Privacy Policy

Your privacy is a top priority. We're committed to always being a good custodian of your personal information, handling it in a responsible manner, and securing it with industry standard administrative, technical and physical safeguards.

This privacy notice tells you what to expect us to do with your personal information.

Our contact details

Telephone: 07393604242

Email: lucyduckett.thenest@gmail.com

What information we collect, use, and why

We collect or use the following information to provide client care, legal requirements and safeguarding, services, products, goods, information updates, queries, complaints, marketing or research purposes:

  • Name, address and contact details
  • Date of birth
  • Emergency contact details
  • Gender and pronoun preferences
  • Health information (including medical conditions, allergies, medical requirements and medical history)
  • Information about care needs (including disabilities, home conditions, medication and dietary requirements and general care provisions)
  • Correspondence - records of sessions, meetings and decisions
  • Contact/marketing preferences
  • Safeguarding information

We also collect the following special category information 

  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Health information
  • Sexual orientation information

We need to ask for certain information to enable us to work safely and effectively with Clients and to enable the efficient dissemination of appointment reminders and invoicing. This also ensures we are compliant with legislation, BACP membership, insurance policies and data control registration.

Lawful bases

Our lawful bases for the collection or using personal information to provide client care, legal requirements and safeguarding, services, products, goods, information updates, queries, complaints, marketing or research purposes:

  • Consent - we have permission from you after we gave you all the relevant information. 
  • Contract – we collect or use the information so we can enter into or carry out a contract with you. 
  • Legal obligation – to comply with the law. 
  • Vital interests – when someone’s physical or mental health or wellbeing is at urgent or serious risk. 
  • Legitimate Interests – to enable us to work safely and effectively with Clients and to enable the efficient dissemination of appointment reminders, invoicing and duty of care. 

Data protection rights

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. 
  • Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.
  • Your right to restriction of processing - You have the right to request restriction of processing your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to processing your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

Where we get personal information from

  • Directly from you, when we communicate through media or in person; through completion of website enquiry, contact, contract and assessment forms, emails, calls, texts, in direct face to face conversations and attendance at meetings or workshops. In the case of Children and Young People (CYP) - Family members or carers who complete forms/communicate information on your behalf.
  • From 3rd parties acting on your behalf who make enquiries and/or refer you for counselling. Examples being - other health and care providers, social services, schools, colleges, universities or other education organisations, councils and other public sector organisations. 

Who we share information with

  • Other health providers (e.g. GPs and consultants)
  • Other health and care providers, social services, schools, colleges, universities or other education organisations, or councils and other public sector organisations.
  • Organisations we need to share information with for safeguarding reasons
  • Emergency services
  • Organisations we’re legally obliged to share personal information with (court order)
  • Some information may be shared with supervisors during supervision sessions, to ensure ethical best practice.

All the above legally stated consent be given – unless UK law negates this.

How we store and how long we keep information

All personal information, data and notes are held electronically on secure and confidential, mental health professional management software, which aligns with the rigorous GDPR regulations in the UK/EU and adhere to HIPAA standards. 

Practice texts are from business lines and use services with end-to-end encryption. Messages sent with highly sensitive data, pictures or videos will be deleted after viewing and notes may be added to your electronic file.

Artwork and handwritten processing completed as part of sessions are either taken with you at the end of the session or stored in a locked filing cabinet for necessary duration and then destroyed (at a minimum at the end of our work together).

In line with my BACP membership and insurance, data is held no longer than is necessary. Where you have accessed counselling services, client’s personal data and consultation records are retained for a minimum period of five years. In the case of children and young people, these records are retained for a minimum of five years after their 18th birthday.

Duty of confidentiality

We are subject to a common law duty of confidentiality. Disclosure of information to any other third party, under any circumstances only happens if requested by the client. This is also the case for children. Permission will be given by the client (child) for information shared with a parent/carer. Clients are also aware that some information will be shared with supervisors during supervision sessions, also bound by confidentiality.  

However, there are circumstances where we will share relevant health and care information. These are where:

  • You’ve provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
  • We have a legal requirement (including court orders) to collect, share or use the data
  • On a case-by-case basis, the public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime)
  • Vital interests – when someone’s (yourself or another person’s) physical or mental health or wellbeing is at urgent or serious risk of harm.

Requests and complaints

If you make a request, we must respond to you without undue delay and in any event within one month. If you wish to exercise any of these rights, have any concerns about our use of your personal data or make a complaint, please contact us using the contact details at the top of this privacy notice. 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the Information Commissioner’s Office (ICO). My ICO reference number is ZB995774

Data handling responsibility

Information given directly to our therapists, is their responsibility. As the founder and clinical lead, in its entirety, this privacy policy covers Lucy Duckett, The NEST website, initial enquiries and services provided in the name of The NEST. Following initial contact with The NEST, if a client should be placed with another Therapist, the responsibility to conform to GDPR (General Data Protection Regulation) with any further personal information is the responsibility of the individual Therapist and not The NEST. You should be provided with their Privacy Policy and Therapist individual ICO registration number.

Changes to this policy

This policy may be updated periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this policy regularly to stay informed of any changes.

 

Last reviewed: September 2025

©Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.