Privacy Policy

This Privacy Policy describes how Pharoll processes personal data in the context of making its platform available and of its use, including the corporate website, the web application, the mobile application, and any associated pages, interfaces, subdomains, and digital services.

1. Data Controller

The Pharoll platform is operated by:

Entity: [company name]
Tax ID: [tax ID]
Registered office: [registered office]
General contact email: [email]

For the purposes of applicable data-protection law, that entity acts, as a rule, as the controller of the personal data processed within the platform, without prejudice to the possibility that, in specific contexts, certain third parties may act as independent controllers or processors.

2. Scope of Application

This Policy applies to the processing of personal data carried out in the context of:

browsing Pharoll’s corporate website;
creating and managing an account on the platform;
using the web application and the mobile application;
using the platform as a registered Business or Agent user; and
interacting with Pharoll for support, contact, onboarding, security, invoicing, payments, fraud prevention, and legal compliance.

Unless expressly stated otherwise, this Policy does not govern data processing carried out by independent third parties that maintain their own privacy policies.

3. Categories of Data Subjects

Pharoll may process personal data relating to the following categories of data subjects:

visitors to the corporate website;
registered Business users;
registered Agent users;
individuals who contact Pharoll for information requests, support, or complaints; and
representatives, employees, or contacts of business entities interacting with Pharoll.

4. Categories of Personal Data Processed

Depending on the type of use of the platform and the relationship with the user, Pharoll may process the following categories of data:

4.1. Identification and Contact Data

name;
username;
email address;
telephone number;
country of residence; and
date of birth or age indication where necessary for eligibility, monetization, security, or legal-compliance purposes.

4.2. Account and Authentication Data

registration and account-creation data;
internal account identifiers;
credentials protected by appropriate technical measures;
session and authentication tokens;
access history; and
information relating to account management, suspension, limitation, or closure.

4.3. Platform Usage Data

records of activity on the platform;
actions taken in the account;
interactions with campaigns, links, content, and features;
timestamps, events, and usage logs; and
information relating to service performance and use.

4.4. Technical Data and Online Identifiers

IP address;
device type;
operating system;
browser and version;
language;
session identifiers;
technical logs;
data collected through cookies and similar technologies; and
other technical signals reasonably necessary for security, performance, diagnostics, and abuse prevention.

4.5. Tracking, Measurement, and Performance Data

generated links and their identifiers;
tracking parameters, including, where applicable, UTMs and equivalents;
clicks, views, impressions, and other relevant metrics;
approximate traffic source;
activity-validation data; and
information needed for campaign measurement, performance attribution, invalid-traffic prevention, and operational auditing.

4.6. Financial, Tax, and Payment Data

IBAN or other payment identifiers;
invoicing data;
data needed to process payments or withdrawals; and
information related to withholding, validation, reconciliations, disputes, or accounting and tax obligations.

4.7. Support, Contact, and Complaint Data

the content of communications sent to Pharoll;
support requests;
complaints;
contact records; and
data needed to manage and resolve incidents or requests.

4.8. Verification, Security, and Fraud-Prevention Data

technical or behavioral signals and patterns relevant to detecting fraud, abuse, invalid traffic, prohibited automation, manipulation of metrics, abusive account creation, breaches of the Terms, and other misuse of the platform; and
information resulting from eligibility, age, identity, or compliance checks where applicable.

5. Sources of Personal Data

Personal data may be obtained:

directly from the data subject, when registering, using the platform, contacting Pharoll, or submitting information;
automatically through use of the website, web application, mobile application, and their features;
through providers of technical, payment, authentication, security, analytics, or support services; and
through internal validation, auditing, fraud-prevention, and legal-compliance processes.

6. Purposes of Processing

Pharoll processes personal data for the following purposes:

creation, management, and maintenance of user accounts;
making available, operating, maintaining, and improving the website, web application, mobile application, and other services;
execution of platform features and provision of the requested service;
management of the relationship with Business and Agent users;
measurement of campaigns, analysis of performance, validation of activity, and attribution of operational results;
prevention, detection, investigation, and mitigation of fraud, abuse, invalid traffic, inauthentic activity, or breaches of the applicable Terms;
verification of eligibility for access to certain features, including monetization and payments;
processing of payments, withdrawals, invoicing, financial reconciliation, and compliance with tax and accounting obligations;
responding to contact requests, support requests, complaints, and incidents;
protection of the platform’s security, integrity, availability, and reliability;
technical monitoring, auditing, diagnostics, error correction, and incident prevention;
compliance with legal and regulatory obligations and cooperation with competent authorities;
defense and exercise of Pharoll’s rights in administrative, arbitral, judicial, or pre-litigation proceedings;
management of cookies and similar technologies, as applicable;
sending operational, contractual, technical, security, or support communications; and
sending marketing communications only where an appropriate lawful basis exists, namely consent where required.

7. Legal Bases for Processing

Pharoll processes personal data on the following legal bases, depending on the specific purpose:

performance of a contract or pre-contractual steps, in particular for account creation, platform use, management of the relationship with the user, operational processing of campaigns, and provision of services;
compliance with legal obligations, in particular in tax, accounting, unlawful-activity prevention, cooperation with authorities, record retention, and incident management matters;
legitimate interest, in particular for platform security, fraud and abuse prevention, technical monitoring, service improvement, system protection, operational validation, defense of rights, and risk management; and
consent, where legally required, namely for non-essential cookies, similar technologies, or marketing communications where applicable.

Where processing is based on consent, the data subject may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

8. Cookies and Similar Technologies

Pharoll uses cookies and similar technologies to ensure platform operation, improve the user experience, measure performance, reinforce security, obtain usage statistics, and, where applicable, support additional features.

Detailed information on cookie categories, purposes, duration, and management options will be made available in a separate Cookie Policy and, where applicable, in consent mechanisms shown to the user.

9. Profiling, Data Analysis, and Fraud Detection

Pharoll may use data-analysis processes, operational rules, correlation of technical and behavioral signals, and automated and/or manual review mechanisms to:

measure campaign performance;
validate activity and operational metrics;
detect fraud, invalid traffic, prohibited automation, manipulation of results, anomalous behavior, or abuse of the platform;
protect the security and integrity of systems; and
support operational review and compliance decisions.

Depending on the case, these processes may contribute to measures such as limitation of features, temporary suspension, preventive withholding of payments, enhanced review, invalidation of improper activity, or account closure, under applicable law and contract.

Where legally required, Pharoll will adopt appropriate safeguards in relation to decisions based solely on automated processing.

10. Age and Eligibility Verification

Pharoll may process personal data to verify whether the user meets the minimum eligibility requirements for using certain features, in particular monetization, payments, or compensated participation features.

Unless expressly stated otherwise for a given jurisdiction, use of monetization features on the platform is reserved for users aged 18 or over.

Where Pharoll considers it necessary and proportionate, it may request additional confirmation of age, eligibility, or identity, in particular before enabling payments, where there is suspicion of non-compliance, or to comply with legal and regulatory requirements.

If there are indications of improper use by a minor, use of another person’s account, false information, or breach of applicable rules, Pharoll may adopt proportionate measures, including account limitation, suspension, preventive withholding of payments, additional review, or account closure.

Pharoll may share personal data, to the extent strictly necessary, with the following categories of recipients:

hosting, cloud, infrastructure, and technical service providers;
authentication, security, monitoring, and fraud-prevention providers;
analytics and measurement providers;
customer support and communications providers;
payment, invoicing, and financial-reconciliation providers;
legal, accounting, audit, and other professional advisers subject to duties of confidentiality;
administrative, regulatory, tax, law-enforcement, or judicial authorities, where there is a legal obligation, a valid order, or a legitimate need to exercise or defend rights; and
other entities that legitimately act within the operation of the platform, provided there is an adequate contractual or legal framework.

Where third parties act as processors, Pharoll will seek to ensure that they are bound by appropriate confidentiality, security, and data-protection obligations.

12. International Transfers of Data

Where personal data is processed or accessed outside the European Economic Area or another jurisdiction with an applicable protection regime, Pharoll will adopt legally appropriate measures to ensure an adequate level of protection, including, where applicable:

adequacy decisions;
standard contractual clauses;
complementary technical, organizational, or contractual measures; and
other legally admissible mechanisms.

13. Retention of Personal Data

Pharoll retains personal data only for the period necessary for the purposes that justify the processing, without prejudice to longer periods where required by law, for security reasons, fraud prevention, exercise of rights, or compliance with contractual obligations.

By way of indication, data may be retained according to the following criteria:

account data: while the account remains active and for the additional period necessary for closure management, legal compliance, and defense of rights;
operational data, logs, and metrics: for the period necessary for platform operation, activity validation, security, auditing, and fraud prevention;
support data: for the period necessary to manage and resolve the request;
payment, invoicing, tax, and accounting data: for the periods required by law;
data associated with internal investigations, fraud, disputes, or incidents: for as long as necessary to analyze and resolve the case and defend rights; and
data contained in backups and technical copies: for transitional periods compatible with the service’s security and continuity architecture.

Once the purposes that justify retention cease, the data will be deleted, aggregated, pseudonymized, or anonymized, depending on the nature of the information, the remaining purpose, and the technical and legal feasibility of the applicable procedure.

14. Account Closure, Erasure, and Residual Retention

Where a user requests closure of the account, or where the account is closed by Pharoll under the applicable rules, personal data will no longer be processed for regular platform use, without prejudice to residual retention where necessary for:

compliance with legal or regulatory obligations;
invoicing, accounting, and proof of transactions;
prevention, detection, and investigation of fraud or abuse;
management of disputes, complaints, audits, or defense of rights; and
compliance with security, integrity, and service-continuity requirements.

The right to erasure will be assessed in accordance with applicable law and may be limited where there are legitimate or legal grounds for retention.

15. Security of Personal Data

Pharoll adopts appropriate technical and organizational measures to protect personal data against destruction, loss, alteration, disclosure, unauthorized access, or any other unlawful or accidental processing.

Those measures may include, among others:

access control;
segregation of permissions;
protection of credentials and sessions;
encryption or equivalent protection measures in transit and, where applicable, at rest;
monitoring and logging of relevant events;
abuse-detection and anomalous-activity mechanisms;
backups, redundancy, and continuity measures;
internal incident-response procedures; and
assessment and risk management of suppliers.

Pharoll also seeks to limit access to personal data to the persons and entities that need it to perform their functions.

16. Personal Data Breaches

In the event of a personal data breach that is likely to pose a risk to the rights and freedoms of data subjects, Pharoll will adopt reasonable and proportionate measures to contain, assess, and mitigate the incident.

Where legally required, Pharoll will notify the competent supervisory authority and, where applicable, communicate the breach to affected data subjects within the time limits and under the conditions provided by law.

17. Rights of Data Subjects

Under applicable law, and within the relevant legal conditions, the data subject may request:

access to their personal data;
rectification of inaccurate or incomplete data;
erasure of the data;
restriction of processing;
objection to processing;
data portability, where applicable;
withdrawal of consent where processing is based on that ground; and
the filing of a complaint with the competent supervisory authority.

Requests to exercise rights may be submitted through: [privacy email].

Pharoll may request additional reasonable information to confirm the requester’s identity before processing the request whenever necessary to protect personal data and avoid unauthorized access.

18. Portability and Export of Data

Where legally applicable, the data subject may request that personal data provided to Pharoll and processed by automated means on the basis of consent or contract performance be made available, exported, or transmitted.

This right does not necessarily cover all information existing on the platform and may exclude, among other things, derived data, inferred data, information subject to trade secrets, internal security records, fraud-prevention information, or data whose disclosure would affect the rights of third parties or compromise Pharoll’s legal obligations.

19. Minors

The Pharoll platform is not intended for minors for the purpose of using monetization features, compensated participation, or withdrawals, unless and to the extent that this is expressly permitted by specific rules applicable to a given jurisdiction and feature.

If Pharoll becomes aware of or has reasonable grounds to suspect that an account is being used in breach of applicable age rules, it may adopt appropriate measures, including limitation, suspension, enhanced review, request for additional proof, or account closure.

20. Communications and Marketing

Pharoll may send operational, contractual, technical, support, or security communications whenever such communications are necessary for the use of the platform or the management of the relationship with the user.

Marketing or promotional communications will only be sent where there is an appropriate lawful basis, namely consent where legally required, and with the possibility of objection or unsubscribe in accordance with applicable rules.

21. Changes to the Privacy Policy

Pharoll may update this Privacy Policy at any time, in particular to reflect legal, regulatory, technical, operational, or organizational changes.

The latest version will always be available through Pharoll’s digital channels. Where changes are materially relevant, Pharoll may adopt additional communication measures where appropriate or legally required.

22. Contacts and Complaints

For any question relating to this Privacy Policy or to the processing of personal data, the user may contact Pharoll through:

General email: [email]
Address: [address]