Articles on: Data Security

Privacy Statement

At Mesma we are committed to safeguarding and preserving the privacy of our visitors. This Privacy Policy explains what happens to any personal data that you provide to us, or that we collect from you.

The EU General Data Protection Regulation (GDPR) which forms part of the Data Protection Act 2018, which is enforceable from 25 May 2018, provides new rights to individuals and requires organisations to provide information about their processing in a clear and transparent way. 

We published version 3 of our Privacy Statement on 15th September 2021 to take into account new requirements and to explain how we collect, store and use personal data. When we refer to “we”, “us” or “our” in this Statement we mean Mesma Limited.

Mesma Limited is a company specialising in quality assurance for schools, further education, and training. We provide consultancy advice and guidance to organisations as well as online quality assurance software. Our company registration number is 07641449. 

This Privacy Statement applies to personal data collected and processed by Mesma Limited; whose registered address is 27/28 Frederick Street, Sunderland, Tyne and Wear, SR1 1LZ

We endeavour to comply with the Data Protection Act 2018, the EU General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (amended) and other relevant legislation.

How to contact us

If you have any questions or require any further information regarding this Privacy Statement or would like to contact us about any other matter, please use the following contact information:


Tel: 0845 6588370

Ways we collect personal data

We collect personal data in the following ways when you:

Provide your contact details to us when requesting information about our products or services, either via the telephone, email, our online enquiry forms or face-to-face.
Or your company registers you as a user of Mesma Software either on a trial or as licensed user.
Download Mesma resources from our website.
Register as a subscriber to our updates or newsletters.
Register to attend one of our events or webinars. or
Via openly available public sources (e.g. LinkedIn, Ofsted, UK Register of Learning Providers or company websites).

The types of personal data we collect

The personal data we routinely collect includes:

Full name
Email Address
Postal address
Job title
Company name
IP Address
Business telephone numbers including mobile numbers which are being used for business purposes.

We do not collect any special categories of personal data, as defined under the GDPR. Our products and services are not aimed at children.

The legal basis on which we rely are:


This will usually be in the form of an opt-in tick box, an email address expressly for the reason of sending marketing or by verbal consent. We will always make it clear what your data will be used for and provide a link to our privacy policy.

Contract / agreement

This will usually be when you have signed a contract or agreed for us to process your information on the grounds that we will provide you with a service.

Legitimate interests

Our legitimate interests are to communicate with individuals to keep them informed, to grow our business e.g. telemarketing, B2B, email marketing.

Any legitimate interests pursued by us, are as follows:

Promoting our products

Product upgrades and updates to new or existing customers

The legitimate interests specified above are related to the products and services you currently use, products and services provided by Mesma that you don't currently use or products and services that would be of interest to your company, the sector you operate in or the job role you hold.

Further information on legitimate interest can be found here. 

Changing your mind

You can change your mind and prevent us from sending these at any point by clicking on the unsubscribe link on any email you receive from us. Alternatively, you can unsubscribe by emailing 

We use third-party providers to help us deliver our service

We take care to only collect only the necessary information to provide access to the service, for example, Name, email address and telephone number. We do not sell client data to any third parties unless otherwise agreed through a contractual agreement.

Visitors to our website

When someone visits we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way, which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it. For more information 

Use of Cookies

Cookies provide information regarding the computer used by a visitor. We may use cookies where appropriate to gather information about your computer in order to assist us in improving our website and your use experience.

We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally. It is statistical data. This statistical data does not identify any personal details whatsoever

You can adjust the settings on your computer to decline any cookies if you wish. This can easily be done by activating the reject cookies setting on your computer.


We use, to publish our website. These sites are hosted at, which is run by Automattic Inc. We use a standard WordPress service to collect anonymous information about users' activity on the site, for example, the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information, please see

Microsoft 365

When someone emails us we host our emails on a third party service; Microsoft 365. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law. For more information 

Microsoft Azure

Microsoft Azure is a cloud-based hosting solution which we use to host our Mesma Software. data may be processed by us as a result of our client’s use of the services when our client or their end-users input or upload information into the relevant service (platform/portal/environment). We will use this information to contact you in order to perform the services or in relation to the products and services provided to you; this may include system upgrades and new associated products.


Since October 2019 - We use Hubspot, to support our customer relationship management system. We have to hold the details of any prospective and current clients and people who have requested information about the service we provide.


We use Crisp to communicate with our Mesma Software users. We gather the information directly from our clients Mesma platforms. This communication is likely to include system updates or products and services that would be of interest to your company.


We use XERO to help us process our invoices and payments. However, we only use the necessary name, email address and telephone number of individuals used to process payments.


We use Eventbrite to promote, sell and manage our courses and events. We collect minimal contact information to ensure we can communicate the details of our courses and events. ht[tps://](


We use Zoom products to delivery online meetings and webinars. We collect minimal contact information to ensure we can communicate the details of our events.


People applying for job applications, current and future Mesma employees and associates

When individuals apply to work at Mesma Limited, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with Mesma Limited, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Mesma Limited has ended, we will retain the file for 12 months or longer if stipulated under legislation.

Your legal rights

You have a number of rights under data protection law, which have been strengthened under the General Data Protection Regulation (GDPR). For further information about any of these rights, please visit the Information Commissioners Office website.

The right to be informed – you have the right to be told about the collection and use of the personal data you provide. This privacy policy sets out the purpose for which we process your personal data, how long we will keep your data, who we will share your data with. If you have any questions on how and why we process your data please contact us.

Access: You have the right to access the personal data we may hold about you and the purposes for which we are using it. We may ask for proof of your identity. On receipt of such a request, we will endeavour to respond to you as soon as possible, at most within one calendar month.

Rectification: You have the right to request that we amend any personal data which is incorrect or requires updating.

Erasure: You have the right to request that we delete any personal information pertaining to you. We will assess any deletion request on a case by case basis and will endeavour to respond to you as soon as possible, at most within one calendar month. If you have authored any content on the DPN and would like this to be deleted, please let us know.

Right to restrict processing – you have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request.

Right to object – you have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics. 

If you would like to exercise any of these rights, if you are concerned about the manner in which we have collected and used your personal data, please contact us using the contact details below and we will do our best to help. 


 If you are concerned about the manner in which we have collected and used your personal data, please contact us using the contact details above – we will do our best to help. If you are unhappy with the way in which we have handled your personal data you have the right to contact the Information Commissioner’s Office.

Disclosing your Information 

We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:

In the event that we sell any or all of our business to the buyer. Where we are legally required by law to disclose your personal information. To further fraud protection and reduce the risk of fraud.

How long we store your personal data for

We will keep your information in connection with the services for which it was collected for an appropriate period of time. Data stored on Mesma software will be retained as per terms and conditions of the contract. In terms of personal data we use for marketing, we will keep this data for as long as we are able to market to you and if you withdraw your consent or opt-out of marketing communications, we will keep your contact details only to ensure that we do not contact you again for marketing purposes.

External Links on Websites

Please remember that if you use a link to go from our websites to another website, or you request a service from a third party, this Privacy Statement will no longer apply once you have left this website. Your browsing and interaction on any other website is subject to that website’s own rules and policies.

Changes to the privacy policy

This privacy policy is regularly reviewed and will be updated when necessary. If we make any significant changes to the policy we will communicate these to you.

Updated on: 28/07/2022

Was this article helpful?

Share your feedback


Thank you!