Privacy Policy
Last Updated: January 1, 2026
Francisco Santos ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website or interact with our coaching services, in full compliance with the General Data Protection Regulation (GDPR) and applicable Portuguese and EU data protection laws.
1. Data Controller & Contact Information
The data controller responsible for your personal data is:
Name: Francisco Santos
Business: Francisco Santos Coaching
Email: franciscosantos.coaching@gmail.com
Instagram: @thefranciscosantos
If you have any questions about how we process your personal data or wish to exercise your rights under the GDPR, please contact us using the information above.
2. Personal Data We Collect
We collect the following types of personal data when you interact with our website and services:
a) Information You Provide Directly:
- Contact Forms: Name, email address, and any information you include in your message when you submit an inquiry through our website.
- Newsletter Subscription: Email address and name (optional) when you subscribe to our mailing list.
- Coaching Services: Additional information provided during coaching consultations, which may include business details, strategic challenges, and personal goals.
b) Information Collected Automatically:
- Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and referring URLs.
- Cookies and Tracking Technologies: We use cookies and similar technologies to analyze website traffic and improve user experience. For detailed information, please see our Cookie Policy.
- Analytics Data: We use Google Analytics to understand how visitors interact with our website (page views, session duration, bounce rates).
3. Purpose of Data Processing & Legal Basis
We process your personal data for the following purposes, based on the legal grounds specified:
Responding to Inquiries
Purpose: To respond to your questions, provide information about our coaching services, and communicate with you.
Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)) and, where applicable, performance of a contract (GDPR Art. 6(1)(b)).
Newsletter & Marketing Communications
Purpose: To send you frameworks, insights, and updates about our coaching services via email.
Legal Basis: Your explicit consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time by clicking "unsubscribe" in any email or contacting us.
Website Analytics & Improvement
Purpose: To analyze website traffic, understand user behavior, and improve our website's functionality and content.
Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)) in improving our services and user experience.
Providing Coaching Services
Purpose: To deliver coaching services, develop customized frameworks, and provide strategic guidance.
Legal Basis: Performance of a contract (GDPR Art. 6(1)(b)) or pre-contractual measures at your request.
Legal Compliance
Purpose: To comply with legal obligations, such as tax and accounting requirements.
Legal Basis: Legal obligation (GDPR Art. 6(1)(c)).
4. Data Sharing & Third-Party Services
We do not sell, rent, or trade your personal data to third parties. However, we may share your data with the following trusted service providers who help us operate our website and deliver our services:
MailerLite (Email Marketing)
Purpose: To manage our email subscriber list and send newsletters.
Data Shared: Email address, name (if provided).
Privacy Policy: MailerLite Privacy Policy
MailerLite is GDPR-compliant and processes data within the EU.
Google Analytics
Purpose: To analyze website traffic and user behavior.
Data Shared: Anonymized usage data (IP addresses are anonymized).
Privacy Policy: Google Privacy Policy
You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
Netlify (Website Hosting)
Purpose: To host and deliver our website.
Data Shared: Technical data necessary for website operation (IP addresses, access logs).
Privacy Policy: Netlify Privacy Policy
Meta Platforms (Instagram)
Purpose: To communicate with clients and share content via Instagram.
Data Shared: If you contact us via Instagram Direct Message, your messages are subject to Meta's privacy policies.
Privacy Policy: Meta Privacy Policy
All third-party service providers are carefully selected and contractually obligated to process your data securely and in compliance with GDPR requirements.
5. Data Retention Period
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Contact Form Inquiries: Retained for up to 2 years from last contact, unless you request earlier deletion.
- Newsletter Subscribers: Retained until you unsubscribe or request deletion.
- Coaching Client Data: Retained for the duration of our coaching relationship and up to 5 years afterward for legal and tax compliance purposes.
- Analytics Data: Google Analytics data is retained for 26 months (default setting).
- Cookies: See our Cookie Policy for specific retention periods.
After the retention period expires, your data will be securely deleted or anonymized so that it can no longer identify you.
6. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
Right to Access (Art. 15 GDPR)
You can request a copy of the personal data we hold about you.
Right to Rectification (Art. 16 GDPR)
You can request correction of inaccurate or incomplete personal data.
Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)
You can request deletion of your personal data, subject to legal obligations that may require us to retain certain information.
Right to Restriction of Processing (Art. 18 GDPR)
You can request that we limit how we use your personal data in certain circumstances.
Right to Data Portability (Art. 20 GDPR)
You can request a copy of your personal data in a structured, commonly used, machine-readable format.
Right to Object (Art. 21 GDPR)
You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent (Art. 7(3) GDPR)
Where processing is based on consent, you can withdraw your consent at any time (e.g., unsubscribe from newsletters).
Right to Lodge a Complaint
You have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD - Comissão Nacional de Proteção de Dados) if you believe your data protection rights have been violated:
CNPD: www.cnpd.pt | Email: geral@cnpd.pt
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: franciscosantos.coaching@gmail.com
We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request to protect your privacy and security.
7. Data Security Measures
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (HTTPS/SSL certificates on our website)
- Secure hosting infrastructure with Netlify
- Access controls and authentication for administrative systems
- Regular security updates and monitoring
- Use of trusted, GDPR-compliant third-party service providers
- Regular backups to prevent data loss
However, please note that no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
8. International Data Transfers
Some of our service providers may process data outside the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Service providers certified under the EU-U.S. Data Privacy Framework
- Adequacy decisions by the European Commission confirming the recipient country provides adequate data protection
For more information about the safeguards in place for international data transfers, please contact us.
9. Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance user experience and analyze website traffic. Cookies are small text files stored on your device when you visit our website.
We use the following types of cookies:
- Essential Cookies: Necessary for the website to function properly (e.g., session management).
- Analytics Cookies: Used by Google Analytics to understand how visitors interact with our website.
- Preference Cookies: Remember your settings and preferences (e.g., language, theme).
You can control and delete cookies through your browser settings. However, disabling cookies may affect your experience on our website.
For detailed information about the cookies we use and how to manage them, please read our Cookie Policy.
10. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make significant changes, we will update the "Last Updated" date at the top of this page.
We encourage you to review this Privacy Policy periodically. Your continued use of our website and services after any changes indicates your acceptance of the updated Privacy Policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
We aim to respond to all inquiries within 30 days.