Re: Their Site
But if you look more closely, it looks like their lawyers are positioning themselves using GDPR article 82(3):
"A controller or processor shall be exempt from liability under paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage."
And in doing so, lay the grounds for a potential counter claim to their processors, if that falls through:
"... [controllers] shall be entitled to claim back from the other controllers or processors involved in the same processing that part of the compensation corresponding to their part of responsibility for the damage"