PRIVACY POLICY OF RENTILIUM

EFFECTIVE DATE: 25/7/2025

This Privacy Policy ("Policy") governs the manner in which 7Sky Technovation Ltd., operating under the brand name "Rentilium" ("Company", "we", "our", or "us"), collects, receives, stores, processes, discloses, and protects personal data through its Software-as-a-Service (SaaS) platform, "Rentilium" ("Platform"). The Platform is offered to clients, namely landlords, property managers, and affiliated property management entities ("Clients"), for the sole purpose of enabling the digital management of real estate rental operations.

This Policy is in strict conformity with the provisions of the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable laws of India. This document intends to establish clear boundaries and obligations between the Data Fiduciary (our Client) and Rentilium, which functions solely as a Data Processor.

NOTICE FOR TENANTS (DATA PRINCIPAL)

DEFINITIONS

For the purposes of this Privacy Policy, the following terms shall have the meanings assigned below, consistent with the Digital Personal Data Protection Act, 2023:

ROLE OF RENTILIUM UNDER LAW

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), Rentilium functions in the capacity of a Data Processor. We do not determine the purpose or the means of processing personal data; such determinations are made exclusively by our Clients, who are the designated Data Fiduciaries under the DPDP Act.

We process personal data strictly in accordance with the documented instructions issued by our Clients and do not independently collect, use, or retain personal data for any purpose beyond what has been expressly authorised by the Client.

CATEGORIES OF PERSONAL DATA PROCESSED

In the course of providing services to our Clients, we may process the following categories of personal data, as uploaded, entered, or transferred by the Client to the Platform:

Each of the above categories is processed solely on behalf of the Client, as per documented contractual terms, and in compliance with the principles of necessity, proportionality, and purpose limitation under applicable law.

PURPOSE OF PROCESSING

The above categories of personal data are processed by Rentilium solely for the purpose of delivering services as instructed by the Client, in accordance with its role as a Data Processor. These purposes include, but are not limited to, the following:

Under no circumstances shall Rentilium utilise personal data for marketing, cross-selling, data monetization, profiling, or any secondary purpose, except where explicitly instructed and authorized in writing by the Data Fiduciary (Client).

DATA PRINCIPAL RIGHTS AND CLIENT RESPONSIBILITY

As a Data Processor, Rentilium does not directly respond to or fulfil individual rights requests from Data Principals. The responsibility to ensure compliance with the Data Principal’s rights, as enumerated under the Digital Personal Data Protection Act, 2023, rests solely with the Client, who functions as the Data Fiduciary.

Specifically, the Client shall be solely responsible for:

Additionally, under Section 14 of the DPDP Act, the Data Fiduciary is obligated to provide the Data Principal with the right to nominate another individual to exercise their rights under the Act in the event of death or incapacity. Rentilium relies on its Clients to incorporate mechanisms within their operational processes to capture and act upon such nominations.

Rentilium shall provide all reasonable cooperation and technical support necessary to assist the Client in responding to valid data rights requests. Such cooperation will be rendered strictly upon receiving documented instructions from the Client and in accordance with the contractual terms governing our engagement.

Rentilium shall not be held liable for any failure of the Client to comply with its obligations as a Data Fiduciary under the DPDP Act or any applicable data protection laws.

5. SECURITY SAFEGUARDS

Rentilium implements appropriate technical and organisational safeguards to protect personal data against unauthorized access, destruction, loss, alteration, or disclosure. These measures include:

6. DATA RETENTION AND DELETION

Personal data processed on the Platform shall be retained only for such duration as is necessary to fulfil the purposes specified by the Client, or as may be required by applicable law, regulatory obligation, or contractual requirement. The specific retention period shall be determined by the Client as the Data Fiduciary, and Rentilium shall act in accordance with the documented instructions provided.

In the absence of such specific instructions, Rentilium shall apply a default retention period not exceeding ninety (90) days from the date of termination of services or the fulfilment of the processing purpose, whichever is earlier, unless a longer retention period is legally required.

Upon the occurrence of termination, expiration of the retention period, or upon written instruction from the Client, Rentilium shall:

Rentilium shall maintain audit trails of data deletion activities in accordance with its internal policies and retain such audit logs for compliance purposes as may be mutually agreed with the Client.

COOKIES AND TRACKING TECHNOLOGIES

Rentilium may deploy cookies, pixels, and other similar tracking technologies on the Platform, either directly or through authorized third-party service providers, for the following legitimate purposes:

These tracking technologies may include:

By default, Rentilium does not use cookies to collect personal data unless explicitly configured to do so by the Client (Data Fiduciary).

Users can manage or disable cookies through their browser settings. However, please note that disabling essential or strictly necessary cookies may adversely affect platform functionality, security, and usability. Where applicable, the Client shall be responsible for implementing consent banners or cookie notices in compliance with local privacy laws.

CHILDREN'S DATA

Rentilium is not designed to knowingly process personal data of children (below 18 years of age) without the lawful consent of a parent or legal guardian.

As per Section 9 of the Digital Personal Data Protection Act, 2023, the Client (Data Fiduciary) is solely responsible for:

Rentilium, acting solely as a Data Processor, processes children’s data strictly based on documented instructions from the Client and assumes no liability for the Client’s failure to comply with their obligations under Section 9 of the DPDP Act.

GRIEVANCE REDRESSAL

End-users must first approach the Client (Data Fiduciary) for any grievances related to data processing. In case of unresolved issues concerning the functioning of the Platform or its technical compliance, the Grievance Officer for Rentilium may be contacted:

AMENDMENTS

This Policy may be updated or modified by Rentilium to reflect legal, regulatory, or operational changes. Clients will be notified of material changes. Continued use of the Platform post-update constitutes acknowledgment.