top of page
Heading.png
Book Medical

Privacy Policy: Vortex Medicals

Last Updated: 19th February 2026

1. Introduction

Vortex Medicals (“we,” “us,” or “our”), a division of Vortex Medical Ltd, is committed to protecting the privacy and security of your personal and medical data. Our primary service involves obtaining your medical records, reviewing them, and completing the necessary medical proforma required by Police Firearms Licensing Departments for shotgun or firearms certificates.

This policy outlines how we collect, use, and safeguard your highly sensitive information when you use our services.

2. Data Controller Information

Vortex Medical Ltd is the data controller responsible for your personal data.

  • Company Name: Vortex Medical Ltd

  • Registered Office: 17 Fourth Avenue, Bridlington, YO15 2LN

  • Email: admin@vortexmedicals.co.uk

  • Data Protection Officer (DPO): Sam Berridge

 

3. The Data We Collect

To provide our firearms medical screening service, we must collect and process various types of data, including highly sensitive health data:

  • Identity & Application Data: Name, date of birth, gender, address, NHS number, and details regarding your firearms or shotgun certificate application.

  • Contact Data: Billing address, email address, and telephone numbers.

  • Full GP Medical Records: To provide our service, we receive your complete medical history directly from your registered GP.

  • Targeted Medical Data: From your full records, our medical professionals extract only the specific medical history, diagnoses, and mental health information required by the Police Firearms Licensing Department.

  • Technical & Transaction Data: IP address, browser type, payment details, and records of the services you have purchased from us.

 

4. How We Use Your Data & Our Lawful Basis

Under UK GDPR, we must have a "Lawful Basis" for processing standard data, and an additional condition under Article 9 for processing "Special Category" (health) data. Because this service is an administrative screening rather than direct medical care, we rely heavily on your Explicit Consent.

PurposeType of DataLawful BasisArticle 9 Basis (Health Data)

Requesting GP Records Identity, Contact Contract: Necessary to provide our service.Explicit Consent: Actively agreeing to us requesting this.

Reviewing Records & Populating FormsFull Medical RecordsContract: Necessary to provide our service.Explicit Consent: Actively agreeing to our doctors reviewing your files.

Submitting Forms to PoliceTargeted Medical DataContract: Necessary to provide our service.Explicit Consent: Actively agreeing to the transfer of data to the police.

Payment ProcessingIdentity, TransactionContract: To process your payment.N/A

Legal ComplianceIdentity, TransactionLegal Obligation: Tax and accounting records.

Note: You have the right to withdraw your consent at any time before the medical proforma is submitted to the police. Once submitted, we may be legally required to retain a record of the transaction.

5. Data Minimisation & Retention

We adhere to strict data minimisation principles, ensuring we only hold onto your sensitive data for as long as absolutely necessary.

  • Processing Full Records: We only hold your full GP medical records for the duration required for our medical assessors to review them and populate the firearms medical proforma.

  • Destruction of Full Records: Once your medical proforma has been completed and dispatched, your full GP medical record is securely and permanently deleted from our active systems within [e.g., 30 days]. We do not retain your full medical history.

  • Retention of Completed Forms: We retain a copy of the completed firearms medical proforma and your consent records for [e.g., 7 years]. This is to protect against legal claims, demonstrate regulatory compliance, and assist with any follow-up inquiries from the police.

 

6. Data Sharing & Third Parties

We do not sell your data. To facilitate your firearms application, we share your data strictly with the following necessary parties:

  • Your Registered GP Practice: To request and receive your full medical records.

  • Police Firearms Licensing Departments: We submit the completed medical proforma directly to the relevant regional police force handling your application.

  • Our Medical Assessors: GMC-registered doctors contracted by Vortex Medicals who securely access and review your records to complete the required forms.

  • Service Providers: Highly secure, GDPR-compliant IT, cloud hosting, and payment processing providers.

 

7. International Transfers

Your data is primarily stored securely within the UK/EEA. If we use a service provider outside this zone (e.g., secure cloud storage), we ensure strict safeguards, such as Standard Contractual Clauses (SCCs) or UK adequacy regulations, are in place to maintain the highest level of data protection.

 

8. Data Security

 

Given the sensitive nature of the data we process, we implement rigorous security measures:

  • Encryption: All medical data is encrypted at rest and in transit (SSL/TLS).

  • Access Control: Access to your full medical records is strictly limited to the specific GMC-registered doctor assessing your file.

  • Secure Transfer: Data transfers between your GP, Vortex Medicals, and the Police utilize secure, recognized digital transmission protocols.

 

9. Your Legal Rights

 

Under the UK GDPR, you have the right to:

  1. Withdraw Consent: You may withdraw your consent for us to process your medical records at any point before submission to the police.

  2. Access: Request a copy of the personal data we hold about you.

  3. Correction: Request that we fix inaccurate or incomplete information.

  4. Erasure: Request we delete your data (subject to our 7-year retention policy for completed assessments).

  5. Restriction/Objection: Ask us to suspend the processing of your data in certain scenarios.

 

To exercise these rights, please contact us at admin@vortexmedicals.co.uk.

 

10. Complaints

If you have concerns about how we handle your data, please contact us first so we can resolve the issue. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

bottom of page