Controller

Explanation:

The controller is the person who decides on the purposes and means of data processing (Art. 4 No. 7 GDPR). This may also be several persons jointly, who are then joint controllers within the meaning of Art. 26 GDPR.

Joint controllers must, in particular, enter into an agreement on joint responsibility in which they regulate who is responsible for which data protection obligations. Joint controllers are jointly and severally liable to data subjects under Art. 82(2) GDPR. This means that they are also liable to data subjects for violations committed by the other controller. The European Court of Justice interprets the concept of joint responsibility broadly; it is not necessary for the parties involved to make equal contributions to the processing.