← Legal centre

Record of Processing

This record fulfils Article 30(2) GDPR — the record a processor must keep of all categories of processing carried out on behalf of a controller.

1. Processor and contact

  • Processor: ABN Platform AB, [org. no.]
  • Data protection contact: legal@abnplatform.com
  • Representative: processing occurs inside the customer's own Node; no central processing facility exists.

2. Controllers

Each customer of ABN is a separate controller. ABN processes only on documented instructions per the DPA (see DPA_template_sv.md).

3. Processing activities — by connector

The Observer Layer is the only component that ingests customer data. Each processing activity below runs entirely inside the customer Node; no data is transmitted to ABN.

3.1 Fortnox connector — invoice data

  • Purpose: discover invoicing processes; detect billing deviations.
  • Categories of data subjects: customers, suppliers.
  • Categories of personal data: invoice number, amount, dates, document number. Direct identifiers (customer name, address, bank account, IBAN) are blocked by the Data Minimizer and never stored.
  • Recipients: none external — processing is local.
  • Transfers to third countries: none.
  • Retention: events retained per the customer's configured policy; see SLA.md / retention schedule.
  • Security measures: §6 below.

3.2 Quinyx connector — scheduling data

  • Purpose: detect staffing gaps before unfilled shifts.
  • Data subjects: employees.
  • Personal data: shift id, start/end time, position, status, department. Blocked always: employee name, e-mail, personal-identity number, salary, home address, phone.
  • Recipients / transfers / retention / security: as §3.1 / §6.

3.3 GPS connector — logistics data

  • Purpose: match deliveries and audit carrier distances.
  • Data subjects: drivers.
  • Personal data: trip id, route id, distance, duration, times. Blocked always: driver name, driver id, driver personal-identity number.
  • Recipients / transfers / retention / security: as §3.1 / §6.

4. Sub-processing activity — LLM reasoning (optional)

When the customer enables an external LLM, the No-Data LLM Gateway performs: PII scrubbing → tokenisation → abstraction → prompt build. Only tokenised/abstract data (event-type names, counts, statistics) reaches the model. No raw personal data is sent. The token→value reverse map never leaves the Node. With mode: no_data only the schema (field names + types) is sent.

5. Categories of recipients

Internal to the Node only. Generated reports are delivered to recipients the customer configures (e-mail / SharePoint / dashboard).

6. General description of security measures (Art. 32)

Local execution; data minimisation; SHA-256 pseudonymisation; No-Data LLM Gateway; Firecracker sandbox isolation; Go write-guard; mTLS with 24 h certificate rotation; encryption in transit and at rest; HMAC-signed cycle attestations; customer-owned audit tables (abn_activity_log, abn_llm_calls, abn_attestations).

7. Review

This record is reviewed at least annually and whenever a new connector or processing activity is added.