/ Legal

Data Privacy Policy

Last reviewed: 3 June 2026

Introduction

At Perigon Partners, we understand that your privacy is important to you, and we are committed to respecting your privacy and personal data, using personal data responsibly and complying with all applicable laws and data privacy regulations.

This policy explains how we collect, use and protect your personal data. Where we rely on your consent as a legal basis for processing (for example, for newsletter subscriptions), you may withdraw that consent at any time.

Purpose

This policy aims to give you a clear explanation of how we collect, handle and protect any personal information in connection with Perigon Partners' business activities.

Who We Are

Perigon Partners Ltd is a strategy consultancy company, registered in Scotland under company number 716835. Our registered office address is 30/5 Hardengreen Industrial Estate, Eskbank, Scotland, EH22 3NX.

We are registered with the Information Commissioner's Office (ICO) under registration number ZB574282. As the data controller, we are responsible for deciding how and why your personal data is processed.

Categories of Personal Data That We Process

In respect of clients: Name, Role, Address, Telephone number, Email address.

In respect of colleagues: As above, plus Date of birth, National Insurance number, Pension information, Bank details, Employment history and eligibility, Performance reviews, Dates and essential details regarding health-related or parental leave.

In respect of stakeholders of clients (during a double materiality exercise or other engagement): Name, Role, Email address.

In respect of website tool users and newsletter subscribers: Name, Job title / role, Organisation, Email address, and responses provided within our interactive diagnostic tools (ESG Compliance Checker, Strategy Muscles Tool, Sustainable Strategy Scorecard). Where a tool generates a personalised output from your inputs, we may retain those inputs and outputs for the period described in the Retention section below.

Sources of Personal Data

Primarily, the personal data is provided by you. In some instances, for prospective clients, personal data will be provided from third-party sources (including those that are publicly available). In these cases, we endeavour to notify you to let you know the source, how we intend to process the data and how you can limit or prevent its use.

We also collect personal data directly through interactive tools on our website (perigonpartners.co.uk), including the ESG Compliance Checker, the Strategy Muscles Tool and the Sustainable Strategy Scorecard. Data collected via these tools is submitted voluntarily by you.

Why and How We Process Personal Data

Any personal data that we collect and process is in the course of Perigon Partners' business activities, such as building and maintaining relationships, providing our services, and recruiting, employing and managing staff. The legal bases for processing this data are: Contract, Legitimate interest, Legal obligation, and consent.

We do not share any personal data with third parties unless required to comply with legal obligations, such as the sharing of employee personal data with HMRC. We have generally accepted standards in place to protect your personal data from loss, misuse, alteration or destruction. Only authorised Perigon Partners staff (and third parties where relevant) are given access to your personal data and are required to treat the information as confidential. Although these standards are in place and precautions are taken, we cannot guarantee that unauthorised access to your personal data will not occur.

Website Diagnostic Tools

When you use our interactive tools (including our ESG Compliance Checker, Strategy Muscles Tool, Sustainable Strategy Scorecard), we collect and process your personal data for the following purposes:

• To generate a personalised diagnostic output or scorecard based on your inputs;
• To contact you with the results and, where relevant, information about how Perigon Partners may be able to assist your organisation;
• To improve and develop our tools and services.

The legal basis for this processing is our legitimate interests (Article 6(1)(f) UK GDPR) in developing business relationships and providing relevant services to organisations that have actively engaged with our content. We have assessed that this processing does not override your interests or fundamental rights, given that: (a) you voluntarily provide the data by using the tool; (b) the data is used only in connection with the purpose for which it was provided; and (c) you can request deletion at any time.

Please note that our diagnostic tools generate outputs based on the information you provide. This output is intended as a starting point for professional conversation and does not constitute binding advice. Automated outputs are not used to make decisions that produce legal or similarly significant effects on you.

Business in Command (BiC) Bulletin Subscriptions

Where you subscribe to our Business in Command Bulletin newsletter, we process your name and email address for the purpose of sending you our newsletter and related content.

The legal basis for this processing is your consent (Article 6(1)(a) UK GDPR). We will only send you the Bulletin where you have actively opted in. You may withdraw your consent and unsubscribe at any time by clicking the unsubscribe link in any Bulletin email, or by contacting us at hello@perigonpartners.co.uk. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Our Bulletin emails are sent in compliance with the Privacy and Electronic Communications Regulations 2003 (PECR).

Marketing

Where you opt in via our website tools or newsletter sign-up, we may contact you occasionally with information about Perigon Partners' services or content we consider relevant to you. This is always optional and separate from the delivery of any tool output or newsletter. The legal basis is your consent. You may withdraw consent at any time by contacting us at hello@perigonpartners.co.uk or by following the unsubscribe link in any marketing email.

Data Retention

All information is stored and processed in the UK. We retain personal data only for as long as necessary for the purposes for which it was collected, as follows:

• Client and client stakeholder data: six years from the completion of the relevant engagement, in line with the Limitation Act 1980.
• Employee and colleague data: six years from the end of employment.
• Website tool users who do not become clients: up to 24 months from the date of tool use, after which data will be deleted unless you have entered into a client relationship or given separate consent to continued contact.
• Newsletter subscribers: for as long as you remain subscribed. If you unsubscribe, we will retain your email address on a suppression list to prevent re-subscription in error.
• Marketing contact data (where you have opted in via our website tools or newsletter sign-up): for as long as your consent remains active. If you withdraw marketing consent, we will cease using your data for that purpose and delete it from our marketing records within 30 days, unless we hold it under a separate retention basis (for example, as an active client).

Website and Hosting

Our website, perigonpartners.co.uk, is hosted by Netlify, Inc., a US-based provider. Where personal data submitted via our website, including through our interactive tools and newsletter sign-up, is processed by Netlify's infrastructure, data is transferred to the United States under the UK Extension to the EU-US Data Privacy Framework, to which Netlify is certified. In the event that framework ceases to apply, transfers will be subject to the UK International Data Transfer Addendum to the Standard Contractual Clauses. For further information, see Netlify's Data Processing Agreement at netlify.com/pdf/netlify-dpa.pdf.

Our website performance is monitored using Netlify's built-in web analytics. This is server-side only, meaning no cookies are set, no personal data is collected, and no data is shared with third parties. We do not use Google Analytics or any other third-party tracking tools. At no time do we make (or give permission to third parties to make) any attempts to find out the identities of visitors to our website.

Your Legal Rights

Perigon Partners processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we process the personal data of individuals in the European Economic Area, we also comply with the EU GDPR.

Depending on the legal basis on which we process your data, you may have the following rights:

• Right of access — to request a copy of the personal data we hold about you;
• Right to rectification — to request correction of inaccurate data;
• Right to erasure — to request deletion of your data in certain circumstances;
• Right to restrict processing — to ask us to pause processing in certain circumstances;
• Right to object — to object to processing based on legitimate interests;
• Right to data portability — to receive your data in a structured, machine-readable format;
• Rights in relation to automated decision-making and profiling.

Where we rely on consent as our legal basis, you also have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

You have the right to raise a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you feel that your personal data has not been handled correctly. We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO.

Getting in Touch

If you would like to make a request to access, review, or correct the personal data we have collected about you, or to discuss how we process your personal data, please contact us at hello@perigonpartners.co.uk.