Skip to main navigation Skip to main content

Page translation not available

This page is not available in the language that has been selected and will appear in English.

Search

Quick links
Contact us

020 8247 3351

49 Parkside, London, SW19 5NB
United Kingdom
Make an enquiry

Website Privacy Notice

What is the purpose of this document

As part of our ongoing commitment to keeping you informed, here is our Privacy Notice which sets out how we store and use your information when you visit our website and when you contact us. Icon Cancer Centre is firmly committed to protecting the privacy of information we may collect from our online visitors.

Who we are and other important information

Our website is operated by Integrated Clinical Oncology Network UK Ltd (“Icon”) and the wider Icon group of companies (“Icon Group”). Icon Group employees carry out a number of functions to support the Icon Cancer Centre website, and these employees maybe located in the UK, the EEA or in a third country such as Australia (our Head Office). Details for the UK companies are set out below.

  • Cancer Centre London LLP, a company registered in England and Wales under company number OC352271 whose registered office is at Epsom Gateway, Ashley Avenue, Epsom, Surrey, KT18 5AL.

  • Integrated Clinical Oncology Network UK Ltd, a company registered in England and Wales under company number 15358341 whose registered office is at Suite 1, 7th Floor 50 Broadway, London, United Kingdom, SW1H 0DB. QPHL is registered with the Information Commissioners Office, registration number ZB753412.

Your privacy

This Privacy Notice describes how we collect and use personal information about you on our website, in accordance with Data Protection Legislation (UK General Data Protection Regulation (GDPR), Data Protection Act 2018, Data (Use and Access) Act 2025 and Privacy & Electronic Communications (EC Directive) Regulations 2003 and any subsequent or updated legislation).

Icon is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under Data Protection Legislation to notify you of the information contained in this privacy notice. If you have any queries, please contact us:

  • FAO: Icon Data Protection Officer

  • Email address: nicola.palmer@icon.team

  • Postal address: Swiatek Suite, Boutique Workplace Company’s ‘Old Town Hall’, 4 Queen’s Rd, London SW19 8YB.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for Data Protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

The information we gather and the purposes

When you visit our website, we capture certain visitor information which includes a small amount of personal data and also the cookies you use on this website. This is to enable functionality, to optimize the website's visual representation to the device you are using, and

for aggregated visitor traffic statistics, to understand how many visitors enter the site, which pages are displayed, for how long etc. We also capture your personal data when you contact us directly from our website or by email or phone, such as your name, contact information and the reason for contacting us.

We would also refer you to our Cookie Policy which has further details relating to your privacy.

Data Protection principles

The GDPR is based on six principles which are to be considered when processing Personal Data. Under the GDPR, Article 5 (1) Personal Data should:

  1. Be processed fairly, lawfully and transparently,

  2. Be collected and processed only for specified, explicit and legitimate purposes,

  3. Be adequate, relevant and limited to what is necessary for the purposes for which it is processed,

  4. Be kept accurate and up to date and any inaccurate data must be deleted or rectified without delay,

  5. Be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed,

  6. Be processed in a manner that ensures appropriate security, using appropriate technical and organisational measures.

Additionally, the UK GDPR Article 5 (2) requires organisations to demonstrate compliance with all the above principles and is sometimes known as the seventh principle.

The legal basis for the use of your information

We will only use your personal information when the law allows us to do so. Most commonly we will use your personal information in accordance with the following conditions for processing:

  • Consent (Article 6 (1a)) –we will process your personal data based on your consent when you contact us directly from our website, by email or phone. You may withdraw your consent at any time.

  • Legitimate interests (Article 6 (1f)) – We process your data for our legitimate interest and your interests and fundamental rights do not override those interests, to maintain our website and respond to any queries.

How long will you use my information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from our DPO.

Disclosure to third parties

We only share your information where we are strictly able to and only in accordance with Data Protection legislation.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. A list of third parties who we may share your data with can be obtained from our DPO.

International Transfers

Our data is typically hosted in the UK and other parts of the EEA, there are however some of our contracted technical service providers that process from outside of the EEA. Where these transfers and any other transfer that may occur in the future are concerned, we ensure that there is a legal basis for the transfer and a lawful transfer mechanism in place prior to any transfers in place.

Any such transfers currently done are done using either a transfer to a country with an adequacy ruling, or if a third country, using the relevant transfer mechanism such as the European Commission Standard Contractual Terms with the UK Addendum, or the UK International Data Transfer Agreement and the relevant transfer impact/risk assessments.

Data security

We take protecting your Personal Data very seriously and comply strictly with the provisions of Data Protection Legislation. Personal Data is captured on this website only to the extent required for the purposes described. Under no circumstances is the collected data sold on to third parties for any reason.

We have in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instruction and they are subject to a duty of confidentiality.

Third parties will only process your personal information on our instructions under contract and where they have agreed to treat the information confidentially and to keep it secure.

Your Rights

  • Your rights in connection with personal information

  • Under certain circumstances, by law you have the right to:

  • Right to be informed by the provision of a privacy notice when your personal information is processed.

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

  • Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.

  • Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.

  • Request the transfer of your personal information to another party.

  • Request a review of automated decision making, including profiling.

If you want to exercise any of your rights, please contact our DPO. You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the DPO as per above.

Your right to complain

We would encourage you to contact us, in the first instance, if you are unhappy with any aspect of the way in which we process your personal data. You can get in touch with our DPO using the details provided above.

If you are not satisfied with the outcome of your complaint, you have the right to refer such matters to the ICO (www.ico.org.uk). It is worth noting the ICO expect individuals to exhaust the complaints process internally before referring complaints to them.

Links to other sites

This website contains links to other sites that are not owned or controlled by Icon, please be aware that we are not responsible for or have control over the privacy policies of these sites. This privacy notice applies only to information gathered on this site and we strongly encourage you to read the privacy statements of every site you visit that gathers personal data.

Changes to this privacy notice

From time to time, we may revise this Privacy Notice. Any such changes will be reflected on this page. Icon recommends that you review this Privacy Notice regularly for any updates. The date on which this notice was last revised is located below.

Any queries regarding privacy or this notice can be referred to our DPO.

No 

Details 

Date 

Author 

V.1.0 

Initial creation 

April 2026

DPO