Skip to content
Netly
deen
Back to home

AI Transparency & Risk Assessment

Transparency documentation under the EU AI Act (Art. 11 and Art. 50) for limited-risk AI systems.

Last updated16.12.2025Deutsche Version

We publish this documentation voluntarily - so users, partners and investors can transparently understand how AI is used in Netly, what data is processed, and how we mitigate risks. This is an English translation provided for convenience; the German version is legally binding.

§ 1

Purpose of this document

This document serves the internal documentation of the AI systems used in Netly in accordance with the requirements of the EU AI Act (in particular Art. 11 and Art. 50) for limited-risk AI systems. It supports internal governance, compliance, audit readiness, and the response to investor, partner, or regulatory inquiries.

§ 2

Provider and responsibility

BauMaVas KG
Lützowgasse 8/4/29
1140 Vienna
Austria
office@netly-crm.com

Responsibility: The provider is the operator of the AI system within the meaning of the AI Act.

§ 3

Description of the AI system

Type of AI system:

  • Generative AI systems (Large Language Models) via external APIs
  • Supportive, not decision-making
  • No automated decisions with legal effect

Purpose of AI usage:

  • Analysis and structuring of data entered by the user
  • Generation of suggestions (task prioritization, contact maintenance)
  • Summarization of content (notes, appointments, contacts)
  • Support for personal organization

User role (human-in-the-loop):

  • The user always decides for themselves
  • AI results are non-binding
  • No automatic execution of suggestions without user action
§ 4

Models and providers in use

AI providers:

  • OpenAI (API-based)
  • Future models with comparable performance possible

Model changes and evolution:

  • Models can be switched or updated
  • Prompts and system logic are documented and adjusted in a controlled manner
§ 5

Processed data

Data sources:

  • Data actively entered by the user or consciously authorized
  • Contacts, calendar information, tasks, notes, free text

Sensitive data:

  • Processed only upon active use by the user
  • No automatic enrichment or profiling

Data transfer:

  • External AI servers (e.g. USA) are used
  • Transfer takes place on the basis of suitable safeguards (e.g. SCCs)
§ 6

Output of the AI system

  • Text suggestions, summaries, recommendations, structured information
  • Outputs are non-binding and do not replace professional, legal or personal decisions
§ 7

Risk analysis (AI Risk Assessment)

Identified risks:

  • Hallucinations or inaccuracies
  • Data protection risks with sensitive data
  • Over-reliance on AI results

Risk-mitigation measures:

  • User notices about the role of AI
  • No automated decisions
  • User control over all content
  • Transparency in privacy policy and terms
  • Restriction to supportive purposes
§ 8

Governance and control

  • Changes to AI functions are documented in a controlled manner
  • New use cases are assessed in advance
  • Documentation is continuously updated
§ 9

Final assessment

  • AI systems comply with the requirements of the EU AI Act for limited-risk AI
  • No classification as high-risk AI