AI Security Policy
Introduction
This AI Security Policy (“Policy”) sets out the core principles governing the adoption, integration, and use of Artificial Intelligence (“AI”) within SeamlessHR, as well as in the delivery of its services. The Policy is designed to ensure the secure, responsible, and transparent deployment of AI technologies across SeamlessHR’s products, services, and internal operations. It aims to protect User privacy, uphold Data security, and foster trust and confidence among stakeholders.
Scope of Application
This Policy applies to SeamlessHR, its employees, and all third-party service providers involved in the development, deployment, implementation, or use of AI technologies on behalf of SeamlessHR, or in the course of providing services to SeamlessHR’s Users. It governs all AI-related activities carried out within SeamlessHR’s operations, ensuring that such activities align with the SeamlessHR’s standards for security, accountability, and responsible AI use.
1. Definitions
a. “Data” means information including Personal Data provided to SeamlessHR for the provision of services to the User, or information inputted, or uploaded by the User to solutions or software provided by SeamlessHR.
b. “Data Subject” means an individual to whom Personal Data relates.
c. “Personal Data” means any information relating to an individual, who can be identified or is identifiable, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, cultural, social, or economic identity of that individual.
d. “SeamlessAI” means any feature(s) or functionality made available by SeamlessHR that utilises artificial intelligence.
e. “User”: Means a subscriber or user of any of SeamlessHR’s software solutions.
2. AI Adoption Impact Assessment
2.1. Prior to the development or integration of any AI solution into SeamlessHR’s products or services, SeamlessHR shall conduct a comprehensive AI adoption impact assessment. This AI adoption impact assessment will evaluate the intended use of the AI solution, associated security risks, and potential impacts on users, SeamlessHR’s products, and overall service delivery. The objective shall be to ensure the secure, ethical, and sustainable adoption of AI technologies and to identify any necessary modifications before deployment.
2.2. The AI Adoption Impact Assessment will be a collaborative and multidisciplinary process, involving input from relevant internal stakeholders, including the Information Security, Engineering, Product and Design, and Legal teams. This ensures a well-rounded evaluation of technical, operational, and regulatory considerations.
3. Human Oversight and Decision Support
AI solutions and systems deployed should be designed to support and enhance the quality, consistency, and efficiency of decision-making processes, without replacing human judgement. Human judgment shall remain central to all critical decisions, particularly in sensitive areas such as recruitment, performance evaluation, and employee development.
4. Bias Mitigation and Ethical Design
4.1. AI systems developed or deployed by SeamlessHR will be designed to respect human rights, dignity, and diversity. The product development process shall intentionally incorporate features and safeguards that prevent discriminatory processing and ensure that AI outputs are free from bias and harmful language.
4.2. To support this commitment, SeamlessHR shall conduct periodic reviews of training datasets and data sources to identify and eliminate any embedded bias.
4.3. SeamlessHR shall maintain inclusive, multidisciplinary teams with diverse backgrounds to guide the development, testing, and continuous improvement of AI systems, thereby fostering fairness, representativeness, and ethical design.
5. Data Processing, Privacy& User Control
5.1. To enhance the reliability of AI processing, Users are expected to provide Data that is accurate, relevant, and up to date.
5.2. AI systems and solutions developed or deployed by SeamlessHR shall be guided by the principles of Privacy by Design. This includes the implementation of data minimization practices and, where applicable, data anonymization measures to reduce privacy risks.
5.3. The processing, storage, and transmission of Users’ Data by AI solutions shall be carried out in strict compliance with SeamlessHR’s Privacy Policy, Information Security Policy, Data Retention Policy, confidentiality obligations, and provisions of applicable laws. For third-party AI systems, equivalent standards shall, as a minimum, apply.
5.4. All data processing activities shall respect the rights of Data Subjects as enshrined in the Data Protection Act 2023, and Users shall retain full control over their data processing choices at all times.
5.5. In the unlikely event of a data breach involving an AI system, SeamlessHR shall initiate a prompt and effective response in accordance with its Data Privacy Policy to mitigate the breach and protect affected Users.
6. Transparency and Accountability
6.1. To promote transparency and accountability, SeamlessHR shall clearly disclose the use of AI solutions within its products and services. Users shall be provided with the opportunity to give informed consent or opt out of AI-driven features.
6.2. SeamlessHR shall also ensure that Users are provided clear, meaningful, and comprehensible explanations of how AI-generated outcomes are derived, enabling Users to make informed decisions regarding their use of such features.
7. Integration of Third-Party AI tools
7.1. Where SeamlessHR seeks to integrate third-party AI solutions into its products or services, the following minimum standards shall be observed prior to deployment:
a. The third party’s AI solution terms of use and privacy policies shall be thoroughly reviewed to ensure that they provide, at a minimum, the same level of data protection and information security as required under SeamlessHR’s internal policies.
b. The third-party AI solution must comply with applicable laws and conform to industry best practices.
c. An AI Adoption Impact Assessment shall be conducted to evaluate potential risks and ensure alignment with SeamlessHR’s operational, legal, and ethical standards.
d. No third-party AI solution shall be integrated without official sign-off by the Chief Technology Officer (CTO).
7.2. SeamlessHR shall provide Users with clear disclaimers outlining the terms under which Users’ Data will be processed by third-party AI solutions. In addition, the applicable terms of use, including privacy policies, shall be made easily accessible through appropriate links, enabling Users to review them and make informed decisions.
8. Use of AI Tools by Employees
8.1. The use of third-party AI tools by employees in the performance of their duties shall be governed by the provisions of this Policy.
8.2. SeamlessHR shall maintain and communicate to employees an approved list of permitted AI tools. Employees are prohibited from using unapproved or unsanctioned AI tools in the discharge of their responsibilities to SeamlessHR.
8.3. Employees shall not input confidential, proprietary, or Personal Data of Users into third-party AI systems, nor shall they download or install such systems on work devices where doing so may expose sensitive information to security risks. Where the use of third-party AI tools is necessary and approved, appropriate anonymization techniques must be applied to safeguard User Data.
8.4. Any employee who suspects a data breach resulting from the use of third-party AI tools, or from a co-worker’s use of such systems, must report the incident immediately in accordance with SeamlessHR’s established data breach reporting procedures.
9. User Communication
SeamlessHR shall ensure that its products and services include clear and accessible prompts to promote responsible engagement of Users with AI features and provide some level of assurance to Users.
These prompts shall:
a. Reaffirm SeamlessHR’s ongoing commitment to compliance with this AI Security Policy, including adherence to applicable data protection, transparency, and ethical design standards and applicable laws;
b. Encourage Users to provide accurate, relevant, and up-to-date Data to enhance the reliability and effectiveness of AI-driven outputs;
c. Clearly communicate disclaimers regarding the inherent limitations of AI systems, including the possibility of occasional inaccuracies or “hallucinations,” and emphasize the importance of human judgment, particularly in sensitive decision-making areas such as recruitment and performance evaluation.
10. Legal and Regulatory Compliance
10.1. SeamlessHR shall ensure that the development, integration, and deployment of all AI systems and solutions fully comply with applicable laws, regulations, and relevant data protection legislation. All activities shall also align with industry best practices and ethical standards.
10.2. In instances where third-party AI solutions are utilized, SeamlessHR shall ensure that their deployment and use are consistent with the terms of the applicable licensing agreements and other third-party obligations.
10.3. SeamlessHR shall take all necessary measures to ensure that the development, integration, or use of AI systems does not infringe upon the intellectual property rights of any third party.
11. Monitoring and Continuous Improvement
SeamlessHR is committed to the ongoing monitoring, evaluation, and continuous improvement of its AI systems and solutions to ensure their effectiveness and alignment with applicable legal, ethical, and operational standards. This commitment shall be upheld through the following measures:
a. Regular training and capacity-building programmes for personnel directly involved in the development, deployment, and oversight of AI systems, focusing on evolving industry best practices, emerging technologies, and relevant regulatory developments;
b. Periodic training for all employees on the responsible and compliant use of AI tools in the course of performing their duties, with emphasis on data protection, confidentiality, and ethical use;
c. Periodic audits and performance assessments of deployed AI systems to evaluate functionality, identify potential risks, and implement mitigation strategies in a timely and efficient manner; and
d. Deployment of secure and reliable systems for ongoing compliance monitoring, including mechanisms for tracking adherence to this Policy and applicable regulatory requirements.
12. Policy Review
SeamlessHR shall periodically review this Policy at intervals deemed necessary to reflect regulatory development, incorporate User feedback, implement corrective actions arising from periodic audits, and align with advancements in technology and industry best practices.