Date last revised: 2nd September 2019

PANACEA (SCOTLAND) LIMITED are committed to protecting and respecting your personal data and your privacy. We recognise that your personal data is your property and that you have provided it to us for specific purposes.

Unless otherwise required by law, the Information Commissioner's Office ( ICO) guidance or best practice, or in order to perform our contract with you, we will only process your personal data in the way we tell you or in the way you ask us to, and we will give it back to you at any time.


1.1 This policy, together with the Investor Terms & Conditions, explains how any personal data we collect from you, or that you provide to us, will be processed by us or any processor on our behalf.

1.2 This policy applies to our contract with you. You are therefore advised to read it carefully. Terms used within it shall have the meaning(s) given in the Data Protection Act 2018 (Act) and/or the General Data Protection Regulation (Regulation), as applicable

1.3 By visiting our website located at ( our Website), or by registering for an account with us, you accept and consent to the practices described in this policy.

1.4 Any changes we make to this policy will be posted on this page. You are advised to check back frequently as any changes will be binding on you when you continue to use the Website after the date of the relevant change.

1.5 For more information relating to your rights under this policy, please see section 10.

1.6 If you have any queries relating to this policy, please contact us at [email protected].


2.1 We are Panacea (Scotland) Limited (company number SC393404) whose registered office is at Abercorn House, 79 Renfrew Road, Paisley, Renfrewshire, Scotland PA3 4DA. We operate the Website and we are the data controller for the purposes of the Act and the Regulation.

2.2 We are registered with the ICO to process your personal data and our registration number is ZA501025.

2.3 Your data will be processed on our behalf by ShareIn Limited, a company registered in Scotland (number SC408803) with its registered office on the 5th Floor at 125 Princes Street, Edinburgh EH2 4AD ( ShareIn). ShareIn host our Website and will be the data processor for the purposes of the Act and the Regulation.

2.4 Your data will be held by ShareIn on their secure servers located in the Republic of Ireland, but will be processed by staff who work in the UK.

2.5 We operate on the terms of a written agreement with ShareIn relating to your personal data.

2.6 Any payment transactions you make through our Website will be made through ShareIn, encrypted through SSL technology. ShareIn are a joint controller in respect of any personal data provided to them and any of your personal data they hold will be subject to this privacy policy.


3.1 By registering for Account and/or otherwise using the Website, you expressly consent to:

3.1.1 provide us and ShareIn with the personal data necessary to allow you to use the Website and make Investments through it;

3.1.2 the processing of your personal data by us and/or ShareIn, or those specifically listed third parties, in accordance with this policy; and

3.1.3 the transfer of your personal data to those third parties listed in this policy, for the reasons specified.

3.2 You may withdraw your consent under 3.1 at any time. However, where the withdrawal of your consent prevents us or ShareIn from verifying your identity or otherwise monitoring who you are, you will be unable to use your Account and make Investments through our Website OR You may exercise your rights under 3.1 at any time, which includes withdrawing your consent to our processing of your personal data. However, where this withdrawal prevents us from performing our contract with you, we may not be able to provide our goods and services to you.


4.1 We may collect all or some of the following categories of data from you:


Full name

Address (including postcode)

Date of birth

Email address


Bank account details

IP addresses

Passport (including passport number)

Driving licence (including driving licence number)

4.2 When you make an Investment, you will be required to provide your identity document to allow ShareIn to satisfy its Know Your Customer (KYC) regulatory requirements. Any associated personal data contained on that document will be retained by us or ShareIn (from time to time).

4.3 In addition to the above, we will also provide you with your Account Details, which includes your username which is either created by, or assigned to, you. The Account Details should be remembered by you, but will be stored by us in case you forget them.


The data listed in section 4 is collected in the following ways:

5.1 By you registering for an Account – this is any information you give to us that we request from you when signing-up for an Account to use our Website.

5.2 Information collected – each time you visit our Website, whether through your home, work or a public network, your own computer or mobile device, ShareIn will automatically collect:

5.2.1 technical information – your IP address (used by your computer or device to connect to the internet), and any internet browser type and version details; and

5.2.2 visit-specific information – your URLs, Projects and Properties you viewed or searched for, your clickstream through the Website.

5.3 Received from third parties – we and ShareIn verify your eligibility to make an Investment and any payment you wish to make.

6. Cookies

6.1 Our Website will use the cookies listed in section 6.2 (alpha-numeric text files placed on your computer) to:

6.1.1 distinguish you from other users;

6.1.2 optimise your browsing experience;

6.1.3 make necessary improvements to our Website;

6.1.4 recognise and count the number of visitors to our Website and see how they move around the Website during use;

6.1.5 recognise you when you return to our Website; and

6.1.6 record your visit to our website, including any links you may follow.

6.2 The following cookies are set to our Website for the listed purposes:




Enhances user experience by remembering session history.


Records users authentication session


Assists recognising user's nationality and language preferences, login, token, username recognition and encoding.


Part of a mechanism to protect against cross site scripting attacks


Enhances user browsing experience – part of load balancing setup


Tracks presentation of the cookie information advice

6.3 Our Website additionally uses Google Analytics, a web analytics service provided by Google, LLC (Google). Google Analytics uses analytical, performance or targeting cookies to help analyse how you use the Website and compile reports on your activity for us.

6.4 Any information generated by the cookie about your use of the Website (including your IP address) will be transmitted to, and stored by, Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on your activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

6.5 You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this your ability to use the Website may be restricted. By using the Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

6.6 You may refuse the use of cookies by selecting appropriate settings on your browser. However, if you do so, your ability to use the Website may be restricted.

6.7 Except for essential cookies, all cookies will expire after your session.


7.1 Your data is primarily necessary to verify who you are when accessing your Account and to ensure you meet our eligibility requirements in order to submit an Application and make an Investment.

7.2 Additionally, we or ShareIn will use all of your data you provide us to notify you about:

7.2.1 similar Projects or Properties listed on our Website that are similar to those you have already Invested in, or otherwise viewed or enquired about; or

7.2.2 changes to our Website or our services.

7.3 We or ShareIn use any data we collect about you (as a result of your visit to our Website) to:

7.3.1 personalise and improve our services (including the Website and its security);

7.3.2 deal with your inquiries and requests;

7.3.3 administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical and survey purposes;

7.3.4 ensure that any part of our Website (including any Content) is presented in the most effective manner for you and your computer or device, and to make improvements (where necessary); and

7.3.5 keep our Website safe and secure.

7.4 Where we change our services, or any applicable terms and conditions, we will contact you.

7.5 Any data we obtain about you from third parties are used for the purposes of verifying your eligibility to submit an application and to make an investment through our Website, and are acquired only to the extent we are unable to do so as a result of the information you provide to us.

7.6 Once collected, we and/or ShareIn may retain your data for up to six years following the date of your last Investment or the date you close your Account (whichever is the later). This is to enable us to refer back to any transactions or records you are involved in (should we be required to do so).


8.1 Subject to the rest of part 8 of this policy, we or ShareIn will only disclose your personal data to the following third parties for the following purposes:

8.1.1 the relevant Investee Company – in connection with your Investment, details of which will be stated on your Application;

8.1.2 our approved transaction email provider, SendGrid, Inc - in order for us to be able to send emails to you (NB only your email address is passed to SendGrid).

8.2 In addition to the transfers contemplated by part 8.1, we or ShareIn may transfer or disclose your personal data to:

8.2.1 any prospective buyer of any part of the relevant business or assets in connection with the sale (in which case, any personal data held by us or ShareIn about you and our Account Holders will be one of the transferred assets);

8.2.2 comply with any legal obligation of the Investor Terms and Conditions;

8.2.3 enforce or apply any part of our Investor Terms and Conditions generally; or

8.2.4 protect our rights or our property, or those of our other Account Holders.

8.3 Any websites which are linked from the Website are outside of our control and not covered by this policy. If you access those websites using the links provided, the website operators may collect information from you which will be used by them in accordance with their own privacy policies (if any). These policies may differ from ours, and we cannot accept any responsibility or liability in respect of these.


9.1 We have put in place appropriate technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable Data Protection Laws.

9.2 Each member of staff has unique log-in details and authentication software requires these to access the systems. Staff have access to personal data only for the purposes of performing their roles.

9.3 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


10.1 In relation to all of your personal data, you have the following rights to ask us or us or ShareIn (in addition to any rights you may have under the Act or the Regulation):

10.1.1 not to process your personal data for marketing purposes;

10.1.2 to clarify what data we or ShareIn hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;

10.1.3 to amend any inaccurate data we or ShareIn hold about you;

10.1.4 to delete any of your data (where you no longer think we or ShareIn need to hold it or you think we or ShareIn have obtained it or processed it without your consent at any time); and

10.1.5 to only process your personal data in limited circumstances or for limited purposes.

10.2 If you wish to exercise any of your rights at any time, please contact us on the details contained at the beginning of this policy in the first instance. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.

10.3 Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarification we may reasonably require in relation to your request. Such fees may be charged where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.

10.4 Any data provided to you in accordance with your rights will be in a structured and machine-readable form.