GDPR for ACE Knowledge
This is how ACE Knowledge complies to the EU General Data Protection Regulation act.
Also see GDPR for the administrator and GDPR relating to employees.
General
For an introduction to ACE Knowledge, see What is ACE Knowledge?
The service consist of a front end with various interfaces for your customers, and a back end admin portal. The person holding an account with admin privileges manages both user accounts, the knowledge base and various business rules associated with the service.
In general the service does not process personal data. The idea is that the information within the knowledge base is general and non-personal. However, your customers may potentially enter personal data in interaction with e.g. a chat bot.
- Customers
- Since the service does not primarily process personal data there are no means of execute the individual/data subject rights in terms of customers or citizens.
- Employees
- To execute the individual/data subject rights in terms of your users you access the admin portal of the service where you can list users, remove users or change information regarding users.
Technical
Due to the nature of the service being self-learning and the process of questions asked, all requests with the service is saved in log files.
These log files
- keep IP-addresses of the requests,
- are purely for troubleshooting,
- are not accessible by any customer or external party,
- are automatically deleted after 29 days. This is a system global setting, which can not be changed by you.
Data cleaning algorithm
The self-learning algorithm is complex.
- As a first step of the self-learning algorithm there is a data cleaning process, is evolving all the time. This cleaning process removes names (proper names such as name of cities, name of countries, first names, last names and address info), phone numbers, social security numbers, organisational numbers, postal codes, PIN and more.
- As a second step of the self-learning algorithm text/content from user input is divided or cut up in pieces, lemmatised, synonyms are expanded, removing words without a meaning. The process is removing the context of the text. After this there is no context or personal data left.
Security
- You can restrict the access to the service by setting up an IP range defining the IP numbers allowed to access the service. You are able to activate this feature yourself.
- In order to increase the security in terms of login to the admin part of the service, you can both login by user name and password in combination with IP-range.
- You are responsible for managing which users, like editors, having access to the admin of the service, for example when your employees no longer works for you.