Skip to content
Rivadesk Rivadesk.
Start free

Legal

AI features and automated processing

This notice describes how Rivadesk uses artificial intelligence (AI) technologies and automated systems in providing the service, pursuant to Article 13 and, where applicable, Article 22 of Regulation (EU) 2016/679 («GDPR»). The processing described here supplements the Privacy Notice and Data Processing Agreement (DPA). This page is a draft subject to legal review; it does not constitute legal advice.

1. Features that use AI and when they are active

Rivadesk integrates the following AI-based or automated features:

• Automated widget responses: when the customer enables automatic replies, the system generates real-time responses to visitor messages using a large language model (LLM). The feature is active only if expressly configured by the customer.

• Operator Copilot (suggested draft replies): in the operator workspace, Rivadesk may suggest draft replies based on conversation context and the customer's knowledge base. Drafts are proposed to the operator, who reviews and sends them; they are never transmitted automatically to the visitor.

• Document and knowledge base processing: documents uploaded by the customer to the knowledge base may be summarised and vectorised to power semantic search and contextually relevant replies.

• Conversation classification: for organisational purposes, the system may automatically assign a title and sentiment label to conversations.

• Semantic search (RAG — Retrieval-Augmented Generation): visitor and operator queries are matched against the knowledge base via vector embeddings, enabling more contextually relevant responses.

2. Categories of data processed and purposes

Personal data processed by AI features include, depending on customer configuration:

• content of conversations between visitors and operators (message text);

• operator messages in the workspace (for Copilot);

• documents and knowledge base content uploaded by the customer, which may contain personal data entered by the customer;

• detected message language (to adapt tone and response language).

The purpose of such processing is to provide AI functionality within the contracted service. Data are not used for purposes unrelated to the service.

3. Nature of AI outputs and human review

Outputs generated by Rivadesk AI features are probabilistic in nature and may contain errors, inaccuracies or be incomplete. Rivadesk does not guarantee the accuracy, completeness or fitness of AI outputs for any specific purpose.

For all communications with visitors using Copilot, review and sending of the final message remain under the exclusive control of the human operator. For decisions producing significant effects for individuals — legal, economic or otherwise — human supervision and verification of AI outputs before acting is always recommended.

4. Automated decision-making (Art. 22 GDPR)

Rivadesk does not take solely automated decisions producing legal effects or similarly significant effects for natural persons under Article 22 GDPR. AI features generate suggestions and responses to support the human operator, who retains control and final responsibility in all cases. If features falling within the scope of Art. 22 are introduced in future, this notice and the Privacy Notice will be updated and appropriate safeguards provided.

5. AI suppliers, models and transfers

To provide AI features, Rivadesk uses APIs from third-party language and embedding model providers, acting as sub-processors under Art. 28 GDPR and the applicable DPA. The updated list of sub-processors is available at: —.

Data processed via these providers' APIs may be transferred to countries outside the European Union or the European Economic Area; such transfers take place in compliance with safeguards under Chapter V GDPR, in particular via Standard Contractual Clauses (SCCs) approved by the European Commission. For further details, see the Privacy Notice and DPA.

6. Use of data for model training

File system does not use customer or visitor personal data to train its own AI models. Contracts with AI API providers provide that data transmitted to provide the service are not used to train providers' models without a specific agreement. Each provider publishes its own updated data processing policies — we recommend consulting them directly on the provider's site or via the list available at —. For any questions about data use, write to allbrand.italia@gmail.com.

7. Mitigation measures and quality control

File system adopts the following measures to reduce risks connected with AI use:

• human supervision: for Copilot, the operator reviews and sends every message; conversations may be supervised by the operator at any time;

• system instructions (prompt engineering): instructions configured by the customer and File system limit the scope of AI responses to areas defined by the customer's knowledge base;

• monitoring and logs: AI outputs are logged for quality control, security and troubleshooting, in accordance with retention periods in the Privacy Notice;

• data minimisation: data transmitted to AI provider APIs are limited to what is strictly necessary for the requested function (data minimisation principle, Art. 5(1)(c) GDPR).

8. Additional documentation for enterprise customers

Enterprise customers requiring additional technical documentation on AI use — including information on specific providers, models used, security measures adopted and safeguards on transfers outside the EU/EEA — may request it by writing to allbrand.italia@gmail.com. Documentation is available under Art. 28(3)(h) GDPR and, where applicable, Art. 35 (data protection impact assessment, DPIA).

9. Contacts and changes

For any question relating to automated processing and the AI features described in this notice, write to: allbrand.italia@gmail.com.

This notice may be updated to reflect changes in AI features, providers or the applicable regulatory framework. Last updated: —.