Data protection statement for Virtual Assistants
1. Data controller
KEHA Centre
PL 1000, 50101 Mikkeli
0295 020 000, kirjaamo.keha@ely-keskus.fi
2. Point of contact, Data Protection Officer
Please e-mail: tietosuoja.keha@ely-keskus.fi
3. Name of register
Virtual assistants of the KEHA Centre – Chatbots
4. Purpose of data processing and basis for processing
The purpose for recording conversations using a virtual assistant -chatbot is to ensure that customers who use the chatbot in services available via the website, are able to get correct answers and good quality service. The data collected via the chatbot is also used for improving the performance of the tool as well as the services provided. Therefore, chatbot may also use links to questionnaires where you can provide feedback to the organizations providing services. Chat conversations may also be used to train the customer service personnel.
The processing of data is based on the statutory duty of the data controller. Monitoring conversations and evaluating the functionality of the chatbot can be outsourced to third-party service providers who provide the technical tool and platform for using the chatbot.
5. Data content of register
Chatbots in use on Työmarkkinatori.fi, ELY-keskus.fi, and Work in Finland -websites
Data subjects are website visitors who use the automated customer service chatbot. The entire conversation between the customer and the automated chatbot will be recorded in the system. The service does not require identification, and the content of the answers is obtained from publicly accessible sources. Instructions on how to use the service are available for customers in the chatbot. Customers are not asked to provide any personal data, and they cannot handle their personal matters in the chat. If the user ignores the instructions and enters personal data into the chat (e.g. name, phone number or character sequences such as 123456-abcd, 123456, 01.01.1900), this data will automatically be deleted and it will not be entered in the register.
The Chatbot in use on KEHA Centre's service portal
Data subjects are service portal visitors who use the automated customer service chatbot. The entire conversation between the customer and the automated chatbot will be recorded in the system. The service requires identification when discussing the matter with a customer service representative and submitting a service request (own question). Instructions on how to use the service are available for customers in the chatbot. Customers are not asked to provide any personal data. If the user enters sensitive personal data, it is automatically detected and hidden from the conversation partner to protect privacy (e.g. name, phone number or character sequences such as 123456-abcd, 123456, 01.01.1900). The sensitive data is automatically deleted and it will not be entered in the register.
7. Personal data retention period
Chat conversations are erased periodically, at least every 180 days. The anonymization of personal data occurs once in an hour.
8. Regular sources of information
The information is obtained from the users themselves when they use the chatbot and write messages in it. For bots that use Suomi.fi authentication, the user's first names, last name, and personal identity code are also collected as data..
9. Regular disclosures of information and recipient categories
There are no regular disclosures.
10. Transfer of data outside of the EU or EEA
The data is not transferred outside the EU or EEA.
11. Principles for protecting the register
Personnel access to the electronic data content of the register has been protected with personal user IDs and passwords. Utilization of the data content of the register has been restricted to a limited group of users. The environment has been protected with appropriate firewalls and other technical safeguards.
The purpose of the above-mentioned measures is to secure the confidentiality, availability, and integrity of the personal data to be stored in the register, as well as the implementation of data subjects’ rights.
12. Automated decision-making
The information in the register is not utilized for decision-making entailing legal effects for the person.
13. Versions
This privacy policy was updated on October 2, 2024. The data controller follows the developments in legislation and will develop its operations constantly, and consequently, retains the right to update this privacy policy.