Assistance with the Data Protection Impact Assessment (DPIA) under Art. 35 GDPR for the Use of the LoyJoy Platform

This document serves as a foundation for the customer (Data Controller under the GDPR) to conduct their own Data Protection Impact Assessment when implementing the LoyJoy platform. LoyJoy (Data Processor) provides transparent information regarding the technical architecture, data processing, and risk mitigation measures.

1. System Architecture and Hosting

Infrastructure: The core LoyJoy platform is hosted on the Google Cloud.

Server Location: Hosting takes place exclusively at locations within the European Union (EU). There is no transfer of core databases to unsecure third countries.

Data Security: All data is encrypted according to current industry standards, both during transmission (in transit) and storage (at rest). Further details can be found in our Technical and Organizational Measures (TOMs).

2. Use of Artificial Intelligence (LLMs) & Sub-processors

LoyJoy utilizes state-of-the-art AI models (including Microsoft Azure OpenAI, Mistral, Nebius) for intelligent dialogue management.

Contractual Exclusion of AI Training: This is a core component of our data protection strategy. It is strictly contractually prohibited to use the input data (prompts) of end users to further train or improve the underlying AI base models (e.g., from OpenAI).

Purpose Limitation: Data transmission to the AI interfaces occurs exclusively in real-time to generate the respective chat response (fulfillment of purpose).

3. Risk Mitigation for Open Text Inputs

When using chatbots with free-text fields, there is an inherent risk that users may provide sensitive data unprompted (e.g., health data under Art. 9 GDPR, bank details). LoyJoy primarily addresses this risk through organizational and conceptual measures:

Dialogue Design: The chatbot is designed to specifically request only the data necessary for the given process (principle of data minimization).

User Guidance: Customers are advised to place a short, highly visible notice in the chat UI or before starting the chat, instructing users not to enter sensitive personal data into the free-text field.

4. Data Lifecycle and Data Subject Rights (Art. 17 GDPR)

Standard Retention Periods: To comply with the principle of storage limitation (Art. 5(1)(e) GDPR), chat logs within LoyJoy are automatically deleted or fully anonymized after 30 days by default. Session data is also flexibly configurable (e.g., from 30 minutes up to 14 days).

Handling Deletion Requests: If an end user exercises their right to erasure (Art. 17 GDPR) before the end of this 30-day period, LoyJoy supports the customer in fulfilling this request. If personal data has been recorded in the database (e.g., during registration or lead capture), the email address serves as the unique identifier. Using this key, the corresponding user’s chat logs can be manually searched and specifically deleted in the backend.

5. Summary Risk Assessment

Thanks to EU-based, encrypted hosting, the strict exclusion of AI model training using user data, and very short, automated deletion periods (30 days), LoyJoy’s technical and organizational protective measures maintain a very high standard. When the platform is used as intended, the risk to the rights and freedoms of natural persons is significantly minimized.