Privacy Policy

Effective Date: March 25, 2026  |  Last Updated: March 25, 2026

1. Introduction

This Privacy Policy explains how Elite Golden Visa Limited (“EGV”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects your personal data when you visit our website at elitegoldenvisa.com (the “Website”), enquire about our services, or engage us as a client.

Elite Golden Visa Limited is registered in Scotland (Company Number SC852697) with its registered office at 23 Melville Street, Edinburgh. We maintain an operational presence at Avenida da República 50, Lisbon, Portugal. We are registered with the UK Information Commissioner’s Office (ICO) as a data controller.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (EU GDPR) as it applies to our operations in Portugal and Italy and to individuals located in the European Economic Area (EEA). Where we process personal data of individuals in other jurisdictions, we comply with applicable local data protection laws.

This Privacy Policy should be read alongside our Cookie Policy and our Terms and Conditions.

2. Who We Are

EGV is an immigration consultancy and concierge service. We design and coordinate the residency process for clients pursuing Golden Visa programmes in Portugal and Italy through various routes. We are not a regulated financial adviser, investment adviser, legal adviser, or tax adviser. For further details of what we do and do not do, please refer to Section 2 of our Terms and Conditions.

For the purposes of data protection law, Elite Golden Visa Limited is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you can contact us at:

• Email: info@elitegoldenvisa.com
• Post: Elite Golden Visa Limited, 23 Melville Street, Edinburgh, Scotland

3. Personal Data We Collect

We collect and process personal data in several categories depending on your relationship with us and the services you require.

3.1 Enquiry and Website Data

When you visit our Website, make an enquiry, or book a consultation, we may collect:

• Full name and contact details (email address, telephone number)
• Country of residence and nationality
• Details of your enquiry and how you heard about us
• Scheduling preferences (via our integrated booking tools)
• Technical data such as IP address, browser type, device information, and pages visited

3.2 Client Data

If you engage our services, we will collect additional personal data necessary to coordinate your Golden Visa application in the relevant jurisdiction (Portugal or Italy). This may include:

• Full legal name, date of birth, and nationality
• Passport or national identity card details
• Tax identification numbers (in relevant jurisdictions)
• Proof of address documentation
• Source of funds and source of wealth documentation
• Self-certification of High Net Worth Individual status (where applicable and required)
• Family composition details (spouse and dependents included in the application)
• Telephone number

3.3 Family Member and Dependent Data

Where your Golden Visa application includes family members or dependents (including children under the age of 18), we collect only the minimum personal data required for the application. This typically includes names, dates of birth, nationality, and identity document details. We collect this data from you as the primary applicant and rely on you to ensure that any family members whose data you provide are aware of, and consent to, such provision.

3.4 Data Received from Third Parties

We may receive your name, email address, and telephone number from third-party introducers, referral partners, or fund managers who have referred you to us or vice versa. Where we receive data from third parties, we will inform you of the source at or before the point of first contact and ensure that the data was shared with an appropriate legal basis.

3.5 Special Category Data

We do not intentionally collect or process special category data (as defined in Article 9 of the UK GDPR), which includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation.

If, in the course of providing our services, we inadvertently receive documentation containing special category data (for example, within source of wealth documentation), we will process such data only to the extent strictly necessary for the purpose of your Golden Visa application and in accordance with Article 9(2)(f) of the UK GDPR (processing necessary for the establishment, exercise, or defence of legal claims).

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 Service Delivery

• To respond to your enquiries and assess whether our services are suitable for your circumstances
• To coordinate your Golden Visa application in your chosen jurisdiction (Portugal or Italy), including document collection, translations, apostilles or legalisations, and liaison with fund managers, investment facilitators, and legal professionals
• To provide you with factual, fund-manager-sourced or programme-specific information about Golden Visa-eligible investment routes
• To ensure you receive periodic updates on your investment or application and are informed of next steps, dates, and items required
• To administer our client relationship, including invoicing and service fee collection

4.2 Marketing and Communications

• To send you marketing communications about our services, educational content, and programme updates, where you have given your explicit consent to receive such communications
• To personalise your experience on our Website and tailor content to your interests

You may withdraw your consent to marketing communications at any time by using the unsubscribe link in any marketing email, or by contacting us at info@elitegoldenvisa.com. Withdrawal of marketing consent does not affect the lawfulness of processing carried out prior to withdrawal.

4.3 Internal Operations

• To conduct internal reporting, analysis, and business planning
• To improve our Website, services, and client experience
• To comply with our legal and regulatory obligations
• To establish, exercise, or defend legal claims

5. Legal Bases for Processing

We rely on the following legal bases under the UK GDPR (and, where applicable, the EU GDPR) to process your personal data. The table below maps each processing activity to its corresponding legal basis.

5.1 Performance of a Contract (Article 6(1)(b))

Where processing is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract.

5.2 Consent (Article 6(1)(a))

Where you have given your explicit, informed consent to the processing of your personal data for specific purposes. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5.3 Legitimate Interests (Article 6(1)(f))

Where processing is necessary for our legitimate interests or those of a third party, provided these interests are not overridden by your rights and freedoms. We carry out a balancing exercise to ensure our interests do not override your rights.

5.4 Legal Obligation (Article 6(1)©)

Where processing is necessary to comply with a legal obligation to which we are subject.

5.5 Activity-to-Legal-Basis Mapping

6. Who We Share Your Data With

We do not sell your personal data to any third party. We share your personal data only where it is necessary for the delivery of our services, where required by law, or where you have given your consent. The categories of recipients include:

6.1 Fund Managers and Investment Facilitators

Where you have selected a particular Golden Visa-eligible investment route (whether a qualifying fund in Portugal or a qualifying investment in Italy), we will share your personal data with the relevant fund manager or investment facilitator for the purposes of your subscription and application. We only share data with the fund manager(s) or investment facilitator(s) you have chosen to engage with. Fund managers and investment facilitators are independent data controllers and process your data in accordance with their own privacy policies, which we encourage you to review.

6.2 Immigration Lawyers

If you choose to use our recommended immigration lawyer (whether in Portugal or Italy), we will share relevant personal data with them for the purposes of advising on and progressing your Golden Visa application. This sharing only occurs with your consent. The immigration lawyer operates as an independent data controller for the legal services they provide.

6.3 Translation, Apostille, and Legalisation Services

We coordinate the translation, apostille, and legalisation of documents as part of the Golden Visa process in both Portugal and Italy. This may involve sharing copies of personal documents with accredited translation, apostille, and legalisation service providers, who act as data processors on our behalf under a written Data Processing Agreement in accordance with Article 28 of the UK GDPR.

6.4 Government and Immigration Authorities

As part of the Golden Visa application process, personal data will be submitted to the relevant government and immigration authorities in your chosen jurisdiction. These may include:

• Portugal: AIMA – the Agency for Integration, Migrations and Asylum (or its successor body), and other relevant Portuguese government agencies
• Italy: The relevant Italian Prefettura (Prefecture), Questura (Police Headquarters), Italian consulates, and other Italian government agencies involved in the residency and immigration process

These submissions are made in accordance with the immigration laws of the relevant jurisdiction and are necessary for the performance of our contract with you.

6.5 Technology Service Providers

We use a number of third-party technology platforms that process personal data on our behalf as data processors. We have entered into written Data Processing Agreements with each processor in accordance with Article 28 of the UK GDPR, requiring them to process your data only in accordance with our documented instructions and applicable data protection law.

6.6 Professional Advisers and Regulators

We may share your personal data with our own professional advisers (such as accountants or legal advisers) where necessary for our business operations, or with regulators and law enforcement agencies where required by law.

7. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies. Full details of the cookies we use, their purposes, durations, and how to manage your cookie preferences are set out in our standalone Cookie Policy.

We use the Complianz cookie consent management platform to manage your cookie preferences. When you first visit our Website, you will be presented with a cookie consent banner that allows you to accept, reject, or customise your cookie preferences. Non-essential cookies are only placed on your device after you have given your explicit consent.

For further information, please refer to our Cookie Policy.

8. International Data Transfers

As a business operating from the United Kingdom with operations connected to Portugal and Italy, and using technology platforms based in several countries, your personal data may be transferred to and processed in countries outside of your country of residence.

8.1 Transfers to the EEA (Portugal, Italy, and Other EEA Countries)

We transfer personal data to our operational contacts in Portugal and Italy, and to fund managers, investment facilitators, immigration lawyers, and government authorities in both jurisdictions as part of the Golden Visa process. The European Economic Area (EEA) is recognised as providing an adequate level of data protection under UK data protection law, so transfers from the UK to Portugal, Italy, and other EEA countries do not require additional safeguards.

8.2 Transfers to the United States

Several of our technology service providers are based in the United States. For each US-based provider, we have ensured that one or more of the following specific safeguards are in place:

• UK-US Data Bridge: Where the receiving organisation has been certified under the UK Extension to the EU-US Data Privacy Framework, personal data is transferred under the UK-US Data Bridge. This applies to HubSpot, Google, Meta, Calendly, and LinkedIn.
• Standard Contractual Clauses (SCCs): We have entered into the UK International Data Transfer Agreement or the UK Addendum to the EU SCCs (as approved by the ICO) with each US-based processor. This provides a contractual safeguard for transfers.

The specific safeguards applicable to each provider are set out in the table in Section 6.5 above. You may request further information about the specific safeguards applied to any particular transfer by contacting us at info@elitegoldenvisa.com.

8.3 Transfers to Other Countries

We may serve clients from any jurisdiction. Where we process the personal data of individuals located outside the UK and EEA, we will comply with the applicable data protection laws of their jurisdiction and ensure that appropriate safeguards are in place for any cross-border transfers. Where no adequacy decision exists for the recipient country, we will use SCCs or other approved transfer mechanisms.

9. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our retention periods are as follows:

9.1 Client Data

We retain client data for the duration of the Golden Visa journey (which may span several years, including initial application, renewals, and citizenship or permanent residency eligibility) plus two years after the conclusion of our services. This allows us to support any follow-up queries, provide references, and comply with legal and regulatory requirements.

9.2 Enquiry Data

If you enquire about our services but do not become a client, we retain your personal data for a maximum of 24 months from your last interaction with us. After this period, your data will be securely deleted or anonymised.

9.3 Marketing Data

We retain marketing-related data (such as email addresses and communication preferences) for as long as you remain subscribed to our communications. If you unsubscribe, we will retain a minimal record of your email address on our suppression list to ensure we do not contact you again, in accordance with applicable regulations.

9.4 Legal and Regulatory Requirements

In certain circumstances, we may be required to retain data for longer periods to comply with legal, regulatory, or tax obligations in the United Kingdom, Portugal, Italy, or other relevant jurisdictions. Where this applies, we will retain only the minimum data necessary and for no longer than the applicable statutory period.

10. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure internal document sharing, restricted to authorised personnel
• All business communications and data storage managed through a centralised, access-controlled Google Workspace environment
• Use of work email accounts only for client communications (no personal email accounts)
• Access controls and permission settings within our CRM and technology platforms
• Data Processing Agreements in place with all third-party processors
• Regular review of our security practices and data processing activities

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-appropriate standards.

11. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects concerning you, as described in Article 22 of the UK GDPR.

All decisions relating to your suitability for our services and the progress of your Golden Visa application are made by our team members through individual, human assessment.

12. Your Rights

Under the UK GDPR (and, where applicable, the EU GDPR), you have the following rights in relation to your personal data:

12.1 Right of Access

You have the right to request a copy of the personal data we hold about you, together with information about how and why we process it.

12.2 Right to Rectification

You have the right to request that we correct any personal data that is inaccurate or incomplete.

12.3 Right to Erasure

You have the right to request that we delete your personal data, subject to certain exceptions (for example, where we are required to retain it for legal or regulatory purposes).

12.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to our processing.

12.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit it to another controller, where technically feasible.

12.6 Right to Object

You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis, or where your data is processed for direct marketing purposes.

12.7 Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing carried out before the withdrawal.

12.8 Exercising Your Rights

To exercise any of your rights, please contact us at info@elitegoldenvisa.com. We will respond to your request within one month. In certain circumstances, we may extend this period by up to two further months, in which case we will inform you of the extension and the reasons for it.

There is no fee for exercising your rights, although we may charge a reasonable fee for requests that are manifestly unfounded or excessive, or we may refuse to act on such requests. If we refuse a request, we will explain our reasons.

If you are not satisfied with our response to a rights request, you have the right to lodge a complaint with the relevant supervisory authority (see Section 16 below).

13. Children’s Data

Our services are not directed at children under the age of 18, and we do not knowingly collect personal data from children in the context of marketing or enquiries.

However, where a Golden Visa application includes dependent children, we collect only the minimum personal data required for the application (such as names, dates of birth, nationality, and identity document details). This data is collected from the parent or legal guardian who is the primary applicant, and is processed solely for the purpose of the immigration application.

14. Data Protection Officer

Given the nature and scale of our current operations, we have not appointed a Data Protection Officer (DPO) under Article 37 of the UK GDPR. We keep this position under regular review as our business grows.

All data protection enquiries should be directed to info@elitegoldenvisa.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated Privacy Policy will be posted on our Website with a revised “Last Updated” date.

Where changes are material, we will take reasonable steps to notify you, such as by email or by a prominent notice on our Website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

16. Complaints

If you are unhappy with how we have handled your personal data, we encourage you to contact us first at info@elitegoldenvisa.com so that we can try to resolve the issue.

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. The relevant supervisory authorities for our operations are:

• United Kingdom: Information Commissioner’s Office (ICO) — ico.org.uk — Telephone: 0303 123 1113
• Portugal: Comissão Nacional de Proteção de Dados (CNPD) — cnpd.pt
• Italy: Garante per la protezione dei dati personali (Italian Data Protection Authority) — garanteprivacy.it — Piazza Venezia 11, 00187 Roma, Italy — Telephone: +39 06 6967 71 — Email: urp@gpdp.it

17. Governing Law

This Privacy Policy is governed by the laws of Scotland and the United Kingdom, including the UK GDPR and the Data Protection Act 2018. Where our processing activities fall within the scope of the EU GDPR (for example, in relation to our operations in Portugal or Italy, or the offering of services to individuals in the EEA), the EU GDPR shall also apply, together with the applicable national implementing legislation of Portugal (Lei n.º 58/2019) and Italy (Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018).

18. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Email: info@elitegoldenvisa.com
• Scotland Office: 23 Melville Street, Edinburgh, Scotland
• Portugal Office: Avenida da República 50, Lisbon, Portugal
• Company Registration: SC852697 (Scotland)

For information about cookies and tracking technologies, please refer to our Cookie Policy.