MSL Privacy & Security

As part of Membership Solution Ltd’s commitment to client care, we take care to protect the information you supply to us. MSL is registered with the ICO under the Data Protection Act 2018 with registration number Z1573054.

Why we are able to process your information

The personal information we process is provided to us directly by you for one of the following reasons:

  • You have made an enquiry to us
  • You have made an information request to us
  • You wish to attend, or have attended, an event
  • You subscribe to our newsletter
  • You are representing your organisation
  • You are a business partner of ours
  • You provide services to us
  • You have contacted us to discuss your own products/services with us

We may also receive personal information indirectly, in the following scenarios:

  • Your contact details are provided to us by someone else representing your organisation
  • An employee of ours gives your contact details as an emergency contact or a referee.

Under data protection law, you have certain rights we need to make you aware of. Your rights depend on our reason for processing your information and you can read more about these rights here.

Right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not receive all the information we process. 

Right to rectification
You have the right to ask us to rectify information you think is inaccurate and to complete information you think is incomplete. This right always applies.

Right to erasure
You have the right to ask us to erase your personal information in certain circumstances. 

Right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. 

Right to object to processing
You have the right to object to processing if we process your information because the process is in our legitimate interests. 

Right to data portability
You have the right to ask that we transfer the information you gave us to another organisation or return it to you. This only applies to information you have given us and only if we are processing information based on your consent, or under (or in talks about entering into) a contract, and only if the processing is automated. 

Rights in relation to automated decision making and profiling
You have the right to not be subject to processing which is “automated” and carried out without human intervention, where it produces legal effects or significantly affects you. Automated processing includes profiling.

You do not pay a charge to exercise your rights. We have one month to respond to you.

Please contact us at if you wish to make a request. 

Data Protection Representation in the European Union

Membership Solutions Limited takes the protection of personal data seriously and has appointed DataRep as their Data Protection Representative in the European Union for the purposes of EU-GDPR* so that you can contact them directly in your home country.

If you wish to contact DataRep, email at  quoting  "Membership Solutions Limited (trading as MSL)" in the subject line.

Or to DataRep, The Cube, Monahan Road , Cork, T12 HlXY, Republic of Ireland.

* The General Data Protection Regulation, EU 2016/679

Purpose and legal basis for processing

  Purpose Legal basis

Where MSL has a legal agreement with you or with the organisation you belong to, our legal basis for processing your personal data is because it is necessary to perform the contract

This legal basis also applies if we are in discussions or preliminary steps towards entering a contract, for example, if you have asked for product information or a quote.

2 Where we process your data in order to carry out direct marketing activities is because it is necessary for the purposes of our legitimate interests as a business which provides digital solutions to a defined niche market. Legitimate interest
3 The purpose of implementing the Live Chat facility, Telephony system, Analytics and Cookies is to maintain and monitor the performance of our website and to continuously improve the site and the services it offers to users. The legal basis we rely on to process your data, in this case, is because it is necessary for the purposes of our legitimate interests.  Legitimate interest

Data retention

We retain personal data for as long as we provide services to you or your organisation. However, we may keep some data after you or your organisation ceases to use our services, for the purposes set out below. 

Should you cease to use our services, we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our customer terms, offer new services you may be interested in, or to fulfil your request to “unsubscribe” from further messages from us. If none of these obligations applies we will delete your personal data within 12 months of your account being closed. 

Processing by third parties

We will not share your information with any third parties for any purposes other than to assist MSL in providing services to you.

We have contracts in place with our third-party data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it.

They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

In some circumstances, we are legally obliged to share information. For example under a court order or where we cooperate with supervisory authorities in handling investigations. In any scenario, we will satisfy ourselves that we have a lawful basis to share the information and document our decision.

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information.


We use the Capsule CRM system which is a service provided by Zestia Ltd., a third-party UK data processor. 

Capsule CRM data is stored with Amazon Web Services (AWS) in the United States. Data stored outside the EU has to be in a safe country or with a company that complies with the safeguards required by the UK-GDPR, and the USA meets these requirements. Zestia has also agreed to a Data Processing Addendum with a number of third-party providers who support the provision of Capsule CRM services. The Addendum commits them to the UK-GDPR Model Contract Clauses, defined by the European Commission. This ensures the safe processing of data and is in accordance with UK data protection law.

Marketing automation

We use Wired Plus which is a service provided by IDHL Technology Limited, part of the IDHL Group, and Transpond which is a service provided by Capsule CRM, third-party UK data processors. Data remains in the European Economic Area. All data stored, processed and transmitted through Wired Plus products and services resides on Amazon Web Services data centres.

Case management

We use the Freshdesk case management system as our primary support service platform provided by Freshworks, with data remaining in the European Economic Area. Almost all data stored, processed and transmitted through Freshworks products and services resides on Amazon Web Services data centres.

In addition, we use the FogBugz case management system, provided by Fog Creek Software, to support the delivery of our services. The Fogbugz system and the personal data it contains are securely held in the UK on the Warwick University network under MSL management.


We use a third-party provider, Elevate, to supply and support our telephony service.

When you call our mainline (+44 (0)330 828 1837) or any of our team's direct numbers, we can see your Caller ID which is the phone number you are calling from, if it is not withheld. We hold a log of the phone number, date, time and duration of the call, and we may make notes. If you use this service, the telephone call will be recorded for training and quality assurance purposes. 

As the sub-data processor, Elevate will store the telephone call recordings for 90 days. These recordings can be deleted sooner upon request.

Social media

We use a third-party provider, Hootsuite, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by Hootsuite for three months. It will not be shared with any other organisations.

We review all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system as an enquiry. 

Live chat

We use a third-party provider, Freshchat, to supply and support our live chat helpdesk service.

If you use this service, we’ll collect your name and the contents of your live chat session. We’ll also collect your email address, if you choose to provide it, to send you a transcript of the chat. We’ll keep this information for the duration of your contract with us. Once the contract is terminated, some of the obligations survive and so we may keep this data for as long as the obligation exists.  In addition, the nature of the query may be such that we are required to open a case containing this information in our primary case management system, Freshdesk. 

As the sub-data processor, Freshdesk will store live chat transcripts for one year.


When you visit and we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is always processed in a way that does not identify any individual. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we collect personal data through our website, we will be transparent about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.


We use the Google reCAPTCHA APIs as part of our services to help protect our clients and the MSL System from cyber spam and abuse. You acknowledge and understand that the reCAPTCHA API works by collecting hardware and software information, such as device and application data, and sending this data to Google for analysis. The information collected in connection with your use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalised advertising by Google.  You can find further details via this link


You can read more about how we use cookies on our Cookies page.

If you have queries or concerns about this policy, please contact us at

Say hello!

We treat our clients like they're part of the family -- when we say you’ll have our full attention, we mean it.