Privacy Policy

Panateer

MENU

HOME

About us

Services

Ai Reports

Ai Regulation And Compliance

Ai Analysis

Ai Automation

Website Design

Contact us

Facebook Tiktok

joe@panateer.com

Panateer Privacy Policy

Global AI Consultants
Privacy Policy

Last Updated: April 2026  |  Version 2.3

Jurisdictional Compliance: UK/EU GDPR, Singapore PDPA, US State Privacy Laws (CCPA/CPRA/CO SB 24-205)

PANATEER LTD

Privacy Policy

Version 1.3  |  Last Updated: May 2026

panateer.com  |  kate@panateer.com

Jurisdictional Compliance: UK/EU GDPR  |  Thailand PDPA  |  Singapore PDPA  |  US State Privacy Laws (CCPA/CPRA/CO SB 24-205)

Introduction

Thank you for visiting panateer.com. This Privacy Policy explains how Panateer Ltd collects, uses, stores, and protects your personal data when you visit our website or engage with our services. Panateer is a global AI consultancy headquartered in the United Kingdom, operating across the United Kingdom, Singapore, Southeast Asia, and international markets.

We are committed to handling personal data lawfully, transparently, and with the highest standards of security and accountability. Our data protection practices are aligned with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we operate internationally, we take a jurisdiction-aware approach, ensuring our processes are designed to meet or exceed applicable data protection laws in every market we serve, including:

  • EU GDPR
  • The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
  • Thailand’s Personal Data Protection Act (PDPA B.E. 2562)
  • Singapore’s Personal Data Protection Act (PDPA 2012)
  • Equivalent legislation across the ASEAN region

 

This policy applies to all visitors to our website, prospective and existing clients, business contacts, and individuals who interact with our AI assistant or engage with our services in any form.

1. Data Controller

The data controller responsible for your personal data is:

 

Panateer Ltd  |  London, United Kingdom

Website: https://panateer.com

Email: kate@panateer.com

Response time: within 30 calendar days of receipt of any request.

 

Data Protection Officer

Panateer has assessed its processing activities and determined that a formal Data Protection Officer appointment is not currently required under UK GDPR Article 37. All data protection queries are handled by Kate Worthington (CDO) at kate@panateer.com.

EU Representative

Panateer is in the process of appointing an EU representative in accordance with Article 27 of the EU GDPR. Once appointed, their contact details will be published in this policy. In the meantime, EU residents may direct enquiries to kate@panateer.com.

Regional Contacts

For individuals located in Thailand, your personal data is processed in accordance with the Personal Data Protection Act B.E. 2562 (2019).

For individuals located in Singapore, processing is conducted in accordance with the Personal Data Protection Act 2012.

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Data You Provide Directly

  • Your name, email address, phone number, job title, and company name when you contact us or complete a form on our website
  • The content of messages, enquiries, or correspondence you send to us
  • Your email address and the content of your conversation when you interact with our AI assistant on our website (see Section 5 for full details)
  • Information you provide during consultancy engagements, including business data, strategic information, and operational details necessary to deliver our services

2.2 Data Collected Automatically

  • Website usage data including IP address, browser type, pages visited, time on site, and referral source, collected via cookies and analytics tools
  • Technical data about the devices and software you use to access our website

 

We do not collect special category data such as health information, ethnicity, religious beliefs, or financial account details. While we do not intentionally collect special category data, we advise users not to share sensitive personal information within the AI assistant dialogue.

3. How We Use Your Personal Data

We process your personal data exclusively to provide our consultancy services, enhance your experience, and maintain our professional relationship with you. Specifically:

Service Delivery and Strategy

To respond to your enquiries, provide initial consultations, and deliver our core consultancy services, including the preparation of bespoke AI business reports, digital roadmaps, and strategic analyses.

AI Assistant Interaction

To operate our AI website assistant, which allows you to explore our services and gain insights. This includes generating conversation summaries to ensure our follow-up team can provide you with relevant, informed, and continuous support.

Relationship Management

To manage our ongoing business relationship with you, process feedback, and provide updates on services relevant to your business needs.

Marketing and Insights

To send professional updates, industry insights, or information about our services, provided you have explicitly opted in. You may manage or withdraw your consent at any time.

Security and Performance

To monitor and improve the performance, security, and usability of our website.

Legal and Regulatory Compliance

To meet our legal obligations, including record-keeping, tax requirements, and to pursue or defend against legal claims when necessary.

4. Legal Basis for Processing

Under the UK GDPR and applicable international data protection legislation, we rely on the following lawful bases to process your personal data:

Legitimate Interests (Article 6(1)(f) UK GDPR)

To respond to enquiries, operate and improve our services, conduct direct marketing where we have an existing relationship with you, and follow up on AI assistant conversations. We have conducted a Legitimate Interests Assessment (LIA) to ensure this processing does not override your rights and freedoms.

Consent (Article 6(1)(a) UK GDPR)

Where you have explicitly agreed to receive marketing communications from us. You may withdraw consent at any time by contacting us or clicking unsubscribe in any marketing email.

Contractual Necessity (Article 6(1)(b) UK GDPR)

Where processing is required to fulfil a contract or service agreement with you.

Legal Obligation (Article 6(1)(c) UK GDPR)

Where we are required to process data to comply with applicable law.

 

For individuals in jurisdictions outside the UK and EU, we identify and document an equivalent lawful basis under applicable local law before processing personal data.

5. Our AI Website Assistant

This section explains how our AI assistant collects and processes your data. Please read it carefully before using the assistant.

Panateer operates an AI-powered assistant on our website, designed to help visitors understand our services, explore how AI could benefit their business, and ask discovery questions to understand their needs.

5.1 What the Assistant Collects

  • Your email address, which you provide voluntarily during the conversation
  • The content of your conversation with the assistant, including your responses to its questions

5.2 How the Conversation Is Processed

Where possible, Panateer anonymises or pseudonymises personal data before it is submitted to any AI model or third-party AI platform. We take reasonable steps to ensure that personally identifiable information is not processed in a form that directly identifies you.

At the end of the conversation, the assistant generates a summary of the key points discussed. This summary is emailed to you and to the Panateer follow-up team so that we can respond to your enquiry in an informed and relevant way.

5.3 AI Platforms Used

The AI assistant operates using large language model technology. The platforms we currently use to power our assistant and internal AI tools include Anthropic Claude and OpenAI. These providers operate under their own data processing agreements and privacy policies. We assess the data handling practices of all AI providers before use and require that they meet appropriate data protection standards, including GDPR-equivalent safeguards where applicable.

We do not use AI platforms that train on your data without consent. Where enterprise or API versions of AI tools are used, we ensure data is processed under agreed contractual terms that prohibit unauthorised use of your information.

5.4 Data Retention and Storage

We do not intentionally retain full conversation logs within our application environment after the session has ended. Once the session concludes and the summary email has been dispatched, the primary persistent record of the interaction is the summary email itself.

That summary email constitutes personal data and is handled in line with our standard email retention practices. It will be retained for no longer than three years unless an ongoing business relationship requires otherwise, or you request earlier deletion.

5.5 Your Rights Regarding the Assistant

You are under no obligation to use the assistant or to provide your email address. If you would like us to delete the summary email we hold about your conversation, please contact us at kate@panateer.com and we will action your request within 30 days.

5.6 Transparency During the Conversation

Before asking for your email address, the assistant informs you that a summary of your conversation will be emailed to you and to our team for follow-up purposes. No data is collected without your awareness.

6. How We Use AI Tools Internally

In addition to our website assistant, Panateer uses AI models and tools to support the delivery of our consultancy services, including the preparation of business analysis reports and internal research. This section sets out our principles and commitments governing internal AI tool usage.

6.1 AI Tools and Platforms

Panateer uses the following categories of AI tools in the delivery of its services:

  • Large language models for drafting, analysis, and research support (including Anthropic Claude and OpenAI, accessed via enterprise API arrangements)
  • AI-powered document and data analysis tools
  • Automated workflow and process tools that may incorporate AI functionality

 

We do not use consumer-grade AI tools for the processing of client personal data. All AI usage in a client context is conducted through sandboxed, enterprise, or API arrangements with appropriate data processing agreements in place.

6.2 Our AI Governance Principles

Data Minimisation and Protection: Where possible, personal data is anonymised or pseudonymised before being processed by AI systems.

Purpose Limitation: AI tools are used only for the specific purpose for which data was collected.

Human Oversight: We do not rely on AI to make automated decisions that produce legal or similarly significant effects without human review. All AI-generated outputs used in client deliverables are reviewed and validated by a qualified Panateer consultant before use.

Vendor Due Diligence: We assess the data handling and security practices of AI providers before engagement and select only those that meet appropriate data protection standards, including GDPR-equivalent protections.

Ongoing Review: We review our AI tool usage and governance framework on a regular basis to ensure it remains current and compliant as the regulatory landscape evolves.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected:

  • Enquiry and contact data: up to three years from the date of last contact, unless you request earlier deletion
  • AI assistant conversation summaries: up to three years, or for the duration of any resulting business relationship
  • Client engagement data: up to six years from the end of the engagement, in line with standard business record-keeping requirements under UK law
  • Marketing data: until you withdraw consent or unsubscribe
  • Website analytics data: in line with the settings of the relevant analytics platform, typically no longer than 26 months

 

When data is no longer required, it is securely deleted or anonymised. We may retain anonymised or aggregated data for statistical or research purposes without further notice.

8. Sharing Your Personal Data

We do not sell your personal data. We may share it only in the following circumstances:

Technology and Service Providers

With providers who support our operations, including email hosting, website hosting, analytics platforms, and AI platforms. These parties are bound by data processing agreements and are not permitted to use your data for their own purposes. Categories of providers include:

  • Website hosting and infrastructure providers
  • Email service providers
  • CRM and business management tools
  • AI platforms used in service delivery (accessed via enterprise or API arrangements)
  • Analytics and performance monitoring tools
  • Payment processing providers where applicable

Professional Advisors

With lawyers, accountants, or other professional advisors where necessary and proportionate.

Regulatory and Legal Obligations

With regulatory authorities or law enforcement where required by applicable law.

 

We will never share your data with third parties for their own marketing purposes without your explicit consent.

9. International Data Transfers

Panateer operates as a global consultancy with operations across the United Kingdom, Singapore, Thailand, and broader ASEAN markets. Your data may be processed or stored outside the United Kingdom as a result of our international operations or the use of global technology platforms.

Where personal data is transferred outside the UK or EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office or relevant supervisory authority
  • Transfers only to countries or organisations recognised as providing an adequate level of data protection
  • Binding corporate rules or equivalent mechanisms where applicable

 

For transfers involving AI platforms, we rely on the data processing agreements and international transfer mechanisms published by those providers, supplemented by our own contractual requirements where appropriate.

You may request details of the specific safeguards in place for any transfer by contacting us at kate@panateer.com.

10. United States Privacy Rights

Panateer operates internationally and may collect personal data from individuals located in the United States. We are committed to respecting the privacy rights of US residents and apply the standards set out below across all our operations, in alignment with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and equivalent legislation across US states. We apply these standards as a matter of principle and global commitment, irrespective of whether specific statutory thresholds are met.

California Residents (CCPA and CPRA)

If you are a California resident, you have the following rights:

  • The right to know what personal data we collect, use, share, or sell
  • The right to delete personal data we hold about you, subject to certain exceptions
  • The right to correct inaccurate personal data
  • The right to opt out of the sale or sharing of your personal data. Panateer does not sell personal data
  • The right to limit the use of sensitive personal information
  • The right to non-discrimination for exercising your privacy rights

Other US State Residents

Residents of Colorado, Virginia, Texas, Connecticut, and other US states with applicable privacy legislation have broadly equivalent rights regarding access, correction, deletion, and opt-out of data processing. We will honour requests from residents of any US state in line with the spirit and intent of applicable local law.

How to Exercise Your Rights

To exercise any of the above rights, please contact us at kate@panateer.com. We will respond within 45 calendar days, consistent with CCPA requirements, with the option to extend by a further 45 days where reasonably necessary.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to analyse traffic, improve user experience, and understand how visitors interact with our content. We use the following categories of cookies:

  • Strictly necessary cookies: required for the website to function correctly and cannot be disabled
  • Analytics cookies: including Google Analytics, which collects anonymised usage data to help us understand how visitors use our site. Data is processed under Google’s data processing terms
  • Functionality cookies: which remember your preferences to improve your browsing experience

 

We do not currently use advertising or retargeting cookies.

We obtain your consent before placing any non-essential cookies on your device. You can manage your cookie preferences through our consent tool or your browser settings. Disabling certain cookies may affect the functionality of the website.

For full details, please refer to our Cookie Policy available at panateer.com/cookie-policy/

12. Your Rights

Under the UK GDPR and applicable international data protection law, you have significant rights regarding your personal data. Panateer is committed to facilitating these rights regardless of your location.

Right of Access

To request a copy of the personal data we hold about you and information on how we process it.

Right to Rectification

To request that we correct any information you believe is inaccurate or incomplete.

Right to Erasure

To request that we delete your personal data, subject to certain legal exceptions such as our need to maintain business records for tax purposes.

Right to Restriction of Processing

To request that we limit how we use your data, for example if you contest the accuracy of the data.

Right to Data Portability

To request that we transfer the data we have collected to another organisation, or directly to you, in a structured, commonly used, and machine-readable format.

Right to Object

To object to our processing of your data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where we rely on your consent to process data, you have the right to withdraw that consent at any time without penalty.

Rights Related to Automated Decision-Making

To ensure you are not subject to a decision based solely on automated processing which produces legal or similarly significant effects concerning you. Where AI tools are used in our service delivery, human review is always applied before any significant output is shared.

Rights Under Thai PDPA

If you are located in Thailand, you have additional rights under the Personal Data Protection Act B.E. 2562, including the right to request temporary suspension of data use in certain circumstances.

Rights Under Singapore PDPA

If you are located in Singapore, you have rights under the Personal Data Protection Act 2012, including the right to withdraw consent and the right of access and correction.

 

To exercise any of these rights, please contact our team at kate@panateer.com. We will respond to your request within 30 calendar days. For your protection, we may require you to verify your identity before actioning certain requests.

13. Right to Lodge a Complaint

If you are located in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner’s Office:

  • Website: https://ico.org.uk
  • Telephone: 0303 123 1113

 

If you are located in the European Union, you have the right to lodge a complaint with your local supervisory authority.

If you are located in Thailand, you have the right to lodge a complaint with the Personal Data Protection Committee.

If you are located in Singapore, you have the right to lodge a complaint with the Personal Data Protection Commission.

 

We encourage you to contact us first at kate@panateer.com so we can address your concerns directly and promptly.

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices and recommend reviewing their policies independently before submitting any personal data.

15. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption, access controls, and regular review of our data handling practices.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours and inform you where required by applicable law.

Where a breach is likely to result in a high risk to your rights and freedoms, we will notify affected individuals directly without undue delay.

We require all third-party service providers and AI platform vendors to implement equivalent security standards as a condition of our engagement with them.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or operational scope. The most current version will always be available at panateer.com/privacy-policy.

Where changes are material, we will notify you by email where we hold your contact details, or by posting a prominent notice on our website for a period of 30 days. The version number and date at the top of this document will indicate when the most recent update was made.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:

 

Panateer Ltd

Email: kate@panateer.com

Website: https://panateer.com

 

Last Updated: May 2026  |  Version 1.3  |  Panateer Ltd  |  panateer.com

Scroll to Top