GDPR Compliance

Last updated: April 2026

Peoplifi is committed to GDPR compliance for our EU and UK customers. This page explains how we handle personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and the UK GDPR.

1. What data we collect

We collect and process the following categories of personal data:

▸

Account data: Name, email address, company name, and password hash for account holders and administrators.

▸

Employee records: Employee names, CNIC/ID numbers, salary information, and employment history — as entered by the customer (data controller).

▸

Attendance data: Clock-in and clock-out timestamps, device identifiers, and location data (if geo-fencing is enabled).

▸

Payroll data: Salary, allowances, deductions, tax calculations, and bank account details for payroll disbursement.

▸

Usage data: Pages visited, features used, session duration, and browser/device information for analytics and support.

2. How we use your data

We process personal data under the following lawful bases:

Contract performance: To deliver the Peoplifi service to you, including payroll processing, attendance tracking, and leave management.
Legitimate interests: To improve our product, prevent fraud, ensure platform security, and provide customer support.
Legal obligation: To comply with applicable laws, including tax and employment regulations in the jurisdictions where we operate.
Consent: For marketing communications and optional analytics. You can withdraw consent at any time.

3. Data retention

We retain personal data only as long as necessary for the purposes it was collected or as required by law. Specifically:

Account data is retained for the duration of the subscription plus 90 days after cancellation.
Payroll and employee records may be retained for up to 7 years for tax and audit compliance.
Usage analytics data is retained for up to 2 years in aggregated form.
You may request early deletion subject to our legal obligations.

4. Your rights under GDPR

As a data subject, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Erasure

Request deletion of your personal data ('right to be forgotten').

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

To exercise any of these rights, email our DPO at contact@peoplifi.com. We will respond within 30 days.

5. Data Processor Agreements

Peoplifi acts as a data processor when processing employee data on behalf of our customers (who are the data controllers). We offer a Data Processing Agreement (DPA) for customers subject to GDPR. Our DPA covers:

Scope and purpose of data processing
Sub-processor list and obligations
Security measures and breach notification procedures
Cross-border data transfer mechanisms (Standard Contractual Clauses)

To request a DPA, contact us at contact@peoplifi.com.

6. Contact our Data Protection Officer

For all GDPR-related queries, data subject requests, or to report a concern about our data practices, contact our Data Protection Officer:

Email:contact@peoplifi.com

US office:225 Main St, South Bound Brook, NJ 08880, United States · +1 302-217-3058

Pakistan office:Lahore, Punjab, Pakistan · +92 310 5927681

If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or the relevant EU data protection authority in your country).