...Email
Residency PartnersResidency Partners

Effective Date: 01 January 2026

Last Updated: 01 January 2026

Privacy Policy

Residency Partners ("Company," "we," "us," or "our") respects your right to privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store and secure personal information as part of our residency and citizenship advisory services. It applies to personal data collected from visitors to our website, prospective and existing clients, partners, suppliers and job applicants in all jurisdictions where we operate.General Data Protection Regulation (EU) 2016/679

1. Introduction & Scope

privacy@residencypartners.com

  1. What personal data we collect and how we collect it.

4.1 Identity Information

  • Full name, gender, date of birth, nationality and country of residence.

We comply with applicable data protection laws, including the("GDPR") and theUK GDPR, theCalifornia Consumer Privacy Act(CCPA), theCalifornia Privacy Rights Act(CPRA), and other relevant privacy laws. This Policy describes our practices in clear, transparent language as required by GDPR and other privacy regulations.By using our website or engaging our services, you acknowledge that you have read and understood the practices described in this Privacy Policy. If you do not agree with any part of this Policy, you should not use our services.This Privacy Policy explains:This Policy applies to information collected through our website, email communications, telephone calls, in‑person meetings, webinars, online forms, chatbots, third‑party referrals and social media channels. It also covers information we receive from business partners, government agencies, immigration authorities, financial institutions and other third parties.

  1. privacy@residencypartners.com
  2. How and why we use your personal data and the legal bases for our processing.
  3. With whom we share your personal data.
  4. How we store, secure and transfer personal data.
  5. Your rights and choices, including jurisdiction‑specific privacy rights.
  6. How to contact us and make a complaint.

2. Definitions

Personal Data / Personal Information:any information relating to an identified or identifiable person or household. This includes names, contact details, identification numbers, location data, IP addresses, online identifiers and any other data reasonably capable of being associated with an individual.Processing:any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction.Data Subject:the natural person to whom personal data relates.Data Controller:the entity which determines the purposes and means of processing personal data. For the purposes of this Policy, Residency Partners is the Data Controller unless otherwise stated.Data Processor:a natural or legal person who processes personal data on behalf of the Data Controller.Sensitive Personal Data (Special Category Data):data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade‑union membership, genetic data, biometric data, health data or data concerning a natural person's sex life or sexual orientation.

3. Contact Information & Data Protection Officer

If you have questions about this Privacy Policy, our data practices or your rights, please contact:Residency PartnersEmail:Phone:+351 969244070Data Protection Officer (DPO)Our DPO oversees compliance with this Policy. You may contact the DPO via email atdpo@residencypartners.comor by post at the address above. The DPO acts as our representative for data subjects in the European Union/EEA and the United Kingdom.If you reside outside the EU/UK, you may contact our regional privacy representative listed in Section 19.

4. Categories of Personal Data We Collect

We collect and process the following categories of personal data depending on your relationship with us:

  • Passport number, national ID, social security number or other government issued identification required for immigration filings.

4.2 Contact Information

  • Postal address, billing address, email address and telephone number(s).
  • Preferred method of contact and language preferences.

4.3 Financial Information

  • Bank account and payment card details used for invoicing or deposit of service fees.
  • Transaction records, payment history and relevant tax identification numbers for compliance with tax and anti‑money laundering obligations.

4.4 Employment & Business Information

  • Occupation, employer, job title, business ownership, directorships and professional history.
  • Business plans, company formation documents and shareholder information when preparing entrepreneur or investor visa applications.

4.5 Immigration & Application Data

  • Marital status and family composition (spouse, children, dependants).
  • Education background, criminal records, health records or other information required by immigration authorities for eligibility assessments.
  • Copies of residence permits, visas, birth certificates, marriage certificates and other supporting documents.

4.6 Technical & Usage Data

  • IP address, device type, browser type and version, time zone setting and location, operating system and platform.
  • Log‑in data, session IDs, referring website URLs, pages visited, time spent on the site and interactions with our site features collected through cookies and similar technologies.

4.7 Marketing & Communication Preferences

  • Subscription status for newsletters, updates and promotional communications.
  • Preferences regarding the channels and topics for marketing and educational materials.

4.8 Special Category Data

  • Health or biometric data only when required to fulfil immigration requirements (e.g., medical certificates).
  • Information about criminal convictions or offences if relevant to residency or citizenship applications. We will request and process such data only with your explicit consent or where legally authorised.

4.9 Other Information

Any data you voluntarily provide to us during consultations, webinars, surveys, events or by interacting with our social media channels.

5. Sources of Data Collection

We collect personal data from several sources:

  1. when you complete our online forms, subscribe to newsletters, request consultation calls, provide documentation or interact with us by phone, email or in person.
  2. Automatically: through cookies, pixels and similar technologies on our website that gather information about your device and browsing behaviour.
  3. Third‑party sources: government authorities, law firms, consultants, accountants, background‑check providers, business partners, marketing platforms, publicly available databases and social media sites. We only collect personal data from third parties if it is legally permissible and relevant to your application or our business.

6. Purposes of Processing & Legal Bases

Residency Partners will only process your personal data where it has a lawful basis for doing so under applicable data protection laws. Depending on your jurisdiction, different legal grounds may apply. This section describes each purpose for which we process personal data and the corresponding legal basis. Where multiple bases could apply, we rely on the most appropriate one.

6.1 Delivering Residency & Citizenship Services

We process personal data to evaluate your eligibility for residency or citizenship programs, design bespoke strategies, collect documents, liaise with partner law firms, submit applications and provide ongoing support. We also process data to schedule consultations, respond to inquiries and manage your account.Legal basis: Necessary for performance of a contract or to take steps at your request prior to entering into a contract; legitimate interests in providing global mobility services.

6.2 Payment Processing & Accounting

We collect financial information to invoice you, process payments, perform accounting and comply with tax obligations.Legal basis: Contract; legal obligation to keep financial records and meet anti‑money laundering and tax regulations.

6.3 Marketing & Communications

We use your contact details to send newsletters, program updates, event invitations and promotional materials. We track your engagement with our communications to improve our marketing efforts.Legal basis: Consent for electronic marketing (opt‑in); legitimate interests for sending relevant content to existing clients (you may opt out at any time). For California residents, marketing does not constitute a "sale" under CCPA/CPRA.

6.4 Analytics & Website Improvements

We analyse aggregate usage data to improve website performance, tailor user experience, measure campaign effectiveness and detect fraudulent or malicious activity.Legal basis: Legitimate interests in optimising our services and securing our website; consent for non‑essential cookies as required by GDPR and ePrivacy rules.

6.5 Legal & Regulatory Compliance

We process personal data to comply with immigration, tax, anti‑money laundering (AML), know‑your‑customer (KYC) and other applicable laws, respond to lawful requests by public authorities, enforce our legal rights, and protect the interests of our clients and partners.Legal basis: Legal obligation; legitimate interests in protecting our business and preventing fraud or misuse.

6.6 Recruitment & Employment

If you apply for employment with Residency Partners, we process your CV, interview notes, references and other information to assess your suitability and administer the recruitment process.Legal basis: Contract (pre‑employment stage); legal obligation (employment laws).

6.7 Vital Interests & Public Tasks

In rare circumstances, we may process personal data to protect a person's vital interests (e.g., health emergency) or to perform a task carried out in the public interest or exercise of official authority (e.g., assisting immigration authorities with public health checks). Such processing will only occur when no other legal basis applies.Legal basis: Vital interests; public task.

6.8 Legitimate Interests

We process personal data based on legitimate interests where the processing is necessary for our operations and does not override your fundamental rights and freedoms. Examples include fraud prevention, due diligence checks, maintaining service continuity and improving our offerings.Whenever legitimate interests apply, we will balance our interests against your privacy rights and provide a clear explanation of why processing is necessary.

7. Consent Management & Withdrawal

We will request your consent for specific purposes (e.g., marketing communications, non‑essential cookies, processing special category data). To be valid, consent must be freely given, specific, informed and unambiguous. We provide granular choices so you can consent to different types of processing separately.You may withdraw your consent at any time by:

Withdrawal does not affect the lawfulness of processing conducted before your consent was withdrawn.

  • Using the unsubscribe link in marketing emails.
  • Adjusting your cookie preferences in our cookie banner or settings.
  • Contacting us at
  • or through your account portal.

8. Third‑Party Disclosures & Service Providers

We share personal data only as necessary for the purposes described above and consistent with the legal bases in Section 6.

We do not sell or lease your personal data to third parties for monetary consideration. Under the CCPA/CPRA, we may "share" personal information for targeted advertising. You may opt out of such sharing via our "Do Not Sell or Share My Personal Information" link (see Section 14).

  1. Internal Recipients: Our staff, contractors and advisors who require access to personal data to perform their duties (client services, legal support, finance, IT). Access is limited to those with a need to know and subject to confidentiality obligations.
  2. External Service Providers: We engage law firms, notaries, translators, educational consultants, tax advisors, accountancy firms, IT/cloud providers, background‑check companies, payment processors and marketing platforms to deliver our services. These providers act as Data Processors or independent controllers, depending on the context. We ensure they implement adequate data protection measures and only process personal data on our behalf pursuant to written agreements.
  3. Government & Regulatory Authorities: We disclose personal data to immigration authorities, embassies, consulates, courts, law enforcement agencies and other public bodies when required by law or for visa/residency applications.
  4. Business Partners & Affiliates: In some programs, we may share your data with authorised real estate developers, financial institutions, insurance providers or relocation partners. We will inform you of such disclosures and obtain your consent where required by law.
  5. Corporate Transactions: If Residency Partners undergoes a merger, acquisition, restructuring, sale of assets or insolvency proceedings, personal data may be transferred to the successor entity subject to this Policy.
  6. Legal Claims & Compliance: We may disclose personal data to lawyers, accountants and auditors to protect our legal rights or defend against claims.

9. International Data Transfers

Residency Partners is headquartered in Portugal but operates globally. Consequently, personal data may be transferred and processed in countries outside your residence, including jurisdictions that may not provide the same level of data protection. When we transfer personal data internationally, we ensure an adequate level of protection through:

You can request a copy of the appropriate safeguards used for your personal data transfers by contactingprivacy@residencypartners.com.

  • transfers to countries recognised by the European Commission or UK government as providing adequate protection.
  • Standard Contractual Clauses (SCCs): approved contract terms ensuring data protection obligations.
  • Binding Corporate Rules (BCRs): where appropriate, intra‑group policies approved by data protection authorities.
  • Other Safeguards: such as certifications, codes of conduct, or consent when no other mechanism applies.

10. Data Retention & Disposal

We will retain personal data only as long as necessary for the purposes described in this Policy, including to satisfy legal, accounting or reporting requirements. Our retention periods depend on the nature of the data, the purpose of processing, and applicable legal requirements. For example:

When personal data is no longer needed, we will securely destroy or anonymise it to prevent unauthorised access or use.

  • Immigration files and application documents are typically retained for 10 years after completion of your matter to comply with record‑keeping requirements and to support renewal or audit requests.
  • Transaction records are kept for at least 7 years for tax and accounting purposes.
  • Marketing preferences are stored until you opt out or withdraw consent.
  • Data related to unsuccessful job applicants is deleted 12 months after recruitment closure, unless you consent to longer retention for future opportunities.

11. Cookies & Tracking Technologies

We use cookies, web beacons, pixels and similar technologies ("cookies") on our website and client portals to collect information automatically. These technologies help us understand how you use our site, remember your preferences and deliver relevant content. Our cookies may be first‑party (set by us) or third‑party (set by service providers).

11.1 Types of Cookies

  1. Strictly Necessary Cookies: Enable core functionality such as page navigation and secure areas of the website. Our site cannot function properly without these cookies. They do not require consent but you can disable them in your browser settings; however, some functions may no longer work.
  2. Functional Cookies: Remember choices you make (such as language) to personalise your experience. These cookies may require consent in certain jurisdictions.
  3. Analytics Cookies: Collect aggregate statistics on website usage (pages visited, bounce rate, time spent) to improve our services. We use tools like Google Analytics for this purpose. These cookies may require consent and allow us to analyse trends without identifying individual users.
  4. Advertising & Targeting Cookies: Track your browsing habits to deliver personalised ads or measure campaign performance. They may also share information with third parties such as social media networks. Under CCPA/CPRA, sharing data for targeted advertising may constitute a "sale" or "sharing."

11.2 Managing Cookie Preferences

Upon your first visit to our site, you will see a cookie banner asking you to accept, reject or customise cookies. You can change your preferences at any time via the cookie settings link in our footer. You can also configure your browser to block cookies; however, disabling certain cookies may impair your experience. For more information, please see our separate Cookie Policy.

12. Security Measures

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration or destruction. These measures include:

  • Encryption: We encrypt data at rest and in transit using industry‑standard protocols.
  • Access Controls: Only authorised personnel with a legitimate need may access personal data. We restrict access through role‑based permissions and multi‑factor authentication.
  • Secure Storage: We host data in secure, audited data centres with firewalls, intrusion detection systems and physical security.
  • Regular Audits & Testing: We conduct vulnerability assessments, penetration testing and compliance audits to identify and mitigate potential risks.
  • Staff Training: We train employees and contractors on data protection, privacy law obligations and secure data handling.
  • Incident Response Plan: We maintain procedures to detect, report and investigate suspected data breaches and notify affected individuals and regulators when required by law.

13. Data Subject Rights

13.1 Rights for EU/EEA and UK Residents under GDPR/UK GDPR

Residents of the European Union, EEA or United Kingdom have the following rights:

To exercise any of these rights, contact us atprivacy@residencypartners.comor write to us at the address in Section 3. We will respond to requests within one month, or longer for complex requests, in accordance with GDPR requirements.

  • Right of Access: Obtain confirmation that we process your personal data, receive a copy of your data and information about how we process it.
  • Right to Rectification: Have inaccurate personal data corrected or incomplete data completed.
  • Right to Erasure: Request deletion of personal data when it is no longer necessary, you withdraw consent, the processing is unlawful, or you object and there are no overriding legitimate grounds.
  • Right to Restrict Processing: Temporarily restrict processing when you contest data accuracy, object to processing, or require data for legal claims.
  • Right to Data Portability: Receive personal data you have provided to us in a structured, commonly used format and transmit it to another controller.
  • Right to Object: Object to processing based on our legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds or are required by law.
  • Right not to be Subject to Automated Decision‑Making: Request human review of decisions based solely on automated processing that significantly affect you.
  • Right to Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.

13.2 Rights for California Residents under CCPA/CPRA

California residents have the following rights under the CCPA/CPRA:

  • Right to Know/Access: Request information about categories and specific pieces of personal information we collect, use, disclose, sell or share.
  • Right to Delete: Request deletion of personal information we hold about you, subject to exceptions (e.g., legal obligations, security purposes).
  • Right to Opt Out of Sale or Sharing: Direct us not to sell or share personal information with third parties for cross‑context advertising. We provide a "Do Not Sell or Share My Personal Information" link on our website for this purpose.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: Request that we restrict the use and disclosure of sensitive personal information collected for business purposes.
  • Right to Non‑Discrimination: Receive equal service and price, and not be discriminated against for exercising privacy rights.

13.3 Rights under Other Jurisdictions

  • Brazil (LGPD): Rights to confirm the processing, access, correct, anonymise, block or delete unnecessary data, and obtain information on shared data.
  • Canada (PIPEDA): Rights to access and correct personal information, and know how personal information is used and disclosed.
  • Australia (Privacy Act): Rights to access, correct personal information and complain about breaches.
  • Other Regions: We honour rights granted by applicable local laws. If you reside outside the EU/UK or California, please contact us to learn how your local privacy law applies.

13.4 How to Exercise Your Rights

To submit a request to exercise your rights:

We will confirm receipt of your request within 10 business days and provide a substantive response within the time required by law. If we deny your request, we will explain the reasons and any available appeal rights.

  1. Email us at
  2. or call +351 969244070.
  3. Provide sufficient information to verify your identity (e.g., name, email address, jurisdiction). For California requests, you may use an authorised agent; we may require written permission from you and evidence of the agent's registration with the California Secretary of State.
  4. Describe your request with enough detail for us to understand and respond.

14. Do Not Track Signals & Opt‑Out Preferences

Your browser may support a "Do Not Track" (DNT) feature that signals to websites not to track your online activities. Our site does not currently respond to DNT signals, because there is no standard for how companies should interpret them.However, we comply with the CCPA/CPRA requirement to provide a clear method to opt out of the sale or sharing of personal information. You may exercise this right by selecting "Do Not Sell or Share My Personal Information" on our website or contactingprivacy@residencypartners.com. We also recognise Global Privacy Control signals to the extent required by law.

15. Automated Decision‑Making & Artificial Intelligence

We do not use fully automated decision‑making that produces legal or similarly significant effects without human involvement. If we use AI tools for chat support, marketing segmentation or risk assessment, such tools are supervised by human operators and limited to assisting with processes.If we introduce automated decision‑making in the future, we will provide clear information about the logic involved, its significance and your rights to challenge or opt out. We will also comply with emerging regulations such as the EU Artificial Intelligence Act and disclose how personal data is used in these contexts.

16. Children's Privacy

Our services are intended for adults. We do not knowingly collect personal data from children under 16 (or under 13 where permitted by law). If we become aware that we have inadvertently collected personal data from a child without appropriate parental consent, we will delete that data promptly. Parents or guardians may contactprivacy@residencypartners.comto request deletion.

17. Third‑Party Sites & Services

Our website and communications may contain links to third‑party sites or embed third‑party services (e.g., payment processors, government portals, social media plugins). We do not control these external sites and are not responsible for their privacy practices. We encourage you to review the privacy policies of any third‑party services before providing personal information to them. Use of third‑party sites is at your own risk.

18. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our data practices, technology, legal requirements or business operations. We will post the updated Policy on our website and indicate the "Last Updated" date at the top. For material changes, we may provide additional notice (e.g., via email or a prominent message on our site). Continuing to use our services after such changes means you accept the revised Policy.

19. Contact & Complaints

If you have questions or concerns about this Policy or our data practices, please contact us using the details in Section 3.For EU/EEA and UK residents, you have the right to lodge a complaint with your local data protection authority (e.g., Portuguese Data Protection Authority, Information Commissioner's Office) if you believe our processing of your personal data infringes the GDPR/UK GDPR.For California residents, you may contact theCalifornia Privacy Protection Agency (CPPA)if we fail to address your CCPA/CPRA concerns.We take privacy seriously and commit to resolve complaints promptly and fairly.

Residency Partners | Global Residency & Citizenship Advisory | Residency Partners