Scarlett Milligan’s Privacy Notice

Thank you for choosing to instruct me in your case. I will need to collect and hold your personal information in order to represent you. I will take all possible steps to protect your personal information. I am determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information I collect about you, how it is used and shared, and your rights regarding it. To the extent that this Privacy Notice does not answer any questions or queries you may have, please contact me or my clerks.

Data Controller

I am registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that I hold and process as a barrister. My registered address is Temple Garden Chambers, 1 Harcourt Buildings, London, EC4Y 9DA and my registration number is ZA244301.

Data Collection

The vast majority of the information that I hold about you is provided to or gathered by you or your legal team in the course of your case. Your solicitor and/or I will tell you why we need the information and how we will use it.

My lawful bases for processing your information

The General Data Protection Regulation (“GDPR”) requires all organisations that process personal data to have a “lawful basis” for doing so. The lawful bases identified in the GDPR are:

• Consent of the data subject
• Performance of a contract with the data subject or to take steps to enter into a contract
• Compliance with a legal obligation
• To protect the vital interests of a data subject or another person
• Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Examples of legitimate interests include:

• Where the data subject is a client or in the service of the controller;
• Transmission within a group of undertakings for internal administrative purposes;
• Processing necessary to ensure network and information security, including preventing unauthorised access;
• Processing for direct marketing purposes, or to prevent fraud; and
• Reporting possible criminal acts or threats to public security.

My lawful bases for processing personal information are as follows:

• The performance of a contract with you as the data subject, or in order to take steps to enter into a contract;
• Your consent to me processing your personal information;
• Compliance with my regulatory and legal obligations in the provision of my services; and
• The legitimate interests of my business, including the need to administer my business on a daily basis, to keep records, and to keep records for a limited period of time in the event of legal challenges.

I collect and process both personal data and special categories of personal data as defined in the GDPR. This includes (but is not limited to): name; e-mail addresses; telephone number; addresses; date of birth; payment/bank details; other financial information; medical records; criminal records; employment records.

I use your information to:

• Provide you with legal advice and representation;
• Investigate and address your concerns;
• Investigate or address any concerns you may have;
• Assist in the training of pupils and mini pupils. Both pupils and mini-pupils are aware of the confidential nature of information shared with them, and their duty to protect this information and not pass it on. Where I am accompanied by a pupil or mini-pupil, I will share with them only the minimum amount of information necessary that is required for the training. If you would prefer that I did not share your information in this way, please notify me in writing or in your instructions.

I do not use automated decision-making in the processing of personal data.

I may share your personal data with:

• Instructing solicitors
• Pupils or mini pupils, under my supervision
• Opposing counsel, for the purposes of resolving the case
• My Chambers management and staff who provide administrative services
• My regulator or legal advisors in the event of a dispute or other legal matter
• Law enforcement officials, government authorities, or other third parties to meet my legal obligations
• Any other party where I ask you and you consent to the sharing.Transfers to third countries and international organisations

Transfers to third countries and interntional organisations

I do not transfer personal data to third countries or international organisations. If you or your solicitor are located in a third country and I am therefore required to transfer your personal data to a third country, I will identify appropriate safeguards for the transfer of your information as required by my legislative obligations.

Retention of your personal data

I retain your personal data while you remain a client, unless you ask me to delete it. My Retention and Disposal Policy (copy available on request) details how long I hold data for and how I dispose of it when it no longer needs to be held. I will delete or anonymise your information at your request unless:

• There is an unresolved issue, such as claim or dispute;
• I am legally required to retain this information; or
• There are overriding legitimate business interests, including but not limited to defending future legal claims, my regulatory or statutory obligations, fraud prevention, and protecting clients’ safety and security.

Your Rights

The General Data Protection Regulation and the Data Protection Act 2018 give you specific rights around your personal data. For example, you have to be informed about the information I hold and what I use it for, you can ask for a copy of the personal information I hold about you, you can ask me to correct any inaccuracies with the personal data I hold, you can ask me to stop sending you direct mail, or emails, or in some circumstances ask me to stop processing your details.

Finally, if I do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred. You can find out more information from the ICO’s website http://ico.org.uk/for_the_public/personal_information and this is the organisation that you can complain to if you are unhappy with how I dealt with you.

Accessing and Correcting Your Information

You may request access to, correction of, or a copy of your information by contacting me in writing.

I will occasionally update my Privacy Notice. Updated notices will be published on my website profile.