The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which will come into force on 25 May 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.
Panacea Applications Limited is registered in England and Wales with company number 05054421. We provide award-winning online software called Panacea Software.
How will Panacea Applications comply with the GDPR?
We operate an ISO accredited Management System (including ISO 27001 & ISO 9001) that includes the following GDPR Requirements:
- On-going testing and review of security controls, both technical and procedural
- External expertise including regular audit, consultancy and advice (including ICO, IMS International, PenTest Partners) to ensure compliance
- Supplier evaluation, management and review
- Subscriber contract management
- Documentation and records management
- Regular data audit to ensure a lawful basis for processing
- On-going review to identify and accommodate any new legislative changes (including codes of conduct)
Nature of work
Panacea Applications Limited (“Panacea”) provides online software called Panacea Software. Our software is used by organisations of all sizes to automate and streamline their business processes and secure sustainable efficiencies and cost savings. Our software includes a range of intuitive modules which can be combined as required to automate a single aspect of a team’s work to streamline their entire business workflow.
Description of processing
We process personal information to enable us to provide our software and services in which we design, develop, configure, test and demonstrate software; provide information on security issues, new functionality, development and changes to our services; support and train our subscribers and users, maintain our accounts and records and to manage our staff and provide consultancy, training, reports and advice as requested by our customers.
Type/classes of information processed
We process information relevant to the above reasons/purposes. This may include:
- personal details
- goods and services
- company and employer details
- supplier details
- financial details
- information necessary for the development and test of software
Who the information is processed about
We process personal information about our clients, employees, suppliers and individuals only as necessary for the purposes outlined above.
Who the information may be shared with
We may need to share the personal information we process with the individual
themselves and also with their employer or purchaser as required to allow our subscribers to comply with the Freedom of Information Act and other legal
obligations. Where this is necessary we are required to comply with all aspects of
the Data Protection Act (DPA).
What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. Where necessary or required we share information with:
- subscribers who have entered the information onto our software
- our subscribers' suppliers, clients and service providers at our subscribers' written request only
- central government as required to comply with such legal obligations as outlined above.
It may sometimes be necessary to transfer personal information overseas. Any transfers made will be in full compliance with all aspects of the data protection
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object