A “Data Controller” is the entity that determines the purposes (i.e., why) and means (i.e., how) of the data processing, whereas a “Data Processor” is the entity that acts on behalf and under the instructions of the Data Controller. Plume can act both as a Data Controller or a Data Processor depending on the case:
- Plume as a Data Controller: When we offer products and services directly to individuals, we act as a Data Controller. This is the case, for example, when an individual orders the Plume Pods on our website after seeing an ad about Plume. This is also the case, for example, when the individual has been redirected to Plume’s website by another company, such as an Internet Service Provider (“ISP”) with whom we may have a contract. The processing of Personal Data we perform as a Data Controller is described in our Privacy Policy.
- Plume as a Data Processor: When we process Personal Data on behalf of our customers, such as ISPs, we act as a Data Processor. In these instances, the individual contracts with our customer (the Data Controller) and we process the Personal Data on their behalf. Depending on the case, the software and hardware may either be Plume-branded or customer-branded. When we process EU Personal Data on behalf of a customer, we ask customers to sign our GDPR-compliant Customer Data Processing Addendum to comply with Article 28 of the GDPR.