UiPath Privacy Policy

This Privacy Policy (the “Policy”) describes how UiPath and its affiliates (collectively “UiPath” or “we”) collect and process your personal data (“Personal Data”), as defined by the EU’s General Data Protection Regulation (“GDPR”), when you are using this websites, our products or our services (collectively, the “Services”).

UiPath is a global software company offering an end-to-end platform for automation that has its main offices in Romania and the United States of America.

UiPath SRL is incorporated in Romania at 4 Vasile Alecsandri Str. and 11 Constantin Daniel Str., Building A, 010613, 1st District, Bucharest, Romania.

UiPath Inc. is incorporated in the United States of America at 452 5th Avenue, 22nd Floor, New York, NY, 10018.

UiPath generally acts as controller with respect to your Personal Data and determines the purpose and manner in which your Personal Data is processed as described below. At times, UiPath may act as a processor, and will process Personal Data on your behalf, as further detailed in this Policy.

UiPath cares about protecting the right to privacy of individuals, and, while we may rely on local laws, we aim to uphold the Personal Data protection standards of the GDPR even for non-EU UiPath entities, as practically possible. Terms like “personal data”, “processor”, “processing”, “controller”, and other terms defined by the GDPR are used in this Policy in accordance with the definitions given by the GDPR and are sanctioned in accordance with the GDPR.

When you use our Services, we will collect information about you which can identify you directly (name, email) or indirectly (IP address, or other online identifiers). We may also collect anonymous information and aggregated data regarding user behavior, navigational information, device information, which helps us improve and tailor our Services and understand usage trends.

For more information about the data we collect when you are using our websites, please check our Cookie Policy.

During its activity UiPath may process different types of Personal Data belonging to a variety of data subjects such as customers, potential customers, business partners, etc. The type of Personal Data that may be processed about you depends on your relationship with UiPath, and on the applicable processing purpose.

Please note that, if you are enrolled by a legal entity or you have enrolled by yourself with an e-mail address registered under the domain of a legal entity, we will deem that you are acting on behalf of that entity which is either a customer or a partner of UiPath, as their employee. Therefore, we will process your Personal Data on behalf of the employer, and we may need to make the Personal Data or your activity within the Services available with the employer, upon the latter’s request. Where the scope of the processing exceeds the purpose of contract performance, we will request your consent.

Providing our Services

Customer Enrollment and Provision of Services. If you are a customer, we may process your name, job title, company, signature, e-mail address, country and other Personal Data, as necessary to execute and perform the agreement underlying to the Services. The purpose includes license management, account activations, contracts and accounts management, providing the Services, and associated communications.

Account Creation and Management. When you create an account with UiPath to use the associated Services, we process your name, e-mail address, username, country, language, employment status, employer, job title, industry, and other Personal Data that is needed to grant you access to the Service and maintain the account.

Please keep in mind that due to the nature of some of our Services, such as Academy, Community Forum and UiPath Marketplace, your profile and your activity may need to be visible to other users. Moreover, by using a corporate email address or by choosing an affiliation in your profile, your profile data, learning progress and other usage data may be shared with the owner of the domain (e.g. your employer). You can always choose to use a personal email address instead of a corporate one, and not to include an affiliation in your profile.

Social Media Accounts. When you use your social media accounts to connect to UiPath, you agree to share with UiPath your social media profile data such as your name, telephone number, friends list, photo, birthday, gender, location, interests, and other Personal Data you make available there.

Where the Services support voice command (e.g., through Google Assistant, by enabling Google App Actions), the underlying Personal Data will only be used for the purpose of providing the Service. We process this information based either on your consent, on the need to perform the contract we have with you or your employer, or on the legitimate interest of us or of your employer; and for the purpose of creating and managing your account, delivering the Services, and providing you with information related your use of the Services.

UiPath Cloud Services. If you are using our cloud Services, you act as a data controller and UiPath will act as a data processor in relation to any Personal Data you use with the Services. As a controller you are in control of how you wish to use Personal Data. Some of our Services may transmit data from user-controlled applications and data stores to other user-controlled applications and data stores, either directly or indirectly through connected third parties. This data is encrypted in transit and, if applicable, in storage while waiting to be processed.

Our cloud Services may generate usage data, that may be aggregated and may contain pieces of customer data (“System-generated Logs”). To the extent the System-generated Logs contain any of your Personal Data, UiPath is considered a processor in relation thereof. Please note that if you use the Services in Preview or Trial, you may have certain restrictions on using Personal Data or sensitive data; please check out the applicable terms of use.

UiPath on-premises Services. UiPath does not have access to Personal Data you use with the on-premises Services.

Third-Party Products. Our Services may integrate with third-party products. Any Personal Data you use with third-party products may be visible to the third-party providers and will be processed in accordance with their own privacy documentation, and UiPath will bear no liability thereof.

Offering Support

If you request our support, we will process the Personal Data needed for support, such as name, email address, country, company, job title and device ID, in accordance with our Support Terms. We may also process voice data upon your consent, when support is offered via call center or remote.

We want to limit the usage of Personal Data to what is necessary for support purposes, so we rely on you to limit the disclosure and stick to sharing only technical data.

Access to our Websites

When you visit our websites, we will request your consent to collect your Personal Data, including, without being limited to, browser information, device used, IP address, user experience on the website, name, email, phone number, job level, field of expertise, employer, industry, country, or Twitter username and LinkedIn Profile URL. We will use it to provide you with relevant news, improve your experience on our website, or respond to your inquiries.

When you use our websites to report an abuse, a security incident, or to ask for the deletion of your accounts, we will process your name and e-mail to respond to your request.

We also use cookies that collect certain information about your navigation on our website to improve our Services and our online presence. Certain cookies are necessary for the website to function and cannot be switched off in our systems, others allow us to measure and improve the performance of our site, to provide enhanced functionality and personalization, or to show you relevant adverts. Excepting the cookies that are necessary for the website to function, all other cookies will require your consent. For more information, please visit our Cookie Policy.

Participation to Events and Contests

If you attend UiPath events, we will process your Personal Data to register you, to provide information on events, or to ask for your feedback, based on your consent. If you enroll in our contests and campaigns, we will process your Personal Data to register you and provide the prize, based on your consent, on our legal financial obligations, or on our legitimate interest to comply with our internal financial policies.

The Personal Data we will process may include, without being limited to, name, surname, e-mail address, telephone number, location, social media account, job title, company, voice, image, and even ID information, if necessary for compliance with applicable laws and policies.

Please note that when we organize events, contests, or campaigns co-branded or sponsored by us and our partners (resellers, solution providers, etc.), this will be clearly indicated in the applicable documentation. If you sign up, your Personal Data may be collected by, or shared with, UiPath and our partners.

In order to manage access to our events, your information will be shared with the venue hosts and you will be issued a name badge that you might be asked to show at the entry in the various areas of our events. Our badges usually contain a barcode or QR code that provides the Personal Data that you made available during the registration process. Our partners or sponsors may directly request information about you or may ask to scan your badge. Badge scanning is entirely optional, and you can at any time refuse to have your badge scanned. In all cases, if you allow other event participants, sponsors or partners to scan your badge, these participants may contact you about their products and services.

We may be taking pictures and video record our events, including events organized by third parties, based on our legitimate interest to document our events and market their success. If you have any concerns regarding the photos/recordings of you from an event, you can always reach out to our photographers, organizing staff, or contact us at [email protected].

With your consent, we may process your personal information to post testimonials on our website or social networks.

If you attend one of our events as a speaker, we will process your image and voice (photos, videos), name, title, company, information about your professional life and education, as well as your presentation slides, if the case. We will always ask for your consent before making this data public through our website, social media, or other channels.

Partnerships

If you want to become a UiPath partner (e.g., business partner, Academic Alliance partner, Academy partner, etc.) we will process your Personal Data, such as full name, company, institution, job title, position or occupation, location, email, telephone number, industry, location, and other necessary information, in order to perform the underlying partner agreement.

Our Marketing Activities

We may process your Personal Data, such as name, e-mail address and telephone number, and other data that was either provided by you, collected from your interactions with our Services, or received from third party sources, for the purpose of sending you marketing communications through e-mail, telephone, or mail. We only do so if you allowed us to use your personal data this way, in compliance with the applicable privacy laws.

Marketing communications include sending information about the Services you use or have shown interest in, Services similar to those you already use, new product releases, service developments, alerts, updates, terms, events, special offers and associated campaigns and promotions or prices, and may be performed either via targeted marketing e-mails or through our sales representatives, in accordance with the applicable laws.

You may at any time choose not to receive marketing communications from us by clicking on the unsubscribe link included in the e-mail, by indicating so when we call you, or by filling in this form. Please note that if you opt out from marketing communications, we may still contact you regarding your use of our Services and to respond to your questions or requests.

Recruitment

When you apply for a job at UiPath, either directly or by using our Career Page’s Digital Assistant, or when we reach out to you for recruitment purposes, we may process your Personal Data such as name, surname, CV data, work experience, education, LinkedIn profile, and other information included in your application, based on your consent, or on our legitimate interest, for the purpose of recruiting the best candidates for our job openings and for technological development, to improve, upgrade, enhance or develop our Services.

CCTV Monitoring

When you enter the monitored spaces in our buildings and facilities, we may process your Personal Data, such as video footages, images, voice (of you and your belongings), based on our legitimate interest, for the purpose of ensuring the security and safety of our buildings, facilities, staff ,visitors, property, and information located or stored on the premises.

We use automated decision making and profiling for the following purposes:

• to comply with our export control regulations, denying access to our Services to individuals or companies identified as restricted parties by the relevant authorities or regulatory bodies

• to maximize your experience with our Services and to make available personalized offers by building individual profiles using the Personal Data you provided to us, navigational information, information regarding the use of our services and information provided by our partners about you.

• for statistical purposes and to help us improve the way we promote our Services with the help of Personal Data, such as online behavior data.

• for recruitment, in order to ensure that candidates who are selected for further recruitment stages have the right to work in a specific geo-location or have obtained the required score for the logical and reasoning tests.

You can oppose to this anytime by filling in this form.

We prohibit children to access our Services and therefore we do not employ profiling or automated decision making on children Personal Data.

As a global company, UiPath may share data with its affiliates, third-party processors, or business partners around the world. UiPath applies caution when contracting with processors or other controllers and performs the relevant activities and puts all the safeguards in place, as required to comply with the GDPR in relation to Personal Data transfers.

With UiPath affiliates

We share personal data with our affiliates as necessary to provide the Services or perform usual business activities. Personal data shared with our affiliates is granted GDPR level of protection. The list of UiPath affiliates can be found here.

With UiPath service providers

For the purposes described in this Policy we use the services of various contractors, mainly digital service providers, such as Salesforce, Atlassian, Microsoft 365, Marketo. These contractors process specific categories of Personal Data on our behalf to help us organize events, manage business information and contracts, store data, analyze and organize data.

We have contractual agreements with our contractors to ensure that your Personal Data is protected and used only as necessary to perform the contracted services. Some of our contractors are also controllers on their own, carrying out processing activities while using their services and products, which include online advertising technologies, search engine, cloud computing.

Some of the contractors are third parties who are not intended to process the Personal Data but may have access to it upon fulfilling their tasks or interacting with us, such as technical maintenance companies, financial entities, or legal auditors.

With UiPath partners and distributors

As necessary to maintain an efficient selective channel system with the purpose of creating a retail environment where the commercialization of the Services is performed only by the UiPath authorized partners and distributors and customers’ demand is properly satisfied, we may share certain customers’ data (such as business contact details) with such UiPath authorized partners and distributors. We take appropriate measures, have contractual safeguards and we conduct internal assessment to ensure that the sharing of Personal Data is proportionate, transparent limited to the purpose and beneficial for you, that there are no privacy risks with all data privacy laws being observed during the processing.

If legally required

We may also provide personal data to third parties in the following situations:

• as requested by public authorities, auditors or institutions competent to exercise inspections on UiPath, based on their legal obligations, such as data protection authorities or authorities for consumer protection, which may ask us to provide information;

• to comply with a legal requirement or to protect the rights and assets of UiPath or other entities or people, such as courts of law, or enforcement authorities;

• to third parties’ acquirers, as part of a change of control, merger or acquisition or similar procedures, if your Personal Data would be part of the transaction.

UiPath complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. UiPath has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

UiPath is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Federal Trade Commission has jurisdiction over UiPath’s compliance with the Privacy Shield.

We will store your Personal Data for a limited period of time, as necessary to achieve the purposes of the Personal Data processing, as described in this Policy, and in accordance with our legal and contractual obligations, or industry practices. This means that we retain different categories of data for different periods of time depending on the type of data, the category of data subject to whom the data relates, and the purposes for which we collected the data.

Once the retention period expires for a specific category of data, UiPath will delete, archive, anonymize or destroy it, in accordance with its internal policies and procedures, unless prohibited by the applicable law.

You may request to have all your information deleted at any time by filling in this form.

We may process Personal Data from children that attend our workshops or educational programs organized to spread the RPA knowledge and develop educational partnerships. UiPath commits to comply with the applicable legislation with respect to such processing.

UiPath constantly evaluates and upgrades the security measures implemented as to ensure a secure and safe Personal Data processing. More information on the security measures implemented by can be found here.

You have the following rights in respect to your Personal data under the GDPR, which you may exercise at any time by submitting a request on our website here.

• The right of access

• The right to request the rectification or erasure of personal data

• The right to request the restriction of processing

• The right to withdraw your consent for processing

• The right to object to the data processing

• The right not to be subject to a decision based solely on automated processing, including profiling

• The right to data portability

• The right to file a complaint with the Data Protection Authority (ANSPDCP) and the right to address to the competent courts of law.

• The right to invoke binding arbitration for complaints regarding Privacy Shield compliance under the conditions provided here.

You may use the same form to exercise your right to opt-out of sale of personal information, if you are a resident of the state of California, as provided by the CCPA.

In compliance with the Privacy Shield Principles, UiPath commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: [email protected].

UiPath has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data and non-human resources data transferred from the EU and Switzerland. For any other questions regarding your rights please write to us at [email protected].

This Privacy Policy may be changed and updated by us from time to time as it could become necessary.

We will notify you of any substantial changes to this Privacy Policy and will ensure that the notification is made in a way which ensures that you acknowledge them, for example by use of the email address that you have provided to us, or any other appropriate means that ensure effective communication.

If you do not agree with the changes, please contact us or deactivate your account.

For any questions regarding this Policy, or our privacy practices in general, please reach out to us at: [email protected].

For any other questions, please reach out to us by filling in this form.