[Legal] · GDPR Compliant

Privacy &
Cookie Policy.

Last Updated · January 1, 2026

On this page

  1. Privacy Policy
  2. Cookie Policy
  3. Contact

Privacy Policy

Francisco Santos ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website or interact with our coaching services, in full compliance with the General Data Protection Regulation (GDPR) and applicable Portuguese and EU data protection laws.

1. Data Controller & Contact Information

The data controller responsible for your personal data is:

If you have any questions about how we process your personal data or wish to exercise your rights under the GDPR, please contact us using the information above.

2. Personal Data We Collect

a) Information you provide directly

  • Contact Forms: Name, email address, and any information you include in your message when you submit an inquiry through our website.
  • Newsletter Subscription: Email address and name (optional) when you subscribe to our mailing list.
  • Coaching Services: Additional information provided during coaching consultations, which may include business details, strategic challenges, and personal goals.

b) Information collected automatically

  • Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and referring URLs.
  • Cookies and Tracking Technologies: See our Cookie Policy below for full detail.
  • Analytics Data: We use Google Analytics to understand how visitors interact with our website (page views, session duration, bounce rates).

3. Purpose of Data Processing & Legal Basis

We process your personal data for the following purposes, based on the legal grounds specified:

Responding to inquiries

Purpose: To respond to your questions, provide information about our coaching services, and communicate with you. Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)) and, where applicable, performance of a contract (GDPR Art. 6(1)(b)).

Newsletter & marketing communications

Purpose: To send you frameworks, insights, and updates about our coaching services via email. Legal Basis: Your explicit consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time by clicking "unsubscribe" in any email or contacting us.

Website analytics & improvement

Purpose: To analyze website traffic, understand user behavior, and improve our website's functionality and content. Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)).

Providing coaching services

Purpose: To deliver coaching services, develop customized frameworks, and provide strategic guidance. Legal Basis: Performance of a contract (GDPR Art. 6(1)(b)) or pre-contractual measures at your request.

Legal compliance

Purpose: To comply with legal obligations, such as tax and accounting requirements. Legal Basis: Legal obligation (GDPR Art. 6(1)(c)).

4. Data Sharing & Third-Party Services

We do not sell, rent, or trade your personal data to third parties. However, we may share your data with the following trusted service providers who help us operate our website and deliver our services:

  • Tally (form collection), manages application and contact forms. Data shared: any information submitted via form fields. Privacy Policy. GDPR-compliant.
  • Google Analytics, analyzes website traffic and user behavior. Data shared: anonymized usage data (IP addresses are anonymized). Privacy Policy. You can opt out via the Google Analytics Opt-out Browser Add-on.
  • Tally, hosts our application form. Data shared: any information you submit through the form.
  • Netlify (hosting), delivers our website. Data shared: technical data necessary for website operation (IP addresses, access logs). Privacy Policy.
  • Meta Platforms (Instagram), communications via Instagram are subject to Meta's privacy policies. Privacy Policy.

All third-party service providers are carefully selected and contractually obligated to process your data securely and in compliance with GDPR requirements.

5. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Contact form inquiries: Up to 2 years from last contact, unless you request earlier deletion.
  • Newsletter subscribers: Until you unsubscribe or request deletion.
  • Coaching client data: For the duration of our relationship and up to 5 years afterward for legal and tax compliance.
  • Analytics data: Google Analytics data is retained for 26 months (default).
  • Cookies: See our Cookie Policy for specific retention periods.

After the retention period expires, your data will be securely deleted or anonymized so that it can no longer identify you.

6. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right to Access (Art. 15), request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16), request correction of inaccurate or incomplete data.
  • Right to Erasure / "Right to be Forgotten" (Art. 17), request deletion, subject to legal obligations.
  • Right to Restriction of Processing (Art. 18).
  • Right to Data Portability (Art. 20), receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21), object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent (Art. 7(3)), withdraw consent at any time.
  • Right to Lodge a Complaint with the Portuguese Data Protection Authority (CNPD): www.cnpd.pt · geral@cnpd.pt.

To exercise any of these rights, email franciscosantos.coaching@gmail.com. We respond within 30 days. We may need to verify your identity before processing your request.

7. Data Security Measures

We implement appropriate technical and organizational measures, including: HTTPS/SSL encryption in transit, secure hosting infrastructure, access controls and authentication, regular security updates and monitoring, GDPR-compliant third-party providers, and regular backups. However, no method of transmission over the internet is 100% secure.

8. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards: Standard Contractual Clauses (SCCs), EU-U.S. Data Privacy Framework certification, or adequacy decisions by the European Commission.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last Updated" date at the top. Continued use of our website after any changes indicates your acceptance.

Cookie Policy

This Cookie Policy explains what cookies are, how we use them, and how you can manage your preferences. Read alongside the Privacy Policy above.

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They make websites work more efficiently, improve user experience, and provide information to website owners. Cookies can be "session cookies" (deleted when you close your browser) or "persistent cookies" (remain for a set period).

2. Types of Cookies We Use

a) Essential cookies (strictly necessary)

Necessary for the website to function. Examples: cookie consent preferences, session management, security cookies. Retention: session or up to 1 year. Do not require consent under GDPR.

b) Analytics & performance cookies

Help us understand how visitors interact with our website. Service: Google Analytics. Data: pages visited, time spent, browser/device, anonymized IP, referring source, interactions. Retention: up to 26 months.

c) Marketing & functionality cookies

Service: Tally. Used to collect and process form submissions. Retention: up to 1 year.

d) Hosting & infrastructure cookies

Service: Netlify. Used for performance optimization, security, and infrastructure analytics.

3. Cookie Summary

CookieProviderPurposeDuration
cookie_consentFrancisco SantosStores cookie consent preferences1 year
_gaGoogle AnalyticsDistinguishes unique users2 years
_gidGoogle AnalyticsDistinguishes users24 hours
_ga_<id>Google AnalyticsPersists session state2 years
tally_*TallyManages form submissionsUp to 1 year
nf_*NetlifyInfrastructure & performanceSession / 1 year

4. Managing & Controlling Cookies

Browser settings

Opt-out tools

Cookie consent banner

When you first visit our website, a cookie consent banner allows you to accept or reject non-essential cookies. You can change preferences at any time by clearing your browser cookies and revisiting our website.

5. Impact of Disabling Cookies

If you disable cookies, some features may not function properly, you may need to manually adjust preferences each visit, we will not be able to remember your consent, and analytics data will not be collected.

6. Updates to This Cookie Policy

We may update this Cookie Policy from time to time. When we make significant changes, the "Last Updated" date will be updated.