iOSXpert and GDPR

What is GDPR?

The EU General Data Protection Regulation (GDPR) was introduced to harmonize the methods of data regulation in all EU member states. This regulation protects the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. The GDPR came into force on 25 May 2018.

How does the GDPR affect you?

How the General Data Protection Basic Regulation (GDPR) affects your company depends on how you handle personal data. Personal data as defined by the GDPR is any information relating to an identified or identifiable natural person (a “data subject”), including by reference to an association such as name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The GDPR divides these roles into two groups:

Principal/responsible party
This includes companies that provide goods and services to/from the EU and defines why and how (the “purposes and means”) personal data is collected and processed. If you use Daylite and have EU customers, you are probably a customer/responsible under the GDPR.

Contractor/contractor processor
This includes companies that process data on behalf of their clients.

iOSXpert and Marketcircle (the manufacturer of Daylite and operator of the Daylite Cloud Service) are recognized as data processors. iOSXpert and Marketcircle understand their obligations under the GDPR both as a responsible party and as data processors on your behalf.

iOSXpert’s obligations as responsible party and processor on your behalf

Access right

You can request information about your personal data stored with us. We will need to verify your identity before providing you with the personal information we hold about you. Once this has been done, we will reply within the time limits established in the GDPR. There will be no costs for such information unless you require copies of data records. We may not be able to grant you access to your personal data if the information cannot be separated from the personal data of others, cannot be disclosed for reasons of security or business secrecy, or is protected by attorney privilege. If we are unable to provide you with access to your personal information, we will inform you of the reasons why access is denied, unless we are prohibited by law from doing so.

You may request us to update and change your personal information. We will make every effort to correct or update any personal information you provide us. Where appropriate, the amended information will be disclosed to third parties who have access to that information.

Please contact us if you wish to exercise your right of access to your data. The data will be sent to you in a machine-readable format.


Right to cancellation / Right to be forgotten

You can demand that we delete your data at any time. We must verify your identity before we delete the personal data we have stored about you. As soon as this verification is complete, we will delete your personal data and database entries from our servers unless there is a legal or official obligation to keep your data for a longer period of time. Your data cannot be restored once it has been removed from our servers.

Please contact us if you wish to exercise your right to delete.

Use of Daylite Cloud

The Daylite Cloud is operated by Marketcircle in Canada. Canada is considered a safe third country within the meaning of GDPR. If you need a DPA (data processing addendum) for Daylite Cloud usage, you can request it here from Marketcircle. The Privacy Officer of Marketcircle will then send you a ready-made DPA.

Right to data transferability when using the Daylite Cloud

You may receive and transmit your personal information for your own purposes across various services. You can easily and securely move, copy, or transfer personal information. Please read our HelpCenter article to find out how to exercise your right to data transfer:

How to export all my Daylite Cloud information.

Do you need a data processing addendum to work with iOSXpert?

If you need a DPA (data processing addendum), please download this file. Please fill out and sign the form and send it to As soon as we have received the contract, we will send it back to you, countersigned by us.

Usually, you only need a contract from us if you send us personal data about your customers. This may be necessary for support, consulting, or contract development situations.

Support in the use of Daylite for compliance with GDPR guidelines

If your company collects data on individuals and companies in the EU, you are probably a processor and must comply with the GDPR.

For Daylite customers who already have installed the PluginCenter, we offer two new features for free. You can delete saved customer data with one click (right to be forgotten).  You also have the data export function available, with which you can meet the obligation to provide information to your customers. The customer data can then be exported in a machine-readable format. Please also read our HelpCenter articles:

How do I install the iOSXpert PluginCenter?

The information on this page has been conscientiously researched and checked by our data protection officer. However, this information does not replace legal advice and is without guarantee.