Privacy & Security

As part of Membership Solution Ltd’s commitment to client care, we take care to protect the information you supply to us. MSL is registered with the ICO under the Data Protection Act 1998 with registration number Z1573054.

Why we are able to process your information

The personal information we process is provided to us directly by you for one of the following reasons:

  • You have made an enquiry to us
  • You have made an information request to us
  • You wish to attend, or have attended, an event
  • You subscribe to our newsletter
  • You are representing your organisation
  • You are a business partner of ours
  • You provide services to us
  • You have contacted us to discuss your own products/services with us

We may also receive personal information indirectly, in the following scenarios:

  • Your contact details are provided to us by someone else representing your organisation
  • An employee of ours gives your contact details as an emergency contact or a referee.

Under data protection law, you have certain rights we need to make you aware of. Your rights depend on our reason for processing your information and you can read more about these rights here.

Right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not receive all the information we process. 

Right to rectification
You have the right to ask us to rectify information you think is inaccurate and to complete information you think is incomplete. This right always applies.

Right to erasure
You have the right to ask us to erase your personal information in certain circumstances. 

Right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. 

Right to object to processing
You have the right to object to processing if we process your information because the process is in our legitimate interests. 

Right to data portability
You have the right to ask that we transfer the information you gave us to another organisation or return it to you. This only applies to information you have given us and only if we are processing information based on your consent, or under (or in talks about entering into) a contract, and only if the processing is automated. 

You do not pay a charge to exercise your rights. We have one month to respond to you.

Please contact us at if you wish to make a request. 

Data Protection Representation in the European Union

Membership Solutions Limited takes the protection of personal data seriously and has appointed Data Rep as their Data Protection Representative in the European Union for the purposes of EU-GDPR* so that you can contact them directly in your home country.

More information about and contact details for Data Rep can be accessed here.

* The General Data Protection Regulation, EU 2016/679

Purpose and legal basis for processing

  Purpose Legal basis

Where MSL has a legal agreement with you or with the organisation you belong to, our legal basis for processing your personal data is because it is necessary to perform the contract

- This legal basis also applies if we are in discussions or preliminary steps towards entering a contract, for example if you have asked for product information or a quote.

2 Where we process your data in order to carry out direct marketing activities it is because it is necessary for the purposes of our legitimate interests as a business which provides digital solutions to a defined niche market. Legitimate interest
3 The purpose for implementing the Live Chat facility, Analytics and Cookies is to maintain and monitor the performance of our website and to continuously improve the site and the services it offers to users. The legal basis we rely on to process your data in this case is because it is necessary for the purposes of our legitimate interests.  Legitimate interest

Data retention

We retain personal data for as long as we provide services to you or your organisation. However, we may keep some data after you or your organisation ceases to use our services, for the purposes set out below. 

Should you cease to use our services, we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our customer terms, offer new services you may be interested in, or to fulfil your request to “unsubscribe” from further messages from us. If none of these obligations apply we will delete your personal data within 12 months of your account being closed. 

Processing by third parties

We will not share your information with any third parties for any purposes other than to assist MSL in providing services to you.

We have contracts in place with our third party data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it.

They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with supervisory authorities in handling investigations. In any scenario, we will satisfy ourselves that we have a lawful basis to share the information and document our decision.

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information.


We use the Capsule CRM system which is a service provided by Zestia Ltd., a third party UK data processor. 

Capsule CRM data is stored with Amazon Web Services (AWS) in the United States. Data stored outside the EU has to be in a safe country or with a company that complies with the safeguards required by the UK-GDPR, and the USA meets these requirements. Zestia has also agreed a Data Processing Addendum with a number of third party providers who support the provision of Capsule CRM services. The Addendum commits them to the UK-GDPR Model Contract Clauses, defined by the European Commission. This ensures the safe processing of data and is in accordance with UK data protection law.

Case management

We use the Freskdesk case management system as our primary support service platform provided by Freshworks, with data remaining in the European Economic Area. Almost all data stored, processed and transmitted through Freshworks products and services resides on Amazon Web Services data centres.

In addition, we use FogBugz case management system, provided by Fog Creek Software, to support the delivery of our services. The Fogbugz system and the personal data it contains is securely held in the UK on the Warwick University network under MSL management.

Contacting MSL

When you call our office (+44 (0)2476 572800) we can see your Calling Line Identification (CLI) information which is the phone number you are calling from if it is not withheld. We hold a log of the phone number, date, time and duration of the call, and we may make notes but we do not audio-record the call itself.

We use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back.

We hold statistical information about the calls we receive, but this does not contain any personal data.

Social media

We use a third-party provider, Hootsuite, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by Hootsuite for three months. It will not be shared with any other organisations.

We review all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system as an enquiry. 

Live chat

We use a third-party provider, Freshchat, to supply and support our live chat helpdesk service.

If you use this service, we’ll collect your name and the contents of your live chat session. We’ll also collect your email address, if you choose to provide it, to send you a transcript of the chat. We’ll keep this information for the duration of your contract with us. Once the contract is terminated, some of the obligations survive and so we may keep this data for as long as the obligation exists.  In addition, the nature of the query may be such that we are required to open a case containing this information in our primary case management system, Freshdesk. 

As the sub data processor Freshdesk will store live chat transcripts for one year.


When you visit we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is always processed in a way that does not identify any individual. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we collect personal data through our website, we will be transparent about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.


We use the Google reCAPTCHA APIs as part of our services to help protect our clients and the MSL System from cyber spam and abuse. You acknowledge and understand that the reCAPTCHA API works by collecting hardware and software information, such as device and application data, and sending this data to Google for analysis. The information collected in connection with your use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalised advertising by Google.  You can find further details via this link


You can read more about how we use cookies on our Cookies page.

If you have queries or concerns about this policy, please contact us at



Need help? See our Knowledge Base