Data subjects

Under the GDPR, a data subject is the identified or identifiable natural person that personal data is about. The data subject is any individual, whether that person is functioning as an individual consumer or in an employee role, or is interacting for business-to-business commercial purposes.

Data subjects are the individuals who are considered the owners of personal data and who are given specific rights under the GDPR related to their personal data.

In terms of your IR website, site visitors and your shareholders represent the majority of your data subjects.

Data controllers

You, as the owner of your IR website, are the data controller for personal data collected from your IR data subjects.

Data controllers are the natural or legal persons or organizations that determine the purposes and means of the processing of personal data, and as a result, data controllers have the most complicated GDPR compliance requirements.

A data controller is responsible for deciding how they collect, transmit, store, and use data subjects’ personal data even in situations where the data controller relies on data processors to handle those activities. In such cases, the data controller must provide clear and complete instructions for the work the data processor is to perform.

The data controller is ultimately responsible to the individual data subject whose data was collected and used.

Although data subjects may only be individual natural persons, a data controller may be a natural person but is more commonly an organization (whether business, government, or other type of organization).

Data processors

Data processors are the natural persons or legal entities that provide services to data controllers related to personal data processing.

Data controllers may process data for themselves instead of, or in addition to using, external data processors; however, doing so does not make the data controller also a data processor. Data processors are those whose core business activities include such data processing provided as a service to data controllers.

Like data controllers, data processors may be natural persons or legal entities, but they are most commonly outside service provider organizations.

In terms of your IR website, Equisolve would be a data processor working on your instructions for various types of processing necessary to fulfill your purposes for the website.