AI & Circular Economy

Unleash the Full Potential of Your Resources with AI-Driven Efficiency and Sustainability

AIFlow and Email Automation

The Circular Economy & AIFlow – The Digital Transformation

Customer Inquiry

Once a customer inquiry arrives via email, it is immediately captured and entered into the system by AIFlow.

Intelligent Automation

AIFlow automatically analyzes and categorizes incoming emails, eliminating time-consuming manual processes and improving efficiency.

Quick Processing

Emails are promptly processed, and relevant information is extracted to ensure quick and precise responses, enhancing customer satisfaction.

AIFlow as a Comprehensive Solution

With AIFlow, your workflows are optimized and efficiency is increased. The result: faster response times and higher customer satisfaction through improved communication.

Discover AIFlow

Boost your efficiency with AI. Less effort, more success. Get inspired in our demo.

Schedule AI Demo Now

Your Benefits from Using AIFlow

Efficiency Increase

AIFlow automates the processing and response of emails, leading to significant time savings and allowing you to focus on more important tasks.

Seamless Integration

AIFlow integrates seamlessly into existing systems, supporting the continuous optimization of workflows and thereby enhancing the overall efficiency of your business processes.

Successful DPIA (Data Protection Impact Assessment)

AIFlow ensures privacy-friendly processing of all information by adhering to the strict guidelines of the GDPR. This builds trust with your customers and secures your compliance.

Overcoming Skilled Labor Shortages

AIFlow optimizes email processing in the circular economy, automates time-consuming processes, and relieves your staff. Customer inquiries are answered faster and more efficiently without additional demands on business partners, facilitating communication and increasing satisfaction.

Improved Customer Friendliness

AIFlow automates email processing, relieves your staff, and answers inquiries faster. Without additional demands on business partners, it facilitates communication and increases satisfaction.

Faster Response Times

AIFlow enables immediate processing of incoming emails, drastically reducing response times. This improves service quality and strengthens customer relationships through faster, more reliable communication.


Azure OpenAI Services is a platform provided by Microsoft that gives developers access to advanced AI models and services, including those developed in collaboration with OpenAI. These services enable the creation of powerful AI applications, ranging from language understanding and text generation to semantic search functions. Azure OpenAI Services seamlessly integrates these AI capabilities into Azure’s cloud infrastructure, allowing developers to benefit from Azure’s scalability, security, and compliance standards. Regarding AIFlow, these services would be used to intelligently analyze emails, extract relevant information, and perform automated actions based on this data, making business processes more efficient and effective.

AIFlow integrates into business processes by analyzing emails through a configured endpoint in Business Central. It extracts key information such as the business partner’s name and location data from the communication and matches this with existing records. Specific requests, such as the selection of certain resources, are accurately handled by sending details from the email to Azure OpenAI. This process adapts to the customer’s individual settings to optimize data processing and customer interaction.

FAQ Data Protection Impact Assessment (DPIA)

The successful completion of the Data Protection Impact Assessment (DPIA) for AIFlow underscores our strong commitment to protecting user data and privacy.

This process demonstrates that we have thoroughly analyzed and assessed all potential data protection risks that could arise from the use of the product. Through the DPIA, we have implemented effective measures to minimize these risks and ensure the security of personal data. This highlights our dedication not only to comply with legal requirements but also to proactively apply the best possible data protection practices.

Completing the DPIA is a testament to our responsibility and commitment to continually strengthen the trust of our customers and partners.

A Data Protection Impact Assessment (DPIA) is a process designed to identify, evaluate, and minimize the risks associated with the processing of personal data.

This is particularly important when new technologies are being used or when a processing activity is likely to pose a high risk to the rights and freedoms of natural persons.

In essence, the DPIA is about precaution – it aims to minimize the risk of a data breach or data protection violation as comprehensively as possible before any such incident can occur.

When a Data Protection Impact Assessment (DPIA) must be carried out is regulated by Article 35(1) of the GDPR:

“Where a type of processing, in particular using new technologies, is likely to result in a high risk to the rights and freedoms of natural persons, taking into account the nature, scope, context and purposes of the processing, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.”

This means a DPIA is necessary if a type of data processing, especially when using new technologies, is likely to pose a high risk to the personal rights and freedoms of individuals.

In addition to the specific examples (Article 35(3) GDPR) where a DPIA must be carried out, supervisory authorities publish lists of processing operations for which a DPIA must be conducted (Article 35(4) GDPR). Therefore, the Data Protection Conference has issued a positive list that enumerates processing activities requiring a DPIA.

Moreover, there are the “Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is likely to result in a high risk” (also known as WP 248) confirmed by the European Data Protection Board. These guidelines define criteria that may require a DPIA – if two or more of these criteria are met, a DPIA is generally necessary.

Our product “AIFlow” meets two specific criteria outlined in the “Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is likely to result in a high risk according to Regulation 2016/679 (GDPR)” by the European Data Protection Board. Specifically, “AIFlow” meets the criteria for “large-scale data processing” and the “innovative use or application of new technological or organizational solutions.”

According to these guidelines, a DPIA is required if at least two of the established criteria are met. Therefore, it is necessary for the use of our product “AI Flow” that a comprehensive Data Protection Impact Assessment is conducted by the data controller.

Since you, as the user of our product “AIFlow,” are the data controller for the processing of personal data and tegos GmbH acts as a data processor for you, it is your responsibility to conduct the DPIA. The tegos GmbH will support you with this FAQ and throughout the entire process.

The data controller is responsible for conducting the Data Protection Impact Assessment (DPIA). In doing so, they must seek the advice of the company’s Data Protection Officer (DPO) (Article 35(2

The data controller is responsible for conducting the Data Protection Impact Assessment (DPIA). In doing so, they must seek the advice of the company’s Data Protection Officer (DPO) (Article 35(2) GDPR).

If data processors are involved in the processing, they must assist the controller in carrying out the DPIA (Article 28(3)(f) GDPR).

Article 35(2) GDPR sets out the minimum requirements for the content of a DPIA, which must include:

  • A systematic and comprehensive assessment of the personal aspects of natural persons affected by the planned processing.
  • An assessment of the necessity and proportionality of the processing operations.
  • An assessment of the risks to the rights and freedoms of the data subjects.
  • The measures taken to address the aforementioned risks.

The data controller and the data processor must appoint a Data Protection Officer (DPO) in accordance with Article 37(1) GDPR if:

– The processing is carried out by a public authority or body.
– The core activities consist of processing operations that require regular and systematic monitoring of data subjects on a large scale.
– The core activities consist of large-scale processing of special categories of data pursuant to Article 9 GDPR (e.g., health data) or personal data relating to criminal convictions and offenses pursuant to Article 10 GDPR.

Additionally, according to Section 38(1) BDSG (Federal Data Protection Act), a DPO must be appointed if:

  • At least 20 people in the company are regularly engaged in the automated processing of personal data.
  • Personal data processing is subject to a Data Protection Impact Assessment pursuant to Article 35 GDPR.
  • Personal data is processed commercially for the purpose of transmission, anonymized transmission, or for purposes of market or opinion research.

Therefore, if your company uses our product AIFlow, you are required to appoint a Data Protection Officer due to the obligation to conduct a Data Protection Impact Assessment.

The DPIA provided on this page as an example was conducted for our company and its specific circumstances. When conducting a DPIA for your own company, you may arrive at different evaluations due to different circumstances. Your countermeasures may also vary. Below are comments on the DPIA we conducted, highlighting circumstances that could lead to different evaluations.

Please note that our DPIA is only for guidance and you must conduct your own DPIA.

Sheet “Damage Scenarios (4)”

Row 30, Identity Theft or Fraud:
If your company operates in the B2C sector and counts end consumers among its customers, the risk of identity theft or fraud may need to be rated higher.

Row 37, Financial Losses:
If the emails scanned by the AI contain customers’ payment information, these could be misused in the event of a cyber attack on the AI. It should be noted in the evaluation that it is more likely that the email system rather than the AI will be hacked. This risk is only assumed in the B2C sector or with sole proprietors (e.K.), as only in these cases do payment data count as personal data.

Sheet “Remedial Measures (5 b)”

Row 20, Loss of Control over Personal Data:
If not only emails with order data but also other emails containing personal data are processed in the same mailbox, the risk may need to be rated higher.

Row 22, Identity Theft/Fraud:
With a larger volume of personal data processed by the AI and in the B2C sector, the risk may need to be rated higher.

Row 23, Financial Losses:
A risk exists if payment and bank information is included in the emails processed by the AI.

Row 25, Exposure:
If your customers are end consumers, under certain circumstances (e.g., when a large-scale disposal is requested), the need becoming known to unauthorized third parties could pose a risk of exposure. This could imply compulsive hoarding by the individual, leading to social stigmatization.

tegos GmbH takes the protection of your customers’ personal data seriously. To ensure this – even when using AIFlow – we have implemented appropriate technical and organizational measures, including:

  • Concept “Handling Data Subject Rights”: We have a comprehensive plan for addressing and managing the rights of data subjects.
  • Commitment in the Data Processing Agreement (DPA): We are committed to supporting the data controller in responding to data subject rights requests.
  • Security Guidelines (especially regarding AI): We follow stringent security guidelines to ensure the safety and security of AI-related processes.
  • Authorization Concept Based on the Need-to-Know Principle: Access to data is restricted based on the need-to-know principle to enhance security.

For more information from Microsoft about Azure OpenAI, please visit: Data, privacy, and security for Azure OpenAI Service – Azure AI services | Microsoft Learn.

All information and details on this page – particularly the Data Protection Impact Assessment (DPIA) conducted by us – are for illustrative purposes only and are intended to assist you in conducting your own DPIA.
The DPIA we have conducted and provided here is merely a guideline and does not exempt you, as the data controller, from conducting your own DPIA.

According to Article 35(1) GDPR, the data controller must conduct a DPIA if the data processing is likely to result in a high risk to the rights and freedoms of natural persons. Contractors (here tegos GmbH) must support the controller in carrying out the DPIA by providing information (Article 28(3)(f) GDPR) – a duty we fulfill with this FAQ.

Discover AIFlow

Boost your efficiency with AI. Less effort, more success. Get inspired in our demo.

Schedule AI Demo Now