What if the chatbot comes from an external SaaS provider such as Intercom, Drift, or Zendesk?

You remain the controller. The provider supplies the tool; you configure it and operate it in customer-facing contexts. Demand a data processing agreement, document the security mechanisms against prompt injection (often published in the provider's trust centre), and check after every product update whether data processing has changed. If the provider does not make this transparent — switch providers. In a dispute, the authority will pursue you as the controller, not the SaaS provider.