Data Ownership & Client Rights

Last Updated on June 30, 2026

At Pinnacle Alliances, data ownership, confidentiality, transparency, and responsible data handling are fundamental principles of our operations. As a boutique talent acquisition and recruitment firm, we understand that clients and candidates entrust us with sensitive business, hiring, and personal information.

This page explains how data ownership is maintained, how information is processed and protected, and the rights, controls, and responsibilities clients retain throughout the data lifecycle and service engagement process.

Purpose of This Document

This Data Ownership & Client Rights statement is intended to:

  • Affirm exclusive Client ownership of all Client Data and related information;
  • Define the legal and operational role of Pinnacle Alliances when processing data;
  • Explain how data is accessed, handled, protected, retained, and securely deleted;
  • Describe Client rights, responsibilities, and controls under applicable U.S. laws and contractual agreements;
  • Support enterprise due-diligence reviews, audits, vendor assessments, and compliance processes;
  • Promote transparency, accountability, and clear data governance practices.

Definitions

For purposes of this document:

  • "Client Data" means all information, records, credentials, documents, communications, files, recruitment materials, system access, and related data provided to or accessed by Pinnacle Alliances on behalf of a Client.
  • "Personal Information" shall have the meaning assigned under applicable United States privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
  • "Processing" includes the collection, access, storage, organization, use, transmission, disclosure, retention, and deletion of data or information.
  • "Client" means any organization, business, or individual engaging the services of Pinnacle Alliances.

This policy applies regardless of data format, storage medium, communication method, or processing environment.

Absolute Client Ownership of Data

Ownership Principle

All Client Data remains the exclusive legal and beneficial property of the Client at all times.

Pinnacle Alliances:

  • Does not acquire ownership, licensing, or intellectual property rights in Client Data;
  • Does not assert any lien, claim, or security interest over Client Data;
  • Does not classify or treat Client Data as a corporate or commercial asset.

Client ownership rights are not affected by:

  • Data hosting or storage location;
  • Use of authorized third-party platforms or systems;
  • Duration of services or business engagement;
  • Suspension, termination, or expiration of agreements.

No Commercial Exploitation

Pinnacle Alliances expressly commits that Client Data will never be:

  • Sold, rented, or commercially traded;
  • Shared for commercial monetization purposes;
  • Used for advertising or unrelated marketing activities;
  • Used to train artificial intelligence or analytics models unrelated to authorized service delivery;
  • Combined with data belonging to other Clients;
  • Used beyond Client-authorized purposes or contractual instructions.

Role of Pinnacle Alliances

Service Provider / Processor Role

When handling Client Data, Pinnacle Alliances acts strictly as:

  • A Service Provider / Contractor under applicable CCPA / CPRA requirements; and
  • A data processor under applicable contractual and service arrangements.

Pinnacle Alliances:

  • Processes Client Data only in accordance with documented Client instructions;
  • Does not independently determine the purpose or lawful basis of processing;
  • Does not independently decide how or why Client Data is used beyond authorized Services.

The Client remains the sole data owner and controller at all times.

No Independent Rights

Pinnacle Alliances has no independent right to:

  • Retain Client Data beyond legitimate service or legal requirements;
  • Reuse Client Data for unrelated internal or commercial purposes;
  • Disclose Client Data except where authorized by the Client or required by law.

Permitted Purposes of Processing

Client Data may be processed only for:

  • Delivering agreed recruitment, staffing, and talent acquisition services;
  • Executing Client-authorized workflows, hiring processes, and operational tasks;
  • Communicating with Client-designated representatives and stakeholders;
  • Fulfilling contractual, business, and service obligations;
  • Complying with applicable United States laws and regulatory requirements.

Any processing beyond these authorized purposes requires explicit written authorization from the Client.

Client Control & Instructions

Clients retain full ownership, authority, and control over Client Data, including the right to:

  • Define what information and data is shared;
  • Limit or restrict the scope of data processing activities;
  • Approve, restrict, or prohibit specific tools, systems, or platforms;
  • Modify, suspend, or revoke access permissions at any time;
  • Issue binding instructions regarding the handling, processing, retention, or deletion of Client Data.

Pinnacle Alliances implements Client instructions in good faith and within reasonable operational and contractual requirements.

Access Control & Internal Limitations

Within Pinnacle Alliances:

  • Access to Client Data is strictly role-based and authorized;
  • Only assigned and approved personnel may access Client information;
  • Access permissions are limited to what is necessary for authorized job responsibilities and task performance;
  • Access activities may be logged, monitored, and periodically reviewed for security and compliance purposes;
  • Access rights are promptly revoked when no longer required or upon termination of engagement.

Unauthorized access, misuse, disclosure, or handling of Client Data is strictly prohibited and may result in disciplinary action, termination of access, or legal consequences where applicable.

Client Access, Visibility & Portability

Access & Transparency

Clients may request:

  • Confirmation regarding whether Client Data is being processed;
  • General descriptions of authorized processing activities;
  • Access to Client Data maintained by Pinnacle Alliances, where applicable;
  • Information regarding approved storage environments, systems, and processing tools.

Data Portability & Transition

Where applicable and contractually appropriate, Pinnacle Alliances supports:

  • Secure export or return of Client Data;
  • Reasonable cooperation during service-provider or operational transitions;
  • Transfer of data in commonly used, structured, and accessible formats.

Data Retention

Client Data is retained only for as long as necessary to:

  • Perform authorized recruitment, staffing, and contracted services;
  • Fulfill contractual, operational, and business obligations;
  • Meet applicable legal, regulatory, or compliance requirements;
  • Resolve disputes, enforce agreements, or protect legal rights.

Retention periods are internally defined, periodically reviewed, and maintained in alignment with applicable legal, contractual, and operational requirements.

Confidentiality

Client Data is treated as Confidential Information at all times and is protected using appropriate administrative, technical, and organizational safeguards.

Pinnacle Alliances enforces:

  • Confidentiality and non-disclosure agreements for authorized personnel;
  • Mandatory security, privacy, and data protection training programs;
  • Disciplinary measures and corrective actions for policy or confidentiality violations.

Confidentiality obligations survive termination of employment, engagement, or service relationships to the extent permitted by applicable law.

Data Security & Safeguards

Pinnacle Alliances maintains a security and data protection framework aligned with recognized industry best practices, including:

  • Encryption of data in transit using secure communication protocols;
  • Role-based access controls and least-privilege access management;
  • Secure remote-work and workforce security practices;
  • Endpoint protection and device security measures;
  • System logging, monitoring, and security oversight activities;
  • Incident response and security management procedures.

Security controls, operational safeguards, and protection measures are periodically reviewed and updated to address evolving cybersecurity risks, operational changes, and compliance requirements.

Data Breach Response

In the event of a confirmed security incident involving Client Data, Pinnacle Alliances may take the following actions where applicable:

  • Immediate investigation, containment, and response activities;
  • Assessment of the incident's impact, scope, and potential risks;
  • Client notification where required by applicable law, regulation, or contractual obligation;
  • Regulatory or legal notifications where legally required;
  • Remedial, corrective, and preventive actions to reduce the risk of recurrence.

Clients may request information regarding

  • The general nature and scope of the incident;
  • Categories or types of data potentially affected;
  • Reasonable details regarding mitigation and corrective measures taken.

California Privacy Rights (CCPA / CPRA)

Where Client Data includes personal information of California residents, applicable individuals may have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to:

  • Know what categories of personal information are collected and processed;
  • Request correction, access to, or deletion of personal information;
  • Opt out of the sale or sharing of personal information where applicable (Pinnacle Alliances does not sell personal data);
  • Limit the use or disclosure of sensitive personal information where applicable;
  • Exercise non-discrimination rights for exercising privacy rights under California law.

Pinnacle Alliances may assist Clients in responding to or fulfilling applicable privacy requests where contractually required or legally appropriate.

Client Responsibilities

Clients are responsible for:

  • Ensuring the lawful collection and sharing of data;
  • Obtaining required notices, permissions, and consents where applicable;
  • Defining authorized processing purposes and business requirements;
  • Managing and securing their own systems, accounts, and credentials;
  • Maintaining internal legal, regulatory, and compliance programs.

Data protection, privacy, and security are shared responsibilities between Pinnacle Alliances and its Clients.

Transparency, Audits & Due Diligence

Pinnacle Alliances supports reasonable Client due-diligence, security reviews, and compliance inquiries and may provide, where appropriate:

  • Policy and compliance summaries;
  • Data processing and confidentiality confirmations;
  • Third-party vendor or sub-processor disclosures where applicable;
  • Responses to security, privacy, and vendor-risk assessment questionnaires.

Policy Updates

This document may be updated periodically to reflect:

  • Changes in applicable laws or regulatory requirements;
  • Evolving industry standards and best practices;
  • Operational, security, or compliance improvements.

Updated versions of this document will be published with a revised effective date.

Pinnacle Alliances

1468 W 9th St. Suite 2003,
Cleveland OH, 44113, United States

Still have concerns? Submit a complaint form by clicking here...