Gateway payment provider

Answer:

If the gateway payment providers are companies such as PayPal which process payments of your customers, they are independent controllers as they decide which information to ask and process from your customers to operate the payment. But we may have a different view on what a gateway provider is. If you refer to a company that only issued invoices on your behalf, then that company would be a processor.

2. You mentioned a controller to controller terms in place, could you provide us with a sample document of this sample?

Answer:

A controller to controller document can be found here https://advisera.com/eugdpracademy/documentation/controller-to-controller-data-processing-agreement/ and it is not part of the standard toolkit.

3. We need one in place as our Affiliate/Partners as we are likely being a processor to them. This is our scenario: Our company sells tic kets to customers using our own database. Our Affiliate/Partners has their own set of customer database. As we provide a commission to them for driving their customer's traffic to our website, we process their data by providing the tax invoice to their customers. Does this mean we have become their processors? Or is this independent controller? Please advise. If this is independent controller, please share us a draft document the control.

Answer:

Based on your description, both you and your Affiliates/Partners are acting as data controllers as they both use their own databases of customers and the fact that you are paying them to forward traffic to your website does not make you their processor. For any user/visitor data coming to your website, you are acting as a data controller.