GDPR Statement

The United Kingdon General Data Protection Regulation (“GDPR”) is a key piece of UK legislation. It initially came into force as the EU GDPR on 25 May 2018, becoming UK GDPR at the beginning of 2021. It builds on existing data protection laws, strengthening the rights that UK individuals have over their personal data and creating a consistent data protection framework across the UK. UK GDPR sits alongside the Data Protection Act 2028 and is subject to ongoing reform, including the Data (Use and Access) Act 2025.

Panacea Applications Limited is registered in England and Wales with company number 05054421. We provide award-winning online software called Panacea Software.

The following outlines how Panacea Applications Limited complies with UK GDPR and associated data protection legislation.

Compliance Management:

We operate an ISO accredited Management System (including ISO 27001 & ISO 9001) that incorporates UK GDPR requirements, including:

• Ongoing testing and review of technical and organisational security controls
• External expertise including regular audit, consultancy and advice (including ICO, UKAS and IMS accredited auditors, Advance Certification and 2|SEC) 
• Supplier evaluation, management and review. 
• Subscriber contract management, including data processing agreements
• Documentation and records management 
• Regular data audits to ensure a lawful basis for processing
• Ongoing review to identify and accommodate legislative and regulatory changes (including codes of conduct and emerging data protection requirements)

​Nature of work

Panacea Applications Limited (‘Panacea’) provides online software called Panacea Software.  Our software enables organisations to automate and streamline business processes, delivering efficiencies and cost savings. Modules can be combined to support a wide range of procurement, contract, project and resource management as well as financial and operational workflows.

​Description of processing

In compliance with UK GDPR, Panacea processes limited personal data relating to employees for internal management purposes.

In relation to subscriber data, Panacea acts primarily as a Data Processor, processing personal data on behalf of its subscribers (Data Controllers), strictly on a need-to-know basis and in accordance with contractual obligations.

We process personal data only where necessary to:

• Provide and maintain Panacea Software
• Design, develop, configure, test, and demonstrate software
• Provide information on security issues, new functionality, and service updates
• Support and train subscribers and users 
• Maintain accounts and records  
• Provide consultancy, training, reports and advice as requested by customers  

Processing is carried our in accordance with lawful bases under UK GDPR, including performance of a contract, compliance with legal obligations, and legitimate interests where applicable.

​Type/classes of information processed

We process information relevant to the above purposes, which may include:

• Personal details
• Goods and services information
• Company and employer details
• Supplier details
• Financial details
• Information necessary for the development, testing, and support of software

​Who the information is processed about

We process personal information about clients, employees, suppliers, and other individuals, only as necessary for the purposes outlined above.

 Who the information may be shared with

We may share personal information where necessary and lawful, including with:

• The individual concerned and/or their employer or organisation
• Subscribers who have entered the information into Panacea Software
• Subscribers’ suppliers, clients, and service providers at the subscriber’s written request
• Central government or regulatory bodies where required to comply with legal obligations (e.g. Freedom of Information Act)

All sharing is carried out in accordance with UK GDPR and Data Protection Act 2018.

​International Transfers

Where personal data is transferred outside the UK, Panacea ensures appropriate safeguards are in place in accordance with UK GDPR. This may include transfers to countries deemed adequate by the UK or the use of approved transfer mechanisms such as International Data Transfer Agreements (IDTAs).

Your rights:

Individuals have the following rights under UK GDPR:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object

Individuals also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

For more information, please refer to our Terms of Use here: https://panacea-software.com/terms-of-use/ and our Privacy Policy and Information Security Policy