G-P is both a data controller and a data processor.
G-P collects and uses the Professional’s human resources data during the course the employment relationship. With regard to that information, G-P is a data controller. In the context of the employment relationship with the Professionals, G-P is not a processor on behalf of the Customer. To the extent Customers also collect and use the Professional’s personal data for the Customer’s own purposes, Customers are also data controllers with independent privacy obligations. Therefore, the exchange / sharing of Professionals’ Personal data between G-P and the Customer is under an independent Controller-to-Controller relationship.
On the other hand, through our SaaS-based platform (“G-P Platform”), we help Customers to find, hire, onboard, pay, and manage team members, quickly and compliantly, to expand growth opportunities for everyone, everywhere – without the hassle of setting up local subsidiaries or branch offices. By providing Customers with access to G-P Platform, G-P is a data processor for any personal data uploaded to the G-P Platform by Customer concerning the authorized users of the G-P Platform appointed by the Customer. G-P processes the account related date belonging to such authorized users of the GP Platform.
Those relationships between Customer and G-P are addressed in G-P Data Protection Addendum incorporated in the Master Agreement executed between the parties.