Our privacy notice

We respect your right to privacy and promise to protect your personal information.

We are committed to being transparent about how we use your information and don’t want to use your personal data in a way you won’t expect. This notice explains how we protect your privacy, how we use your information and how you can control how we use your personal information.

If you want to change the way we use your personal information or if you have a question about how we use your personal information, please get in touch by:

  • email: [email protected]
  • post: Customer Service and Central Administration Team, MS Society, Carriage House, 8 City North Place, London, N4 3FS

Our Data Protection Officer is Vicky Annis:

  • email: [email protected]
  • post: Vicky Annis, Data Protection Officer, MS Society, Carriage House, 8 City North Place, London, N4 3FS

Find out more

In this notice, whenever you see the words ‘We’, ‘Us’ or ‘Our’, it refers to the MS Society group of companies, that is MS Society, Nominees and Trading. This is the full information about these companies:

Multiple Sclerosis Society

Charity number: 1139257

Company number: 07451571

Company type: Private - Limited by guarantee

Office of the Scottish Register Number: SC041990

Registered office: Carriage House, 8 City North Place, London, N4 3FS

MSS (Trading) Limited

Company number 028935015

Company type: Private - Limited company

Registered office: Carriage House, 8 City North Place, London, N4 3FS

MS Society Nominees Limited

Company number 03667753

Company type: Private - Limited by guarantee

Registered office: Carriage House, 8 City North Place, London, N4 3FS

Our local groups

We have around 230 local network groups where volunteers provide support and services to the local MS community. Our local network groups are included in the references to ‘We’, ‘Us’ and ‘Our’.

Your personal information is important to us and we respect the trust it represents.

The law says we must use one of these reasons whenever we process or share your personal data:

  • Contract – when we process your personal information to fulfil a contractual or potential contractual arrangement. For example, a grant application.
  • Consent – where you agree to us using your personal information for a specific and clear purpose or purposes. For example, so we can send you marketing emails and SMS. Whenever we process your information on the basis of your consent, you are free to change your mind and withdraw this consent. Find more information on this page, in the ‘Your information rights’ section
  • Legitimate interest – where we use your data in a way we think you would consider to be appropriate because of our relationship. For example, to monitor and improve our services, or send information about fundraising by post. In each case where we use your data based on our legitimate interests, we carefully balance your rights and expectations to make sure processing is fair to you. We will never process your health data or other sensitive personal information on this basis
  • Legal obligation – where there is a statutory or other legal requirement to process or share the information. For example, to claim Gift Aid.
  • Vital Interests – where we may need to share your personal and sometimes sensitive information, without your consent for the sole purpose of emergency life-saving treatment.

Our processing about you if you are a supporter:

  • Handling the administration of your gift or donation when received by cash, cheque, credit or debit card, direct debit, standing order and charity vouchers, our online fundraising partners or any other means. Our lawful basis is contractual.
  • Administering Gift Aid and Gift Aid declaration forms. Our lawful basis is a legal obligation.
  • Providing you with subscription services. Our lawful basis is contractual.
  • Providing you with campaign information and requests on issues that are important to people affected by MS. Our lawful basis is consent* for email and SMS and a legitimate interest in campaigning to support our mission for other communications.
  • Keeping you informed of fundraising opportunities. Our lawful basis is consent* for email and SMS and a legitimate interest to generate funds to support our mission for other types of communications.
  • We do profiling to better understand the people who support us and keep records of your gifts and engagement with our work. This helps us make appropriate requests to supporters who may be able and willing to do more than they already do. It means we can target our resources more efficiently through relevant communications using the channels available to us. Raising more funds, sooner, and more cost-effectively by , so we can ultimately stop MS. For example, if you donated in response to a research fundraiser we will focus our communications on research matters. Our lawful basis is a legitimate interest to generate funds to support our mission.
  • Conducting due diligence and ethical screening. Our lawful basis is a legitimate interest to make sure people we develop relationships with are of good character and ethics.
  • Processing your equality and diversity information to understand our MS community supporters and improve our support. Our lawful basis is consent*.

 

Our processing about you if you use our services and support:

  • Provide you with the service or information you’ve requested. Our lawful basis is contractual or legitimate interest, so we can help you efficiently.
  • Processing your health data including diagnosis and symptoms to provide you with relevant information and signpost or refer you to the appropriate service and support. Our lawful basis is to process your initial query and consent* for all other processing.
  • So we can manage events and conferences and provide you with information about them. Our lawful basis is consent* (email and SMS) and legitimate interests (other) to send you direct marketing.
  • To tell you about enhancements to our support and services. Our lawful basis is consent* (email and SMS and legitimate interest (other) in improving the reach of our services.
  • Monitoring the appropriate use of our information, products, services and support. Our lawful basis is a legitimate interest in improving user interactions, safeguarding, security of data, systems and services.
  • Providing you with tailored content based upon the resources you have accessed and interacted with and interests you have told us about if you log in to our website. Our lawful basis is consent*.
  • Assessing whether you’re eligible or suitable for an individual support or research grant. Our lawful basis is contractual.
  • Processing your equality and diversity information to understand our MS community and improve our reach. Our lawful basis is consent*.
  • We don't store identifying personal data you share with our confidential MS Helpline unless you ask to access our support services or request more information. We will always seek your consent to share your details with our external partners, such as the Disability Law Service, and when we collect your sensitive data to provide Befriending or Physical Activity support.

Our processing about you if you are a research participant:

Your personal data is protected and controlled by the organisations we fund to carry out research. The results of the research they provide to us contain no identifying personal data.

Where you take part in our market research projects, such as to gather your views and experiences to inform our policies and strategy, you have the right to object to this type of contact. Our lawful basis is legitimate interest.

Our processing about you if you are a shop customer:

  • Administering and fulfilling your purchase. Our lawful basis is contractual.
  • Administering and managing your loyalty card. Our lawful basis is legitimate interest.
  • Administering your gift aid for donations made through donated items to one of our shops. Our lawful basis is legal obligation.
  • Sending you information about our shop offers and ways your donations can go further. Our lawful basis is consent (email and SMS) and legitimate interests (other).
  • CCTV footage in and around shop premises. Our lawful basis is legitimate interest to protect the safety of people and the security of our assets.

Processing about you if you're a supplier or contractor:

Managing and monitoring personal, contractual, performance and financial information. Our lawful basis is contractual.

Our processing about you if you are a volunteer, employee, contractor or applicant:

  • Assessing your application for an employment or volunteering position including references. Our lawful basis is contractual (staff) and legitimate interest (volunteers) so we can process your application efficiently.
  • Processing the outcome of Disclosure and Barring Service or Access NI criminal record searches (where appropriate for the role) to verify declarations at application and protect the MS community and organisational interests. Our lawful basis is a legal obligation.
  • Managing personal records including performance and disciplinary information and financial information of volunteers. That includes expenses and emergency contacts. Our lawful basis is legitimate interest in efficient management of our relationship.
  • Managing personal records including performance and disciplinary information, financial information of staff including payroll, PAYE, leave and other terms and benefits associated with contract of employment, as well as sickness and occupational health records. Our lawful basis is contractual.
  • Safeguarding our members, volunteers, staff and people who use our services. Our lawful basis is legal obligation.
  • To pass your details, when required, over to the Health and Safety Executive (HSE), and where appropriate our insurers and our solicitors if you are involved in an accident or incident while on our premises, or when taking part in one of our events or activities. Our lawful basis is legal obligation (HSE) and legitimate interests in facilitation of our legal interests.
  • To provide references. Our lawful basis is consent*.
  • Processing your equality and diversity information to make sure our recruitment processes are fair and to monitor workplace diversity. Our lawful basis is a legal obligation (at recruitment) or consent* for ongoing processing.
  • To monitor your sickness absences to apply the appropriate pay and conditions (our lawful basis is contractual and legal obligation) and to help us develop effective processes for ways to reduce absence and support employees to return to a safe place of work. Our lawful basis is legitimate interest.

Processing relating to all contact types

  • To improve our website and the range of services and products we provide. Our lawful basis is consent* (cookies) and legitimate interest (other) in improving our offering.
  • Understanding your perspective, experiences and requirements through surveys you participate in. Our lawful basis is a legitimate interest in improving our offering.
  • Contacting you with appropriate marketing messages. Our lawful basis is consent* (email and SMS) and legitimate interests (other marketing) in direct marketing.
  • We may sometimes tailor the marketing you see on apps and social media platforms and measure its effectiveness. We provide these platforms with encrypted emails or other non-personal information such as donations amounts, in order to display advertising and create Lookalike audiences. Lookalike audiences mean we can target ads to audiences who are most similar to our supporters. Our lawful basis is legitimate interests to improve our reach and raise funds. We will only include supporters who have opted in to receiving our marketing in the creation of Lookalike audiences or to be shown adverts from us. You can opt out of your data being used to display advertising to you by contacting our Supporter Care team. However, this will not prevent our advertisements being shown to you on a randomised basis. And it may mean that you stop receiving marketing communications from us more generally.
  • To detect, investigate and report a financial crime. Our lawful basis is a legitimate interest in the efficient use of donated funds.
  • To set up and manage your account. Our lawful basis is a legitimate interest in efficient and effective management of our relationship.
  • Maintaining network and data security. Our lawful basis is legitimate interest in making sure your information is safe and confidential.
  • Responding to your comments, queries or complaints. Our lawful basis is legitimate interest in efficient management of our relationship.
  • Responding to and managing your personal information rights requests. Our lawful basis is legal obligation.
  • CCTV footage, visitor registration and access control systems on premises. Our lawful basis is legitimate interest to protect the safety of people and the security of our assets.

* When we process any of your information on the basis of your consent you may change your mind and withdraw this consent. Find out more in the Your information rights section on this page.

We only ask you to supply information that we need in order to provide the service you have requested. We will normally ask you to provide us with:

  • your name
  • your contact details

But we may request other information where it’s appropriate and relevant, for example:

  • your bank details
  • your profession
  • how you would like us to contact you
  • age or date of birth, for age and ID validation or where relevant to your participation in an event or activity
  • dietary, accessibility or medical information where relevant
  • details of any accident or incident you may have been involved in while on our premises or while taking part in our events or activities
  • your next of kin, emergency contact or legal guardian details where relevant to your role or participation in an event or activity
  • the place of your residence while working away from the UK. Or any other information we require to ensure the safety and security of MS personnel and assets.

Special category data

We recognise some sensitive ‘special category’ data needs more protection. This includes data on: health, race or ethnicity, political opinions, religion, trade union membership, sexuality, biometric and genetic data. Our processing of special category data includes:

  • information about your suitability or eligibility for a service – for example: information about your MS or the treatments you receive, to help us provide relevant information or support and tailor our services to meet your needs. Or information about your financial circumstances, in relation to your grant application
  • accessibility or medical information where relevant to your participation in an event or activity

Sometimes we ask for extra information about your relationship with MS, quality of life, socio demographic information and other sensitive personal information. This helps us develop insights into our MS community, our representation and reach, raise more money and improve our services for everyone affected by MS.

We collect anonymised information about your visits to our websites using cookies. The information helps us improve our website and make sure we can show you relevant content. When we collect information that could identify you, we always ask for your consent.

Find more information about how we use cookies and how you can manage our use of cookies including third party cookies when you visit our website in our Cookies Policy.

We use AI for non-personal data project and research planning such as compiling suggested training material for course content, policy inclusions, information management processes and intelligent search and writing tools. All AI generated content will have human sign-off. We will not apply AI to your personal data.

If our approach changes in the future, we will update our privacy notice to reflect this and seek your consent as applicable for such use. We will not use AI in a way that infringes on your personal data rights or negatively impacts you. Our internal policy will govern how we use AI and keep under regular review as the technology is still evolving.

We collect personal information about you in several ways:

  • on our website when you: support us through making a donation, volunteer, are part of our local groups or use our other services, join a campaign, pledge a gift in your will, accept cookies, create a personal profile or use our social forums
  • face-to-face when you: sign up to support us through our street, private site or door-to- door fundraisers.
  • when you contact our Supporter Care team by mail, phone, email or live chat
  • when you register to attend one of our in-person or online events
  • when you contact us about one of our services – for example if you ask us to send you a publication, or speak to one of our staff or volunteers about how we can support you
  • when you complete one of our online or paper-based surveys or purchase or order an item from our online shop
  • when you gift aid your donations to, or sign up for our loyalty scheme at our charity shops
  • when you submit an application for a support or research grant
  • when you have used a social media platform to contact us – Facebook, X (formerly Twitter), LinkedIn, TikTok or Instagram
  • through our network of local groups
  • when you provide us with videos, audios, photographs, stories or case studies or we capture these at our live events or through our story sharing platform
  • through an accident and incident form when you have been involved in an accident or incident on one of our premises or when attending one of our events or activities.
  • when you visit our premises

We may collect your personal information from other organisations. For example:

  • if you take part in an event run by another organisation we partner with, like the London Marathon
  • when you raise funds through JustGiving, Give As You Live or similar websites
  • when you support us through playing the lottery, raffle and similar games through third party gambling sites
  • when you make donations through a funeral home or become a Tribute Guardian

When we collect your information through these channels you should check each company’s terms and conditions and their privacy policy to understand how they use your personal information.

We always check that third parties and other organisations we work with have consent from you to pass your information on to us.

We sometimes use data from publicly available sources such as:

  • social media platforms like Facebook, X, LinkedIn, TikTok or Instagram
  • the electoral roll, Companies House, Charities Commission or company biographies
  • reputable organisations you’ve given your permission to for your data to be shared or sold

This helps us to find people and organisations who may be interested in supporting our work financially or with their time and skills. And helps us to tailor our communication to you and your interests.

We do not share or sell your data to any other charity or company for their marketing purposes. There are some situations where we use privacy-assessed suppliers to help us administrate and provide the services we supply to you, for example:

  • IT and telecommunications companies to help us deliver our range of services and maintain security
  • agencies who handle your donations on our behalf or administer your online conference bookings
  • companies who deliver bespoke events for us (for example our bespoke overseas challenges) or who organise events in which we purchase charity places (for example the London Marathon)
  • organisations or individuals who work with us to provide services for you – like providing you with tailored advice or advocacy services, or local services like exercise classes or complementary therapies
  • companies who help us campaign on your behalf, for example to lobby your local MP
  • website hosting companies we use to administer our website content
  • moderators to ensure appropriate content is published
  • online hosting companies to facilitate events, meetings and webinars
  • database and archiving companies to help us keep our records in order
  • mailing houses to process incoming post and send our surveys and questionnaires
  • research organisations who interview people in our community to improve our knowledge

We also use trusted suppliers to help us with marketing, including:

  • mailing houses to send our newsletters, appeals and raffles or invitations for our events and fundraising materials
  • email service providers to send our emails and manage your marketing permissions
  • telemarketing agencies to contact you by phone or SMS
  • fundraising agencies to conduct market research and sign up new donors through face-to-face channels
  • organisations that help us keep your information accurate and up to date

Some of our suppliers operate outside the UK and the European Economic Area (EEA). This means we must make sure they provide an adequate level of protection in accordance with the UK General Data Protection Regulation (GDPR) or meet other regulatory requirements or that they have your consent to process your data outside the UK and the EEA.

We may share your data such as your postcode, name and or email with your local MP or the relevant recipient or target of a campaign petition.

Under some circumstances we may disclose or share your information without your consent, for example if we are required by the police, the courts, or for other legal reasons, including:

  • sharing accident and incident information with the Health and Safety Executive, our insurers and our solicitors
  • sharing your medical or next of kin information in a medical emergency
  • to report safeguarding concerns

We take our obligation to keep your personal information safe and secure very seriously. 

Access to your personal information within our organisation is strictly controlled on a ‘need to know’ basis. Staff members and our nominated volunteers are only allowed access to your personal information if they have been sufficiently trained in data handling.

We have specific technical controls in place to restrict access and these are monitored regularly. Our website is also monitored and protected from unauthorised access.

Our suppliers are not allowed to use your information for their own business purposes. We require these companies to have appropriate organisational and technical measures in place to make sure they can keep your data safe and follow our processing instructions.

We keep your personal information no longer than necessary for our processing purposes. For example, to provide support and services to you and manage our relationship with you, to manage our business operations and meet our charitable aims and objectives.

In certain circumstances we have a statutory obligation to keep your personal information for a set period of time (normally six to seven years). This mainly concerns financial information including your donations or Gift Aid contributions.

We sometimes need to keep your information to safeguard all our users and to defend against legal claims.

At the end of the retention periods, your data will be deleted or anonymised so it can be used in a non-identifiable way to inform our service planning.

We respect the rights you have over the personal information that we hold about you.

To withdraw consent

* When we process any of your information on the basis of your consent you may change your mind and withdraw this consent.

You can easily withdraw the permissions you have given us at any time either by using our contact details in this notice, or by using the methods we tell you about in our communications. For example, using the ‘unsubscribe’ link on our emails.

For access to your personal information

You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the personal information we hold about you, and we will provide you with this unless exceptions apply.

To have your inaccurate personal information corrected

You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and correct any inaccuracies.

To restrict the use of your personal information

You have a right to ask us to restrict the processing of some or all of your personal information in the following situations if:

  • some information we hold on you isn’t right
  • we’re not lawfully allowed to use it
  • you need us to retain your information in order for you to establish, exercise or defend a legal claim
  • you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.

To erase your personal information

You may ask us to delete some or all of your personal information. We will follow your instructions unless we have a legal or overriding legitimate reason to retain the information for example, to investigate and defend against complaints and claims.

For your personal information to be portable

If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.

To object to our use of your personal information

If we are processing your personal information based on our legitimate interests or for scientific or historical research or statistics, you have a right to object to our use of your information. If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible and within 28 days.

If you want to exercise any of the above rights, please contact Supporter Care by emailing [email protected]

We may need to ask for more information or evidence of identity. We will do our best to respond fully to all requests within one month of receipt, however if we are unable to, we will contact you with reasons for the delay.

Please note that exceptions apply to a number of these rights, and not all rights will apply in all circumstances. Find more information in the guidance published by the UK’s Information Commissioner’s Office (ICO).

We do not intentionally collect children’s personal information. However, some of our services, such as our Forum, is open to over 16s. Sometimes, we are given information about children if they accompany an adult at one of our events, are captured in videos or photos or a case study, if named as a dependent or familial contact or during an investigation.

For all children under the age of 13 (under 12 for Scotland), the consent of the parent or guardian is sought before processing can begin and competent over-13s (over 12s in Scotland), have the right to manage their own consents and exercise the rights available to adults. The information in this notice applies to children as well as adults and is further supported by our internal policy documents.

We will never process children’s data without consent.

If you have a complaint please contact Vicky Annis, our Data Protection Officer by:

  • writing to: Data Protection Officer, Data Governance Dept, MS Society, Carriage House, 8 City North Place, London, N4 3FS
  • or sending an email to [email protected].

If you are not satisfied with the way we handle it, you can refer your complaint to UK Information Commissioner’s Office.

We signpost or link our website directly to other sites, including sites that provide information, services, resources and fundraising opportunities that are not directly associated with us.

This privacy notice does not cover the links within our site to other websites, apps and organisations. We encourage you to read the terms and privacy notices on the other websites you visit.

This privacy notice describes the main personal data processing we do. It doesn't provide every detail of all the ways we collect and use personal information. If you need any extra information or have any questions, please email us.

We review our privacy notice regularly. We publish updates to this policy on our website and notify people subscribed to our marketing and service email lists about major changes by email.

We last updated this privacy notice on

March 2024 updates

We updated our privacy notice to include processing relating to:

  • our new physical shops with offerings to include loyalty cards in the near future and the collection of Gift Aid on donations. 
  • new fundraising activities and platforms. 
  • our use of AI 
  • processing of staff data required for working abroad

We clarified our processing to be more transparent on: 

  • targeted advertising 
  • data collection and our legal bases for collection 
  • how we may process children’s data 
  • monitoring of staff sickness 

We removed machine learning to support provision of tailored content (consent). 

We also made minor changes to reflect minor and non-material changes including external changes, for example Twitter renamed X.

26 January 2023 updates

We updated the name of the data protection officer.

Previous updates

21 June 2021

We updated our registered office address. 

We added: 

  • tailoring of content and processing health and sensitive data in relation to other processing (consent) 
  • monitoring equality and diversity data 
  • machine learning to support provision of tailored content (consent)

May 2018

We updated our privacy notice to comply with the new regulations (GDPR and DPA 2018) and outlined your rights and our lawful basis for processing.

Last full review:

We also update when we know about important changes.

Find out how we keep our information up to date