Perygon

Privacy Policy

Effective Date: 01/02/2025

Last Updated: 07/02/2025

Perygon ("Sedulo", "we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

The General Data Protection Regulation (GDPR) became effective on 25th May 2018, and all organisations that process personal data must ensure they are compliant with the regulations and principles.

We must make sure that:

  • We are lawful, fair and transparent in the way that data is processed.
  • Personal data is used for a specific purpose.
  • We only record the data that is required.
  • We have a duty to keep the data accurate.
  • Data is only kept for as long as is required.
  • All data is stored securely.

This Privacy Policy will detail how we comply with the above principles as well as your rights as the data owner.

1. WHO ARE WE?

Sedulo Accountants Limited is a Financial Services Company based in the North of England and London. We specialise in providing a suite of Core Services including but not limited to Accountancy and Tax Advisory services along with Payroll, Funding and Wealth Management and Business Growth Consultancy.

Our App:

  • Perygon is developed and operated by Sedulo Accountants Limited, part of the above group, that provides business growth tools.

2. WHAT DATA DO WE COLLECT?

Personal data refers to any data that can be used to identify a natural person, and we only process personal information that is required for us to carry out our business dealings for the customer.

For Perygon App Users

When you use our Apps, we may collect the following types of information:

a) Personal Information

  • SSO Login Data – If you sign in using Google or Microsoft SSO, we may receive your email address, name, and profile picture (subject to provider permissions).
  • Email and password login for the application.
  • Account Details – Information you provide when setting up or managing your profile.
  • Contact Information – If you provide contact details for support or communication.
  • User-Generated Content – Any data or content you voluntarily provide in the App.

b) Non-Personal Information

  • Device Information – Including model, operating system version, and unique device identifiers.
  • Usage Data – Information about how you interact with our App, such as features used and time spent.
  • Analytics Data – To improve our services and enhance user experience.

For Core Service Clients

Depending on your relationship with us and the services we are providing, we may collect a combination of the information detailed below (please note this list is not exhaustive):

Company address

Personal address

NI number

Date of birth

Bank account information

Personal/sales invoices

Copies of ID

Contact number

Website

Email address

Job titles

Salary details

Student loan information

Gender

Marital status

Nationality

Criminal record information

Personal Assets and liabilities

We process relevant and required information regarding you, your company and/or employees to accurately provide services to you. The types of information listed above will only be obtained if it is directly applicable to your situation and the services requested from us.

To enquire about any personal information we may retain about you, please email us at gdpr@perygon.co.uk

3. HOW DO WE COLLECT YOUR DATA?

The data we hold is legitimately gained either through direct contact with the customer (to ensure accurate and relevant information is given with full consent) or through a GDPR-compliant third party (e.g., lead generation). We will not hold data that has not been scrutinised as GDPR-compliant. Ways we collect data include but are not limited to:

For Perygon App users - Via forms on the app we collect data for the following reasons:

  • To authenticate users via SSO login (Google/Microsoft) or email and password.
  • To operate and enhance our App’s features.
  • To personalise user experience based on preferences and interactions.
  • To provide customer support and respond to enquiries.
  • To monitor app performance and analyse trends.
  • To comply with legal and regulatory obligations.

For Core Service Clients:

  • Receiving calls from you in relation to any services within your business.
  • Conducting any relevant service for your business.
  • Team members contacting you by means of business development activity.
  • Attending business networking events with clients.
  • When you have been identified as a reference provider.

4. WHY DO WE COLLECT YOUR DATA?

For Perygon App Users:

To provide a suite of business maturity tools, that require a certain level of personalisation and advanced analytics.

For Core Service Clients:

Our core business activity is to provide clients with financial advice and accountancy services. To accomplish this, we gather personal information regarding the relevant contact at the business including: full name, position within the business, email address, phone contact details, and other information freely provided by the contact.

5. HOW DO WE USE YOUR DATA?

For Perygon App Users:

  • To authenticate users via SSO login (Google/Microsoft).
  • To authenticate users via email and password for the application.
  • To operate and enhance our App’s features.
  • To personalise user experience based on preferences and interactions.
  • To provide customer support and respond to inquiries.
  • To monitor app performance and analyse trends.

For Core Service Clients:

In order to provide the best service, your data may be used in one or more of the following ways:

  • Storing and updating your information on our client systems so that we can contact you in relation to business activity.
  • Making contact in relation to business activity, either by portal, email, telephone, or in person.
  • Sending marketing information about events we are holding that may be of interest to you.
  • Sending marketing information in relation to the services we can provide.
  • Keeping records of conversations, emails, and meetings to refer to if needed in relation to any dispute.

For some of the above activities, your consent is required. For more information on how we get and manage your consent, please refer to the Consent section below.

Children's Privacy

Our Apps are not intended for children under 13 years of age. We do not knowingly collect personal data from minors.

6. WHO DO WE SHARE YOUR DATA WITH?

In some circumstances, we may need to share your details with third parties for us to be able to provide you with our services. This would include:

  • Sedulo Member firms and associated trading names.
  • Third-Party Services that support us as we provide our services (e.g., telecommunication systems, IT support systems, archiving services, document production services, Cloud-based software systems and hosts, and authentication services such as Google, Microsoft, Apple).

Sedulo will not transfer the personal information you provide to any third parties for their own direct marketing use.

7. HOW DO WE SAFEGUARD YOUR DATA?

Your data is of the utmost importance to us and as such we ensure all relevant security is in place to keep your data safe and protected from any potential threats. For more information on how we do this, email our GDPR team, gdpr@perygon.co.uk

Under our legitimate business interest or for legal obligations, certain information has a legal requirement to be kept for a predetermined amount of time, regardless of active services retained with us:

  • HMRC records – 6 years
  • Payroll information – 7 years
  • Accounts information – 7 years
  • Pension transfer – 7 years
  • Final salary pension transfer – kept indefinitely
  • Perygon App information will be kept for as long as necessary to provide our services and to meet any contractual obligations

8. YOUR RIGHTS

GDPR provides the following rights:

The Right to Be Informed

You have the right to be informed about the collection and use of your personal data. All this information is provided by means of this Privacy Notice.

The Right of Access

You have the right to access your personal data and any supplementary information. This is known as a Data Subject Access Request (DSAR). When received by our designated Data Controller, we are legally required to provide this information within one month. This information will be provided free of charge unless the request is manifestly unfounded or excessive.

The Right to Rectification

You have the right to have any inaccurate personal data rectified if incomplete or incorrect. If we feel the request is manifestly unfounded or excessive, particularly if it is repetitive, we can charge a fee or refuse the request. If either of these apply, we will provide you with our reasons for such action.

The Right to Erasure

Also known as the right to be forgotten, you have the right to have your personal data erased if:

  • The data is no longer necessary for the reason it was originally collected or processed.
  • Your data has been processed for legitimate interest and you object to the processing of your data, and we cannot provide an overriding legitimate interest to continue processing.
  • The data has been processed unlawfully (in breach of GDPR).
  • Data must be erased to comply with a legal obligation.

If we process your data for one of the following reasons, the right to erasure does not apply:

  • To exercise the right of freedom of expression and information.
  • To comply with a legal obligation.
  • For the performance of a task carried out in the public interest.
  • For archiving purposes in the public interest or statistical purposes.
  • In the defence of a claim.

The Right to Restrict Processing

You have the right to restrict the processing of your data in certain circumstances. When processing is restricted we may store enough information to ensure future restriction is respected. We will stop processing your data if:

  • You do not agree with the accuracy of your personal data.
  • The data has been unlawfully processed.
  • To establish or defend a legal claim.
  • You object to our legal ground for processing your data.

We can only continue to process your data when the above has been resolved, and we will inform you before any restriction is lifted.

If your data is restricted it can only be retained if:

  • You give your consent to processing.
  • It is in defence of a legal claim.
  • It is for the protection of another person.
  • It is for reasons of important public interest.

The Right to Data Portability

You have the right to transfer your details across different services. This right only applies if:

  • Data that has been provided to a controller by an individual.
  • Processing is based on consent or for the performance of a contract.
  • Processing is carried out by automated means.

When we receive a portability request, we must respond within one month of the Data Controller being notified, and no fee is applicable. We must provide the information in a structured, commonly used, and machine-readable form.

The Right to Object

You can object to the processing of your data when it is processed under one of the following reasons:

  • Our legitimate interest.
  • Performance of a task in the public interest/exercise of official authority.
  • Direct marketing.
  • Processing for scientific/historical research or statistical purposes.

Within one month of notification of this request, we must stop processing your data unless:

  • We can demonstrate compelling legitimate grounds for processing which override your interest.
  • It is being processed for the establishment, exercise, or defence of a legal claim.

If your data has been shared with a third party and you request one of your rights listed above, we will notify them and act upon the requirements of your request unless this is not possible or involves a disproportionate effort.

If you would like to delete your account and associated data please follow the instructions here: Delete my data

9. CONSENT

As a business, and to comply with Article 6 of GDPR, we have agreed that the legal basis for processing your data will be (depending on your relationship with us) either "Legitimate Interest" or "Contract." As well as complying with GDPR in relation to direct marketing, we must also comply with The Privacy and Electronic Communications Regulations (PECR).

However, in certain circumstances, we are required to have your consent to perform certain activities. This consent can be given in the form of an opt-in or soft opt-in option. We must ensure your consent is freely given, you understand what you are consenting to, and you are able to opt-out or opt-in at any time.

You can opt in or out verbally during any client meeting. If you have opted in and wish to opt out, you can click the link provided in one of our marketing emails or contact us using the methods listed below.

10. CONTACT DETAILS

If you need to contact us for any reason regarding your data, our details are:

The Data Controller

Sedulo Accountants Limited

62-66 Deansgate

Manchester

M3 2EN

Contact Number: 0333 222 444 5

Email: gdpr@perygon.co.uk

Please title any post and/or email “Perygon - In relation to GDPR” to ensure it is passed to the correct person. Emails or calls made to other employees outside of these methods may not promptly reach the Data Controller to issue a response.

Your Data
Sedulo LimitedSedulo Privacy Policy