top of page

< Back to policies

GDPR Statement

The United Kingdom General Data Protection Regulation (“UK GDPR”) is a significant piece of UK legislation. It initially came into force as the EU GDPR on 25 May 2018, becoming UK GDPR at the beginning of 2021. It builds on existing data protection laws, strengthening the rights that UK individuals have over their personal data, and creating a single data protection approach across the nation. UK GDPR sits alongside an amended version of the Data Protection Act 2018.  

Panacea Applications Limited is registered in England and Wales with company number 05054421. We provide award-winning online software called Panacea Software. 

 

The following outlines how Panacea Applications will comply with UK GDPR. 

Compliance Management:

We operate an ISO accredited Management System (including ISO 27001 & ISO 9001) that includes the following UK GDPR Requirements: 

  • Ongoing testing and review of security controls, both technical and procedural. 

  • External expertise including regular audit, consultancy and advice (including ICO, UKAS and IMS accredited auditors, Advance Certification and 2|SEC) to ensure compliance.  

  • Supplier evaluation, management and review. 

  • Subscriber contract management. 

  • Documentation and records management. 

  • Regular data audit to ensure a lawful basis for processing. 

  • Ongoing review to identify and accommodate any new legislative changes (including codes of conduct). 

Nature of work

Panacea Applications Limited (“Panacea”) provides online software called Panacea Software.  Our software is used by organisations of all sizes to automate and streamline their business processes and secure sustainable efficiencies and cost savings.  Our software includes a range of intuitive modules which can be combined as required to automate a single aspect of a team’s work to streamline their entire business workflow.

Description of processing

In compliance with UK GDPR, we process limited personal information on employees for management purposes. With regards to our clients’ personal information, we are similarly limited on a need-to-know basis. We only process personal information that will enable us to: 

  • provide our software 

  • provide the services through which we design, develop, configure, test and demonstrate software 

  • provide information on security issues, new functionality, development and changes to our services 

  • support and train our subscribers and users 

  • maintain our accounts and records  

  • provide consultancy, training, reports and advice as requested by our customers  

Type/classes of information processed

We process information relevant to the above reasons/purposes. This may include:

  • personal details

  • goods and services

  • company and employer details

  • supplier details

  • financial details

  • information necessary for the development and test of software

Who the information is processed about

We process personal information about our clients, employees, suppliers and other individuals, only as necessary for the purposes outlined above.

 

Who the information may be shared with

We may need to share the personal information we process with the individual themselves and also with their employer or purchaser as required to allow our subscribers to comply with the Freedom of Information Act and other legal obligations. Where this is necessary, we comply with all aspects of the Data Protection Act.  

 

What follows is a description of the types of organisations with which we may need to share some personal information for one or more reasons. Where necessary or required we share information with: 

 

  • subscribers who have entered the information onto our software. 

  • our subscribers' suppliers, clients and service providers at our subscribers' written request only. 

  • central government as required to comply with such legal obligations as outlined above. 

Transfers

It may sometimes be necessary to transfer personal information overseas. Any transfers made will be in full compliance with all aspects of the Data Protection 

Act as well as the equivalent legislation of our international partners. 

Your rights:

  • The right to be informed 

  • The right of access 

  • The right to rectification 

  • The right to erasure 

  • The right to restrict processing 

  • The right to data portability 

  • The right to object 

For more information, please refer to our Terms of Use here: https://panacea-software.com/terms-of-use/ and our Privacy Policy and Information Security Policy

bottom of page