The GDPR makes a clear distinction between two roles:

  • The ‘data controller’: determines which personal data is processed and for which purposes the personal data is used (deciding);
  • The ‘data processor’: processes certain personal data on behalf of the data controller (facilitating).

A party’s responsibilities regarding personal data are different depending on its role.


It is possible for one party to act as a data controller in some cases and as a data processor in others. This is the case for Teamleader.

Customer as controller and Teamleader as processor

Customer as controller

When using our tool, you enter personal data (e.g. name, telephone number, email address, etc.) of  your company's or organization's customers, leads, business partners, etc. (“contacts”) into your account. You collect and use their personal data for your own purposes, e.g. to provide your services. That makes you the data controller.

Teamleader as processor

We facilitate the management of your contacts’ data through our tool. By entering their personal data into your account, you are sharing this data with us. Our job is to keep this data available and safe on your behalf. We are the data processor here.

As a processor, we engage a limited number of sub-processors. These parties can process some parts of the personal data, for which you are the controller, for specific purposes. You can see the full list of sub-processors in your account.

Teamleader as controller

We are a data controller when we decide to collect and use your personal data for our own commercial purposes. We mainly do this to provide and improve our services. 

Read our Privacy Statement to learn more about why we collect certain personal data about you, how long we store this data, which privacy rights you have, etc.  

As a data controller, we engage several service providers which we instruct to process your personal data on our behalf for various purposes, e.g. to send you our newsletter or to collect feedback from you. We have data processing agreements (DPAs) in place with all these data processors to ensure that they apply the same high standards of data protection as we do.

For more information, go to our GDPR page.