General Questions
| No. | Question | Answer |
| 1. | How does VONQ use the AI of OpenAI in its feature SmartFill, exactly? |
The SmartFill feature is designed to assist with form completion by automatically filling in responses based on available data. For each field in the form, SmartFill retrieves relevant information from the hiring company’s Applicant Tracking System (ATS), such as Company and Job Data, to determine the most appropriate entry.
SmartFill uses OpenAI’s natural language processing to assist users in generating relevant content quickly by suggesting or auto-filling text based on input. Specifically, SmartFill might process keywords, job descriptions, or context to output suggestions that align with user needs.
When fields include drop-down options, SmartFill uses inference to choose the most suitable option based on the provided ATS data. Once the form is completed, the input data is discarded and not stored, ensuring that user data is only used for the immediate purpose of filling out the form. |
| 2. | What is the benefit of having a Smartfill function? | The implementation of OpenAI technology via Microsoft Azure provides VONQ with AI-based language generation capabilities, which can save users time in content creation without storing any user-specific data. This means that SmartFill operates as an assistive tool without altering or retaining user data post-interaction. |
| 3. | What kind of data does SmartFill process? | SmartFill processes only the information entered into the tool by users, such as keywords, job descriptions, or text prompts. |
Data Privacy/Legal Questions
| No. | Question | Answer |
| 1. | Is there a provision saying that VONQ uses AI from OpenAI? I have not seen this provision (yet?) | Currently, we do not have this in VONQ’s terms. However, we have added Microsoft Azure OpenAI to our list of sub-processors. The list can be found here on our website: link. |
| 2. | Is there a provision saying how AI learns from input? |
We utilise the "inference" capabilities of the Azure OpenAI model. Our AI Agent reviews the form data it needs to complete, and for each question, it references Company and Job Data from the hiring company’s ATS to accurately fill out the form.
This is not a “learning” system and does not retain any data. Instead, it assesses options in drop-down menus and selects the most suitable choice based on the information available in the ATS. |
| 3. | Is there any provision that says if any data, before being entered into the tool, is anonymized? |
The data used by SmartFill is not anonymized before being entered into the tool because it is directly required to complete form fields accurately. However, this data is not stored, nor used to train or improve the AI model.
The Azure OpenAI model processes the data temporarily to provide real-time responses, and it does not retain or share any information with the language model itself. This approach ensures that while the AI can infer the correct values for form fields, no user data is stored or reused in future interactions. |
| 4. | Is there a statement of VONQ on how VONQ sees its role in relation to the use of AI systems, according to the AI-Regulation of the EU (“Regulation”) https://artificialintelligenceact.eu)? |
VONQ has chosen to utilize Microsoft Azure OpenAI as the underlying infrastructure for its SmartFill feature because Azure’s OpenAI services are designed to comply with the EU AI Regulation.
This regulation emphasizes ethical and transparent use of AI technologies, and VONQ aligns with these principles by ensuring that its AI implementation meets the regulatory standards required in the European Union. |
| 5. | Can VONQ provide a statement on what role(s) they think they have as per the Regulation when bringing SmartFill, with its embedded AI, to market? |
VONQ acts as a data processor, using AI-based solutions through approved sub-processors to deliver core features of the SmartFill product. In this case, VONQ leverages Microsoft Azure’s "inference" capabilities to help users quickly and accurately complete complex forms.
This arrangement aligns with the EU AI Regulation, as VONQ’s role is to ensure that the SmartFill feature operates in a compliant, ethical manner that protects user data. Additionally, Microsoft Azure’s platform offers robust translation and language capabilities, further enhancing VONQ’s ability to meet customer needs within regulatory guidelines. |
| 6. | Who is responsible if SmartFill generates content that I find unsatisfactory? | VONQ provides SmartFill as an assistive tool to streamline content creation. Users maintain responsibility for the final content they produce, and SmartFill’s outputs are intended as suggestions rather than finished content. We recommend users review, adapt, and approve all AI-generated suggestions. |
| 7. | What is VONQ’s stance on responsible AI use? | VONQ is committed to using AI responsibly by adhering to ethical guidelines, protecting user privacy, and ensuring compliance with relevant laws and regulations, including the EU AI Act. We aim to enhance user experience with SmartFill while upholding transparency, accountability, and data security. |
| 8. | What happens to my data after I use SmartFill? | After your session in SmartFill is completed, any data you entered is no longer accessible and is not retained by OpenAI or VONQ. Each session is independent, with no lasting data retention to ensure user privacy and compliance with data minimization principles. |
| 9. | Does VONQ share my data with OpenAI for purposes outside of SmartFill? | No, data provided in SmartFill is not shared with OpenAI beyond what is necessary for generating suggestions during your session. The data is transiently processed for real-time assistance and is not used by OpenAI for any other purpose outside of this session-based service. |
| 10. | Is my information shared with third parties when using Smartfill? | SmartFill operates through Microsoft Azure’s OpenAI, which adheres to strict data privacy regulations, including GDPR. Your data is processed in compliance with these standards and is not shared for any purposes beyond generating content suggestions. |
VONQ SMARTFILL’S AI ACT & GDPR COMPLIANCE
This section is important to answer customer’s questions regarding our effort to comply with the obligation set by GDPR and AI Act. Also answers the questions of the role VONQ has (processor/controller/deployer/developer) and the risk category that we’re in (high risk/low risk).
VONQ’s Role in implementing Smartfill
Disclaimer: VONQ is a subject to both regulations.
| No. | Question | GDPR | AI Act |
| 1. | What role does VONQ have in having Smartfill as one of its functions? |
VONQ acts as a data controller if it determines the purpose and means of processing personal data, such as candidate information processed by Smartfill.
If VONQ only processes data on behalf of another company, it is considered a data processor. VONQ must ensure GDPR compliance for any personal data processed through Smartfill, even if it’s managed by third-party tools. |
VONQ is a provider of AI systems, deploying Smartfill in a professional capacity to optimise recruitment processes.
Microsoft Azure OpenAI is the provider (developer) of the AI model integrated into Smartfill, responsible for its functionality and maintenance. |
Smartfill’s risk category
| No. | Question | GDPR | AI Act |
| 1. | What risk category is Smartfill inside these regulations? | GDPR does not explicitly categorize risk, but Smartfill may be considered low to moderate risk if it processes personal data without directly affecting individual rights significantly. | Low-risk category. Smartfill does not meet the AI Act’s high-risk criteria as it does not directly affect essential rights or services, such as healthcare, financial services, or law enforcement. |
| 2. | What is the reasoning behind the risk category? | Under GDPR, Smartfill’s risk depends on the type of personal data processed, the processing purpose, and the impact on data subjects. Since Smartfill is used for recruitment optimization and not decision-making about candidates, the risk may be moderate. | AI systems are considered high-risk if they significantly affect individuals' rights or access to essential services. Since Smartfill only optimizes job postings, it is classified as low-risk under the AI Act. |
Obligations of VONQ under the AI Act in relation to Smartfill
| No. | Obligation | Implementation |
| 1. | Transparency obligation | VONQ must provide clear information about Smartfill’s AI capabilities to its clients (companies using Smartfill for recruitment) and users. This includes documentation on how the AI model works, its intended purposes, and any potential limitations or biases. |
| 2. | Human oversight | VONQ should ensure human oversight over Smartfill’s recommendations. For instance, recruiters or hiring managers should be able to adjust or override AI-generated recommendations based on their judgment, providing a safeguard against potential biases in AI-driven suggestions. |
| 3. | Record-keeping and documentation | VONQ needs to document how Smartfill’s AI model operates and the data it processes. This includes documenting the types of data processed, processing purposes, and compliance measures in place. Such records may be required to demonstrate compliance with the AI Act. |
Obligations of VONQ under the GDPR in relation to Smartfill
| No. | Obligation | Implementation |
| 1. | Transparency obligation | VONQ should provide clear information to candidates and clients about how personal data is processed by Smartfill. This can be implemented by updating privacy policies to explain Smartfill’s data usage and by adding consent notices where necessary. |
| 2. | Create DPA | These agreements typically outline VONQ's responsibilities regarding data security, incident management, and support in responding to data subject requests. VONQ must also disclose any sub-processors (third-party platforms used by Smartfill) involved in data processing and ensure they comply with GDPR standards. |
| 3. | Data Minimization and Retention Policy | VONQ must implement data minimization principles in Smartfill to ensure that only necessary personal data is processed. Additionally, it should establish a data retention policy to regularly review and delete or anonymize data that is no longer necessary for recruitment optimization. |
MICROSOFT AZURE OPEN AI’S COMPLIANCE
This is not a VONQ obligation - this section is only relevant to answer customer’s question regarding our subprocessor: Microsoft Azure’s compliance to the GDPR and AI Act.
Microsoft Azure OpenAI’s (as VONQ’s sub-processor) compliance with the AI Act and GDPR
Microsoft Azure, as the provider of the AI model within Smartfill, has distinct obligations under GDPR and the AI Act due to its role as both a data processor (processing data on behalf of VONQ) and an AI developer/provider.
GDPR Obligations of Microsoft Azure
| No. | Obligation | Implementation |
| 1. | Data Processing Agreement (DPA) | Microsoft Azure must have a Data Processing Agreement (DPA) with VONQ. This DPA should outline Microsoft’s commitments to secure personal data, respond to data subject rights requests, and only process data based on VONQ’s instructions. |
| 2. | Data Security Measures | Microsoft is responsible for implementing robust security measures (e.g., encryption, access controls, and regular security audits) to protect personal data processed within Smartfill from unauthorized access, breaches, or misuse. |
| 3. | Compliance with Data Transfer Rules | If Microsoft Azure transfers data outside the EU/EEA, it must ensure compliance with GDPR’s data transfer rules by using Standard Contractual Clauses (SCCs) or verifying adequacy decisions for data transfer to non-EU countries. |
| 4. | Support for Data Subject Rights | Microsoft Azure must support VONQ in fulfilling data subject rights requests (e.g., access, deletion, and correction requests). This includes providing mechanisms for VONQ to retrieve, delete, or anonymize data on request. |
AI Act Obligations for Microsoft Azure
| No. | Obligation | Implementation |
| 1. | Transparency and Explainability | Microsoft Azure must ensure that the AI technology provided to VONQ includes adequate documentation and information on how the AI model works, including its intended use, limitations, and potential biases, to support VONQ’s transparency obligations. |
| 2. |
As a provider of an AI system, Microsoft Azure should conduct risk assessments to identify potential risks, including bias or inaccuracy, and put in place mitigation measures to reduce any negative impacts on end-users.
|
|
| 3. | Record-Keeping and Documentation | Microsoft must maintain comprehensive records on the AI system’s design, data sources, and testing processes, which can be provided to regulatory authorities if needed for compliance or in case of audits. |
| 4. | Human Oversight | Microsoft Azure should ensure that the AI system design allows for human oversight by providing options for VONQ to configure or override AI recommendations where necessary, helping VONQ meet its obligations under the AI Act. |