This policy sets out how we collect, use, processes, transfer, publish and store your personal data when you visit our website (www.msc.org) or otherwise provide personal data to us.
The MSC has its headquarters at Marine House, 1 Snow Hill, London EC1A 2DH, United Kingdom and is the data controller of your personal data, so please read it carefully.
Questions should be directed to [email protected] or by telephone on +44 0 2072 468900.
1. Personal data we collect
We collect, process, store and use personal data when you visit our website or submit data via our online forms. This may include your name, email address and any other details you voluntarily provide.
Where you submit an objection through the MSC Objection Procedure, your name and title may be published on the MSC Track a Fishery page. Confidential information provided within the Objection Procedure is redacted before publication following the process described in that Procedure.
We process personal data to administer our website and forms, respond to enquiries, support our mission of sustainable fishing, and, where you opt in, to send you marketing communications. More details and lawful bases appear in Section 4.
You do not need to provide personal data to browse our site, however, some data listed in Section 2 will still be collected automatically.
Correspondence is normally retained for no more than two (2) years unless longer retention is legally required.
2. Data we automatically collect and why
When you visit our site, we collect standard internet log and behavioural information such as:
- traffic data
- location data
- pages visited
- browser type and operating system.
This helps us understand how users engage with our website and improve performance.
Collection takes place via cookies and analytics tools, as described in Section 7, with consent obtained where required.
3. Marketing Communications
If you opt-in, we process your data to send newsletters, blog updates, surveys and events information. You may withdraw consent or opt out of marketing at any time by emailing [email protected] or clicking unsubscribe.
We will update your preferences within five (5) UK business days.
Your data for marketing purposes is retained until you withdraw consent or opt-out.
In some cases, we can send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message or by contacting us using the details set out above.
4. Lawful processing and sources of personal data
We process your personal data for the purposes and lawful bases set out below:
| Purpose | Lawful Basis |
|---|---|
| Administer our website and forms | Legitimate interest in managing and improving our services. |
| Respond to enquiries and communicate with you | Legitimate interest in corresponding with stakeholders. |
| Support our mission and programs | Legitimate interest in advancing sustainable fishing objectives. |
| Improve our website | Consent where required; otherwise, legitimate interest in promoting our mission. |
| Send marketing communications | |
| Comply with legal requirements or lawful government requests | Necessary for compliance with a legal obligation in respect of compliance with UK law. If a legal obligation does not apply, or compliance is required under non-UK law, we rely on our legitimate interest in complying with applicable law. This is a recognised legitimate interest when we do this to prevent, detect, or investigate a crime. |
Where processing relies on legitimate interests, MSC conducts and documents balancing tests considering impact on individuals. These are available upon request.
In the UK, we are not required to conduct a balancing test where the processing is based on a 'recognised legitimate interest'. A 'recognised legitimate interest' is a specified purpose for handling personal information that is in the public interest, such as data sharing with another organisation to prevent, detect, or investigate crime.
5. Who we share your data with
MSC never sells personal data.
We may share aggregated statistical information with our subsidiaries and regional offices that cannot identify you.
When an objection is submitted, your name and title may appear publicly on Track a Fishery solely to meet transparency obligations. Confidential information provided within the Objection Procedure is redacted before publication following the process described in that Procedure.
Personal data may also be disclosed when required by laws or to protect rights, property, or safety.
6. Where we hold and process your data
Most data is stored on servers within the UK or European Union (EU). Occasionally, data may be transferred to countries outside these regions (for example, if service providers host in other jurisdictions).
We only transfer data where adequate safeguards are in place, such as:
- Adequacy decisions recognised by the UK Information Commissioner's Office (ICO).
- Standard Contractual Clauses (SCCs) with the UK International Data Transfer Addendum, or
- Binding Corporate Rules approved under UK law.
Where personal data is shared with Assurance Services International GmbH (ASI) or German-based partners, transfers rely on EU-UK adequacy arrangements or SCCs compliant with both UK and EU law.
Further details are available from [email protected] or via the ICO's website.
7. Cookies
Marine Stewardship Council ('MSC', 'we', 'us', 'our') is committed to ensuring you understand how cookies are used on our website and social media tools.
A cookie is a small text file used to recognise your browser. Our site uses cookies for functionality, analytics, and marketing. You may customise or withdraw cookie consent any time through our website Cookie Consent Manager, that allows control by category (essential, analytics, functional, marketing).
Blocking certain cookies may affect site performance. Retention periods for each cookie type are listed below and do not exceed the stated lifespan.
For more information on how you can customise your browser's cookie setting please visit the link to your web browser below:
| Cookie | Description |
|---|---|
| Targeting Cookies | |
| sf-trckngckie | MSC cookies are used to support website tracking and personalisation features, including monitoring visitor interactions and helping tailor content or functionality. These cookies have a lifespan of up to six (6) months. |
| Analytics Cookies | |
| Google Analytics | Cookies installed by Google Analytics are used to analyse the traffic on our website and understand how our users use our website (for example, which pages they visit the most, the source where they have come from or if they get error
messages from our web pages). The cookies store information in an anonymous form. These cookies have a lifespan of up to twenty-four (24) months.
Google uses analytics data for product improvement, benchmarking, technical support, and for improving the way we use Google products. Google’s Privacy & Terms Google Analytics and privacy page Google Privacy Policy You can opt out from sharing information with Google through Google Analytics by installing the Google Analytics opt-out browser add-on. |
| Microsoft Clarity | Cookies set by Microsoft Clarity track website behaviour and use. Clarity may connect page views and generate aggregated analytics.
More information about Microsoft Clarity Cookies. |
| Functional Cookies | |
| Google Optimise | A website testing and personalisation tool used with Google Analytics to run experiments, compare page variants, and tailor website content to improve user experience. These cookies have a lifespan of up to twenty-four (24) months.
Google Privacy Policy |
| Marketing Cookies | |
| YouTube | Cookies set by YouTube are used to:
Google Privacy Policy |
| Google Ads | Google Ads is a YouTube add-on designed to show you personalised advertisements that you may find interesting. These cookies have a lifespan of up to twenty-four (24) months.
You can find out more on how to opt out of Google’s personalised ads here. Google Privacy Policy |
| DoubleClick (Google Marketing Platform) | DoubleClick cookies are used by Google for advertising purposes, to:
Google Privacy Policy |
| Facebook Ads | MSC runs Facebook ads external to the MSC website. Cookies set by Facebook are used for advertising purposes, including delivering advertisements to users on Facebook and other platforms powered by Facebook advertising after they visit
this website. These cookies may also be used to show more relevant advertisements, measure and improve advertising performance, and track user behaviour across websites that use the Facebook Pixel or Facebook social plugins. These
cookies have a lifespan of up to two (2) months.
To manage your Off-Facebook Activity, click here. Facebook Data Policy |
| LinkedIn Ads | MSC runs LinkedIn ads external to the MSC website. Cookies set by LinkedIn are used for advertising and functionality purposes, including tracking users across websites to display relevant advertisements based on their preferences, enabling
LinkedIn features on the page, and supporting LinkedIn share buttons and ad tags. Some cookies may also be used for routing and other functional purposes. These cookies have a lifespan of up to twenty-four (24) months.
To opt out of LinkedIn advertising cookies, click here. LinkedIn Privacy Policy |
| MailChimp | MailChimp uses session cookies to remember changes as users move from page to page; it does not use cookies to track contacts. Links and images are used to track open and clicks for email campaigns.
More information on how Mailchimp uses cookies. |
| Podsights (now Spotify Ad Analytics) | Podsights hooks into the ads being delivered by a publisher by using a tracking URL at the ad serving level. When a listener downloads an episode and is served an ad, Podsights captures IP, User Agent, and other data pertinent to the download.
More information about Podsights (now Spotify Ad Analytics). |
| TikTok | The MSC uses TikTok in some countries. TikTok uses different types of cookies to operate and secure the Platform, as well as to analyse usage and personalise content and advertising.
TikTok’s Cookies Policy. |
8. Security and governance
We apply appropriate technical and organisational measures to protect data against unauthorised access, loss or alteration.
The MSC Data Protection Lead reports directly to the Chief Operating Officer. Data governance policies are reviewed on an ongoing basis to reflect changes in applicable data protection law and best practices, including the ISEAL Code of Good Practice for Sustainability Systems.
9. Your rights
You have the following rights (in addition to the right to be informed about the collection and use of your personal data, via this policy and other privacy notices).
- Access: obtain a copy of your personal data.
- Rectification: to require us to correct errors in the personal data if it is inaccurate or incomplete.
- Erasure: to require that we delete your personal data.
- Restriction: to restrict the processing of your personal data.
- Objection: object to processing based on legitimate interests, including direct marketing.
Note: If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing, or the processing is required for the establishment, exercise, or defence of legal claims
- Data portability: where processing is based on your consent or a contract and carried out by automated means, to request us to transmit personal data that you have provided to us to a third party, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
- Not be subject to automated decision-making: MSC does not use automated decisions producing legal or significant effects without human review.
We will acknowledge receipt of rights requests within thirty (30) days.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.
Withdrawal of consent may be exercised at any time without affecting earlier lawful processing.
To exercise these rights, or any other rights you may have under applicable laws, please contact us at [email protected].
Privacy complaints
If you have any complaints in relation to this policy or otherwise in relation to our processing of your personal data, you have the right to complain to us via email at [email protected]. We will acknowledge receipt of your complaint within 30 days, and to take appropriate steps to respond to the complaint.
If you are unhappy with how we handle your complaint, you may also complain to the UK Information Commissioner's Office (ICO) (or the relevant supervisory authority in a jurisdiction outside the UK). More information about making a complaint to the ICO can be found here.
Please note, we can charge an administrative fee if your request is manifestly unfounded or excessive.
10. Retention
We keep:
- General correspondence - up to two (2) years.
- Enquiry records - six (6) months after final contact.
- Marketing data - until you withdraw consent or opt out.
- Objection-related files - visible online for up to six (6) months after final decision publication, then deleted or anonymised in accordance with confidentiality requirements.
11. Linked websites
Our website may link to external sites beyond MSC's control. We are not responsible for their privacy practices. You should review the privacy notices of any site visited through external inks.
12. General
If any provision of this policy is held invalid or unenforceable by a competent court, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This policy is governed by and construed in accordance with the law of England and Wales, and disputes fall within the exclusive jurisdiction of the English courts.
MSC reviews this policy on an ongoing basis to reflect relevant changes occur in data-protection law or ISEAL Code requirements. Continued use of the website after an announced effective date signifies acceptance of the updated policy.
13. Version control
Version 1.1. - May 2026 (next review: May 2027)
Document history
| Version | Effective date | Description of key amendments |
|---|---|---|
| 1.1 | May 2026 |
|