A “Data Controller” is the entity that determines the purposes (i.e., why) and means (i.e., how) of the data processing, whereas a “Data Processor” is the entity that acts on behalf and under the instructions of the Data Controller. Plume can act both as a Data Controller or a Data Processor depending on the case:
- Plume as a Data Processor: When we process Personal Data on behalf of our customers, such as ISPs, we act as a Data Processor. In these instances, the individual contracts with our customer (the Data Controller) and we process the Personal Data on their behalf. Depending on the case, the software and hardware may either be Plume-branded or customer-branded. When we process EU Personal Data on behalf of a customer, we ask customers to sign our GDPR-compliant Customer Data Processing Addendum to comply with Article 28 of the GDPR.