Syzygium Limited, trading as Perigon House ("we", "us", "our"), is committed to protecting the privacy of the individuals whose data we process. This policy explains how we collect, use, store, and protect personal data in connection with our leadership assessment, coaching, and 360° feedback services.
We are a data controller registered in England and Wales (company no. 14144065, VAT no. 413 5887 84). Our registered address is 2nd Floor, Preston Park House, South Road, Brighton, East Sussex, England, BN1 6SB. For data protection queries, contact [email protected].
What data we collect
Clients and candidates
When you engage Perigon House for coaching or advisory services, we collect: your name, email address, job title, organisation name, and any information you provide during coaching sessions, assessments, or 360° feedback processes.
360° feedback reviewers
When you are invited to provide feedback through our Perigon 360 platform, we collect: your email address (encrypted at rest), your name (if provided by the engagement administrator, encrypted at rest), your relationship to the candidate, and your feedback responses. Your individual identity is never revealed to the feedback candidate.
Website visitors
When you visit perigonhouse.com, we collect standard web analytics data through Vercel Analytics: page views, referral sources, browser type, and approximate geographic location. We do not use cookies for analytics or advertising. The Perigon 360 platform uses essential session cookies solely for authentication purposes — these are strictly necessary for the platform to function and do not require consent under UK PECR.
How we use your data
We use personal data for the following purposes:
Service delivery. To deliver coaching, advisory, and 360° feedback services as contracted with your organisation or as requested by you directly.
360° feedback processing. To collect, aggregate, and analyse multi-rater feedback, generate AI-assisted coaching reports, and present results to candidates through their secure dashboard. Individual reviewer responses are anonymised before presentation — they are aggregated by relationship group and only displayed when sufficient responses exist to protect anonymity (minimum 3 per group by default).
Communication. To send you service-related emails: engagement invitations, feedback reminders, report notifications, and magic link authentication emails. We do not send marketing emails without explicit consent.
Service improvement. To improve the quality of our services, including the accuracy and usefulness of our AI-assisted coaching analysis.
AI processing
Our Perigon 360 platform uses AI (specifically, Anthropic's Claude) to generate coaching analysis reports from aggregated 360° feedback data. When AI processing occurs:
Aggregated, anonymised feedback data is sent to Anthropic's API for analysis. Individual reviewer identities are never included in the data sent to the AI. The AI-generated report is reviewed by a Perigon House principal before being released to the candidate. AI processing is logged for audit purposes, and logs are encrypted at rest.
Anthropic's data usage policy states that data sent via their API is not used to train their models. We do not use any other AI providers for feedback analysis.
Legal basis for processing
Contractual necessity. Processing of client and candidate data is necessary for the performance of our coaching and advisory contracts.
Legitimate interest. Processing of reviewer feedback data is based on our legitimate interest (and the legitimate interest of the candidate's organisation) in providing effective leadership development. Reviewers are informed of the purpose and given the opportunity to decline participation.
Consent. Where we send communications beyond what is strictly necessary for service delivery, we rely on consent.
Data security
We implement appropriate technical and organisational measures to protect personal data:
Encryption at rest. Reviewer email addresses and names are encrypted using AES-256-GCM before storage. Magic link authentication tokens are hashed using SHA-256. Invite codes are hashed using HMAC-SHA256.
Encryption in transit. All data is transmitted over HTTPS with HSTS enforcement. We use TLS 1.2 or higher for all connections.
Anonymisation. Reviewer responses are stored with one-way cryptographic hashes that prevent reverse identification. Individual responses are never joinable to reviewer identities through the application layer.
Access control. Administrative access requires email/password authentication. Candidate access uses magic link authentication with time-limited tokens. All administrative actions are audit-logged.
Infrastructure. Our platform is hosted on Vercel (frontend) and Neon (PostgreSQL database), both of which maintain SOC 2 Type II compliance. Data is stored in the EU (London, aws-eu-west-2).
Data retention
We retain engagement data (feedback responses, coaching reports) for 24 months from the date of report release, unless a longer or shorter period is agreed with the client organisation. After the retention period, data is permanently deleted.
Account data (email addresses, names) is retained for the duration of the client relationship plus 12 months, after which it is deleted unless required for legal or regulatory purposes.
Audit logs are retained for 36 months.
Your rights
Under the UK GDPR, you have the following rights:
Right of access. You may request a copy of the personal data we hold about you.
Right to rectification. You may request correction of inaccurate personal data.
Right to erasure. You may request deletion of your personal data. For candidates, this includes all engagement data, feedback responses, and coaching reports. We will action erasure requests within 30 days.
Right to restrict processing. You may request that we restrict the processing of your personal data in certain circumstances.
Right to data portability. You may request your personal data in a structured, machine-readable format.
Right to object. You may object to processing based on legitimate interest.
To exercise any of these rights, contact [email protected]. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk/make-a-complaint or by telephone on 0303 123 1113.
Reviewer anonymity
Protecting the anonymity of 360° feedback reviewers is a fundamental design principle of our platform. Reviewer identities are never disclosed to candidates under any circumstances. This commitment is enforced through technical controls (encryption, hashing, access separation) as well as organisational policy. Not even Perigon House principals can link individual responses to identified reviewers through the application.
International transfers
When feedback data is processed by Anthropic's AI for coaching analysis, data may be transferred to Anthropic's servers in the United States. This transfer is covered by Anthropic's Data Processing Agreement and relies on Standard Contractual Clauses (SCCs) as the transfer mechanism.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated to active clients and candidates by email. The "last updated" date at the top of this page indicates when the policy was most recently revised.
Contact
For any privacy-related queries or to exercise your data rights:
Email: [email protected]