Privacy Policy

Last updated: 1st July 2025

1. Data Controller

Philip Agenmonmen

Pinnacle Prompts

Email: philip@pinnacleprompts.com

You ('you' or 'data subject') are obtaining services from, and interacting with, the data controller: Philip Agenmonmen, sole trader based in the U.K.

2. Personal Data We Collect

Contact & identity: name, title, email address, telephone number, postal address.

Professional data: company name, job title, project details, technical requirements.

Transactional data: invoices, payment records, quotes.

Technical/website data: IP address, cookies, usage logs, analytics (e.g. Google Analytics).

Communications: emails, meeting notes, recorded demos or calls (if consented).

3. How We Obtain Your Data

Directly from you on inquiry forms, contracts, meetings or calls.

From publicly available sources (e.g. LinkedIn) or referrals.

Website cookies/analytics when you visit our site.

4. Purposes of Processing & Legal Bases

We process your data for the following purposes and legal bases:

To communicate and deliver consultancy services - Based on performance of contract (Art. 6(1)(b) GDPR)

To issue invoices, process payments and accounting - Based on legal obligation (Art. 6(1)(c) GDPR)

To send project updates, proposals or marketing - Based on legitimate interests (Art. 6(1)(f) GDPR)*

To respond to enquiries and manage relationships - Based on legitimate interests (contract negotiation)

To maintain website functionality and analytics - Based on consent (Art. 6(1)(a) GDPR) and/or legitimate interests (site optimization)

You may opt out of marketing communications at any time.

5. Data Sharing & Third-Party Processors

Accountants/bookkeepers for statutory record-keeping.

Payment processors (e.g. Stripe, PayPal).

Hosting/IT providers for email, website and data storage.

Analytics providers (e.g. Google Analytics).

All processors are bound by data-processing agreements requiring GDPR/DPA 2018 compliance.

6. International Transfers

If data is transferred outside the U.K. or EEA (e.g. U.S.-based cloud services), we ensure adequate safeguards (e.g. Standard Contractual Clauses).

7. Data Retention

Contractual/project data: retained for 6 years after project completion to comply with U.K. tax and statutory obligations (per DPA 2018).

Marketing data: retained until you unsubscribe.

Website analytics: anonymised or deleted after 26 months.

8. Your Rights under GDPR & DPA 2018

You have the right to:

Access your personal data (Art. 15 GDPR)

Rectify inaccuracies (Art. 16)

Erasure ('right to be forgotten') (Art. 17)

Restrict processing (Art. 18)

Data portability (Art. 20)

Object to processing (Art. 21)

Withdraw consent at any time (where processing is consent-based)

To exercise any right, contact us at the email above. We will respond within one month (extended by two months in complex cases).

9. Security Measures

We implement technical and organisational measures where appropriate, including:

Encryption of devices and data in transit.

Regular backups.

Access controls (password-protected systems, MFA).

Staff training (if applicable).

10. Changes to This Policy

We may amend this policy to reflect changes in law or business practice. The 'Last updated' date will reflect the latest revision. Significant changes will be notified via email or website banner.

11. Contact & Complaints

For queries or complaints about this policy or our data handling, please contact:

Philip Agenmonmen – philip@pinnacleprompts.com

If you remain dissatisfied, you have the right to lodge a complaint with the U.K. Information Commissioner's Office (ICO) at ico.org.uk.

End of Policy