Effective Date: February 5, 2026
Last Updated: February 5, 2026

1. Introduction
Andenhouse Advisors (“we,” “us,” or “our”) is committed to protecting the privacy of our website visitors and clients. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you visit our website at andenhouse.com (the “Website”) and use our services.

Our core services include:

• Visa, Residence, and Citizenship Services: Consulting for residency-by-investment programs (Golden Visas) and citizenship-by-investment programs
• Internationalization Consulting for SMEs: Strategic support for Small and Medium-sized Enterprises expanding into global markets
• Cross-Border Real Estate Services: Assisting individuals and entities in the identification, due diligence, and acquisition of international real estate assets

By using our website or services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

2.1 Information You Provide Directly
We collect personal information that you voluntarily provide when interacting with us:

• Contact Information: Name, email address, phone number, postal address, and preferred contact methods
• Service-Related Information: Details regarding your investment capacity, business expansion goals, target jurisdictions, specific real estate interests, and nationality
• Compliance & Identity Data: Government-issued identification (passport, national ID), proof of address, proof of funds, bank statements, tax residency status, criminal background check results (where required by immigration authorities), and beneficial ownership information
• Professional Information: Business registration documents, corporate structure information, and financial statements (for SME clients)
• Special Category Data: In limited circumstances, we may process health information if required for visa medical examinations or family composition data for family reunification applications

2.2 Information Collected Automatically

• Website Usage Data: IP address, browser type and version, device information, operating system, referring URLs, pages viewed, time spent on pages, and navigation patterns
• Cookies and Similar Technologies: See Section 11 for detailed information

3. How We Use Your Information

We use your information to:

• Provide Consulting Services: Evaluating eligibility for visa/citizenship programs, conducting preliminary due diligence, tailoring advice for business market entry strategies, identifying suitable real estate opportunities, and coordinating with local partners
• Communicate: Responding to inquiries, confirming appointments, providing service updates, and delivering industry insights and regulatory changes affecting your applications or investments
• Facilitate Transactions: Sharing necessary data with legal partners, real estate agents, notaries, banks, government immigration authorities, or property registries to complete residency applications, business registrations, or property acquisitions
• Comply with Legal Obligations: Meeting Anti-Money Laundering (AML), “Know Your Customer” (KYC), tax reporting (including FATCA and CRS), and sanctions screening requirements
• Improve Our Services: Analyzing trends, conducting client satisfaction surveys, and enhancing our website functionality
• Marketing: Sending newsletters, market reports, and promotional materials (only with your consent, which you may withdraw at any time)

4. Legal Basis for Processing
Under applicable data protection laws, including the GDPR (European Union) and LGPD (Brazil), we process your data based on the following legal grounds:

• Performance of a Contract: Processing is necessary to fulfill our service agreement with you (e.g., managing a Golden Visa application, facilitating a property closing, or providing market entry consulting)
• Legal Obligation: Processing is required to comply with international tax laws, AML/KYC protocols, immigration regulations, real estate transaction laws, and court orders
• Legitimate Interests: We process data to improve our services, prevent fraud, maintain network security, and offer relevant investment insights, provided these interests do not override your privacy rights
• Consent: We seek your explicit consent for marketing communications, non-essential cookies, and processing of special category data. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal

5. International Data Transfers
Andenhouse Advisors is headquartered in the United States (Preston, Washington). Given the international nature of our services, your data may be transferred to and processed in the U.S., European Union member states (including Greece, Portugal, Spain), Latin America (including Brazil), and other jurisdictions where our partners, service providers, or relevant government authorities operate.

To ensure adequate protection for international transfers, we utilize:

• Adequacy Decisions: We rely on the 2023 EU-U.S. Data Privacy Framework and the 2026 adequacy framework between the EU and Brazil (ANPD Resolution CD/ANPD No. 32/2026), where applicable
• Standard Contractual Clauses (SCCs): For transfers to jurisdictions without an adequacy decision, we implement the European Commission’s approved SCCs (2021) and the Brazilian ANPD’s standard contractual clauses, supplemented with additional safeguards where required
• Binding Corporate Rules: Where applicable for intra-organizational transfers
• Consent: In certain circumstances, we may seek your explicit consent for specific transfers

You may request copies of the safeguards we have in place by contacting us at the details provided in Section 14.

6. Disclosure of Your Information
We do not sell, rent, or trade your personal information. We share it only in the following circumstances:

6.1 Service Providers

• IT infrastructure and cloud hosting providers (with data processing agreements in place)
• Secure document management platforms
• Payment processors
• Customer relationship management (CRM) systems
• Email communication services

6.2 Professional Partners

• Local real estate agencies and property developers
• Notary offices and legal counsel
• Immigration lawyers and licensed migration agents
• Tax advisors and accountants
• Banks and financial institutions
• Property appraisers and inspectors
• Translation and apostille services

6.3 Government Authorities

• Immigration departments (e.g., Greek Ministry of Migration and Asylum, Portuguese SEF, Brazilian Federal Police)
• Tax authorities
• Property registries and land offices
• Financial intelligence units (for AML compliance)
• Law enforcement agencies, when legally required

6.4 Legal and Corporate Transactions

• To comply with court orders, subpoenas, or other legal processes
• To enforce our terms of service or protect our legal rights
• In connection with a merger, acquisition, or sale of assets (with notification to affected individuals)
• To prevent fraud, security threats, or illegal activities

All third parties with whom we share data are contractually obligated to maintain appropriate security measures and use your data only for the specified purposes.

7. Data Security
We implement industry-standard technical and organizational measures to protect your data, including:

• Encryption: Data encryption in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Multi-factor authentication (MFA), role-based access controls, and the principle of least privilege
• Secure Infrastructure: SOC 2 Type II certified cloud storage providers, regular security audits, and penetration testing
• Physical Security: Restricted access to physical files containing sensitive documents
• Privacy by Design: Data minimization, pseudonymization where appropriate, and regular privacy impact assessments
• Employee Training: Regular data protection and security awareness training for all staff
• Incident Response: Documented procedures for detecting, responding to, and reporting data breaches

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected individuals and relevant supervisory authorities of any data breach, as required by law.

8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations:

• Active Clients: Throughout the duration of our service relationship and for a reasonable period afterward, to address follow-up questions
• Completed Transactions: 7-10 years following completion of real estate transactions or immigration applications, in accordance with tax, AML, and legal record-keeping requirements
• Marketing Communications: Until you withdraw consent or we determine the data is no longer relevant
• Website Usage Data: Typically 24-36 months, unless required for security investigations
• Unsuccessful Inquiries: 2-3 years to respond to potential future inquiries, unless you request earlier deletion

After the retention period expires, we will securely delete or anonymize your data unless continued retention is required by law.

9. Your Data Rights
Regardless of your location, you have the following rights regarding your personal information:

9.1 Right of Access and Confirmation
Confirm whether we process your data and request a copy of your personal information in our possession.

9.2 Right to Rectification
Request correction of inaccurate or incomplete data.

9.3 Right to Erasure (“Right to be Forgotten”)
Request deletion of your data, subject to legal record-keeping requirements (AML, tax, immigration records may need to be retained).

9.4 Right to Restriction of Processing
Request that we limit how we use your data in certain circumstances.

9.5 Right to Data Portability
Request your data in a structured, commonly used, machine-readable format for transfer to another service provider.

9.6 Right to Object
Object to processing based on legitimate interests or for direct marketing purposes (which we will immediately honor).

9.7 Right to Withdraw consent: Withdraw previously given consent at any time without affecting the lawfulness of processing conducted before withdrawal.

9.8 Right to Information on Sharing
Request a list of specific third-party entities (including notaries, tax offices, and government agencies) with whom your data was shared.

9.9 Right to Lodge a Complaint
File a complaint with your local data protection authority if you believe your rights have been violated.

EU Data Subjects:

• Lead supervisory authority contact information available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Brazilian Data Subjects:

• ANPD (Autoridade Nacional de Proteção de Dados): https://www.gov.br/anpd/

U.S. State Privacy Rights: Residents of California, Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have additional rights, including the right to opt out of “sales” and “sharing” (though we do not sell data), targeted advertising, and automated decision-making.

To exercise any of these rights, please contact us using the information in Section 14.

10. Automated Decision-Making and Profiling
We do not engage in fully automated decision-making that produces legal effects or similarly significantly affects you. Any initial eligibility assessments for visa programs or investment suitability involve human review and professional judgment. You have the right to request human intervention, express your point of view, and contest any preliminary assessment.

11. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance user experience and analyze website performance.

11.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for website functionality and security (cannot be disabled)
• Performance/Analytics Cookies: Help us understand how visitors use our website (Google Analytics with IP anonymization)
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Track visitors across websites to display relevant advertisements (only with consent)
  
  

11.2 Managing Cookies
You can control cookies through your browser settings. Disabling certain cookies may limit the website’s functionality. For more information, visit our Cookie Policy [link to separate detailed cookie policy if available] or adjust your preferences through our cookie consent banner.

12. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13. Children’s Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children, except when processing family visa applications, in which case children’s data is provided by their parent or legal guardian. If you believe we have inadvertently collected data from a child without proper parental consent, please contact us immediately.

14. Contact Us and Data Protection Officers
For questions about this Privacy Policy, to exercise your data rights, or to file a complaint:

United States Headquarters:
Andenhouse Advisors
Data Privacy Point of Contact
30405 SE 84th St. #994
Preston, WA 98050, USA
Email: privacy@andenhouse.com 
Phone: +1 (425) 494-3590

EU Representative (for GDPR inquiries):
María Muñoz
Las Arcadas 34, 2 B C.P. 50002,
Zaragoza
Spain
Email: privacy@andenhouse.com

Brazilian Representative (for LGPD inquiries):
Andenhouse Advisors
Data Privacy Point of Contact
30405 SE 84th St. #994
Preston, WA 98050, USA
Email: privacy@andenhouse.com 
Phone: +1 (425) 494-3590

We will respond to all requests within 30 days (or as required by applicable law).

15. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or technological developments. We will notify you of material changes by:

• Posting the updated policy on our website with a new “Last Updated” date
• Sending email notification to registered clients for significant changes
• Requiring re-consent where legally required

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

16. Governing Law and Jurisdiction
This Privacy Policy is governed by the laws of Washington State, USA, except where superseded by mandatory provisions of GDPR, LGPD, or other applicable data protection laws. Any disputes shall be subject to the exclusive jurisdiction of courts in King County, Washington, except where you have mandatory consumer protection rights in your jurisdiction.