top of page

Data Protection Policy

Updated April 2026

1. Purpose

This Data Protection Policy sets out how Pinnacle Capital Ltd ("Pinnacle Capital", "we", "us") collects, handles, stores, and protects personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to all personal data processed by Pinnacle Capital in connection with its business activities, including data relating to investors, clients, enquirers, counterparties, and website visitors.

3. Data Protection Principles

We are committed to ensuring that all personal data we process is:

  • Processed lawfully, fairly, and transparently

  • Collected for specified, explicit, and legitimate purposes

  • Adequate, relevant, and limited to what is necessary

  • Accurate and kept up to date

  • Retained only for as long as necessary

  • Processed securely, with appropriate technical and organisational safeguards

 

4. Data Controller

Pinnacle Capital Ltd is the data controller for all personal data processed in connection with this website and the firm's business activities. The individual responsible for data protection compliance is the Managing Director.

For data protection enquiries: info@pinnaclecapital.vc

 

5. Categories of Personal Data Processed

We process the following categories of personal data in the course of our business:

  • Name, contact details, and professional information of investors, clients, and counterparties

  • Investor classification and suitability information

  • Transaction and communication records

  • Website usage and technical data

 

We do not process special category data in the ordinary course of our business.

 

6. Lawful Basis for Processing

We identify and document the appropriate lawful basis for each processing activity. The primary bases on which we rely are:

  • Legitimate interests — for investor relationship management and business development

  • Contractual necessity — for the performance of advisory agreements and transaction-related activities

  • Legal obligation — for compliance with applicable regulatory and legal requirements

  • Consent — for marketing communications, where required

 

7. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include:

  • Restricted access to personal data on a need-to-know basis

  • Secure email and document management practices

  • Regular review of data handling procedures

  • Due diligence on third-party processors to ensure equivalent standards

 

In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and affected individuals where required.

 

8. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, and in accordance with applicable legal and regulatory requirements. Our retention schedule is reviewed annually.

 

As a general guideline:

  • Investor and client records: 6 years from the end of the relationship

  • Enquiry and correspondence records: 3 years

  • Website technical data: 12 months

 

9. Data Subject Rights

We respect and uphold the rights of individuals under UK GDPR. These rights, and how to exercise them, are set out in our Privacy Policy. All requests are handled by the Managing Director and responded to within the statutory timeframe of one calendar month.

 

10. Third-Party Processors

Where we engage third parties to process personal data on our behalf, we conduct appropriate due diligence and ensure that a data processing agreement is in place in accordance with UK GDPR requirements. We do not permit third-party processors to use personal data for their own purposes.

 

11. International Data Transfers

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including reliance on adequacy decisions or the use of the International Data Transfer Agreement (IDTA) as required.

 

12. Policy Review

This policy is reviewed annually, or sooner in the event of material changes to applicable legislation or our business activities. The most recent review date is noted at the top of this document.

 

13. Regulatory Authority

The supervisory authority for data protection in the UK is the Information Commissioner's Office (ICO): www.ico.org.uk | 0303 123 1113

  • LinkedIn

Pinnacle Capital Ltd is an affiliated company to Leela Capital Advisory LLP (FRN: 965058), an Appointed Representative of Leela Regulatory Solutions Limited, which is authorised and regulated by the Financial Conduct Authority (FRN: 845185). Leela Regulatory Solutions Limited is incorporated in England and Wales, company number 10161396, registered office C/O Beavis Morgan, 82 St John Street, London, EC1M 4JN. 

Part of the Pinnacle Global Group of Companies

© 2024-2026 by Pinnacle Capital Ltd

bottom of page