Privacy Policy

At Arthronica, our mission is to empower patients with their arthritic care. We are passionate about technology that eliminates the need for expensive face-to-face visits that can be conducted remotely, using any laptop or smartphone camera. This provides rapid access to data on your progression to optimise your recovery pathways. We are also passionate about privacy. We strive to fully comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) and to be market leaders when it comes to arthritic healthcare and privacy.

This policy explains how we use your personal data. We want to help you understand how we work with your data so that you can make educated choices and be in control of your data. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.

This policy explains how we use your personal data for our healthcare services and products. It also governs the use of your data through the Arthronica Applications (“Apps”), or any of our websites, including the Arthronica website (and any reference to our App in this policy shall also include a reference to the Arthronica websites).

This policy covers:

  1. Who we are;
  2. What personal data we hold and how we get it;
  3. What we use your personal data for;
  4. Sharing your personal data;
  5. Retention;
  6. Data security and transfers; and
  7. Your rights.

If you have any further questions about how we process your information, please don’t hesitate to get in touch by contacting our Data Protection Officer:

Address: Data Protection Officer, Procedure Health Limited, 16 Great Queen Street, London, England, WC2B 5AH



Our services are delivered by our company registered in England and Wales named Procedure Health Limited (number 12992309) providing you with the technology that supports you and our services. The registered office and primary place of business for our company are 16 Great Queen Street, London, England, WC2B 5AH.

Arthronica is a brand name for our platform, owned and operated by Procedure Health Limited.

When this policy talks about ‘Arthronica’, ‘us’ or ‘we’, it means Procedure Health Limited. When we talk about our website (the “Platform”) we mean the access point to our services that we provide through Arthronica website and associated Apps.

Procedure Health Limited are controllers and processors of your personal data provided to or collected by or for, or processed in connection with our services we provide you. This policy applies to Procedure Health Limited. Your relationship is with Procedure Health Limited. If for example, you would like to access your data, Procedure Health Limited is the entity to which you would make such a request.


We use the following categories of personal data:

Personal details

When you register with us, you will be asked to complete forms and provide us with basic information about yourself, such as your name, email address, date of birth, and optionally your physical address and phone number. You may also in time be asked to provide us with a copy of identification documentation or “ID” for identification checks to be carried out by us or your NHS registered trust. You are responsible for the accuracy of the information that you provide to us.

Physical Characteristics

You may also be asked questions about your physical characteristics such as your height and weight, and this is so we can link this data with your health and medical information. We may also ask you to match your skin tone, and this is only to help us with the analysis of your image and video data in relation to your range of movement related to your condition. This information will only ever be used when fully anonymised to help us train our machine learning models and to provide you with a better service through data analysis. All your data analytics will be made available to you through our services. All the data we gather will never be used for any other reason without your explicit consent.

Health and medical information

The primary type of information we hold about you is your health and medical information: information about your health, conditions, treatments, consultations or appointments, medications and any related procedures. This includes details of your consultations with our registered Physicians, and interactions with our digital services, including interactions with our medical assessments, analytics and condition related questionnaires, general health-related questionnaires and condition management services. Your interactions with our digital services may be shared with our Physicians in order to provide you with a better experience and for the purposes of providing you with health care assistance. You can refuse this service at any time if you so choose.

We get some of this information directly from you, when you register with us and when you use our services. If you register using the Patients Know Best service (known as “PKB”), we will receive your medical history from your records stored with them. You will be informed of this and have the option to decline. Any correspondence we receive from you is uploaded electronically to your Arthronica medical record and stored securely.

We retain recordings of our sites consultations and interactions with you. This includes your use of our messaging service to communicate with your physician. This is in order to provide you with an easy way to check your consultations and communications where you wish to so that we can ensure high-quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. To monitor our service quality, we may retain records of when you contact our support teams via email, phone or our messaging service on the App. Recordings are held securely in accordance with our retention policy. You can access recordings or transcripts of your consultations, communications or interactions with us (depending on the format) for a limited time through the site or from us. Please refer to the ‘Retention Periods’ section of this policy.

We also hold information about you and your health from the Arthronica app, devices and services where you have given your consent to that data being shared with us. Examples include where you decide to share information collected from a smartwatch or similar device with our services.

Financial information

If you make any payments on the App, your credit/debit card details are processed directly by a third-party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers, and we will not retain your credit or debit card information.

Technical information and analytics

When you use our Platform, we may automatically collect the following information where this is permitted by your device or browser settings:

  • technical information, including the address, used to connect your mobile phone or another device to the internet, your login information, system and operating system platform type and version, device model, browser or app version, time zone setting, language and location preferences, wireless carrier and your location (based on IP address); and
  • information about your visit (such as when you first used the Platform and when you last used it, and the total number of sessions you have had on that App), including products and services you viewed or used, Platform response times and updates, interaction information (such as button presses or the times and frequency of your interactions with the communications we deliver to you in the Platform or otherwise) and any phone number used to call our customer service number.

Cookies and similar technologies are not used to collect, store or gather personal data about you in any way. Our Cookie Policy is available here.

Information obtained from third-party services

You may choose to connect your existing accounts with other providers (such as a social media provider), for example, when signing up to make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address and name.


The purposes for which we use your personal data and the legal grounds on which we do so are as follows:

Providing you with a service
  • We obtain and use your personal details and financial details (if applicable) in order to establish and deliver our contract with you and charge you correctly.
  • We obtain and use your medical information because this is necessary for medical purposes, including medical analysis and the provision of our healthcare services. This includes the information collected through our interactions with you, such as questionnaires, assessments, consultations and imagery, our digital services. It may also include sharing information with other healthcare professionals and physicians as necessary when you choose for the provision of care for you.

Empowering you with your care
  • Where you have provided your explicit consent by using our Platform and based on our legitimate interest to you and all arthritic suffers, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our products and services, our artificial intelligence system and our machine learning algorithms so that we can deliver better care to you and other Arthronica users. This medical information (with your personal identifiers removed in the way described above) may include filled in questionnaires, information regarding your condition (including, but not limited to your images and videos), and your interactions with our assessment services, such as your range of movement analytics. This does not involve making any decisions which would have a significant effect on you – it is only about improving our products, services and software so that we can deliver a better experience to you and other Arthronica users, and help achieve our aim of empowering all people with their arthritic care. Strict confidentiality and data security provisions apply at all times. This consent relates to information that can identify you.
  • We may obtain and use data about your precise location where you give your consent (through providing us access to your location through our Platform on your device or browser settings or your address), for example, to help direct you to the nearest pharmacy. We may also derive your approximate location from your IP address.

Keeping you up to date
  • We use your email address, phone number and/or details to contact you or present you with occasional updates on our services and updates from your physician where you have not opted out, based on our legitimate interest in our services to you and subject to your right to opt-out at any time.
  • As part of providing you with high-quality services, we may contact you by SMS, email and/or other means to offer you helpful information or invite you to make consultations, for example with your linked and authorised physician.

Other uses
  • Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to troubleshoot bugs within our Platform, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you, it is only about improving our Platform so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
  • Where necessary, we may need to share personal and financial details (where applicable) for the purposes of fraud prevention and detection.
  • We also store your medical information, such as notes from assessments, recordings of consultations with physicians as well as your interactions with our digital services including interactions with our analytical services, and condition management services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, Information Commissioner's Office, and Care Quality Commission, or as otherwise required by law or regulation.
  • Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.

We may use non-medical data from which you cannot be identified to improve our products and services.


We may share your personal data with our partners (such as the NHS Trusts, where you access our NHS service and with services you have authorised such as Patients Know Best). This is to help us deliver our services to you.

We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us and our policies. Unless required we will anonymise all your key identifiers from your data.

Where you access our services through your health insurance provider or any of our commercial partners (including your employer) we may share with such a partner your name, date of birth, email address, identification numbers, location, and the fact you have registered/used the service (and any other similar information). We will not without your explicit consent, share any details relating to the content of your condition or communications with us or your health/medical records. With your consent, we may share the date of the consultations, details of your conditions, any prescriptions, whether or not you had a referral made and other similar information about your consultations with us.

Information sharing with other healthcare service providers

We will, with your permission and where necessary for your treatment or care, share your information with your other health and social care providers. For example, your NHS GP (if he or she is linked with you as your Physician) and other NHS bodies, specialist referral services, if these are the services that you signed up through. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations.

Anonymised information

We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.


If you are a patient linked to a physician, this may also include sharing your anonymised data to support medicines usage and management relating to our patients and their conditions.

We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.

Except as described above, we will never share your personal information with any other party without your consent.


We retain your medical records in accordance with national best practice guidance – in particular, the advice provided by the Department of Health (2016) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records that do not identify you under the GDPR classification of, “legitimate interest”, for purposes such as managing, improving or planning our business, or records for other periods as required by law or regulation.

Physicians records

The retention period for physicians records of any patient is ten years after patient death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (or “EPR’s”) must not be destroyed or deleted, for the foreseeable future. Physicians records include medical records, consultations with physicians and all communications and interactions.

Video/Phone/Voice/Audio consultations

Retained as per Physicians Records above. Available via our Platform for a limited period (currently 14 days, subject to change) after consultation, after which available upon request (if existing or in text format).

Analytics performed on image or video data

Retained as Physicians Records above. Available via our Platform for a limited period (currently 12 months, subject to change and feature availability), after which available upon request.

Communications with our support teams

One year after exiting from our Platform.


We do not store any of your security, personal, medical, questionnaire, assessment or communication data on your device, regardless of whether it is a desktop computer, mobile phone, tablet or any related device that can access the internet. We store all your data on secure servers with Amazon Web Services (or “AWS”).

Where you have chosen a password that enables you to access our Platform, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. If someone would like to take image or videos of your condition for you, then you may add them as a Physician from your Home or Profile page. This way they can select their role appropriately and add content for you which you will see linked to your account.

We do not store any credit or debit card information. Payments (if needed) are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL/TLS technology.

We encrypt data transmitted to and from the Platform. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Your data may be processed or stored via destinations outside of the UK and the European Economic Area (EEA), but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA. For further information on the safeguards, we take if we transfer data outside of the EEA, contact


As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw this consent at any time by accessing the privacy settings in the Platform.

You also have specific rights under the GDPR and DPA to:

  • wherever we process data based on your consent, withdraw that consent at any time. You can do this via your settings and privacy section of our Platform;
  • understand and request a copy of the information we hold about you. Subject to our retention periods and other medical records that can be accessed via the Platform. For other information, you can make a request by email; and
  • ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical and health records stated in Retention periods above;
  • ask us to restrict our processing of your personal data or object to our processing; and
  • ask for your data to be provided on a portable basis.

You may also contact the Information Commissioner's Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).

Contact us

For any questions or concerns, you can contact us by sending an email to