A data subject is you, me, your customer, your lead or anyone else. Every identified or identifiable natural person to whom the personal data relates.
The controller is in charge of what happens to the data, he/she determines the purpose and the means of the processing of personal data. In your example as Teamleader Focus customer, you are the controller of all data that you entered in Teamleader Focus. It is up to you whether you use the data to send an email or it is your decision whether you use the added telephone number to call a customer. The same counts for us. We are also controller of your data as a customer of Teamleader Focus. You and all other customers are in our Teamleader Focus CRM and we decide whether we use your email address to send you some updates on our products or we choose to send an invoice to your account admin.
It is an entity that determines jointly with another controller the purposes and the means of data processing.
The other side is the processor, the processor only facilitates the data processing. He/She processes data on behalf and according to the instructions of the controller and maintains detailed records of the data. Again, in your example as Teamleader Focus customer, we are the processor of the data you enter in your Teamleader Focus CRM. We enable you to use the data. You store it in our program and we need to ensure the safety of the data. However, we have no influence and therefore also no responsibility of what data you enter in Teamleader Focus and also of what happens to the data, this responsibility lies in your hands.
Sub-processors are processors engaged by the processor. In our example case, our sub-processors are processors we work together with in order to be able to facilitate the storage of your data. In our very specific case, we use the servers of Amazon. It is our responsibility to ensure that the AWS servers follow the same GDPR principles. Therefore, we sign a DPA with Amazon. This ensures that Amazon follows the GDPR rules, so that we can provide a safe platform for you!
However, this only counts for sub-processors we choose to work together with. For other sub-processors you decide to work together with in connection with Teamleader Focus, such as Mailchimp for example, it is your responsibility to sign a DPA with them.
Businesses can be both data controllers and processors: every processor is also automatically a controller, but not every controller is a processor. Teamleader Focus, for example, is a processor for the data you enter in your Teamleader Focus account and a controller of the data, we collect of our own customers.