Guest user Created: Aug 10, 2021 Last commented: Aug 19, 2021

Question about joint controller

We have a mobile application that acts as a shopping mall - users register in our application (so we process their personal data), and we have various shops that offer their products and services through our application. Once a user wants to purchase a product/service, we process the payment through the payment processor, and forward the personal data of the user to this shop so that the shop can deliver the product/service directly to the user. So the question is: are we joint controllers with these shops according to GDPR?

0 0

Assign topic to the user

Select user

Expert

Alessandra Nisticò Aug 19, 2021

It depends on how you intend to structure the application and how data will be processed.

If you decide how data will be processed by the app you can be the data controller of data of users, while the shop will be the data controller of the users who purchased something on their shop for their own purposes (i.e., billing, shipping, marketing), then, you may be separate controllers (you of the app, seller of the single mall), instead, if data are connected and jointly determine how data will be processed then you will be joint controllers.

Here you can find more information on data controller:

EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

If you need how to implement EU GDPR, you may consider enrolling in our free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 10, 2021

Aug 19, 2021

Expert Advice Community