Privacy Policy

This privacy policy outlines what information will be collected from visitors to our websites, why it is required and how the information will be used under the General Data Protection Regulations (GDPR). This policy applies to visitors to the Milligan and the Gateway at Peak websites and those who supply their details to us via the contact forms.

Definitions under GDPR

Data Subject – means an individual who is the subject of personal data.

Data Controller – A person who (either alone or jointly or in common with other persons) determines the purposes for which, and the manner in which, any personal data is, or is to be, processed.

Data Processor – In relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Personal Data – Any information relating to any person that can be used to identify them either directly or indirectly, such as their name, email address, address, web browsing data or other factors.

Lawful grounds for processing

Milligan Ltd may process personal data lawfully for a number of reasons, including in order to:

  • Carry out a task as instructed by the data controller, as necessary for the performance of a contract
  • Respond, with your consent, to a message you have sent us through the website
  • Comply with a legal obligation
  • Carry out a task in the public interest, or in exercising official authority vested in Milligan
  • Protect the legitimate interests of Milligan Ltd or a third party, except where this is overridden by your own interests or rights 

Name and Address of the Controller and Processor:

Milligan Ltd
71 Wimpole Street
London W1G 8AY
+44 (0)20 7297 4300

The website is owned and operated by Milligan Ltd and we are therefore the designated data controller for it. You can contact Milligan Ltd via post, a contact form on our website, by telephone or email.

The data protection officer can be contacted at the same address.

You may at any time contact our data protection officer directly with all questions and suggestions regarding this policy and data protection in general at Milligan Ltd.

Sharing and transferring personal data

Milligan will not share or disclose information about you collected via our website to any third parties, unless we are legally obliged to do so. 

Record keeping and Data retention periods

We will maintain clear and accessible records of all data processing activities.

Data will only be kept for as long as is required and treated with the data consents you have provided. If you request for your personal data to be erased, please contact the Data Protection Officer at Milligan Ltd.

Milligan’s websites – How your information will be used

The use of the pages on the Milligan website and Gateway at Peak website, is possible without any indication of personal data other than the public IP address that you are browsing from; however, if you want to send Milligan a message, processing of personal data will become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we will obtain consent from you.

Milligan acts as both the data controller and processor in respect to the data received through our website. No information is passed on to third parties or sub-processors unless additional consent is collected first.


The Milligan website and Gateway at Peak websites use cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the visitor from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified using the unique cookie ID.

The most common reason cookies are being used would be for tracking, e.g. Google analytics which measures web traffic and browsing from different sources. You may, at any time, prevent the creation of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If you deactivate the setting of cookies in your web browser, all functions of our website will continue to be usable.

Contacting us via our websites

Visitors can contact us through the forms on our websites and via the email links. The personal data transmitted to us is determined by the information you enter. The personal data is collected and stored exclusively for internal use and specifically for responding to the message and its contents.

By using the contact form, your external IP address and the date / time of when the message was sent is also stored. The storage of this data is a security measure that takes place as a way to prevent the misuse of our services and, if necessary, to make it possible to investigate committed offenses. This data is not passed on to third parties, unless there is a statutory obligation to pass on the data to serve the aim of a criminal prosecution.

We use the data collected when a message is sent to us for responding to the message and its contents. You are free to request a change of the personal data specified within the form at any time, or to have the data completely deleted from our systems.

The information collected as part of our correspondence with the data subject is only stored for as long as it is required to complete the correspondence and satisfy the query.

Data security breaches

Milligan Ltd takes management of your personal data seriously and takes all reasonable steps to appropriately secure your data. In the event that a data security breach occurs, it is the responsibility of the Data Controller to notify you without undue delay if there is likely to be a high risk to your data. Information will be provided regarding the nature of the breach and action being taken. Concurrently to this, Milligan Ltd will notify relevant parties such as the ICO and/or law enforcement agencies to ensure appropriate action is taken.

Ongoing review

This policy may be updated as required to ensure its compliance with data protection legislation and to exercise best practice. We recommend regular review of this policy to ensure you are happy and in agreement with our policy and associated practices.