Privacy Policy

Effective date: 12 June 2026.

This portal is operated by Atrium Global Visa (Atrium, we, us), Avenida Clotilde 52b, 2765-345 Cascais, Portugal. Atrium is the data controller responsible for the personal data described in this policy under the EU General Data Protection Regulation (GDPR) and Portuguese data-protection law.

For any privacy question or to exercise your rights, contact us at atriumgoldenvisa@gmail.com.

Information you provide. When you use the assistant-first conversation, you choose to share your name, WhatsApp or phone number, email address, the messages you send in the chat, and any context about your timing, household, or Golden Visa route.

Technical information. We process page paths, browser events, server logs, request identifiers, and session-continuity data needed to operate the portal securely and improve it.

Analytics and marketing data. We process analytics and advertising identifiers only after you give consent (see Cookies and tracking).

To respond to your enquiry and provide assistant-first Golden Visa guidance, based on your consent (GDPR Art. 6(1)(a)) given via the checkbox on the intake form, and on steps taken at your request prior to entering into a contract (Art. 6(1)(b)).

To operate and secure the portal (logs, request IDs, abuse prevention), based on our legitimate interests (Art. 6(1)(f)).

Analytics and marketing, based on your consent, which you can withdraw at any time.

We do not sell your personal data.

First contact on this portal runs through a virtual assistant. The messages you send in the chat are processed by an automated assistant powered by a third-party AI model in order to generate replies and route your enquiry to a qualified follow-up.

Please do not share sensitive information in the chat that you would not want processed for this purpose. You can always ask to speak with a person.

We use trusted providers that process personal data on our behalf under data-processing agreements. The main ones are:

• Supabase - database and hosting of your intake and chat data.
• Google (Analytics 4, Tag Manager, Ads) - analytics and advertising, loaded only with your consent.
• Meta / Facebook (Pixel) - advertising measurement, loaded only with your consent.
• LinkedIn (Insight Tag) - advertising measurement, loaded only with your consent.
• Our AI assistant provider - processes your chat messages to generate responses.

Each provider processes data only as instructed and subject to appropriate confidentiality and security obligations.

Some of our providers process data outside the European Economic Area, including in the United States. Where that happens, transfers rely on appropriate safeguards (the EU-US Data Privacy Framework and/or the European Commission Standard Contractual Clauses) so your data keeps an essentially equivalent level of protection.

We keep your intake and conversation data for as long as your enquiry is active and for a reasonable period afterwards, so we can follow up and meet legal obligations, unless you ask us to delete it sooner. Analytics data is retained according to each provider settings. When data is no longer needed, we delete or anonymise it.

Under the GDPR you have the right to:

• access the personal data we hold about you;
• request rectification of inaccurate data;
• request erasure (right to be forgotten);
• request restriction of processing;
• data portability;
• object to processing based on legitimate interests or direct marketing;
• withdraw consent at any time, without affecting prior processing.

To exercise any of these, email atriumgoldenvisa@gmail.com. You also have the right to lodge a complaint with the Portuguese supervisory authority, the CNPD (Comissao Nacional de Protecao de Dados, www.cnpd.pt).

Analytics and advertising cookies/scripts load only after you consent via our cookie banner; consent is denied by default until you choose otherwise. You can change your choice at any time. See our Cookie Policy for details.

We protect your data with encryption in transit (HTTPS), access controls, and reputable processors. No method of transmission or storage is 100% secure, but we work to protect your information and to address incidents promptly.

We may update this policy as our services or legal obligations change. The effective date at the top reflects the latest version; material changes will be reflected here.