A data controller is the party that sets the purpose of processing and makes the key decisions about what data is collected, how it is used, how long it is kept, and which safeguards apply.
In practice, this is usually the company that owns the customer relationship or product workflow. A vendor acting only on the company's documented instructions is usually a processor instead.
For deeper examples, see: