Thrive in business with healthy teams
Facebook-f X-twitter Linkedin
Book An Appointment

Privacy Policy

Last updated: April 2026  |  Version 1.0  |  Document Ref: AMS-PP-001

Document TitlePrivacy Policy
Document ReferenceAMS-PP-001
Version1.0
Date IssuedApril 2026
Next Review DateApril 2027
Document OwnerArtensia Medical Services
ClassificationPublic

Data Controller

Artensia Medical Services is the data controller for personal data processed in connection with our occupational health services.

Email: admin@artensiamedical.com
Website: www.artensiamedical.com

Who We Are

Artensia Medical Services provides independent occupational health assessments to employers and occupational health providers across the UK. We are committed to protecting personal data and handling it responsibly in full accordance with UK GDPR and the Data Protection Act 2018.

What Personal Data We Collect

We may collect the following categories of personal data:

  • Name and contact details (including email address and telephone number)
  • Employer and organisational information
  • Information provided through enquiries or referrals

Health Information

We do not collect clinical or health information via general website forms or unsecured email channels. Where occupational health assessments are undertaken, health data is processed securely within our clinical systems (including Orchid Live) in accordance with strict confidentiality and data protection requirements.

How We Use Your Data

We use personal data for the following purposes:

  • To respond to enquiries from employers and individuals
  • To arrange and deliver occupational health services
  • To communicate with employers and employees as required in connection with referrals
  • To meet our legal, regulatory, and professional obligations

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Legitimate interests – providing occupational health services to employers and referrers
  • Legal obligation – compliance with professional, regulatory, and statutory requirements

Where special category health data is processed, this is done under:

  • Article 9(2)(h) UK GDPR – provision of health or occupational medicine services by a health professional subject to an obligation of professional secrecy

Sharing Your Data

We may share personal data where necessary with:

  • Referring employers or occupational health providers, for the purposes of the referral
  • Secure IT and system providers (including Microsoft 365 and Orchid Live) acting as data processors on our behalf
  • Regulators or legal authorities where required by law

We do not sell personal data to any third party.

Where we engage third-party data processors, we ensure that appropriate data processing agreements are in place in accordance with Article 28 UK GDPR. These processors act only on our documented instructions and are not permitted to use personal data for their own purposes.

Data Security

We apply appropriate technical and organisational measures to protect personal data, including:

  • Microsoft 365 for business communications, with UK data residency
  • Orchid Live, a UK-hosted clinical management system for occupational health records
  • Encrypted email for external communication involving personal or clinical data
  • Restricted, role-based access controls – clinical records are accessible only to authorised personnel

Our data is hosted exclusively within the United Kingdom.

Data Breach Notification

In the event of a personal data breach, we will:

  • Assess the risk to individuals without undue delay
  • Notify the Information Commissioner’s Office (ICO) within 72 hours where required under Article 33 UK GDPR
  • Notify affected individuals where a breach is likely to result in high risk to their rights and freedoms

Data Retention

We retain personal data only for as long as necessary. For occupational health records, we follow guidance from the Faculty of Occupational Medicine, retaining clinical records for a minimum of 8 years following the end of the professional relationship unless a longer period is required by law. General enquiry data is retained for no longer than reasonably necessary.

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectification of inaccurate or incomplete data
  • Erasure of your personal data where applicable
  • Restriction of processing in certain circumstances
  • Object to processing based on legitimate interests
  • Data portability where applicable

To exercise any of these rights, contact us at admin@artensiamedical.com. We will respond within one calendar month.

You also have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.

Updates to This Policy

We review this policy periodically. The date of the most recent update is shown at the top of this page.

Contact

Artensia Medical Services
Email: admin@artensiamedical.com
Website: www.artensiamedical.com

Version History

Version Date Author Summary of Changes
1.0April 2026Artensia Medical ServicesInitial version – policy created and published