Privacy Policy

This Privacy Policy explains how The Nest Hypnotherapy collects, uses, stores and protects your personal information in accordance with UK data protection law.

Rachel Bernard is the data controller for The Nest Hypnotherapy.

Website: https://www.thenesthypnotherapy.co.uk
Email: thenesthypnotherapyclinic@gmail.com

1. What Information Is Collected

The following types of information may be collected:

Personal information

  • Name

  • Address

  • Email address

  • Telephone number

  • Emergency contact details

Health information (special category data)

  • Information relevant to your mental and physical health

  • Information shared during assessment or therapy sessions

  • Clinical notes

Website information

  • Information submitted through website contact forms

The Nest Hypnotherapy does not knowingly collect data from individuals without their consent.

2. Lawful Basis for Processing

Personal data is processed under the following lawful bases:

  • Contract – where processing is necessary for the provision of therapy services.

  • Legitimate interests – for the administration and safe running of the practice.

  • Explicit consent – for processing health-related (special category) data.

You may withdraw consent at any time where processing is based on consent.

3. How Your Information Is Used

Your information is used to:

  • Provide therapeutic services

  • Communicate regarding appointments

  • Maintain clinical records

  • Comply with legal and professional obligations

Your information is not sold or shared for marketing purposes.

4. Storage and Security

Client information is stored securely:

  • Paper records are kept in locked storage.

  • Digital records are stored on password-protected devices.

  • Email correspondence is stored within secure email systems.

Reasonable steps are taken to protect your information from loss, misuse or unauthorised access.

5. Confidentiality

Information shared in therapy is confidential, except where:

  • There is a legal obligation to disclose

  • There is risk of serious harm to you or others

  • Safeguarding legislation requires disclosure

Where possible, disclosures will be discussed with you first.

6. Data Retention

Records are retained as follows:

  • Adults: 7 years after the end of therapy

  • Clients under 18: Until age 25

After this period, records are securely destroyed.

7. Your Rights

Under UK data protection law, you have the right to:

  • Request access to your personal data

  • Request correction of inaccurate data

  • Request erasure (where applicable)

  • Restrict or object to processing

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

The ICO can be contacted at: https://www.ico.org.uk

8. Third Parties

Information may be shared where legally required or with relevant professionals as part of your care, with your knowledge where possible.

The Nest Hypnotherapy does not use client data for advertising or profiling purposes.

9. Changes to This Policy

This Privacy Policy may be updated periodically. The most current version will always be available on the website.