At UiPath, compliance is treated seriously. We make efforts every day to to make sure compliance is integrated into our processes and behaviours.
We strongly encourage our employees and our partners (customers, resellers, agents, suppliers, etc.) to act in compliance with the applicable legislation and with the UiPath Code of Conduct.
The Internal Code of Conduct is applicable to all employees, freelancers, those employed by carriers or other contingent workers acting on behalf of UiPath or having access to UiPath systems including its subsidiaries and affiliates to ensure they act in good faith, with integrity and consistent with the Company’s values in order to maintain effective trust and credibility with our employees, customers, business partners and communities in which we operate.
The UiPath Internal Code of Conduct is available here.
This Global Partner Code of Conduct (the “Code”) sets out our expectations and defines the minimum standards of business conduct and business practices applicable to all UiPath clients, resellers, consulting partners, vendors, OEMs, suppliers, agents, entities and/or individuals who do business with or on behalf of UiPath (the “Partners”).
All Partners are expected to comply with this Code of Conduct.
The Global Partner Code of Conduct is available here.
ISO 27001: UiPath maintains an ISO/IEC 27001:2013 certification that covers our core product lines and main development locations. This attests to our commitment to maintaining and improving an information security management system (ISMS) that protects confidential information collected, processed, or otherwise impacted during the product development and maintenance lifecycle, covering the analysis, design, development and global delivery by UiPath on customer premise (on-prem), by using cloud service and/or acting as a cloud service provider. The scope of the ISMS includes the following UiPath product lines and we are working on adding new products to the list every year:
|UiPath Core Platform|
|Agent Desktop||Orchestrator||Activity Packs|
|UiPath Cloud Platform|
|Cloud Portal||Cloud Services (Document Understanding, Computer Vision, Licensing, Orchestrator)||Automation Hub|
SOC 2 Type 1: UiPath, Automation Cloud has received its System and Organization Controls 2 (SOC 2) Type 1 certification. This certification, developed by the American Institute of Certified Public Accountants (AICPA), validates that UiPath securely manages customer data and demonstrates its commitment to enterprise-grade security for the Automation Cloud. To help organizations around the world use automation to become faster and more agile in the face of increased demand and rapidly changing environments, the UiPath Automation Cloud enables customers to start their RPA deployments instantly and scale up over time without compromising security or requiring high upfront costs.
Receiving SOC 2 certification meant UiPath demonstrated the achievement of service commitments and system requirements based on the security, confidentiality, and availability trust services criteria. UiPath partnered with CPA firm Schellman & Company, LLC to undertake this certification.
Privacy Shield: UiPath is an active participant of the Privacy Shield Framework. The purpose of Privacy Shield is to ensure that when personal data is transferred from the European Union or Switzerland to the United States, the data protection legislation is observed and implemented. Please find here the details of UiPath’s participation to the Privacy Shield Framework.
When GDPR became effective, UiPath has signed Standard Contractual Clauses with its affiliates and has imposed GDPR policies and standards, globally, among its entities. Privacy Shield was used by UiPath as an additional transfer mechanism and not as the primary transfer mechanism, which is why the recent ruling of the European Court of Justice does not affect the protection or transfer of personal data of European customers. With its sub-processors, UiPath has concluded data processing agreements in accordance with GDPR, ensuring that any transfer mechanism used will be in compliance with the European legislation.
CCPA: UiPath complies with the California Consumer Privacy Act of 2018 (CCPA) by applying the common privacy principles of CCPA and GDPR to the more rigorous standard of the latter. UiPath does not sell customer data and only shares it with third parties acting as its service providers, who consequently process data solely on our behalf, in order to meet their contractual obligations. Otherwise, UiPath only shares data as directed by you or with your consent. As your service provider, UiPath only processes personal data used with UiPath cloud products for the purpose of providing you the service and product functionalities, as directed by you.
HIPAA: If you are a Covered Entity or a Business Associate under the Health Insurance Portability and Accountability Act, a US healthcare regulation, please use our products installed on premise. When using our on premise product, no customer data will be received, stored or processed by UiPath. This is important since UiPath does not wish to fall under HIPAA and thus, Protected Health Information cannot be used with UiPath cloud products.
Paris Call for Trust and Security in Cyber Space: UiPath joined a global call for Nation States, Companies and Civil Society to come together and face the increasing threats endangering citizens and infrastructure in cyberspace. It is based around nine common principles to secure cyberspace and the commitment to adopt responsible behavior. Discover the 9 principles here.
Contact us at firstname.lastname@example.org for questions about our privacy and security compliance program.
We have a Vendor Risk Management Program in place to ensure we assess the security posture of critical providers and that all that all vendors and contractors that have access to UiPath data and/or systems attest to confidentiality and security requirements. All such providers are required contractually to implement a level of security as described in our Security standard, available here. Moreover, they are contractually required to comply with our internal security policies and procedures, as applicable to the nature of the service provided.
We retain the right to perform audits on our vendors and to request audit reports. Any findings that might pose a risk to UiPath’s data or systems will be subject of a remediation plan that the vendor is required to implement.
UiPath adheres to a Zero Tolerance approach towards corruption and bribery. We do not bribe and cannot be bribed, and we do not engage in situations that might leave the impression of corrupt practices.
To make sure that these standards reach all our personnel, we created an Anti-Bribery program which consists of an Anti-Bribery Policy that is published and disseminated internally; an annual training for all personnel, making sure that Anti-Bribery provisions are always included in the agreements we undertake.
Our policy specifically references that all Gifts and Hospitalities must be modest, transparent, of low value and in accordance with the laws. UiPath prohibits the offering of anything, regardless of the value, with the corrupt intention to obtain an unfair advantage for UiPath.
UiPath recognises the seriousness and importance of combatting modern slavery and human trafficking. With respect to its employees and the operations of its business, UiPath is committed to ensuring the highest standards of welfare, safety and business practice, in accordance with all relevant legislation.
The Anti-Slavery and Anti-Human Trafficking Statement is available here.
UiPath is keen on complying with export control regulations and therefore we expect every 3rd party we do business with to abide by all export control regulations as set forth by (i) the U.S. Department of Commerce Export Administration Regulations (EAR), U.S. Department of State International Traffic in Arms Regulations (ITAR) or other requirements of the U.S. Government; (ii) European Commission regulations; (iii) United Nations Security Council resolutions (the “Export Control Regulations”) regulating the export and reexport of the UiPath RPA Platform. We also expect our business partners not to be named on any Export Control Regulations list of restricted parties and not to be involved in dealings with entities and individuals that are sanctioned or that are located in countries subject to trade embargoes or economic sanctions.
UiPath is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed and expect our Partners (i) to offer equal employment opportunity for all job applicants and employees, (ii) to provide all employees a work environment free of discrimination and harassment of any kind and (iii) to take all employment related decisions without regard to race, color, religion or belief, national, social or ethnic origin, sex, pregnancy, age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by any and all similar laws.
This Policy applies to entities located in Japan and is read together with the agreement (“ToU”) between UiPath and such entities (“you”).
We reserve the right to update this Policy on https://www.uipath.com at any time without prior written notice.
Last update made on: 4.06.2020.