Controller and processor roles
The platform operator will often act as controller for account, security, moderation, and marketplace operation data. Buyer and provider content may require clearer controller/processor analysis before launch.
Legal
This page summarizes the GDPR-oriented controls Pacthaven should support as a B2B service procurement platform.
Last updated: 17 May 2026
The platform operator will often act as controller for account, security, moderation, and marketplace operation data. Buyer and provider content may require clearer controller/processor analysis before launch.
Expected lawful bases may include contract performance, legitimate interests, legal obligations, and consent where optional processing is introduced. Each processing activity should be mapped before production.
Operational processes should support access, correction, deletion, restriction, objection, portability, and complaint handling where applicable.
Server-side authorization, protected file downloads, least-privilege admin access, audit logging, and careful notification content are core privacy and security controls.
Hosting, email, analytics, and storage vendors should be documented with transfer safeguards, subprocessors, and data processing agreements before production use.