Privacy Policy

Effective date: 21.01.2024

1. Introduction

Thank you for choosing Talenlio International Private Limited ("Talenlio", "we", "us", or "our") and its authorised Indian sales partner iLMTEC Solutions Private Limited ("ILMTEC"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit talenlio.com or purchase our products and services through any channel operated by Talenlio or iLMTEC (together, the "Services"). By using the Services you agree to the practices described here and in our Terms & Conditions. If you do not agree, please stop using the Services immediately.

2. Who We Are

Talenlio International Private Limited
Role – Data Controller & Service Provider
Address – 9th floor, T2, KWT, ByzBay, Pune, Maharashtra, India

ILMTEC Solutions Private Limited
Role – Authorised reseller & Data Processor for sales and support across India ("PAN India")
Address – 9th floor, T2, KWT, ByzBay, Pune, Maharashtra, India

EU Representative (GDPR Art. 27)
ILMTEC Solutions  – ParkStraße 22, Berlin, 13585, Germany

Email – management+eu@talenlio.com
Throughout this document "Group", "we", or "us" may refer to both companies collectively.

3. Applicability & Jurisdiction
Global users – this policy applies wherever you are.
India – we comply with the Information Technology Act 2000, SPDI Rules 2011, and the Digital Personal Data Protection Act 2023 ("DPDP Act").
EEA & UK – we comply with the General Data Protection Regulation ("GDPR") and the UK GDPR.
California – additional rights apply under the California Consumer Privacy Act ("CCPA").

4. Key Terms
Personal Data – information that identifies or can reasonably identify a living person.
Usage Data – technical data collected automatically (IP address, device ID, pages visited, etc.).
Cookies – small files placed on your device to operate or personalise the Services.
Data Controller – decides why and how personal data is processed (Talenlio).
Data Processor – processes data for the controller (for example, iLMTEC or cloud vendors).

5. Data 
We Collect & Why | Category | Examples | Purpose / Legal Basis || Identification | Name, job title, company | Contract performance; legitimate interest || Contact | Email, phone, postal address | Contract; consent (marketing) || Transactional | Orders, invoices, payment status | Contract; legal obligation || Usage | IP address, browser type, pages visited | Legitimate interest (service improvement & security) || Marketing Preferences | Newsletter opt‑ins, event registrations | Consent || Location | Approximate location from IP or device settings | Consent || Payment | Tokenised payment ID, last 4 digits of card (handled by PCI providers) | Contract; legal obligation |Retention periods: account data 6 years after closure; marketing data until you opt‑out or 24 months of inactivity; financial records 8 years; recruitment data 12 months unless law requires longer.Sensitive or "special category" data is collected only when strictly necessary (e.g., statutory compliance) and with explicit consent.

6. How We Use Your Data
Provide and maintain the Services – create accounts, process orders, deliver support.
Sell PAN India via ILMTEC – share data between Talenlio and iLMTEC to prepare quotes, invoices, implementations, and after‑sales support.
Improve and secure – monitor performance, debug issues, prevent fraud and abuse.
Communicate – send product updates, security alerts, and administrative notices.
Marketing (optional) – newsletters, webinars, offers, and event invitations (only if you have not opted‑out).
Legal & compliance – enforce contracts, comply with audits, satisfy legal requests.
No automated decision‑making or profiling is performed that produces legal or similarly significant effects on you.
We do not sell your Personal Data for money.

7. Sharing & Disclosure
ILMTEC Solutions Pvt Ltd – distribution, billing, technical support in India (covered by an inter‑company Data Processing Agreement).
Cloud hosting providers (e.g., AWS, Digital Ocean, Hetzner) – secure infrastructure and storage (Standard Contractual Clauses, ISO 27001).
Analytics & marketing vendors (e.g., Google Analytics, Sendgrid, Brevo, Posthog) – product usage insights and campaign delivery (data‑processing addenda, IP anonymisation where feasible).
Government or law‑enforcement – only upon valid legal request.
Successor entities – in the event of merger, acquisition, or asset sale (you will receive notice and may opt‑out where legally required).

8. International Transfers
We may store or process data in India, the EEA, the United States, or any country where our providers operate. Transfers rely on adequacy decisions, Standard Contractual Clauses, the EU–US Data Privacy Framework (where applicable), or comparable safeguards.

9. Data Retention (Summary)
Account data – life of account + 6 years
Marketing data – until opt‑out or 24 months of inactivity
Financial records – 8 years
Recruitment data – 12 months (unless law requires longer)

Data that has been anonymised may be kept indefinitely for analytics.

10. Security Measures
Encryption in transit (TLS 1.2+) and at rest.Role‑based access controls (RBAC) and multi‑factor authentication (MFA).Annual penetration tests, quarterly vulnerability scans, and 24 × 7 security monitoring.Mandatory employee security‑awareness training.Incident Response Plan aligned with ISO 27001/27701.Although no online service is 100 % secure, we take commercially reasonable steps to protect your data.

11. Your Privacy Rights
Depending on your location you may be entitled to:
Access – receive a copy of your personal data.
Correction – update inaccurate or incomplete data.
Erasure – request deletion ("right to be forgotten").
Restriction / Objection – limit or object to processing.
Portability – move data to another service.
Opt‑out of marketing communications at any time.
Grievance redressal – escalate unresolved issues to our Data Protection Officer or the Data Protection Board of India.
Complain – lodge a complaint with your data‑protection authority.

To exercise your rights, email management+privacy@talenlio.com. We will respond within the timeframe required by law.

12. Cookies & TrackingWe use cookies for:Essential operations (session management, security)Preferences (remembering language or region)Analytics (understanding traffic patterns)Marketing (retargeting ads)You can manage cookie consent via the banner displayed on your first visit or by clicking "Cookie Settings" in the page footer.

13. Children’s PrivacyWe do not knowingly collect data from anyone under 18. If you believe a minor has provided us personal data, contact us and we will delete it.

14. Changes to This PolicyWe may update this Privacy Policy occasionally. We will email you and display a banner at least 15 days before changes take effect. Continued use of the Services after that date signifies acceptance of the revised Policy.

15. Data Processing Agreement (DPA)
This section applies when Customer (referred to as “Controller”) provides Personal Data to Talenlio or iLMTEC (“Processor”) while using the Services.
15.1 Subject‑matter & Duration  — Processing is limited to providing the Services and continues for the subscription term plus deletion period set in §9.
15.2 Nature & Purpose  — Hosting, storage, backup, user‑management, support, and security monitoring.
15.3 Categories of Data  — Identification, contact, transactional, usage data; any content Customer uploads.
15.4 Data Subjects  — Customer’s employees, contractors, clients, or end‑users.
15.5 Processor Obligations — Only process Personal Data on documented instructions from Controller.Ensure authorised personnel are bound by confidentiality.Implement security measures listed in §10.Assist Controller with data‑subject requests, DPIAs, and breach notifications.Sub‑processors: use only vetted providers (current list available on request); notify Customer of changes, allowing objection on reasonable grounds.Cross‑border transfer safeguards as in §8.Upon termination, delete or return Personal Data unless law requires storage.Provide evidence of compliance (e.g., audit reports) or allow reasonable audits once per year.
15.6 Controller Obligations Ensure lawful basis for all Personal Data provided.Not upload special‑category data unless necessary and permitted by law.Cooperate with Processor on security or compliance issues.
15.7 Breach Notification  — Processor will notify Controller without undue delay (no later than 48 hours) after becoming aware of a Personal‑Data breach.
15.8 Liability  — Each party’s aggregate liability under this DPA is limited to the fees paid by Customer in the 12 months preceding the event, except for wilful misconduct or data‑protection fines imposed directly

16. Intellectual Property & Non‑Competition
16.1 Ownership — All software, documentation, and intellectual property embodied in the Services remain the exclusive property of Talenlio. No rights are granted other than those expressly stated in our licence terms.
16.2 No Reverse Engineering — You may not de‑compile, disassemble, or otherwise attempt to derive the source code, algorithms, or underlying structure of the Services.
16.3 No Creation of Competing Products — During your subscription and for two (2) years after its termination, you shall not develop, market, or sell any product or service that is substantially similar to or competes with the core functionality of the Services.
16.4 Injunctive Relief — Breach of this section may cause irreparable harm; we may seek injunctive relief in any competent court without posting a bond.

17. Contact Us
General privacy questions
Email – management+privacy@talenlio.com
Phone – +91‑8600-351-721
Address – 9th floor, T2, KWT, ByzBay, Pune, Maharashtra, India

© 2025 Talenlio International Private Limited & iLMTEC Solutions Private Limited. All rights reserved.