At Arthronica, our mission is to empower patients with their arthritic care. We are passionate about technology that eliminates the need for expensive face-to-face visits that can be conducted remotely, using any laptop or smartphone camera. This provides rapid access to data on your progression to optimise your recovery pathways. We are also passionate about privacy. We strive to fully comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) and to be market leaders when it comes to arthritic healthcare and privacy.
This policy explains how we use your personal data. We want to help you understand how we work with your data so that you can make educated choices and be in control of your data. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
This policy explains how we use your personal data for our healthcare services and products. It also governs the use of your data through the Arthronica Applications (“Apps”), or any of our websites, including the Arthronica website (and any reference to our App in this policy shall also include a reference to the Arthronica websites).
This policy covers:
If you have any further questions about how we process your information, please don’t hesitate to get in touch by contacting our Data Protection Officer:
Address: Data Protection Officer, Procedure Health Limited, 16 Great Queen Street, London, England, WC2B 5AH
Our services are delivered by our company registered in England and Wales named Procedure Health Limited (number 12992309) providing you with the technology that supports you and our services. The registered office and primary place of business for our company are 16 Great Queen Street, London, England, WC2B 5AH.
Arthronica is a brand name for our platform, owned and operated by Procedure Health Limited.
When this policy talks about ‘Arthronica’, ‘us’ or ‘we’, it means Procedure Health Limited. When we talk about our website (the “Platform”) we mean the access point to our services that we provide through Arthronica website and associated Apps.
Procedure Health Limited are controllers and processors of your personal data provided to or collected by or for, or processed in connection with our services we provide you. This policy applies to Procedure Health Limited. Your relationship is with Procedure Health Limited. If for example, you would like to access your data, Procedure Health Limited is the entity to which you would make such a request.
We use the following categories of personal data:
When you register with us, you will be asked to complete forms and provide us with basic information about yourself, such as your name, email address, date of birth, and optionally your physical address and phone number. You may also in time be asked to provide us with a copy of identification documentation or “ID” for identification checks to be carried out by us or your NHS registered trust. You are responsible for the accuracy of the information that you provide to us.
You may also be asked questions about your physical characteristics such as your height and weight, and this is so we can link this data with your health and medical information. We may also ask you to match your skin tone, and this is only to help us with the analysis of your image and video data in relation to your range of movement related to your condition. This information will only ever be used when fully anonymised to help us train our machine learning models and to provide you with a better service through data analysis. All your data analytics will be made available to you through our services. All the data we gather will never be used for any other reason without your explicit consent.
The primary type of information we hold about you is your health and medical information: information about your health, conditions, treatments, consultations or appointments, medications and any related procedures. This includes details of your consultations with our registered Physicians, and interactions with our digital services, including interactions with our medical assessments, analytics and condition related questionnaires, general health-related questionnaires and condition management services. Your interactions with our digital services may be shared with our Physicians in order to provide you with a better experience and for the purposes of providing you with health care assistance. You can refuse this service at any time if you so choose.
We get some of this information directly from you, when you register with us and when you use our services. If you register using the Patients Know Best service (known as “PKB”), we will receive your medical history from your records stored with them. You will be informed of this and have the option to decline. Any correspondence we receive from you is uploaded electronically to your Arthronica medical record and stored securely.
We retain recordings of our sites consultations and interactions with you. This includes your use of our messaging service to communicate with your physician. This is in order to provide you with an easy way to check your consultations and communications where you wish to so that we can ensure high-quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. To monitor our service quality, we may retain records of when you contact our support teams via email, phone or our messaging service on the App. Recordings are held securely in accordance with our retention policy. You can access recordings or transcripts of your consultations, communications or interactions with us (depending on the format) for a limited time through the site or from us. Please refer to the ‘Retention Periods’ section of this policy.
We also hold information about you and your health from the Arthronica app, devices and services where you have given your consent to that data being shared with us. Examples include where you decide to share information collected from a smartwatch or similar device with our services.
If you make any payments on the App, your credit/debit card details are processed directly by a third-party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers, and we will not retain your credit or debit card information.
When you use our Platform, we may automatically collect the following information where this is permitted by your device or browser settings:
You may choose to connect your existing accounts with other providers (such as a social media provider), for example, when signing up to make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address and name.
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
We may use non-medical data from which you cannot be identified to improve our products and services.
We may share your personal data with our partners (such as the NHS Trusts, where you access our NHS service and with services you have authorised such as Patients Know Best). This is to help us deliver our services to you.
We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us and our policies. Unless required we will anonymise all your key identifiers from your data.
Where you access our services through your health insurance provider or any of our commercial partners (including your employer) we may share with such a partner your name, date of birth, email address, identification numbers, location, and the fact you have registered/used the service (and any other similar information). We will not without your explicit consent, share any details relating to the content of your condition or communications with us or your health/medical records. With your consent, we may share the date of the consultations, details of your conditions, any prescriptions, whether or not you had a referral made and other similar information about your consultations with us.
We will, with your permission and where necessary for your treatment or care, share your information with your other health and social care providers. For example, your NHS GP (if he or she is linked with you as your Physician) and other NHS bodies, specialist referral services, if these are the services that you signed up through. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations.
We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
If you are a patient linked to a physician, this may also include sharing your anonymised data to support medicines usage and management relating to our patients and their conditions.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
Except as described above, we will never share your personal information with any other party without your consent.
We retain your medical records in accordance with national best practice guidance – in particular, the advice provided by the Department of Health (2016) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records that do not identify you under the GDPR classification of, “legitimate interest”, for purposes such as managing, improving or planning our business, or records for other periods as required by law or regulation.
The retention period for physicians records of any patient is ten years after patient death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (or “EPR’s”) must not be destroyed or deleted, for the foreseeable future. Physicians records include medical records, consultations with physicians and all communications and interactions.
Retained as per Physicians Records above. Available via our Platform for a limited period (currently 14 days, subject to change) after consultation, after which available upon request (if existing or in text format).
Retained as Physicians Records above. Available via our Platform for a limited period (currently 12 months, subject to change and feature availability), after which available upon request.
One year after exiting from our Platform.
We do not store any of your security, personal, medical, questionnaire, assessment or communication data on your device, regardless of whether it is a desktop computer, mobile phone, tablet or any related device that can access the internet. We store all your data on secure servers with Amazon Web Services (or “AWS”).
Where you have chosen a password that enables you to access our Platform, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. If someone would like to take image or videos of your condition for you, then you may add them as a Physician from your Home or Profile page. This way they can select their role appropriately and add content for you which you will see linked to your account.
We do not store any credit or debit card information. Payments (if needed) are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL/TLS technology.
Your data may be processed or stored via destinations outside of the UK and the European Economic Area (EEA), but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA. For further information on the safeguards, we take if we transfer data outside of the EEA, contact DPO@arthronica.com.
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw this consent at any time by accessing the privacy settings in the Platform.
You also have specific rights under the GDPR and DPA to:
You may also contact the Information Commissioner's Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).
For any questions or concerns, you can contact us by sending an email to DPO@arthronica.com.