This article answers frequently asked questions about Personio Assistant.
Tip:
For more information about data privacy and security at Personio, visit the Personio Trust Center.
General questions
What's the difference between Personio Assistant and Support AI?
Personio Assistant and Support AI are separate tools with different purposes.
Personio Assistant is the AI assistant you access through Assistant in the main navigation menu. It answers questions about your own HR data, for example, your vacation balance or absence history. Administrators can also use Personio Assistant for analytics and reporting across their organization's data. Personio Assistant cannot answer questions about how to use Personio features.
Support AI is the chat assistant on the Support page in Personio. It answers questions about how Personio works and connects Account Owners, Contract Owners, and Payroll Owners with the Support team. Support AI cannot access your HR data.
How does Personio Assistant work?
Personio Assistant uses machine learning and Large Language Models (LLMs) to understand queries in multiple languages, get access to the right data that you need to answer the question thoroughly, and then provide an answer, insight, and relevant graph.
What data is Personio Assistant accessing in Personio?
Personio Assistant only accesses data that is uploaded to Personio and used for reporting purposes. Personio Assistant also uses any information provided with the Input.
Is the use of Personio Assistant mandatory?
For the Beta release the use of Personio Assistant is optional. At a later stage, Personio Assistant may become mandatory as a feature of the Core Products Personio offers to customers.
What is the technical set-up of Personio Assistant?
Personio uses an LLM model for the processing of requests that customers send to Personio Assistant. The LLM model is hosted by Personio on its AWS Servers in the EU using AWS Bedrock.
Is Personio Assistant making decisions for me?
No, there is no AI-only decision making that happens. We provide insights and information only as an assisted tool for employees to make better decisions, but humans are the ones making all decisions.
Is Personio Assistant subject to the requirements of the EU AI Act?
Personio Assistant does not qualify as a high-risk system within the meaning of the EU AI Act. However, Personio Assistant is considered a Limited Risk AI Systems, which are AI applications like chatbots or content generation. The fact that Personio uses LLM to provide this feature does not change this assessment. Personio only fine-tunes the LLM Model, but does not build its own LLM to be used by Personio customers. Thus, Personio must comply with transparency requirements of the EU AI Act.
Data privacy and security
What is input data?
Input means questions or information which may include personal data as submitted by the customer to Personio Assistant for processing.
What is output data?
Output means any responses generated by Personio Assistant and presented back to the customer as a result of using Personio Assistant based on Input provided to Personio Assistant by the customer and which may or may not contain personal or business data or other questions asked to Personio Assistant as Input.
Does Personio Assistant comply with access requirements that are in force in Personio?
Yes. Personio Assistant enforces access requirements as set up in Personio. For this purpose Personio utilizes existing permissions management (ARM) that match existing services like analytics and reporting. Each API call only returns data that matches that specific user and companyId combination. In other words, an admin asking about headcount growth will see the full company whereas a manager will only see their team's hires/attrition and an employee with no permissions to analytics and reporting will not receive an answer.
Who owns the personal data and the output created by Personio Assistant?
Any Output generated by Personio Assistant and presented back to the customer as a result of using Personio Assistant based on Input provided to Personio Assistant by customer and which may or may not contain Data or other questions asked to Personio Assistant as Input is customer data.
Does Personio have a DPA (SCC) concluded with AWS for Bedrock?
The use of AWS Bedrock is already covered under the existing Standard Contractual Clauses concluded between Personio and AWS Sarl. The information for AWS Sarl as a sub-processor in Personio has been complemented to now also cover LLM Hosting / AWS Bedrock.
Why were customers not informed about this new sub-processor AWS Bedrock?
Clause 7.3 of our DPA requires Personio to inform customers about the removal or adding of a new sub-processor 14 days prior to the change. In the case of AWS Bedrock, it is an existing sub-processor so no notification under this provision was required. Personio only relies on a service that is already included by the service agreement concluded between AWS Sarl and Personio.
Is the data leaving the EU?
No. The LLM used by Personio Assistant is hosted by Personio in its own AWS servers using Bedrock. The same server location and hosting area applies as for AWS.
Does AWS Bedrock or the LLM Model store any personal data?
No. Personal data is not stored by either AWS Bedrock or the LLM Model. There is a zero storage policy in force with AWS Bedrock.
Is our personal data used for training?
No. Neither Input data or Output data produced by customers is used for training purpose by Personio or any other third party. Also Input data and and Output data is not shared with any other third party except for AWS Bedrock.
Does Personio store any data in relation to the use of Personio Assistant?
Yes. Personio stores Input and Output data for quality assurance and improvement of our services. This is not for training. Also, if customers do not want Personio to use their Input and Output data for quality assurance they can request an opt-out.
Are there specific data protection requirements?
No. The DPA concluded between customer and Personio remains fully applicable. Customer acts as controller and Personio as processor.
Who is responsible for the accuracy of output data?
Personio Assistant only accesses data that is provided by customers and uploaded to Personio. Thus, customers are solely responsible that the data Personio Assistant uses to produce Outputs is accurate. In any case, all Output shall be reviewed by users and customers.
Are there any risks or limitations in using Personio Assistant?
Artificial intelligence and machine learning technologies have known and unknown risks and limitations. The customers are solely responsible for (i) developing their own internal policies regarding the appropriate use of Personio Assistant technologies and training other users on their account on such policies, (ii) providing transparency and explainability notices and obtaining all necessary consents required by Applicable Laws and internal policies, and (iii) implementing sufficient human oversight for the use of Personio Assistant.