What is GDPR?
The General Data Protection Regulation (GDPR) was introduced to align all EU member state’ methods of data regulation. It will protect EU citizens from for organizations handling data irresponsibly. GDPR will come into force May 25, 2018.
How GDPR affects you
How the General Data Protection Regulation (“GDPR”) affects your business depends on how you interact with personal data. Under the GDPR, “personal data” means any information relating to an identified or identifiable natural person(a ‘data subject’), including by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
GDPR separates these roles into two groups:
These include businesses that provide goods, services, track or monitor EU residents and decide why and how (the “purposes and means”) personal data is collected and processed. If you are using Daylite and have EU customers, you are likely a data controller under the GDPR.
These include businesses that process data on behalf of data controllers.
iOSXpert and Marketcircle (the manufacturer of Daylite and operator of the Daylite Cloud Service) are recognized as data processors. iOSXpert and Marketcircle understand their obligations under the GDPR both as persons responsible and as data processors on your behalf.
iOSXpert’s Commitments as Data Controller and Data Processor
Right To Access
You may request access to your personal data which we may hold. We will need to verify your identity before providing you with the personal data we hold about you and once completed, we will respond within the time periods provided for as applicable under GDPR. There is no cost for such access request unless you require copies of records. We may not be able to provide you with access to your personal data if the information cannot be separated from the personal data of others, cannot be disclosed for reasons of security or commercial confidentiality, or is protected by legal privilege. If we cannot provide you with access to your personal data, we will advise you of the reasons access is being denied, unless we are prohibited by law from doing so.
You may ask us to update and change your personal data. We will endeavour to correct or update any personal data which you advise us is inaccurate or incomplete. Where appropriate, the amended information will be transmitted to third parties having access to such information.
Please contact us and begin the process to exercise your right to access. You will receive the data in a machine-readable format.
Right To Erasure
You may request that we terminate your account with us at any time. We will need to verify your identity before erasing the personal data that we hold about you and once completed, we will complete your request to delete your account and personal data. We will delete your personal data and database records from our servers, unless there is a legal or regulatory requirement for us to retain your data for a longer period. Your data cannot be recovered once it is removed from our servers.
Please contact us and begin the process to exercise your right to erasure.
Use of Daylite Cloud
The Daylite Cloud is operated by Marketcircle in Canada. Canada is considered a safe third country within the meaning of GDPR. If you need a DPA (data processing addendum) for Daylite Cloud use, you can request it here from Marketcircle. The Marketcircle Privacy Officer will then send you a pre-defined DPA.
Right to Portability
You may obtain and reuse your personal data for your own purposes across different services. You can move, copy or transfer personal data easily in a safe and secure way.
To learn how to exercise your right to portability, please check out How to export all my Daylite Cloud information.
Do you need an iOSXpert data processing addendum?
Helping you with your GDPR Compliance
If your business collects data about people and businesses in the EU, you are likely a data processor and you need to be compliant with GDPR. Check out below and read the support articles which outline general workflows and processes you may use as part of your GDPR strategy.
For our Daylite users who have already installed the PluginCenter, we offer two new functions free of charge. From now on you can delete personal data with one click (right to erasure). With the next update, which will be available shortly, the data access function will also be available to you, enabling you to fulfill your obligation to provide access to personal data of your customers. The customer data can then be exported in a machine-readable format. See also our HelpCenter articles: