Question about privacy notification

I want your help if you can help I will be a pleasure This is a detailed question  and it is not possible for me to find the answer by browsing the websites on the internet or I am not sure for to aplly them. I'm doing an internship right now. My question is: There are two companies A Company and B company A company uses B company's product/ service. B company has two websites: X website is a normal website - ever people can reach out it and a different interface is Y that is only for its users who log in with this page to use the service. For to log in and use the service , the two companies have to make a contract. Now,  B company has privacy policy on X website but does this privacy policy covers to Y interface ? or does the company has to put also on Y website privacy notification to login form? The functions of the visitor visiting a web page and the user are different. GDPR says inform everyone and get their consent, while it is possible to do this for visitors, what will be the method for users? Company A determines the people who will use the service of company B and it gives authorization. In this case, is company B obliged to separately inform the users authorized by company A? If yes,at where will it inform? Is it in the customer contract? Or will the privacy policy on the website suffice? I'm asking this because my manager is asking that there should be a notification on the page where user use their service log in? The source of this problem is: Even though companies have privacy policies on their websites, there is still a note on the collection and storage of information in the demo request form section. So, an information note is being considered again, is it necessary to apply this logic for the user as well? Sorry for taking so long to explain the question. I would be glad if you help.