(Last update: January 1, 2020)
1 - Cyber Security
PDC, Psicologia, Desenvolvimento e Capacitaço Online, Lda, NIPC 515773603, the company that owns the MindFirst brand, hereinafter referred to as MindFirst, commits to implementing the necessary, adequate, and proportionate security measures in terms of technological and data security, in order to protect the integrity of customers' personal data.
Customers should encourage the use of computer equipment that is properly protected against computer viruses, worms, and malicious software's in order to strengthen cyber security.
Customers should also actively promote measures that strengthen communication security, such as safe navigation program configuration, the installation of updated antivirus software's as well as security barrier software's, and the avoidance of software's of dubious origin.
The risk of unauthorized access is increased if these measures are not implemented.
2 - Updates
The Terms of MindFirst's Privacy and Security Policy may be updated by referring to the date of the most recent version in the header of this statement.
3 - Responsible for the personal data processing
In compliance with the provisions of article 24 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, PDC, Psicologia, Desenvolvimento e Captação Online,Lda, NIPC 515773603, company that owns the MindFirstcom brand, headquartered tax in Lagoas Park, Edifício 7, Piso 1, 2740-244 Porto Salvo, is the entity responsible for the collection and processing of personal data within the scope of the activity of the “MindFirst” platform, for the purposes mentioned in this document, with the exception of the purposes referred to in the section “Legal basis for the processing of personal data by psychologists/coaches”. MindFirst can be contacted by users or other interested parties via the business address or the email address email@example.com.
Personal data collected as part of the relationship between Users and the "MindFirst" Platform will be treated in strict accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016 - "RGPD") and Law No. 58/2019 of August 8, 2019.
MindFirst commits to carrying out a treatment in accordance with the principles outlined in Article 5 of the General Data Protection Regulation (UE) 2016/679 of the European Parliament and the Council of 27 April 2016 - "RGPD") and Law No. 58/2019 of 8 August, limiting data collection solely for the appropriate, relevant, and limited purposes, taking the treatment's objectives into account.
MindFirst is also committed to guaranteeing the integrity and confidentiality of data, specifically through the implementation of organizational and security measures required to protect data against any illicit treatment.
MindFirst is committed to ensuring that all health-related data is processed exclusively by a qualified professional, subject to special confidentiality duties and ethical and deontological obligations.
All non-health-related personal data will be processed solely by a professional bound by the duty of professional secrecy.
Mere interaction with the MindFirst platform does not require data collection.
5 - Personal data processing - Legal basis
Using the MindFirst platform's services necessitates the processing of personal data.
Given the nature of the activity, some of the data processed may be classified as sensitive data.
The declaration of informed consent and acceptances f the Privacy and Security Policy, as well as the Platform's Terms and Conditions, assumes that they have been read in advance, and the declarant cannot claim ignorance after acceptance.
6 - Legal basis for the processing of personal data by psychologists/coaches.
The special categories of data that may be processed by psychology and personal development professionals as those responsible for the treatment will be limited to the need arising from the provision of services contracted between the client and MindFirst, as these professionals are bound by a duty of confidentiality.
7 - Personal data processing - Purposes
All personal data provided by clients, including contact information, identification information, and other elements required for the purposes of scheduling sessions and disseminating information within the scope of MindFirst activities, will be processed for the preparation of sessions, scheduling of sessions, and other operations related to consultation management, which are subject to prior and explicit consent by customers under the terms set out in this document.
Personal data provided by customers may also be processed in the context of the need to establish contact between MindFirst and the holders, namely to evaluate the service provided, assess the need for continuity of service, invoicing, complaint or dispute management, or even, when justified, to fulfill legal obligations.
Personal data provided by customers may also be processed for the sole purpose of sending information via email, namely commercial information about products, content dissemination, promotions, or other initiatives that may be promoted.
8 - Personal data recipients' categories
Customers' personal information may be disclosed to authorities under the law if they have the legal authority to do so.
MindFirst will process personal data of customers for the aforementioned purposes through designated workers.
Other subcontracted entities with platform management responsibilities and accounting processing activity may also process customers' personal data for the aforementioned purposes. These entities will agree to process the data in accordance with MindFirst's rules and in complete compliance with the applicable legislation.
9 - Personal data retention period
Personal data collected by MindFirst in the course of its activities may be processed for the duration of the consent period or for a longer period if required by applicable legislation.
To ensure continued access to platform features, data pertaining to platform access will be retained for as long as the customer's account is active.
MindFirst will keep platform access data for a maximum of eighteen months after the last use, after which it will be deleted.
10 - Personal information about children and others under the age of 18
Customer data processing under the age of 18 requires parental consent or the consent of another legal representative. MindFirst will define an adequate organizational procedure in these terms to ensure the existence of parental consent or another legal representative in the processing of personal data concerning children and other minors under the age of 18 at the time of contact with MindFirst.
11 - Other rights - Rectification, access to, and deletion of personal data, limitation of treatment, right to object to treatment, and right to personal data portability Right to revoke consent.
MindFirst customers can request full access to their personal data at any time, as well as request their deletion, rectification, or limitation of treatment, as well as object to data portability and its treatment.
The MindFirst customer also has the right to withdraw consent for the processing of data for the purposes specified at any time, with effect from the date of the request.
To exercise the above-mentioned rights, the MindFirst customer must send an email to firstname.lastname@example.org or a letter to the following address: MindFirst, PDC, Psicologia, Desenvolvimento e Recruitment Online, Lda, Lagoas Park, Building 7, Floor 1, 2740-244 Porto Salvo.
12 - Complaint to the appropriate supervisory authority
The MindFirst customer has the legal right to file a complaint about the processing of personal data with the competent control authority, in this case the National Data Protection Commission, via email at email@example.com or by mail at Rua de So Bento, no 148, 3, 1200 - 821 Lisbon.