Lynn McBeth
Tel: 023 9308 8416
Mob: 07984 8611 79

Useful Links

21 Funtington Road

Mon - Fri: 9AM - 5PM
Sat: 10AM - 5PM
Sun: Closed

Logo design by Sea Dog Print Studio

Data Protection Policy


MSS Consult Ltd (“MSS”, “we”, “us”, “our”) are committed to protecting your personal data.

Please read this Privacy Notice carefully as it explains:

A. how and why MSS uses your personal data when you access our website, services
and/or otherwise engage with us; and
B. your legal rights in respect of your personal data.

Where you provide MSS with personal data about other individuals (for example, other people within your organisation), please refer them to this Privacy Notice.

The term “personal data” used in this Privacy Notice is taken from data protection laws and broadly means any information that can identify individuals.

If you have any questions or comments about this Privacy Notice, please find our contact details in section 11 “How can you contact us?.

Note that we may change this Privacy Notice from time to time by updating this page. This Privacy Notice does not apply to any third party websites, plug-ins or applications to which you may be directed from our website. Clicking on those links or enabling those connections may
allow third parties to collect or share data about you and so we encourage you to read the privacy policies/notices on the other websites you visit. We do not accept any responsibility or liability for the privacy practices of such third parties and your use of them is at your own risk.

2. Who we are and who is responsible for your personal data

MSS is a professional services and engineering firm whose headquartered are in Portsmouth UK.

Further details can be found on our website. Our contact details can be found in section 11 of this Privacy Notice.

Where MSS is engaged by its clients to provide services and as a result, we collect and use your personal data, we generally do so in line with our clients’ contractual instructions, or in accordance with applicable data protection laws, it is usually our clients and not MSS that decide how and why any personal data should be used in the provision of services, so our clients will be ultimately responsible for your personal data in such circumstances.

3. What personal data do we collect about you and for what purposes?

We may collect personal data about you or individuals working for your organisation in various circumstances, including in the provision of our services, use of our website, attendance at one of our events/offices and/or where we otherwise engage with you, e.g., to procure a service for MSS your relationship with us but may include the types of information and purposes set out below.

A. Engaging with you

This includes personal data such as your name, title, position, the company you work for, your postal address, email address, phone number and your correspondence with MSS (including notes/transcripts/recordings of calls by telephone or Voice over IP systems).

We may also ask about your relationship to another person, for example to establish any conflict of interest that might exist. We require the above information in order to engage with you for business purposes.

  • Page 2

B. Identification and verification

We may ask for your passport or other official identification document to verify your identity, for example, if you are required to visit MSS offices or facilities, or to access MSS systems prior to or during your engagement with us. Aside from the data you provide to us directly, and in accordance with the local laws of the country where you are accessing our services, we may also find information about you from other sources, such as from tax authorities, carefully selected third party background screening providers (see section 5 below for more information on MSS’s use of third parties), and/or from publicly available registers/websites where you have voluntarily made your personal data available (e.g., LinkedIn, company databases etc.).

We require this information as part of our business acceptance processes and to comply with our legal obligations to prevent against money laundering, terrorism, corruption and fraud.

C. On-site security

If you visit us at our premises, we may collect your image and/or video footage via CCTV, and may also collect visitor log information (e.g., entry and exit times, vehicle registration etc.). We collect this personal data as it is in our legitimate interest to ensure our premises are secure and for the purposes of detecting/preventing crime. If you connect to our guest Wi-Fi network when visiting our offices, we may collect your name, e-mail address, telephone number, device MAC address, IP address and location to provide you with access to this network and to protect it from unauthorised use.

D. Meeting/events
We may collect basic contact information from you when you register or attend a meeting/event hosted by or on behalf of MSS. We use this information to identify you for building security and safety reasons, and so that we can invite you to future events/meeting (see section 3(f) on marketing below).

In addition, for promotional purposes, we may also collect photos/video footage of individuals attending such meetings and events. However, you may also wish to inform us of any specific dietary requirements and/or tell us about any disabilities you have so that we can make the reasonable adjustments you require to facilitate your attendance at the meeting/event. In certain countries, such details fall into the category of personal data that data protection law considers to be inherently sensitive, as it relates to your health/disability and/or potentially your religion. This type of information is purely optional, so you do not have to provide it to us if you do not wish to, provided that you accept
any associated risks of us not being aware. For more information about the legal bases which we rely on to use this specific type of personal data, please see section 4, “On what legal basis do we use your personal data?” below.

E. Automated interactions

As you interact with our website, we may automatically collect personal data from your device
by using cookies and other similar technologies. Processing such information is necessary for
us to pursue our legitimate interests in improving our website and providing a more relevant
service to our clients and business partners. This information is not used to develop a personal
profile of you. For further details, please see our website privacy policy.

  •  Page 3

F. Marketing and information gathered through our website and our social media accounts Certain sections of our website, including our blogs, invite you to request publications, newsletters and alerts, subscribe to receive invitations to events, seminars and webinars, take
part in client surveys and to receive MSS announcements. If you do so, we will collect some or all of the following information: your name, email address, job title, organisation name and company address. Our systems will recognise you as a user and based on the content you view/request, we will strive to provide material that is relevant to you and your interests. We may also collect this information about you where you have physically attended an event hosted by MSS, so that we can invite you again in the future. In addition, MSS maintains accounts on social media platforms (such as LinkedIn, YouTube, Instagram, Facebook and X) and may collect pictures, demographic information, interests and other personal data that you may share with the social media platform when interacting with these accounts.

Note that you can opt out of receiving marketing communications at any time, either by clicking on the unsubscribe link in the relevant communication, or by emailing us at . For further information, please see section 9 of this Privacy Notice,

“What are your rights over your personal data?”.

G. Recruitment

MSS will collect and use your personal data when you apply for a job, consultancy role, or work placement/internship with us. We may receive information about you through a recruitment agency or directly from you where you complete an online application form via any of MSS’s career portals or when negotiating your consultancy/independent contractor agreement with MSS. The personal data will include information relating to your education, employment history, skills, referrals, and other background information such as your right to
work in the country where you are applying to work etc.

For further information about how MSS collects and uses your personal data in the recruitment context, please see our  Applicant Privacy Notice.

H. Personal data of general populations

The nature of MSS’s business means that we are often engaged to work on environmental or infrastructure projects that are public, e.g., railway networks/housing developments. Where our clients engage us to provide these types of services, we may be required to collect your personal data. For example, we may be instructed to conduct social impact assessments, which could include surveying certain populations, such as indigenous populations. This may involve MSS collecting sensitive information about members of the general public. Another example is where MSS is engaged to identify legal interests in land that could be affected by proposed developmental/infrastructure work.  In such cases, MSS may collect personal data of homeowners/residents in a given area.
Note that when collecting personal data in the sorts of circumstances described in this section, MSS would generally do so in accordance with our clients’ contractual instructions, in accordance with applicable data protection laws and with appropriate privacy and security protocols in place to protect your personal data.

I. Profiling

The term “profiling” refers to where your personal data is used for solely automated processing to evaluate or predict certain aspects about you without human assessment. MSS does not currently do any profiling using personal data. Should we decide to use completely automated
processes to profile individuals in the future, e.g., to market MSS’s services more efficiently, we will notify you in accordance with applicable law and, depending on where you are located, you will have certain rights with respect to such use of your personal data (see section 9 “What are your rights over your personal data?” below).

  • Page 4

4. On what legal basis do we use your personal data?

The main legal grounds that MSS relies on to collect and handle your personal data are:

A. With your consent. For example, where: It is mandatory under the data protection laws in a particular country that we operate in (note, this will either be your explicit consent or inferred consent where allowed by
applicable law (the latter meaning your agreement is assumed based on your action or inaction at the point of collection, use or sharing of your personal data));

MSS cannot lawfully handle personal data on the below or other permitted grounds under data protection laws; and/or

MSS collects information that the data protection laws of certain countries consider to be inherently sensitive (for example, where you tell us about your dietary requirements so that we can cater to your specific health or religious requirements, or where you ask us to make adjustments to accommodate your disability etc.).

Please note that you may withdraw consent at any time after you have given it. This would not affect the lawfulness of MSS’s prior use of that data. In certain situations, however, withdrawing consent might impact MSS’s ability to provide services to/otherwise engage with you

B. Where it is necessary for us to collect and use personal data to provide our services to/perform

A contract with you or your organisation.

For example:

To conduct our business activities, we have information (such as contact details and email communications) of our clients’, business partners’ and suppliers’ employees;

To complete projects for our clients, we may receive personal data of individuals;

To facilitate visitor access and on-site services at our premises; or to process applications for employment.

C. Where it is necessary in MSS’s or in our clients’ legitimate interests. For example:

To administer and improve our websites;
To provide our services to/otherwise engage with you in the course of our day-to-day business activities;
To conduct investigations if we suspect illegal or illicit behaviour (whether or not this suspicion arises from a whistleblower’s alert);
To manage the security of our systems and networks;

For insurance purposes;

To exercise or defend our legal rights or to comply with court orders; and
To develop our business (including to communicate with you about our services,events, surveys and other promotional activities).

However, MSS will only use your personal data for its legitimate interests where such interests are not overridden by the need to protect your privacy.

D. To comply with legal requirements placed on MSS.

For example:

To maintain accurate records;
To conduct certain background checks when evaluating and vetting new
clients/business partners (e.g., to comply with anti-money laundering, terrorist financing and sanctions laws – this might include financial, credit and identity checks, and screening which could also include sensitive information such as political allegiances or criminal convictions etc.); and for the purposes of fraud and crime prevention and detection or as otherwise required under applicable law.

  • Page 5

5. Who do we share your personal data with?

We may share information that you have provided to us as necessary within the MSS and with certain third parties such as service providers acting on our behalf who will use the data to provide the service. These may include insurers, IT and cloud service providers, background screening providers, legal advisers, accountants, tax advisers, advertising agencies, insurance companies, financial or lending institutions, and facilities services providers etc. We will ensure that any third party service provider that we use commits to an appropriate level of security and confidentiality to protect your personal data.

We may also share your personal data in connection with a merger, acquisition, sale of all or a portion of MSS’s assets, financing, restructuring or other corporate transactions. In some circumstances and in accordance with applicable law, we may have to disclose your
personal data with other third parties for legal, tax or regulatory purposes such as:

  • Where a domestic or foreign court, police, law enforcement agency, governmental
    agency, or regulatory body asks us for it;
  • To protect MSS’s assets and interests, or to protect people’s safety, security, rights and/or
  • To assist MSS with internal or external investigations into potentially illegal or suspicious
    activity; or
  • To manage, defend or settle any actual or potential legal claims.

6. How do we protect your personal data?

We strive to maintain systems that are secure and meet industry standards, and we implement a
combination of measures to protect your personal data, including:
internal policies and procedures that define the roles and responsibilities of our staff members throughout the life cycle of records containing personal data and limit their access to that information on a “need-to-know” basis.

Physical, electronic and procedural safeguards that comply with relevant standards to protect personal data.

Technical safeguards for information that is collected or stored electronically, such as encryption, firewalls, passwords, anti-virus software etc.

Staff training in privacy and information security.

Contractual protections and information security procedures to ensure that service providers with whom we share personal data maintain adequate protections and security standards.

7. Is your personal data transferred overseas?

Due to the international nature of MSS’s business operations, it may be necessary to send your personal data to third parties (as per section 5 “Who do we share your personal data with?”above), unless we have specifically agreed to retain your personal data within a particular

  •  Page 6


Examples of situations where your personal data may be transferred to a different country than the one where you are based include:

A. Where MSS has outsourced one or more aspects of its business (such as IT support); or
B. where we have utilised cloud services to store/host data (meaning that personal data may be stored on MSS’s behalf by a cloud provider in different locations around the world).

The main jurisdictions where MSS may transfer your personal data include Canada, the European Economic Area, the United Kingdom, the United States and India. Some of the countries where your personal data is transferred have a different standard of data protection than the country where you are based. However, we have/will put in place contractual or other appropriate protections as prescribed by applicable data protection laws to ensure that your information is adequately safeguarded globally.

8. How long will we keep your personal data?

Your personal data will be retained as long as necessary to fulfil the purposes for which it was collected, unless MSS needs to retain it as required by applicable laws. When determining the retention period, we consider various criteria, such as:

  • The nature and duration of our relationship with you;
  • The types and sensitivity of personal data;
  • The purposes for which we use your personal data and whether we can achieve those purposes through other means;
  • Statutory retention and limitation periods; and
  • Other applicable legal requirements.

At the end of any retention period, your personal data will either be securely deleted in its entirety or anonymised so that you can no longer be identified from that data.

9. What are your rights over your personal data?
You have various legal rights in relation to your personal data with some restrictions and exceptions, depending on the laws of the country where you are based.

Such rights may allow you to ask MSS to:

A. tell you whether we are using or storing your personal data;
B. provide a copy of your personal data (subject to the privacy rights of other people and the information already provided to you in applicable privacy notices);
C. correct any inaccuracies in your personal data by informing us to make the necessary changes;
D. modify or withdraw your consent for the collection, use and disclosure of your personal data, where MSS has obtained your consent for this (see section 4 “On what legal basis do we use your personal data?” above);
E. delete your personal data where there is no lawful justification for MSS to retain it;
F. pause use of your personal data until:
MSS verifies any inaccuracies in your personal data that you notify us of; or we assess that MSS’s legitimate interests in processing your personal data outweigh your interests in the data not being processed; and

G. Transfer your personal data to you or another organisation in a commonly used electronic format (known as the right to data portability).

  • Page 7
    You may also be able to object to your personal data being processed (including if we use it for
    profiling purposes), when:


  • It is in our legitimate interests or those of a third party;
  • MSS is acting in the public interest; or
  • We use it for direct marketing purposes.

If you object to the last ground, MSS will stop processing your personal data for marketing purposes (and any associated profiling). In the other cases, MSS will stop processing the relevant
data unless:

  • We identify compelling legitimate grounds to continue which override your privacy rights; or
  • We need to process the data for a legal claim. Note, you may have additional rights in accordance with the local laws of the country where you are based. You may exercise or enquire about the above rights by contacting MSS’s data protection team (see section 11 “How can you contact us?” below).

10. What are MSS’s privacy protocols regarding minors?

We do not knowingly solicit or collect personal data from children under the age of 16. If we discover that a child under the age of 16 has provided us with personal data without the verifiable consent of a
parent or legal guardian, we will take reasonable steps to delete that information.

11. How can you contact us?

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. This Privacy Notice sets out most of your rights under relevant laws, but not necessarily every right you have. If you have any concerns, requests related to, among others, the exercise of your rights, complaints or questions that have not been covered, please contact us by emailing using the subject headings PRIVACY GDPR.

12. Complaints

You may have a right to make a complaint to the relevant Data Protection Authority (“DPA”) at any time. We would appreciate the chance to understand your concerns in the first instance before you contact the DPA, however. The website of the DPA responsible for overseeing data protection compliance in your country can be accessed via this link:

13. Changes to this Privacy Notice

This Privacy Notice was last updated on the date shown at the top of this page. We may change this Privacy Notice from time to time by updating this page.