...
The GDPR distinguishes between a Data Controller (the legal entity that determines the purpose for which, and the manner in which, any personal data is collected) and a Data Processor (the legal entity responsible for the handling of personal data on behalf of the Data Controller). In cases where Dataloy Systems AS is hosting the systems, and/or provide support on the systems, we act as Data Processor.
...
We recommend you first contact the Data Controller (i.e. the merchant organization organisation to whom Dataloy Systems is providing the Dataloy Systems ServiceAS service).
You may request a full report on the personal information we hold for you by sending an e-mail to privacy@dataloy.com.
...