Therapy Nest Counselling With Rachel Morrice in Evesham, Worcestershire

 

Privacy Notice

Therapy Nest Counselling (“I”, “me”, “my”) is committed to protecting your privacy and handling your personal information securely and responsibly. I comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

I am registered with the Information Commissioner’s Office (ICO), registration number 00012508944.

This Privacy Notice explains what personal information I collect, why I collect it, how it is used, how long it is kept, and your rights.

1. Data Controller

Therapy Nest Counselling - Address: The Olde Bake House Evesham Worcestershire WR11 4RE ; Email: therapynestcounselling@yahoo.com;Telephone: 075790775255

2. Information I Collect

I may collect and process the following information:

  • Your name, email address, phone number and any information you provide when you contact me through the website or enquire about counselling.

  • Information needed to arrange appointments, including your availability.

  • Information shared during counselling sessions (stored separately and securely).

  • Technical data such as IP address, browser type and website usage data if cookies or analytics are used.

Retention:

  • Counselling records are kept for 7 years after therapy ends, in line with professional, legal and insurance requirements.

  • Enquiry emails are kept for 12 months if you do not proceed with therapy.

3. How Your Information Is Used

Your information is used to:

  • Respond to enquiries and arrange appointments.

  • Provide counselling services.

  • Maintain secure and accurate records.

  • Meet legal, ethical and professional obligations.

I will not share your information with third parties unless:

  • there is a legal obligation

  • there is a safeguarding concern

  • there is a risk of serious harm

  • you give explicit consent

My supervisor may discuss your case with me for professional oversight, but they will only know your first name or initials and are bound by the same confidentiality and data‑protection requirements.

4. Communications and Security

  • All electronic records are stored in password‑protected systems.

  • Email is not fully secure unless encrypted; I can use encrypted email if you request it.

  • I may need to verify your identity before responding to data‑protection requests or complaints.

5. Your Rights Under UK GDPR

You have the right to:

  • Access the personal data I hold about you.

  • Correct inaccurate or incomplete information.

  • Request deletion of your data (“right to be forgotten”) where legally appropriate.

  • Restrict or object to certain types of processing.

  • Data portability – receive your information in a transferable format.

Subject Access Requests (SARs): I may use the DUAA “stop‑the‑clock” mechanism if I need to verify your identity or clarify your request.

6. Working With Children and Young People (Ages 11–17)

I provide counselling services to children and young people aged 11 to 17. When working with under‑18s, I follow the requirements of the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025. I take extra care to protect the privacy, confidentiality and rights of young people.

How I explain privacy and confidentiality

At the start of therapy, I explain confidentiality, privacy and data rights in a way that is suitable for the young person’s age and understanding. I continue to check in throughout our work together to make sure they understand how their information is used and stored.

Confidentiality and parental involvement

Information shared by a young person in counselling is confidential. I do not automatically share information with parents or carers. I will only share information:

  • if the young person gives clear consent

  • if there is a safeguarding concern

  • if there is a risk of serious harm

  • if I am legally required to do so

Where appropriate, I support the young person to decide what they would like shared with their parent or carer.

Young people’s data rights

Young people aged 11–17 have the same data rights as adults. This includes the right to:

  • see the information I hold about them

  • ask for corrections

  • ask for their information to be deleted (where legally appropriate)

  • object to or restrict certain types of processing

  • receive their information in a transferable format

I explain these rights in an age‑appropriate way and support the young person to use them if they wish.

How young people can make a complaint

Young people can raise a data‑protection complaint directly with me. They do not need to go through a parent or carer unless they choose to.

Complaints can be made through any communication channel, including email, phone, text message or in person.

  • I will acknowledge the complaint within 30 days

  • I will aim to resolve it within 3 months

  • I will keep a record of complaints for 6 years, as required by law

If they are unhappy with the outcome, they can contact the Information Commissioner’s Office (ICO).

Identity verification

Before responding to a request or complaint, I may need to verify the identity of the young person or the person acting on their behalf. I do this in a way that is safe, appropriate and does not create unnecessary barriers for the young person.

7. Data‑Protection Complaints Process (Legal Requirement – June 2026)

You may raise a data‑protection complaint with me at any time through any communication channel, including email, phone, text message or in person.

  • I will acknowledge your complaint within 30 days

  • I will aim to resolve it within 3 months

  • I will keep a record of complaints for 6 years, as required by law

If you are not satisfied with the outcome, you may contact the Information Commissioner’s Office (ICO).

8. International Transfers

If any services I use (such as email, video platforms or website hosting) store data outside the UK, I ensure appropriate safeguards are in place, including:

  • Transfer Impact Assessments

  • Standard Contractual Clauses

  • UK Addendum where required

9. Cookies and Website Analytics

This website may use cookies or analytics tools to understand how visitors use the site. Cookies are small files stored on your device. You can disable cookies through your browser settings. If analytics are used, IP addresses are anonymised where possible.

10. Updates to This Notice

This Privacy Notice was last updated on 19 June 2026. It will be reviewed annually or when legislation changes.

click
©2026 Rachel Morrice — powered by WebHealer
Website Cookies  Privacy Policy  Administration