Privacy Policy

(Last updated: 30/03/2026)

1 - Information Security

PDC, Psychology, Development and Online Training, Ltd., Tax ID 515773603, the company holding the MindFirst brand, hereinafter referred to as MindFirst, commits to employing the necessary, appropriate and proportionate measures in terms of technological and data security to safeguard the integrity in the processing of customers' personal data.

In order for information security to be strengthened, customers should promote the use of equipment properly protected against computer viruses, worms and harmful software.

Customers should also actively participate in the promotion of measures that enhance the security of communications, namely secure configuration of the browser program, installation of updated antivirus software as well as firewall security software and the non-use of software from dubious sources.

Without the adoption of these measures, the risk of unauthorized access by unauthorized agents is increased.

 

2 - Updates

The Terms of the Privacy and Security Policy presented by MindFirst may be subject to updates, with the date of the last version being mentioned in the header of this statement.

 

3 - Data Controller

In compliance with the provisions of Art. 24 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, PDC, Psychology, Development and Online Recruitment, Ltd., Tax ID 515773603, the company holding the MindFirst brand, with registered office at Lagoas Park, Building 7, Floor 1, 2740-244 Porto Salvo, is the entity responsible for the collection and processing of personal data within the scope of the "MindFirst" platform activity, for the purposes referred to in this document, with the exception of the purposes referred to in the section "Legal basis for the processing of personal data by psychologists/coaches". Users or other interested parties may contact MindFirst using the commercial address or through the email address geral@mindfirst.pt.

 

4 - Terms of the Privacy Policy

Personal data collected within the scope of the relationship between Users and the "MindFirst" Platform will be processed in strict compliance with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 - "GDPR") and Law No. 58/2019 of 8 August.

In this sense, MindFirst undertakes to process data in compliance with the principles enshrined in Art. 5 of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 - "GDPR") and Law No. 58/2019 of 8 August, limiting collection strictly to application for purposes that are appropriate, relevant and limited, taking into account the purposes of the processing.

MindFirst also undertakes to guarantee the integrity and confidentiality of data, namely through the adoption of the organizational and security measures necessary to protect data against any unlawful processing.

MindFirst undertakes to ensure that all data relating to health will be processed exclusively by a professional qualified to do so, subject to special duties of confidentiality and governed by ethical and deontological duties.

All personal data that is not health-related will be processed exclusively by a professional bound by professional secrecy obligations.

Mere interaction with the MindFirst platform does not require the collection of data.

 

5 - Processing of Personal Data - Legal Basis

The use of services available on the MindFirst platform implies the processing of personal data.

Given the nature of the activity, some of the data processed may fall into the category of sensitive data.

All data provided by the respective data subject is based on their respective consent, and for this purpose the data subject must explicitly declare such consent in an informed manner and agreement with this privacy policy at the time they are questioned on the matter.

The declaration of informed consent and acceptance of the Privacy and Security Policy as well as the Terms and Conditions of use of the Platform presumes prior reading of the same, and the declarant cannot invoke ignorance thereof after acceptance.

 

6 - Legal Basis for the Processing of Personal Data by Psychology and Personal Development Professionals

The special categories of data that may be subject to processing by psychology and personal development professionals, as data controllers, will be limited to what is necessary for the provision of services contracted between the client and MindFirst, with these professionals being bound by secrecy obligations.

 

7 - Processing of Personal Data - Purposes

All personal data provided by customers, namely data relating to contacts, identification, and other elements necessary for the purposes of session scheduling and dissemination of information within the scope of MindFirst activities, will be processed for the preparation of sessions, scheduling of sessions and other operations relating to the management of consultations, subject to prior and explicit consent by customers as provided in this document.

Personal data provided by customers may also be processed for the purpose of establishing contact between MindFirst and data subjects, namely for evaluation of the service provided, evaluation of the need for service continuity, billing, management of complaints or disputes or for compliance with legal obligations, when justified.

Personal data provided by customers may also be processed for the purpose of sending information via email, exclusively within the scope of MindFirst activity, namely commercial information about products, dissemination of content, promotions or other initiatives that may be promoted.

 

8 - Categories of Recipients of Personal Data

In accordance with the law, customers' personal data may be disclosed to authorities if they have legitimacy to request it.

The processing of customers' personal data for the purposes mentioned above will be carried out by MindFirst through workers designated for that purpose.

The processing of customers' personal data for the purposes mentioned above may also be carried out by other subcontracted entities, with responsibilities for platform management and activity at the level of accounting processing. These entities will enter into a commitment to process data in accordance with the standards established by MindFirst and in full compliance with applicable legislation.

 

9 - Period of Retention of Personal Data

Personal data collected by MindFirst within the scope of its activity may be processed during the period in which consent is maintained or for another period if required by applicable legislation.

To ensure access to the platform's functionalities, access-related data will be retained during the period in which customers' accounts remain active.

Access-related data will be retained for a maximum period of eighteen months after the last use, with MindFirst committing to delete the data after that period has elapsed.

 

10 - Personal Data Relating to Children and Other Minors Under 18 Years of Age

The processing of data of customers under 18 years of age may only be carried out after parental or other legal representative consent. In these terms, MindFirst will define an appropriate organizational procedure to safeguard the existence of parental or other legal representative consent in the processing of personal data relating to children and other minors under 18 years of age as of the date of contact with MindFirst.

 

11 - Other Rights – Rectification, Access or Deletion of Personal Data, Limitation of Processing, Right to Object to Processing and Right to Data Portability. Right to Withdraw Consent.

The MindFirst customer can determine at any time access to all personal data of which they are the data subject, as well as request its deletion, rectification or limitation of processing, as well as object to the portability of the data and its processing.

The MindFirst customer also has the right to withdraw consent at any time for the processing of data for the stated purposes, and this withdrawal of consent takes effect from the date of the request.

To exercise the prerogatives mentioned above, the MindFirst customer may communicate their decision by sending an email message to the address geral@mindfirst.pt, or by letter to the postal address: MindFirst, PDC, Psychology, Development and Online Recruitment, Ltd., Lagoas Park, Building 7, Floor 1, 2740-244 Porto Salvo.

 

12 - Complaint to Supervisory Authority

The MindFirst customer has, in accordance with the law, the right to file complaints regarding the processing of personal data with the competent supervisory authority, in this case the National Data Protection Commission, to the email address geral@cnpd.pt, or to the postal address: Rua de São Bento, No. 148, 3, 1200 – 821 Lisbon.