Our Privacy Statement

This statement fulfills the informing obligation under the General Data Protection Regulation (GDPR) and describes how Agent Shell Enterprises Ltd. ("Agent Shell Enterprises Ltd.", Finnish: "Agent Shell Enterprises Oy") processes personal data.

Last updated: November 4, 2025

1. Personal data controller

Agent Shell Enterprises Ltd. (Business ID: 3573414-3, VAT ID: FI35734143)

Address: Keskustori 7 A 14, 33100 Tampere, Finland

General email: info@agentshell.enterprises

General phone: +358 45 173 4604

Contact for matters related to personal data:

Data Protection Contact, Agent Shell Enterprises Ltd.

Email: privacy@agentshell.enterprises

Websites to which this statement applies:

• https://agentshell.enterprises
• https://agentshells.com

2. Data subjects

This register contains personal data on customers and users of our websites, products, and services.

3. Purpose of use and legal basis

Personal data is processed based on an existing customer relationship, the data subject's consent, or other applicable legal bases under GDPR (e.g., performance of a contract, compliance with legal obligations, or legitimate interests such as service security and fraud prevention).

Purposes include:

• Customer relationship management and support
• Provision, maintenance, and improvement of our services
• Sales and marketing of products and services (including service announcements)
• Identification and authentication of users of our online services
• Informing about new products and services

4. Personal data recorded in the register

Contact information (as applicable):

• Name
• Email address
• Phone number
• Postal address (for customer register and invoicing)

Customer information (as applicable):

• Information on purchased, subscribed, trialed, or pre-ordered products and services
• Account identifiers, usage logs, and support communications related to our services

5. The data subject's rights

Requests regarding these rights should be sent to privacy@agentshell.enterprises.

The data subject has the right to:

• Access the personal data recorded about them
• Request rectification of inaccurate or incomplete data
• Object to the processing of personal data, including processing based on legitimate interests
• Prohibit the use of personal data for direct marketing
• Request deletion of data when processing is not necessary or lawful ("right to be forgotten")
• Withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal)
• Request restriction of processing in situations defined by GDPR
• Receive the personal data they have provided in a machine-readable format and transmit it to another controller where applicable ("data portability")
• Lodge a complaint with a supervisory authority (in Finland: the Office of the Data Protection Ombudsman)

6. Regular information sources

We obtain personal data directly from the data subject when they use our websites, register for services, create an account, communicate with us, or order products. Technical usage data may also be collected automatically when using our online services.

7. Regular disclosures of data

Personal data is not disclosed to third parties for their independent marketing purposes. We may disclose data to our service providers to the extent necessary for providing our services (e.g., hosting, customer support, analytics, payments), under contracts that require compliance with applicable data protection legislation.

We may disclose data where required by law or a competent authority.

8. Duration of processing (retention)

Personal data is processed and retained for as long as necessary for the purposes described in this statement, such as for the duration of the customer relationship and for statutory retention periods (e.g., accounting and invoicing obligations). Marketing recipients may unsubscribe at any time using the link in marketing emails or via account settings where available.

9. Personal data processors

The controller and its employees process personal data. We may outsource processing to carefully selected service providers who process personal data on our behalf under written data processing agreements and instructions, ensuring appropriate technical and organizational measures for data protection.

10. Transfers and location of processing

We primarily store and process personal data within the EU/EEA. If personal data is transferred outside the EU/EEA, such transfers occur only under GDPR-compliant safeguards (e.g., adequacy decisions, Standard Contractual Clauses, and additional measures where required).

11. Automated decision-making and profiling

We do not use personal data for automated decision-making or profiling in a way that produces legal effects concerning the data subject or similarly significantly affects them.