Privacy & compliance
Data controller
Under GDPR, the entity that determines the purposes and means of processing personal data — one of the two primary GDPR roles alongside the processor.
GDPR defines two primary actors around personal data: the data controller and the data processor. The controller is the entity that determines why and how personal data is processed. The processor acts on behalf of the controller, following the controller's instructions.
LearnCoin's role depends on the flow. For tenants (universities, employers, training platforms), the tenant is the controller — they decide to issue a credential, for what purpose, to which recipient. LearnCoin is the processor, carrying out the signing, anchoring, and storage the tenant instructs.
For recipients who claim credentials directly via a magic-link or interact with LearnCoin outside a tenant relationship, LearnCoin is the controller for that narrower relationship. The controller/processor line shifts based on who initiated the processing — this is standard GDPR architecture.
The distinction matters for erasure requests, DPA filings, and cross-border data-transfer contracts. LearnCoin's tenant contracts spell out both roles explicitly.
Related terms