burger icon
Pinnacle United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Pinnacle, as operated for the Pinnacle project on pinnecler.com, collects, uses, discloses, and protects your personal data. It applies to players, prospective players, and other visitors who access or use pinnecler.com in connection with Pinnacle. By setting out what data we OBSERVE, how we EXPAND its use for defined purposes, and how we REFLECT your rights and safeguards, this Privacy Policy is intended to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and relevant e-privacy rules. This Privacy Policy is effective and Last Updated as of January 2026.

Who We Are

For the Pinnacle project, the online betting services available through pinnecler.com are provided under the Pinnacle brand by Impyrial Holdings Ltd (the "Company", "we", "us", "our"). Impyrial Holdings Ltd operates Pinnacle-branded services under, among others, Curacao licence number 8048/JAZ2013-013 and Malta Gaming Authority licence MGA/B2C/290/2015. Great Britain is identified as a restricted territory in the global terms and conditions for Pinnacle, and Impyrial Holdings Ltd does not hold a licence from the UK Gambling Commission. As a result, users in the United Kingdom do not benefit from UKGC protections, GamStop, or IBAS when using pinnecler.com.

Impyrial Holdings Ltd is the data controller for personal data processed in connection with pinnecler.com for Pinnacle. The Company is established outside the United Kingdom (including in Malta and Curacao), and its current registered office and contact details are published on its official sites, including pinnacle.com.

For privacy matters, you can contact our data protection team using the following channels:

  • Email: privacy@pinnecler.com (or via any privacy-specific email address published on pinnecler.com)
  • Online form: through the "Contact Us" or equivalent form made available on pinnecler.com
  • Postal address: marked "Data Protection Officer - Impyrial Holdings Ltd", to the registered office address as published from time to time on pinnacle.com

Where required, Impyrial Holdings Ltd appoints a Data Protection Officer or a designated data protection representative who can be reached via the contact details above, and who is responsible for supervising compliance with this Privacy Policy and applicable data protection laws.

What Personal Data We Collect

We OBSERVE and collect different categories of personal data when you visit and use pinnecler.com in connection with Pinnacle, register an account, or interact with us. We EXPAND this information only for explicit, lawful purposes described in this Privacy Policy and REFLECT it in our records in a structured and secure way.

Identification and Contact Data

  • Account and identity data: full name, date of birth, nationality, country of residence, username, password or other login credentials, security questions and answers.
  • Contact data: email address, telephone number, preferred language, and any other contact details you provide (for example, via customer support or complaint forms).
  • Verification data: copies or details of identity documents, proof of address, source-of-funds information, and other KYC/AML documentation required by law or our licensing conditions.

Technical and Device Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, time zone setting, and other technical data relating to the devices you use to access pinnecler.com.
  • Usage and log data: login and logout timestamps, pages viewed, links clicked, referring URLs, error logs, and similar diagnostic information collected by our servers and security systems.

Financial and Transaction Data

  • Payment information: partial payment card details (masked where possible), e-wallet identifiers, bank account details (where necessary), transaction identifiers, and payment history.
  • Betting and gaming data: deposits, withdrawals, stakes, bets placed, game sessions, wins and losses, bonuses and promotions used, and related transactional details.

Behavioral and Profile Data

  • Behavioral data: your betting history, frequency and duration of play, selections, preferences, and interactions with features of the site.
  • Profile and segmentation data: responsible gambling risk indicators, marketing preferences, and analytic profiles derived from your interactions with pinnecler.com for Pinnacle.

Communications and Support Data

  • Communications content: records of emails, live chat, messages, and calls (where recorded) between you and us, including complaints, feedback, and responsible gambling interactions.
  • Documentation you submit: any additional information or attachments you provide to us for support, dispute resolution, or verification purposes.

Cookies and Similar Technologies

  • Cookie data: unique identifiers stored in cookies, web beacons, pixel tags, local storage, and similar technologies used on pinnecler.com.
  • Third-party tracking data: information collected by approved analytics or advertising partners (where permitted) about your use of the site, such as pages visited and actions taken.

Legal Basis for Processing

We process your personal data only where we have a lawful basis under UK GDPR and, where relevant, other applicable data protection laws. We OBSERVE the legal grounds applicable to each purpose, EXPAND them to cover the processing operations we perform, and REFLECT them in our internal records of processing activities.

  • Performance of a contract: We process your data where it is necessary to enter into and perform the contract between you and us, including:
    • creating and managing your player account on pinnecler.com for Pinnacle,
    • processing deposits, bets, and withdrawals,
    • providing customer support and resolving operational issues, and
    • delivering the services and functionalities you request.
  • Compliance with legal obligations: We process your data to comply with legal and regulatory requirements, including:
    • know-your-customer (KYC) and anti-money laundering (AML) obligations,
    • sanctions and politically exposed person (PEP) screening where required,
    • bookkeeping, tax, and regulatory reporting duties in relevant jurisdictions (including Curacao and Malta), and
    • responding to lawful requests from competent authorities and courts.
  • Legitimate interests: We process data where it is necessary for our legitimate interests, provided these are not overridden by your rights and freedoms. These interests include:
    • preventing and detecting fraud, abuse, and security incidents,
    • protecting the integrity of our betting markets and systems,
    • improving the performance and usability of pinnecler.com,
    • performing internal analytics, reporting, and service optimization, and
    • defending our legal rights and handling disputes.
  • Consent: In specific situations, we rely on your explicit consent, such as:
    • sending you certain types of electronic direct marketing communications,
    • using non-essential cookies or similar technologies for analytics or advertising purposes, and
    • sharing data with certain third-party partners for marketing or personalization where required by law.

    You may withdraw your consent at any time as described in the "Your Rights" and "Cookies & Tracking Technologies" sections. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

  • Protection of vital interests and public interest: In rare cases, we may process data to protect your vital interests or those of others, or where processing is necessary in the public interest under applicable laws.

Purpose of Processing

We OBSERVE the reasons for which your data is collected, EXPAND them into clearly defined processing purposes, and REFLECT them through specific operational controls.

  • Provision of services: To register and manage your account on pinnecler.com for Pinnacle, enable you to place bets and use gaming services, verify your identity and age, process payments, administer bonuses, and provide customer support.
  • Legal and regulatory compliance: To comply with KYC/AML requirements, licensing conditions in Curacao and Malta, responsible gambling rules, record-keeping duties, tax and financial regulations, and lawful requests from competent authorities in relevant jurisdictions.
  • Risk management and fraud prevention: To detect, prevent, and investigate fraud, money laundering, match-fixing, bonus abuse, and other prohibited conduct, including by monitoring betting patterns, device fingerprints, log-in behaviours, and transaction anomalies.
  • Service improvement and analytics: To analyse how users interact with pinnecler.com, assess performance and stability, identify usability issues, and develop new features, products, and services, including through aggregated or pseudonymised data.
  • Marketing and personalization: To send you permitted marketing communications (subject to consent or legitimate interest), tailor content, offers and recommendations related to Pinnacle on pinnecler.com, and measure the effectiveness of campaigns.
  • Responsible gambling: To monitor betting behaviour, apply limits or self-exclusion where requested or required, carry out affordability or risk assessments where appropriate, and contact you proactively where risk indicators are observed.
  • Dispute resolution and enforcement: To handle complaints, resolve disputes, enforce our terms and conditions, manage chargebacks, and defend or assert legal claims in any relevant jurisdiction.
  • Security and integrity: To secure our systems, prevent unauthorised access, conduct security audits, and ensure the technical and organisational integrity of pinnecler.com and related services.

Disclosure & Sharing

We OBSERVE the need to share personal data only where necessary, EXPAND sharing arrangements through appropriate contracts and safeguards, and REFLECT transparency by explaining with whom and why we share your information. We do not sell your personal data.

Service Providers and Technical Partners

  • Payment processors and banks: To process deposits, withdrawals, refunds, and chargebacks, we share relevant identification, transaction, and verification data with payment gateways, banks, and financial institutions.
  • IT and hosting providers: We use third-party hosting, cloud, and IT service providers to operate pinnecler.com, store data, manage backups, and provide technical support. These providers act as processors and are bound by confidentiality and data protection obligations.
  • Security and anti-fraud tools: We may share limited data with providers of fraud detection, identity verification, risk scoring, and security solutions to protect the integrity of our services.

Corporate Group, Affiliates, and Partners

  • Group companies and affiliates: Where relevant, we may share data with entities within the wider Pinnacle corporate group (operating under Impyrial Holdings Ltd) for operational support, consolidated reporting, and internal controls, always in connection with pinnecler.com and Pinnacle.
  • Marketing and affiliate partners: With your consent where required, we may share limited data (such as pseudonymised identifiers or transaction indicators) with marketing networks, affiliate partners, and analytics providers that help us measure and improve the performance of campaigns relating to pinnecler.com.
  • Brokers and intermediaries: If you access our services via a broker or intermediary, that third party may be independently responsible for your data under its own licence (often also in Curacao). In such cases, relevant data may be exchanged between us and the broker for verification, risk management, and settlement purposes.

Authorities and Regulators

  • Regulatory and licensing bodies: We may disclose data to regulators and supervisory authorities in Curacao, Malta, or other relevant jurisdictions to comply with licence conditions, audits, investigations, or reporting duties.
  • Law enforcement and courts: Where required by law or necessary to protect our rights or the rights of others, we may share data with law enforcement agencies, courts, and legal advisers.

Business Transactions

  • Corporate restructuring: In the event of a merger, acquisition, reorganisation, or sale of assets, relevant personal data may be transferred to the acquiring or successor entity, subject to appropriate safeguards and continued compliance with applicable data protection laws.

In all cases, we limit the data shared to what is strictly necessary, ensure that recipients are subject to appropriate confidentiality and data protection obligations, and maintain records of disclosures in line with our legal obligations.

International Transfers

Because Impyrial Holdings Ltd is established outside the United Kingdom and operates under licences in Curacao and Malta, your personal data may be processed and stored in countries that do not provide the same level of data protection as the UK. We OBSERVE these cross-border risks, EXPAND protective measures using legally recognised transfer tools, and REFLECT them in our contractual arrangements.

  • Transfers within the EEA and to Malta: Where data is transferred between the UK and the European Economic Area (EEA), including Malta, we rely on relevant adequacy regulations or UK-approved safeguards to ensure an equivalent level of protection.
  • Transfers to Curacao and other third countries: When personal data is transferred to Curacao or any other country that is not subject to an adequacy regulation, we implement appropriate safeguards such as:
    • UK-approved or EU standard contractual clauses (SCCs) supplemented where necessary by additional technical and organisational measures,
    • strict access controls and encryption of data in transit and at rest, and
    • detailed data processing agreements with our service providers and partners.
  • Access from other jurisdictions: Our staff, group companies, and service providers may access data from different locations worldwide, strictly on a need-to-know basis and subject to contractual and organisational safeguards.
  • Information for UK data subjects: You may request further details of the safeguards we use for international transfers (including copies of standard contractual clauses) by contacting us using the details in the "Complaints & Contacts" section, subject to redactions for commercial or security reasons.

Data Retention

We OBSERVE the retention requirements imposed by law and our operational needs, EXPAND them into concrete retention schedules for different data categories, and REFLECT them by securely deleting or anonymising data when no longer required. We retain personal data for no longer than necessary for the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements.

  • Account and identification data: Core account data, identity verification records, and KYC/AML documentation are typically retained for the duration of your relationship with us and for up to five (5) to seven (7) years after account closure or your last transaction, as required by applicable anti-money laundering and regulatory rules in relevant jurisdictions (including Curacao and Malta).
  • Betting, gaming, and transaction data: Betting history, transaction records, and related logs are generally retained for up to seven (7) years after the transaction or account closure, to comply with financial, regulatory, and dispute-resolution requirements.
  • Technical and security logs: Security logs, device identifiers, and access logs are retained for shorter periods where possible (for example, from several months up to two (2) years), unless a longer retention is necessary for security investigations or legal proceedings.
  • Marketing and communication data: Records of marketing preferences and communications are retained during the period in which you have not withdrawn consent or objected, and for a limited period thereafter to demonstrate compliance with your choices.
  • Complaint and dispute records: Complaints, support tickets, and dispute files are usually retained for up to seven (7) years after closure of the case, or longer where necessary to establish, exercise, or defend legal claims.

When data is no longer required for the purposes described above, we will either securely delete it or irreversibly anonymise it so that it no longer constitutes personal data. Where deletion is not possible in the short term due to technical or operational constraints, we will isolate and securely store the data until deletion is feasible.

Your Rights

We OBSERVE your rights as a data subject, EXPAND them into concrete procedures, and REFLECT them in how we respond to your requests. If you are located in the UK, your rights arise primarily under UK GDPR and the Data Protection Act 2018. Where relevant, similar rights are recognised under Mexican privacy law, including the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP).

Data Protection Rights

  • Right of access: You have the right to obtain confirmation as to whether we process your personal data and, if so, to request a copy of your data and additional information about our processing.
  • Right to rectification: You may request correction of inaccurate or incomplete personal data. In many cases, you can update certain details directly in your account on pinnecler.com.
  • Right to erasure: You may request deletion of your personal data where, for example, the data is no longer necessary, you have withdrawn consent, or you validly object to processing. This right is subject to legal retention obligations (for example, KYC/AML requirements).
  • Right to restriction: You may request that we restrict the processing of your data in certain circumstances, such as while we verify its accuracy or assess an objection.
  • Right to object: You may object to processing based on legitimate interests, including profiling, on grounds relating to your particular situation. You always have the right to object to direct marketing, including profiling related to such marketing.
  • Right to data portability: Where processing is based on consent or contract and carried out by automated means, you may request your personal data in a structured, commonly used, and machine-readable format, and have it transmitted to another controller where technically feasible.
  • Right to withdraw consent: Where we rely on your consent (for example, for certain marketing communications or cookies), you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

Mexican Privacy Law Alignment

For users whose data may be subject to Mexican privacy law, similar rights typically recognised include access, rectification, cancellation, and opposition (ARCO rights). We aim to align our procedures so that you can exercise these rights in a manner consistent with both UK GDPR and applicable Mexican data protection requirements.

How to Exercise Your Rights

  • Submission of requests: You may exercise your rights by contacting us using the details provided in the "Complaints & Contacts" section, clearly indicating your identity, the right you wish to exercise, and, where applicable, the data or processing activities concerned.
  • Verification: To protect your privacy, we may need to request additional information to verify your identity before acting on your request.
  • Response time: We will respond to your request without undue delay and in any event within one (1) month of receipt. This period may be extended by up to two (2) further months where necessary, taking into account the complexity and number of requests. If we extend the period, we will inform you of the reasons.
  • Fees: Requests are generally handled free of charge. However, where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee or refuse to act on the request, in accordance with the law.
  • Limitations: Certain rights may be limited, for example where processing is necessary to comply with legal obligations, for the establishment, exercise, or defence of legal claims, or for reasons of important public interest.

Cookies & Tracking Technologies

We OBSERVE how cookies and similar technologies are used on pinnecler.com, EXPAND them into categories with defined purposes, and REFLECT them in your ability to control their use. Cookies are small text files placed on your device that help the site function and provide information to us.

Types of Cookies We Use

  • Strictly necessary cookies: Session or persistent cookies that are essential for the operation of pinnecler.com, such as enabling navigation, account login, and secure payment processing. These cookies are required for the service and cannot be switched off through our interface.
  • Functional cookies: Cookies that remember your choices and preferences (such as language, region, or display settings) to provide a more personalised experience.
  • Analytics and performance cookies: First-party or third-party cookies that help us understand how visitors use pinnecler.com, measure performance, and improve our services. For example, they may collect information about pages visited, time spent on the site, and error messages.
  • Advertising and targeting cookies: Cookies used, where permitted, to deliver relevant advertising, measure campaign effectiveness, and limit the number of times you see the same advertisement. These may be set by us or our approved advertising partners and networks in connection with pinnecler.com and Pinnacle.

Managing Cookies

  • Browser settings: Most browsers allow you to manage cookies through their settings, including blocking or deleting cookies. However, disabling certain cookies may affect the functionality and performance of pinnecler.com.
  • Internal controls: Where available, we provide cookie banners or preference centres on pinnecler.com that allow you to consent to or reject non-essential cookies (such as analytics and targeting cookies).
  • Withdrawal of consent: If we rely on consent for cookies or similar technologies, you may withdraw your consent at any time via our cookie management tools or by adjusting your browser settings. This will not affect the lawfulness of processing prior to withdrawal but may impact your user experience.

Data Security

We OBSERVE the sensitivity of the data we handle, EXPAND our security programme to address evolving threats, and REFLECT these measures in concrete technical and organisational controls. While no system can be completely secure, we implement security safeguards designed to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

  • Encryption: We use industry-standard transport layer security (TLS 1.2 or higher) to protect data in transit between your device and our servers. Where appropriate, we apply strong encryption to data at rest, including financial and authentication information.
  • Access controls: Access to personal data is restricted to authorised personnel who need it for their job duties, based on role-based access controls, authentication mechanisms, and, where applicable, multi-factor authentication.
  • Network and infrastructure security: We deploy firewalls, intrusion detection and prevention systems, DDoS mitigation measures, and other security technologies to protect the infrastructure supporting pinnecler.com.
  • Secure development and testing: We follow secure development practices, including code reviews, testing, and vulnerability assessments, to reduce security risks in our applications and systems.
  • Monitoring and audits: We monitor our systems for suspicious activities and conduct regular security assessments and, where appropriate, independent audits. We seek to align our controls with recognised security standards such as ISO 27001 or SOC 2 where feasible and appropriate.
  • Staff training: Employees and contractors who handle personal data receive training on data protection, security, and confidentiality obligations, and are subject to disciplinary measures for non-compliance.
  • Incident response: We maintain incident response procedures to identify, assess, and respond to suspected data breaches. Where required by law, we will notify relevant supervisory authorities and affected individuals without undue delay.

Complaints & Contacts

We OBSERVE the importance of transparent and accessible complaint mechanisms, EXPAND them into clear procedural steps, and REFLECT them by offering multiple channels and escalation paths.

Contacting Us

  • Primary contact: For questions, concerns, or complaints about this Privacy Policy or our data practices in relation to pinnecler.com and Pinnacle, you can contact our data protection team or DPO at:
    • Email: privacy@pinnecler.com
    • Online form: via the "Contact Us" or equivalent page on pinnecler.com
    • Postal: "Data Protection Officer - Impyrial Holdings Ltd" at the registered office address published on pinnacle.com

Complaint Procedure

  1. Submission: Send us a clear description of your complaint, including any relevant supporting documentation and your preferred contact details.
  2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable and, where possible, within a few working days.
  3. Assessment and investigation: We will investigate the matter, which may include reviewing system logs, consulting relevant teams, and, where necessary, requesting additional information from you.
  4. Response timeframe: We aim to provide a substantive response within one (1) month of receiving your complaint. If your complaint is particularly complex or numerous, we may extend this period in line with applicable data protection laws and will inform you of the extension and reasons.
  5. Outcome and remedies: We will explain the outcome of our investigation and, where appropriate, the corrective measures or remedies we will implement.

Escalation to Supervisory Authorities

  • UK data protection authority: If you are in the UK and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). Details on how to do so are available at www.ico.org.uk.
  • Mexican data protection authority: Where Mexican data protection law applies, you may lodge a complaint with the competent authority, currently the National Institute for Transparency, Access to Information and Personal Data Protection (INAI), in accordance with applicable procedures.
  • Other supervisory authorities: If you are located in another jurisdiction where a different data protection authority is competent, you may have the right to lodge a complaint with that authority. We will identify the appropriate authority upon request.

Lodging a complaint with a supervisory authority does not affect any other administrative or judicial remedies you may have.

Updates

We OBSERVE changes in our services, legal obligations, and industry practices, EXPAND our Privacy Policy to reflect them, and REFLECT transparency by clearly communicating updates.

  • Changes to this Privacy Policy: We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or technical developments relating to pinnecler.com and Pinnacle.
  • Notification methods: When we make material changes, we will take appropriate steps to notify you, which may include:
    • email notifications to the address associated with your account,
    • prominent notices or banners on pinnecler.com, and
    • alerts or messages in your account dashboard.
  • Advance notice: Where feasible and required by law, we will provide at least thirty (30) days' advance notice of significant changes that materially affect your rights or the way we process your data, so that you have time to review the changes.
  • Your options: If you do not agree with the updated Privacy Policy, you may close your account and stop using pinnecler.com. Continued use of the services after the effective date of an updated Privacy Policy will constitute your acceptance of the changes.
  • Version control: The "Last Updated" date at the beginning of this Privacy Policy indicates when it was most recently revised. We may keep an internal record or changelog of material changes and will provide further information upon reasonable request.