Third, a controller or processor not founded while in the EU will be subject matter to the GDPR if it processes the private details of data subjects from the EU and that processing is connected with the “checking” inside the EU of your “behavior” of data subjects as their habits https://medium.com/@cybersecurityservice/