The short answer is that we are both, as follows:
iSpaniel as a Data Controller
iSpaniel is the Data Controller for the purposes of our day to day back office functions, such as Sales, Marketing and HR. The types of personal data which iSpaniel 'controls' is, for example:
- Employee records
- Contact details
- Data required for payroll
- Customer contact details
- Prospect contact details
- Supplier contact details
These details may be held electronically, or in a physical form, such as on business cards.
iSpaniel does not perform any routine processing of this data, although we will use this data to occasionally contact the subjects for marketing, accounting and general communication purposes. iSpaniel does not hold any special category data or criminal conviction and offence data (as defined by Articles 9 and 10 of the GDPR), nor does it process the data in such a way that is likely to result in a risk to the rights and freedoms of individuals.
iSpaniel as a Data Processor
iSpaniel is the data processor for our customers data, which used by the iSpaniel web portal and mobile app and is required for the purpose of us providing our solution. This data is provided by the customer and is uploaded to the iSpaniel system, or is entered manually directly by our customers. Our customers remain the 'controllers' of this data, and while as processors iSpaniel take robust measures to ensure this data is secure and protected, our customers must take responsibility for how they use and manage this data in accordance with GDPR.