Our privacy notice
We respect your right to privacy and promise to protect your personal information.
We are committed to being transparent about how we use your information and don’t want to use your personal data in a way you won’t expect. This notice explains how we protect your privacy, how we use your information and how you can control how we use your personal information.
If you want to change the way we use your data or if you have a question about how we use your personal information, please get in touch by:
- email: [email protected]
- post: Supporter Care Team, MS Society, 10 Queen Street Place, London EC4R 1AG
Our Data Protection Officer is Claire Stevenson, Data Governance Manager:
- email: [email protected]
- post: Claire Stevenson, Data Protection Officer, MS Society, 10 Queen Street Place, London EC4R 1AG
Find out more
Who we are
In this policy, whenever you see the words ‘We’, ‘Us’ or ‘Our’, it refers to the MS Society group of companies, that is MS Society, Nominees and Trading. This is the full information about these companies:
Multiple Sclerosis Society
Charity number: 1139257
Company number: 07451571
Company type: Private - Limited by guarantee
Office of the Scottish Register Number: SC041990
Registered office: 10 Queen Street Place, London EC4R 1AG
MSS (Trading) Limited
Company number 028935015
Company type: Private - Limited company
Registered office: 10 Queen Street Place, London EC4R 1AG
MS Society Nominees Limited
Company number 03667753
Company type: Private - Limited by guarantee
Registered office: 10 Queen Street Place, London EC4R 1AG
Our local groups
We have around 250 local network groups where volunteers provide support and services to the local MS community. Our local network groups are included in the references to ‘We’, ‘Us’ and ‘Our’.
How we use your personal information
Your personal information is important to us and we respect the trust it represents.
The law says we must use one of these reasons whenever we process or share your personal data:
- Contract – when we process your personal information to fulfil a contractual or potential contractual arrangement. For example, a grant application
- Consent – where you agree to us using your information. For example, so we can send you marketing emails and SMS. Whenever we process your information on the basis of your consent, you are free to change your mind and withdraw this consent. Find more information on this page, in the ‘Your information rights’ section
- Legitimate interest – where we use your data in a way we think you would consider to be appropriate because of our relationship. For example, to monitor and improve our services, or send information about fundraising by post. In each case where we use your data based on our legitimate interests, we carefully balance your rights and expectations to make sure processing is fair to you. We will never process your health data or other sensitive personal information on this basis
- Legal obligation – where there is a statutory or other legal requirement to process or share the information. For example, to claim Gift Aid
Our processing about you if you are a supporter:
- Handling the administration of your gift or donation when received by cash, cheque, credit/debit card, direct debit, standing order and charity vouchers, our online fundraising partners or any other means. Our lawful basis is contractual.
- Administering Gift Aid and Gift Aid declaration forms. Our lawful basis is a legal obligation.
- Providing you with subscription services. Our lawful basis is contractual.
- Providing you with campaign information and requests on issues that are important to people affected by MS. Our lawful basis is consent* for email and SMS and a legitimate interest in campaigning to support our mission for other communications.
- Keeping you informed of fundraising opportunities. Our lawful basis is consent* for email and SMS and a legitimate interest to generate funds to support our mission for other types of communications.
- We do profiling to better understand the people who support us and keep records of your gifts and engagement with our work. This helps us make appropriate requests to supporters who may be able and willing to do more than they already do. It means we can raise more funds, sooner, and more cost-effectively, so we can ultimately stop MS. Our lawful basis is a legitimate interest to generate funds to support our mission.
- Conducting due diligence and ethical screening. Our lawful basis is a legitimate interest to make sure people we develop relationships with are of good character and ethics.
- Processing your equality and diversity information to understand our MS Community supporters and improve our reach. Our lawful basis is consent*
Our processing about you if you use our services and support:
Provide you with the service or information you’ve requested. Our lawful basis is contractual or legitimate interest, so we can help you efficiently.
Processing your health data including diagnosis and symptoms to provide you with relevant information and signpost appropriate service and support. Our legitimate interest is consent*.
All the information we provide is informed by medical research and written by professionals. Our online Digital Health Assistant service will use machine learning to track patterns in information users find useful. The Digital Health Assistant uses this data to inform which content to send other users. We’ll switch on this feature when enough usage information has been gathered. By using this machine learning we can provide more relevant, personalised information to more members of the MS Community than we would otherwise be able to do.
So we can manage events and conferences and provide you with information about them. Our lawful basis is consent* (email and SMS) and legitimate interests (other) to send you direct marketing.
To tell you about enhancements to our support and services. Our lawful basis is consent* (email and SMS and legitimate interest (other) in improving the reach of our services
Monitoring the appropriate use of our information, products, services and support. Our lawful basis is a legitimate interest in improving user interactions, safeguarding, security of data, systems and services
Providing you with tailored content based upon the resources you have accessed and interacted with and interests you have told us about if you log in to our website. Our lawful basis is consent*.
Assessing whether you’re eligible or suitable for an individual support or research grant. Our lawful basis is contractual.
Processing your equality and diversity information to understand our MS Community and improve our reach. Our lawful basis is consent*
We don't store identifying personal data you share with our confidential MS Helpline unless you ask us to
Our processing about you if you are a research participant:
Your personal data is protected and controlled by the organisations we fund to carry out research. The results of the research they provide to us contain no identifying personal data.
Our processing about you if you are a shop customer:
Administering and fulfilling your purchase. Our lawful basis is contractual.
Processing about you if you're a supplier or contractor:
Managing and monitoring personal, contractual, performance and financial information. Our lawful basis is contractual.
Our processing about you if you are a volunteer, employee, contractor or applicant:
Assessing your application for an employment or volunteering position including references. Our lawful basis is contractual (staff) and legitimate interest (volunteers) so we can process your application efficiently.
Processing the outcome of Disclosure and Barring Service or Access NI criminal record searches (where appropriate for the role) to verify declarations at application and protect the MS Community and organisational interests. Our lawful basis is a legal obligation.
Managing personal records including performance and disciplinary information and financial information of volunteers. That includes expenses and emergency contacts. Our lawful basis is legitimate interest in efficient management of our relationship.
Managing personal records including performance and disciplinary information. And financial information of staff including payroll, PAYE, leave and other terms and benefits associated with contract of employment, as well as sickness and occupational health records. Our lawful basis is contractual.
Safeguarding our members, volunteers, staff and people who use our services. Our lawful basis is legal obligation.
To pass your details, when required, over to the Health and Safety Executive (HSE), and where appropriate our insurers and our solicitors if you are involved in an accident or incident while on our premises, or when taking part in one of our events or activities. Our lawful basis is lawful obligation (HSE) and legitimate interests in facilitation of our legal interests.
To provide references. Our lawful basis is consent*.
Processing your equality and diversity information to make sure our recruitment processes are fair and to monitor workplace diversity. Our lawful basis is a legal obligation (at recruitment) or consent* for ongoing processing.
Processing relating to all contact types
- To improve our website and the range of services and products we provide. Our lawful basis is consent* (cookies) and legitimate interest (other) in improving our offering.
- Understanding your perspective and requirements through surveys you participate in. Our lawful basis is a legitimate interest in improving our offering.
- Contacting you with appropriate marketing messages. Our lawful basis is consent*(email and SMS) and legitimate interests (other marketing) in direct marketing.
- To detect, investigate and report a financial crime. Our lawful basis is a legitimate interest in the efficient use of donated funds.
- To set up and manage your account. Our lawful basis is a legitimate interest in efficient and effective management of our relationship.
- Maintaining network and data security. Our lawful basis is legitimate interest in making sure your information is safe and confidential.
- Responding to your comments or complaints. Our lawful basis is legitimate interest in efficient management of our relationship.
- CCTV footage, visitor registration and access control systems on premises. Our lawful basis is legitimate interest to protect the safety of people and the security of our assets.
* When we process any of your information on the basis of your consent you may change your mind and withdraw this consent. Find out more in the Your information rights section on this page.
What personal information we hold about you
We only ask you to supply information that we need in order to provide the service you have requested. We will normally ask you to provide us with:
- your name
- your contact details
But we may request other information where it’s appropriate and relevant, for example:
- your bank details
- your profession
- how you would like us to contact you
- age or date of birth, where relevant to your participation in an event or activity
- accessibility or medical information where relevant
- details of any accident or incident you may have been involved in while on our premises or while taking part in our events or activities
Special category data
We recognise some sensitive ‘special category’ data needs more protection. This includes data on: health, race or ethnicity, political opinions, religion, trade union membership, sexuality, biometric and genetic data. Our processing of special category data includes:
- information about your suitability or eligibility for a service – for example: information about your MS or the treatments you receive, to help us provide relevant information or support and tailor our services to meet your needs. Or information about your financial circumstances, in relation to your grant application
- accessibility or medical information where relevant to your participation in an event or activity
Sometimes we ask for extra information about your relationship with MS, quality of life, socio demographic information and other sensitive personal information. This helps us develop insights into our MS community, our representation and reach, raise more money and improve our services for everyone affected by MS.
Where we collect your personal information
We collect personal information about you in several ways:
- on our website when you: support us through making a donation, volunteering, being part of our local groups or other services, joining a campaign, pledging a gift in your will, create a personal profile or use our social forums
- when you contact our Supporter Care team by mail, phone, email or live chat
- when you register to attend one of our in-person or online events
- when you contact us about one of our services – for example if you ask us to send you a publication, or speak to one of our staff or volunteers about how we can support you
- when you complete one of our online or paper-based surveys or purchase or order an item from our online shop
- when you submit an application for a support or research grant
- when you have used a social media platform to contact us – Facebook, Twitter, LinkedIn or Instagram
- through our network of local groups
- through an accident and incident form when you have been involved in an accident or incident on one of our premises or when attending one of our events or activities.
- when you visit our premises
We may collect your personal information from other organisations. For example:
- if you take part in an event run by another organisation we partner with, like the London Marathon
- when you raise funds through JustGiving, Give As You Live or similar websites
- through social media platforms like Facebook, Twitter, LinkedIn or Instagram.
We always check that third parties and other organisations have consent from you to pass your information on to us. We sometimes use data from:
- the electoral roll
- reputable organisations you’ve given your permission to for your data to be shared or sold.
Who we share your data with
We do not share or sell your data to any other charity or company for their marketing purposes.
However, there are some situations where we use privacy-assessed suppliers to help us administrate the services we supply to you, for example:
- IT companies to help us deliver our range of services
- agencies who handle your donations on our behalf or administer your online conference bookings
- companies who deliver bespoke events for us (for example our bespoke overseas challenges) or who organise events in which we purchase charity places (for example the London Marathon)
- organisations or individuals who work with us to provide services for you – like providing you with tailored advice or advocacy services, or local services like exercise classes or complementary therapies
- companies who help us campaign on your behalf, for example to lobby your local MP
- website hosting companies we use to administer our website content
- online hosting companies to facilitate events, meetings and webinars
- a database company who help us keep our records in order
- mailing houses to send our surveys and questionnaires
- Research organisations who interview people in our community to improve our knowledge
We also use trusted suppliers to help us with marketing:
- mailing houses to send our newsletters, appeals and raffles or invitations for our events and fundraising materials
- email service providers to send our emails and manage your marketing permissions
- telemarketing agencies to contact you by phone or SMS
- organisations which help us keep your information accurate and up to date
Some of our suppliers operate outside the European Economic Area (EEA). This means we must make sure they provide an adequate level of protection in accordance with the UK General Data Protection Regulation (GDPR) or that they have your consent to process your data outside the EEA.
Under some circumstances we may disclose or share your information without your consent, for example if we are required by the police, the courts, or for other legal reasons, including:
- sharing accident and incident information with the Health and Safety Executive, our insurers and our solicitors
- to report safeguarding concerns
How we keep your personal information safe
We take our obligation to keep your personal data safe and secure very seriously. Within the MS Society, access to your personal information is strictly controlled on a ‘need to know’ basis. Staff members and our nominated volunteers are only allowed access to your personal data if they have been sufficiently trained in data handling.
We have specific technical controls in place to restrict access and these are monitored regularly. Our website is also monitored and protected from unauthorised access.
Our suppliers are not allowed to use your information for their own business purposes. We require these companies to have sufficient organisational and technical measures in place to make sure they can keep your data safe and follow our processing instructions.
How long we keep your personal information
We keep your personal information no longer than necessary for our processing purposes.
In certain circumstances we have a statutory obligation to keep your personal information for a set period of time (normally six to seven years). This mainly concerns financial information including your donations or Gift Aid contributions.
Your information rights
We respect the rights you have over the personal information that we hold about you.
To withdraw consent
* When we process any of your information on the basis of your consent you may change your mind and withdraw this consent.
You can easily withdraw the permissions you have given us at any time either by using our contact details in this policy, or by using the methods we tell you about in our communications. For example. using the ‘unsubscribe’ link on our emails.
For access to your personal information
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
To have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and correct any inaccuracies.
To restrict the use of your personal information
You have a right to ask us to restrict the processing of some or all of your personal information in the following situations if:
- some information we hold on you isn’t right
- we’re not lawfully allowed to use it
- you need us to retain your information in order for you to establish, exercise or defend a legal claim
- you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.
To erase your personal information
You may ask us to delete some or all of your personal information. We will follow your instructions unless we have a legal reason to retain the information.
For your personal information to be portable
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
To object to our use of your personal information
If we are processing your personal information based on our legitimate interests or for scientific or historical research or statistics, you have a right to object to our use of your information. If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible and within 28 days.
If you want to exercise any of the above rights, please contact Supporter Care by email: [email protected]
We may need to ask for more information or evidence of identity. We will do our best to respond fully to all requests within one month of receipt, however if we are unable to, we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will apply in all circumstances. Find more information in the guidance published by the UK’s Information Commissioner’s Office (ICO).
What to do if you have a complaint
If you have a complaint please contact our Data Protection Officer by:
- writing to: Claire Stevenson, Data Protection Officer, MS Society, 10 Queen Street Place, London EC4R 1AG
- or sending an email to [email protected].
If you are not satisfied with the we handle it, you can refer your complaint to UK Information Commissioner’s Office.
Links to other websites
We link our website directly to other sites, including sites that provide information, services, resources and fundraising opportunities that are not directly associated with us.
This privacy notice does not cover the links within our site to other websites and organisations.
We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
This Privacy Notice describes the main personal data processing we do. It doesn't provide every detail of all the ways we collect and use personal information. If you need any extra information or have any questions, please email us.
We review our privacy notice regularly. We publish updates to this policy on our website and notify people subscribed to our marketing and service email lists about major changes by email.
We last updated this privacy notice on: 10 March 2021.
We last updated this page on