3rd, A controller or processor not founded while in the EU are going to be subject matter towards the GDPR if it processes the personal info of information subjects within the EU and that processing is related to the “monitoring” inside the EU on the “habits” of information subjects as https://bookmarklayer.com/story17685750/cyber-security-services-in-usa