1. Introduction

This Privacy Policy explains how REtelligent Pty Ltd and its subsidiary REtelligent EU SRL (collectively, “REtelligent,” “we,” “us,” or “our”) collect, use, disclose, and protect personal information when you use our property maintenance management platform at https://www.retelligent.co/ and related services (the “Platform”).

REtelligent operates across two jurisdictions. This Policy is designed to comply with:

·       The EU General Data Protection Regulation (GDPR) — applicable to our EU operations through REtelligent EU SRL, registered in Romania.

·       The Australian Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) — applicable to our Australian operations through REtelligent Pty Ltd.

Where this Policy refers to obligations under a specific jurisdiction, it is clearly indicated. Where no jurisdiction is specified, the provision applies to both.

2. Who We Are

EU Representative, for the purposes of Article 27 GDPR, we have appointed Igor Sekatski as our EU Representative. You may contact our EU Representative at dpo@retelligent.co.

For the purposes of the GDPR, the data controller depends on the context of processing. Where we provide the Platform to property operators (our B2B customers), the property operator is typically the data controller and REtelligent EU SRL acts as the data processor. For data we collect directly (e.g., website visitors, vendor registrations), REtelligent EU SRL is the data controller.

3. What Personal Information We Collect

3.1 Tenant Personal Data

When tenants interact with the Platform (e.g., submitting maintenance requests), we may process:

·       Names and contact details (email address, phone number)

·       Property and unit addresses

·       Maintenance request content, including descriptions of issues and complaints

·       Communication history (messages sent and received through the Platform)

3.2 Vendor and Trade Data

When vendors and tradespeople use or are registered on the Platform, we may process:

·       Business names and trading names

·       Contact details (business email, phone number, business address)

·       Trade qualifications, licences, and specialisations

·       Job history and performance metrics on the Platform

·       Invoice data and payment records

3.3 Geo-Stamped Photographs

The Platform enables the capture of photographs for maintenance documentation purposes. These photographs may contain embedded metadata including GPS coordinates (latitude and longitude) and timestamps. Under the GDPR, location data constitutes personal data and is subject to heightened protection.

3.4 Communication Logs

We may process records of communications sent via the Platform, including SMS messages and WhatsApp messages used for vendor follow-ups, maintenance coordination, and service notifications.

3.5 AI Triage and Automated Processing Data

Our Platform uses artificial intelligence to assist in triaging maintenance requests and matching vendors. This processing involves maintenance request inputs, triage categorisation outputs, dispatch recommendations, and confidence scores. Section 8 of this Policy provides further detail on automated decision-making.

3.6 Website and Technical Data

When you visit https://www.retelligent.co/, we may automatically collect:

·       IP address and approximate geolocation derived from IP

·       Browser type, operating system, and device information

·       Pages visited, time spent, and referring URLs

·       Cookies and similar tracking technologies (see our Cookie Policy)

4. How and Why We Use Your Personal Information

4.1 Purposes of Processing

4.2 Legitimate Interest Assessments (GDPR)

Where we rely on legitimate interests as a lawful basis, we have conducted Legitimate Interest Assessments (LIAs) balancing our interests against the rights and freedoms of data subjects. These LIAs are available on request by contacting privacy@retelligent.co. Our legitimate interests include the effective delivery of property maintenance services, ensuring vendor quality and accountability, platform security, and fraud prevention.

5. Who We Share Your Personal Information With

We may share personal information with the following categories of recipients:

We do not sell personal information to third parties. We do not use personal information for direct marketing purposes without your explicit consent.

6. International Data Transfers

REtelligent operates across Australia and the European Union. Personal data may be transferred between REtelligent Pty Ltd (Australia) and REtelligent EU SRL (Romania), as well as to sub-processors located in various jurisdictions.

6.1 EU to Non-EU Transfers (GDPR, Art. 44–49)

Where personal data is transferred from the EU/EEA to a country that has not received an adequacy decision from the European Commission, we implement appropriate safeguards including:

·       Standard Contractual Clauses (SCCs) approved by the European Commission

·       Supplementary technical measures including encryption of data in transit and at rest

·       Transfer Impact Assessments to evaluate the legal framework of the recipient country

6.2 Australian Cross-Border Disclosure (APP 8)

Before disclosing personal information to our Romanian subsidiary or other overseas recipients, REtelligent Pty Ltd takes reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles. These steps include contractual data processing agreements requiring GDPR-equivalent protections, security assessments, and ongoing monitoring of the overseas recipient’s compliance.

Countries to which we may disclose personal information include: Romania (EU), and the United States, Ireland, Australia, and the hosting region(s) of our cloud-infrastructure sub-processors. A complete list of sub-processors and their locations is published at retelligent.co/sub-processors.

7. How Long We Keep Your Information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention periods are as follows:

8. Automated Decision-Making and Artificial Intelligence

8.1 How We Use AI

REtelligent uses artificial intelligence to assist in the management of property maintenance. Specifically:

·       Triage Categorisation: Our AI system analyses maintenance request descriptions to categorise requests by urgency (e.g., emergency, urgent, standard, routine) and type (e.g., plumbing, electrical, structural).

·       Vendor Matching: The AI recommends suitable vendors based on trade qualifications, availability, proximity, historical performance, and job requirements.

·       Dispatch Prioritisation: The system generates recommended dispatch priority based on request urgency, vendor availability, and property requirements.

8.2 Your Rights Regarding Automated Decisions (GDPR, Art. 22)

Under the GDPR, where automated processing produces decisions that significantly affect you, you have the right to:

·       Obtain meaningful information about the logic involved, the significance, and the envisaged consequences of such processing

·       Request human review of an automated decision

·       Express your point of view and contest the decision

REtelligent maintains human oversight of AI-assisted decisions. Financial approvals, complex exceptions, and edge cases are reviewed by qualified human operators. Property operators retain the ability to override any AI recommendation.

8.3 Australian Automated Decision-Making Transparency

In compliance with the Privacy and Other Legislation Amendment Act 2024 (effective 10 December 2026), we disclose the following:

·       Types of personal information used in automated decisions: maintenance request descriptions, property type, request category, vendor qualifications, historical performance data.

·       Decisions made solely by automated processes: initial triage categorisation of maintenance request urgency level.

·       Decisions where automation substantially and directly influences the outcome: vendor matching recommendations and dispatch priority suggestions, which are reviewed and approved by property operators.

8.4 EU AI Act Classification

REtelligent has assessed the AI Features against Regulation (EU) 2024/1689. The AI Features are currently classified as general-purpose and are not operated as a high-risk AI system within Annex III. Where transparency obligations apply under Art. 50, we identify AI-generated outputs and inform users they are interacting with AI-assisted tooling. We review this classification at least annually and upon material changes to the AI Features.

9. Your Privacy Rights

9.1 Rights Under the GDPR (EU Residents)

If you are located in the EU/EEA, you have the following rights under the GDPR:

·       Right of Access (Art. 15): Request a copy of the personal data we hold about you.

·       Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.

·       Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal retention requirements.

·       Right to Restriction (Art. 18): Request that we restrict the processing of your personal data in certain circumstances.

·       Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, and machine-readable format.

·       Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.

·       Rights Related to Automated Decision-Making (Art. 22): See Section 8.2 above.

·       Right to Lodge a Complaint: You may lodge a complaint with ANSPDCP (Romania’s supervisory authority) at https://www.dataprotection.ro/ or with the supervisory authority of your EU Member State of residence.

9.2 Rights Under the Australian Privacy Act

If you are located in Australia, you have the following rights under the Privacy Act 1988:

·       Right of Access (APP 12): Request access to the personal information we hold about you.

·       Right to Correction (APP 13): Request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information.

·       Right to Complain: You may lodge a complaint about our handling of your personal information. We will respond within 30 days. If unsatisfied, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au/.

9.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at:

·       Email: privacy@retelligent.co

·       Post: U2 8A Judith St, Carnegie, VIC, 3163, Australia

·       Online: [INSERT PRIVACY REQUEST FORM URL, if applicable]

We will respond to your request within 30 days (or one month for GDPR requests). We may need to verify your identity before processing your request. There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.

10. How We Protect Your Information

We implement technical and organisational security measures appropriate to the risk, including:

·       Encryption of personal data at rest (AES-256 or equivalent) and in transit (TLS 1.2+)

·       Role-based access controls limiting data access to authorised personnel

·       Multi-factor authentication for administrative access

·       Regular penetration testing and vulnerability assessments

·       Audit logging and monitoring of access to personal data

·       Staff training on data protection and information security

·       Incident response procedures aligned with GDPR 72-hour notification and Australian NDB scheme requirements

Our platform is built on a serverless, multi-region architecture designed to SOC 2 and ISO 27001 standards.

11. Data Breach Notification

In the event of a personal data breach:

GDPR (EU)

We will notify ANSPDCP within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of data subjects. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay (Art. 33–34 GDPR).

Australian NDB Scheme

We will assess suspected breaches within 30 days. If an eligible data breach has occurred (i.e., unauthorised access, disclosure, or loss of personal information likely to result in serious harm), we will notify the OAIC and affected individuals as soon as practicable.

12. Cookies and Similar Technologies

Our website uses cookies and similar technologies for functionality, analytics, and performance purposes. For detailed information about the cookies we use, how to manage your preferences, and your choices, please refer to our Cookie Policy at [INSERT COOKIE POLICY URL].

For EU visitors, we obtain consent before placing non-essential cookies in compliance with the ePrivacy Directive and GDPR.

13. Children’s Privacy

Our Platform is not directed at children under the age of 16 (EU) or consistent with the threshold applicable under Australian law (we do not knowingly collect personal information from minors under 16). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete that information promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or business operations. We will notify you of material changes by posting the updated Policy on our website with a revised “Last Updated” date. Where changes are significant, we will provide additional notice (e.g., email notification or a prominent notice on the Platform).

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer. Our Data Protection Officer can be contacted at dpo@retelligent.co.