data that is required for us to fulfil our contractual or operational
obligation.

Why do we process data

Providing services to you. Data is processed in accordance with the purpose which we have collected it and may sometimes be further clarified in written documentation supplied before any data processing may occur. In order to manage and administer our business and services, we may collect and process personal data. This may include (but is not limited to) maintaining internal business records, managing client relationships, hosting events, administering client facing applications, and maintaining internal operating processes. In order for us to operate effectively, we may from time to time be required to collect and process personal data in order to fulfil regulatory, legal or ethical requirements. This may include (but is not limited to) the verification of identity of individuals or their financial details, for example when we are audited by the HMRC or other regulators.

How long do we hold data for

We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected, there may also be occasions which will require data to be kept for longer, however this will typically be for legal purposes.

People who use our website

Our website does not use cookies and we do not collect any information from our website visitors. Further, our website does not use plug ins and is not linked to any other website or platform.

Sharing personal data

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards. Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal
rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Where we store your personal data:

The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that we have instructed. If Personal Data is transferred outside the UK or the EEA to a country without a designated adequacy rating we will request the data subject’s consent before processing the data. Consent will not be sought where the Processor’s Binding Corporate Rules stipulate that the data will be processed in accordance with the GDPR.

Comments, Concerns and Complaints

You can always contact us on dataprotection@pinnaclecomplianceservices.com to raise any concerns, comments or complaints you may have.

For further information on your rights, independent free advice and how to complain to the ICO, please refer to the ICO website
https://ico.org.uk/concerns

Contact details
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate)

Changes to our privacy statement

Updates to this privacy statement will appear on the website. This privacy statement was last updated on 12/02/2020.