Privacy Policy
2025
2025
Introduction
Pinnacle Performance Company (Academy) [Pinnacle] needs togather and use certain information about individuals. These can includecustomers, suppliers, business contacts, employees, and other people the organizationhas a relationship with or may need to contact.
This policy describes how personal data must be collected,handled, and stored to meet Pinnacle’s data protection standards and to complywith applicable laws.
This policy describes how personal data must be collected,handled, and stored to meet Pinnacle’s data protection standards and to complywith applicable laws.
Why This Policy Exists
This data protection policy ensures Pinnacle:
- Complies with data protection law and follows good practice
- Protects the rights of staff, customers and partners
- Is transparent about how it stores and processes individuals’ data.
- Protects itself from the risks of a data breach
Data Protection Law
Pinnacle adheres to applicable data protection laws and follows internationally recognized security standards, including ISO 27001, to ensure data is handled responsibly and securely.
To comply with legal and ethical obligations, personal information must be:
To comply with legal and ethical obligations, personal information must be:
- Obtained only for specific, lawful purposes
- Adequate, relevant and not excessive
- Accurate and kept up to date
- Not be held for longer than necessary
- Processed fairly, securely, and in accordance with individuals’ rights.
Policy Scope
This policy applies to:
- The head office of Pinnacle.
- All branches of Pinnacle.
- All staff and volunteers of Pinnacle.
- All contractors, suppliers and other people working on behalf of Pinnacle.
It applies to all personal data the company holds, including:
- First name and last name.
- Email addresses.
- Any additional information provided by the individual during interactions with Pinnacle.
Data Protection Risks
This policy helps protect Pinnacle from security risks, including:
- Breaches of confidentiality – e.g., unauthorized disclosure of personal data.
- Reputational damage – e.g., data breaches leading topublic loss of trust.
- Legal and financial risks – e.g., failure to comply with contractual or regulatory obligations.
Responsibilities
Everyone at Pinnacle is responsible for ensuring data is collected, stored, and handled appropriately. However, key responsibilities include:
VP of Operations, Connor McNamara
- Ensures all systems, services, and equipment used for storing data meet security standards, including Multi-Factor Authentication (MFA) and encryption.
- Conducts regular security checks and audits to ensure compliance with ISO 27001.
- Evaluates third-party services for secure data processing.
- Handles external data protection queries, including those from media and legal entities.
General staff guidelines:
- Access to personal data is limited to authorized personnel only.
- Data shouldneverbe sharedinformally.
- Employees are trained to handle data securely.
- Where MFA is not available, strong passwords are mandatory and must not be shared.
- Personal data must be reviewed and updated regularly and deleted if no longer needed.
Data Storage & Security
Pinnacle follows ISO 27001 security practices to ensure data security, including:
- Electronic Data: Stored on encrypted servers with Multi-Factor Authentication (MFA) enabled.
- Paper Records: Kept in locked, restricted-access storage.
- Data Backups: Performed regularly and tested for integrity.
- Access Controls: Only designated personnel have access to sensitive data.
Data Use
- Employees must lock their screens when leaving their workstations.
- Personal data must never be shared via insecure channels, such as email.
- Employees should not save copies of personal data on personal devices.
Data Accuracy
Pinnacle takes reasonable steps to ensure stored data is accurate and up to date.
- Data is reviewed regularly for accuracy.
- Outdated or incorrect data is deleted or corrected.
- Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.
Subject access requests
All individuals who are the subject of personal data held by Pinnacle are entitled to:
- Ask what information the company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
If an individual contacts the company requesting this information, this is called a subject access request. Subject access requests from individuals should be made by email, addressed to the data controller at operations@pinper.com.
The data controller will always verify the identity of anyone makinga subject access request beforehanding over any information
Disclosing data for other reasons
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, Pinnacle will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.
Providing information
Pinnacle aims to ensure that individuals are aware that their data is being processed, and that they understand:
- How the data is being used
- How to exercise their rights
To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the company.
Address questions or requests to: operations@pinper.com