Privacy and legislation

A compliant and consistent approach to data protection

Data protection, GDPR and MHRA

Protection of your data is something that ICST takes seriously, and we like to make sure that you are informed of how we use your data at every step.

The Data Protection Act 2018 & GDPR:

ICST is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. If you have any questions related to our data protection & GDPR compliance, please contact our Data Protection Officer ( or contact us on to exercise one of your rights, such as make a Data Subject Access Request.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Everyone responsible for using personal data must follow strict rules called ‘data protection principles. They must make sure the information is:
  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
There is stronger legal protection for more sensitive information, such as:
  • race
  • ethnic background
  • political opinions
  • religious beliefs
  • trade union membership
  • genetics
  • biometrics (where used for identification)
  • health
  • sex life or orientation
There are separate safeguards for personal data relating to criminal convictions and offences.

Your rights

Under the Data Protection Act 2018, you have the right to find out what information organisations store about you. These include the right to:
  • be informed about how your data is being used
  • access personal data
  • have incorrect data updated
  • have data erased
  • stop or restrict the processing of your data
  • data portability (allowing you to get and reuse your data for different services)
  • object to how your data is processed in certain circumstances
You also have rights when an organisation is using your personal data for:
  • automated decision-making processes (without human involvement
  • profiling, for example to predict your behaviour or interests
If you think your data has been misused or that it has not kept it secure, you should contact us.

If you’re unhappy with our response, you can make a complaint to the Information Commissioner’s Office (ICO) or get advice from the ICO.


Telephone: 0303 123 1113

Textphone: 01625 545860

Privacy Policies:

ICST Privacy Policy
For users of our patient self-management apps
In England

In Wales

For users of our healthcare professional platforms/academies:

In England

In Wales
Terms and Conditions:
For users of our patient self-management apps
In England

In Wales

For users of our healthcare professional platforms/academies:

In England

In Wales


The patient apps are registered with MHRA as Class I Self-Care/Reporting Software. ICST sets high standards for app safety, ensuring that patients using our apps are as safe as possible and any possible risks associated with its use are minimised.

Let's talk

Get in touch with our team

Please complete the enquiry form and our team will be in touch.