Privacy & Cookie Policy

01

Who We Are

agso Inc. ("agso", "we", "us", "our") is a Delaware C-Corporation registered in the United States. We are a real estate investment company that acquires, repositions, and manages distressed commercial and residential property assets across Vienna, Hong Kong, New York, and Dubai.

Data Controller
agso Inc.
16192 Coastal Highway
Lewes, Delaware 19958
United States

For all data protection enquiries: privacy@agso-estate.com

This website is operated at agso-estate.com. For the purposes of EU and UK data protection law, agso Inc. is the data controller for personal data collected through this website.

02

Scope & Audience

This website is directed exclusively at business entities, institutional investors, family offices, and professional counterparties ("Business Contacts"). It is not intended for, and does not target, individual consumers or retail investors.

agso Inc. does not offer, solicit, or provide investment products, financial advice, or regulated financial services of any kind through this website. Nothing on this website constitutes an offer to sell or a solicitation of any investment.

Even in a strictly B2B context, natural persons representing businesses (e.g. directors, employees, authorised representatives) retain full rights under applicable data protection law, including the EU General Data Protection Regulation (GDPR). This policy explains how we handle their personal data.

03

Data We Collect

3.1 Data you provide directly

Contact & enquiry data: name, business email address, company name, job title, telephone number, and the content of messages submitted via our enquiry form or by email.
Correspondence: records of communications exchanged with our team.

3.2 Data collected automatically

Technical data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, and time spent on pages — collected via server logs and, where consented, analytics tools.
Cookie data: see Section 6 for a full description of cookies we use.

3.3 Data we do not collect

We do not knowingly collect special category personal data (Article 9 GDPR) such as health, political opinions, religious beliefs, or biometric data. We do not collect payment card or banking information through this website.

04

Legal Basis for Processing (GDPR)

Where the GDPR applies, we rely on the following legal bases under Article 6:

Processing Activity	Legal Basis	Article 6 Ref.
Responding to your enquiry	Pre-contractual steps / Contract performance	Art. 6(1)(b)
Follow-up communication with business contacts	Legitimate interests — conducting B2B business development	Art. 6(1)(f)
Website security & fraud prevention	Legitimate interests — securing our systems	Art. 6(1)(f)
Strictly necessary cookies	Legitimate interests — website operation	Art. 6(1)(f)
Analytics cookies	Consent	Art. 6(1)(a)
Marketing / targeting cookies	Consent	Art. 6(1)(a)
Compliance with legal obligations	Legal obligation	Art. 6(1)(c)

Where we rely on legitimate interests, we have conducted a Legitimate Interests Assessment (LIA) and determined that our interests are not overridden by the rights and interests of data subjects, taking into account the exclusively B2B nature of our operations and the reasonable expectations of business contacts.

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing prior to withdrawal. You may withdraw consent via our Cookie Preferences panel (accessible at the bottom-left of every page) or by emailing privacy@agso-estate.com.

05

How We Use Your Data

To respond to enquiries, requests for information, or meeting requests submitted through the website.
To maintain records of business correspondence and relationships.
To send relevant follow-up information about agso's investment activities where you have expressed interest — you may opt out at any time.
To analyse website usage in aggregate to improve our digital presence (analytics, where consented).
To comply with applicable laws, regulations, and legal process.
To protect against fraud, unauthorised access, and other security threats.

We do not use your personal data for automated decision-making or profiling with legal or similarly significant effects (Article 22 GDPR).

06

Cookies & Tracking Technologies

A cookie is a small text file placed on your device when you visit a website. We use cookies and similar technologies to operate our website and, where you consent, to understand how it is used. Under the EU ePrivacy Directive (2002/58/EC) and its national implementations, we require your prior consent for all non-essential cookies.

Cookie categories

Cookie Name	Category	Purpose	Provider	Duration
agso_cookie_consent	Strictly Necessary	Stores your cookie consent preferences so we do not ask again on subsequent visits.	agso Inc.	12 months
_ga, _ga_*	Analytics (opt-in)	Google Analytics 4 — distinguishes users and sessions to analyse website traffic patterns in aggregate.	Google LLC	Up to 2 years
_gid	Analytics (opt-in)	Google Analytics — distinguishes users within a 24-hour session.	Google LLC	24 hours
li_fat_id, AnalyticsSyncHistory	Marketing (opt-in)	LinkedIn Insight Tag — enables B2B audience analytics and optional retargeting on LinkedIn.	LinkedIn Corp.	Up to 1 year

Third-party requests — Google Fonts

This website loads typography via Google Fonts (fonts.googleapis.com). This causes your browser to send a request to Google's servers, which may include your IP address. Google states it does not use this data for advertising purposes. We rely on our legitimate interests in presenting a professionally designed website for this transfer. For more information, see Google's Privacy Policy.

Managing cookies

You may update your cookie preferences at any time by clicking "Cookie Preferences" in the bottom-left corner of any page. You may also control cookies through your browser settings — note that disabling all cookies may impair website functionality. Useful browser guides:

07

Data Sharing & Third Parties

We do not sell, rent, or trade personal data. We may share personal data with:

Service providers acting as data processors: including IT infrastructure providers, email service providers, and website hosting providers — bound by data processing agreements and permitted to process data only on our instructions.
Analytics providers: Google LLC (Google Analytics) — where you have consented to analytics cookies. Data is processed under Google's Data Processing Amendment. IP anonymisation is enabled.
Professional advisers: lawyers, accountants, and auditors acting under duties of confidentiality.
Regulatory and law enforcement authorities: where required by law, court order, or for the prevention or detection of crime.
Prospective acquirers: in the event of a merger, acquisition, or sale of substantially all assets — subject to confidentiality obligations.

We require all third parties to respect data security and to process personal data only for specified, lawful purposes.

08

International Data Transfers

agso Inc. is based in the United States. When we receive personal data from individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland, that data is transferred to and processed in the United States — a country not currently deemed to provide an adequate level of data protection by the European Commission for all transfers.

We safeguard such transfers using the European Commission's Standard Contractual Clauses (SCCs) (EU Commission Decision 2021/914) or the UK International Data Transfer Agreement (IDTA), as applicable. A copy of the relevant transfer mechanism may be requested by contacting us at privacy@agso-estate.com.

Where we use Google Analytics, data may be transferred to and processed in the United States under Google's Data Processing Amendment, which incorporates SCCs.

09

Retention

Data Category	Retention Period	Rationale
Enquiry & contact correspondence	3 years from last contact	Legitimate interests — business relationship management; statute of limitations for contractual claims
Consented marketing communications	Until consent withdrawn or 2 years of inactivity	Consent
Website server logs (IP, access logs)	90 days	Security and fraud prevention
Cookie consent records	12 months (localStorage, client-side)	Demonstrating compliance with consent obligations
Analytics data	14 months (Google Analytics default)	Performance analysis
Legal / compliance records	7 years	Legal obligation (US and applicable local law)

After the applicable retention period, data is securely deleted or anonymised so that it can no longer be associated with an individual.

10

Your Rights — EU / EEA (GDPR)

If you are located in the EU, EEA, UK, or Switzerland, you have the following rights under the GDPR (and equivalent UK / Swiss law):

Right of Access (Art. 15)

Obtain confirmation of whether we process your personal data, and receive a copy of it.

Right to Rectification (Art. 16)

Have inaccurate or incomplete personal data corrected without undue delay.

Right to Erasure (Art. 17)

Request deletion of your personal data where there is no compelling reason for continued processing ("right to be forgotten").

Right to Restriction (Art. 18)

Request that we restrict processing of your data in certain circumstances — for example while accuracy is contested.

Right to Portability (Art. 20)

Receive data you provided to us in a structured, machine-readable format, where processing is based on consent or contract.

Right to Object (Art. 21)

Object to processing based on legitimate interests, including direct marketing. We will cease unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent (Art. 7)

Where processing is based on consent, withdraw it at any time. Withdrawal does not affect prior lawful processing.

Right to Lodge a Complaint

File a complaint with your local supervisory authority — e.g. the Austrian DSB, Hong Kong PCPD, or the UK ICO.

To exercise any of these rights, contact us at privacy@agso-estate.com. We will respond within 30 days (extendable by a further 60 days in complex cases, with notice). Requests are free of charge unless manifestly unfounded or excessive.

We may need to verify your identity before fulfilling a request. We will ask for the minimum information necessary to do so.

11

Your Rights — California (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights in relation to your personal information:

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes of collection, and any third parties with whom it is shared.
Right to Delete: Request deletion of your personal information, subject to certain exceptions (e.g. where retention is required to complete a transaction, detect security incidents, or comply with law).
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: agso Inc. does not sell or share personal information for cross-context behavioural advertising. No opt-out action is required, but you may contact us at any time to confirm this.
Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under CPRA.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, email privacy@agso-estate.com with "CCPA Request" in the subject line, or write to us at our registered address. We will respond within 45 days, extendable by a further 45 days with notice.

You may also designate an authorised agent to submit a request on your behalf, provided the agent provides written proof of authorisation and you verify your identity directly with us.

Do Not Sell or Share My Personal Information
agso Inc. does not sell or share (as defined under CCPA/CPRA) personal information to third parties for monetary or other valuable consideration. To confirm this or request further detail, contact privacy@agso-estate.com.

12

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. These include TLS encryption for data in transit, access controls, and regular security reviews.

No transmission of data over the internet is entirely secure. We cannot guarantee the security of information transmitted to us — any transmission is at your own risk. Once we receive your data, we apply strict procedures and security features.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (GDPR Art. 33) and affected individuals without undue delay where required (GDPR Art. 34).

13

Children

This website is directed exclusively at business professionals and is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted personal data to us, we will delete it promptly.

14

Changes to This Policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational factors. The "Effective date" at the top of this page indicates when the current version was last revised.

Material changes will be communicated via a prominent notice on our website prior to the change becoming effective, or — where we hold your contact details — by direct notification. Where required by law, we will seek fresh consent.

Continued use of the website after a change takes effect constitutes acceptance of the revised policy. We encourage you to review this page periodically.

15

Contact & Complaints

For any questions, concerns, or to exercise your data protection rights, please contact us:

Data Protection Contact
agso Inc.
16192 Coastal Highway, Lewes, DE 19958, United States
Email: privacy@agso-estate.com

If you are located in the EU/EEA and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is maintained by the European Data Protection Board at edpb.europa.eu.

UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk. Austrian residents may contact the Datenschutzbehörde (DSB) at dsb.gv.at.

California residents who wish to exercise CCPA rights or submit a complaint may also contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov.