Try UiPath Free

Compliance

Compliance at UiPath

At UiPath, compliance is treated seriously. We make efforts every day to to make sure compliance is integrated into our processes and behaviours.

We strongly encourage our employees and our partners (customers, resellers, agents, suppliers, etc.) to act in compliance with the applicable legislation and with the UiPath Code of Conduct.

Global Partner Code of Conduct

This Global Partner Code of Conduct (the “Code”) sets out our expectations and defines the minimum standards of business conduct and business practices applicable to all UiPath clients, resellers, consulting partners, vendors, OEMs, suppliers, agents, entities and/or individuals who do business with or on behalf of UiPath (the “Partners”).

 

All Partners are expected to comply with this Code of Conduct.

The Global Partner Code of Conduct is available here.

 

Privacy & Security Compliance

ISO 27001: UiPath maintains an ISO/IEC 27001:2013 certification that covers our core product lines and main development locations. This attests to our commitment to maintaining and improving an information security management system (ISMS) that protects confidential information collected, processed, or otherwise impacted during the product development and maintenance lifecycle, covering the analysis, design, development and global delivery by UiPath on customer premise (on-prem), by using cloud service and/or acting as a cloud service provider. The scope of the ISMS includes the following UiPath product lines and we are working on adding new products to the list every year:

 

UiPath Core Platform
Studio Studio X Robot
Agent Desktop Orchestrator Activity Packs
  Insights  
UiPath Cloud Platform
Cloud Portal Cloud Services (Document Understanding, Computer Vision, Licensing, Orchestrator) Automation Hub

 

GDPR: UiPath has one of its main headquarters in the European Union, which makes UiPath subject to the GDPR, one of the strictest data protection laws around the world. Since UiPath is committed to respecting your privacy, we implement the GDPR principles in all UiPath entities. Please check here our global Privacy Policy.

 

Privacy Shield: Privacy Shield: UiPath is an active participant of the Privacy Shield Framework. The purpose of Privacy Shield is to ensure that when personal data is transferred from the European Union or Switzerland to the United States, the data protection legislation is observed and implemented. Please find here the details of UiPath’s participation to the Privacy Shield Framework.

When GDPR became effective, UiPath has signed Standard Contractual Clauses with its affiliates and has imposed GDPR policies and standards, globally, among its entities. Privacy Shield was used by UiPath as an additional transfer mechanism and not as the primary transfer mechanism, which is why the recent ruling of the European Court of Justice does not affect the protection or transfer of personal data of European customers. With its sub-processors, UiPath has concluded data processing agreements in accordance with GDPR, ensuring that any transfer mechanism used will be in compliance with the European legislation.

CCPA: UiPath complies with the California Consumer Privacy Act of 2018 (CCPA) by applying the common privacy principles of CCPA and GDPR to the more rigorous standard of the latter. UiPath does not sell customer data and only shares it with third parties acting as its service providers, who consequently process data solely on our behalf, in order to meet their contractual obligations. Otherwise, UiPath only shares data as directed by you or with your consent. As your service provider, UiPath only processes personal data used with UiPath cloud products for the purpose of providing you the service and product functionalities, as directed by you.

 

HIPAA: If you are a Covered Entity or a Business Associate under the Health Insurance Portability and Accountability Act, a US healthcare regulation, please use our products installed on premise. When using our on premise product, no customer data will be received, stored or processed by UiPath. This is important since UiPath does not wish to fall under HIPAA and thus, Protected Health Information cannot be used with UiPath cloud products.

 

Paris Call for Trust and Security in Cyber Space: UiPath joined a global call for Nation States, Companies and Civil Society to come together and face the increasing threats endangering citizens and infrastructure in cyberspace. It is based around nine common principles to secure cyberspace and the commitment to adopt responsible behavior. Discover the 9 principles here.

 

Contact us at privacy@uipath.com for questions about our privacy and security compliance program.

 

Vendor Risk Management

We have a Vendor Risk Management Program in place to ensure we assess the security posture of critical providers and that all that all vendors and contractors that have access to UiPath data and/or systems attest to confidentiality and security requirements. All such providers are required contractually to implement a level of security as described in our Security standard, available here. Moreover, they are contractually required to comply with our internal security policies and procedures, as applicable to the nature of the service provided.

 

We retain the right to perform audits on our vendors and to request audit reports. Any findings that might pose a risk to UiPath’s data or systems will be subject of a remediation plan that the vendor is required to implement.

 

Anti-Bribery and Anti-Corruption Statement

UiPath adheres to a Zero Tolerance approach towards corruption and bribery. We do not bribe and cannot be bribed, and we do not engage in situations that might leave the impression of corrupt practices.

 

To make sure that these standards reach all our personnel, we created an Anti-Bribery program which consists of an Anti-Bribery Policy that is published and disseminated internally; an annual training for all personnel, making sure that Anti-Bribery provisions are always included in the agreements we undertake.

 

Our policy specifically references that all Gifts and Hospitalities must be modest, transparent, of low value and in accordance with the laws. UiPath prohibits the offering of anything, regardless of the value, with the corrupt intention to obtain an unfair advantage for UiPath.

 

Anti-Slavery and Anti-Human Trafficking Statement

UiPath recognises the seriousness and importance of combatting modern slavery and human trafficking. With respect to its employees and the operations of its business, UiPath is committed to ensuring the highest standards of welfare, safety and business practice, in accordance with all relevant legislation.

 

The Anti-Slavery and Anti-Human Trafficking Statement is available here.

Export Control

UiPath is keen on complying with export control regulations and therefore we expect every 3rd party we do business with to abide by all export control regulations as set forth by (i) the U.S. Department of Commerce Export Administration Regulations (EAR), U.S. Department of State International Traffic in Arms Regulations (ITAR) or other requirements of the U.S. Government; (ii) European Commission regulations; (iii) United Nations Security Council resolutions (the “Export Control Regulations”) regulating the export and reexport of the UiPath RPA Platform. We also expect our business partners not to be named on any Export Control Regulations list of restricted parties and not to be involved in dealings with entities and individuals that are sanctioned or that are located in countries subject to trade embargoes or economic sanctions.

Equal opportunity Employer

UiPath is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed and expect our Partners (i) to offer equal employment opportunity for all job applicants and employees, (ii) to provide all employees a work environment free of discrimination and harassment of any kind and (iii) to take all employment related decisions without regard to race, color, religion or belief, national, social or ethnic origin, sex, pregnancy, age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by any and all similar laws.

Report Ethics Concerns

Any breach of the UiPath Code of Conduct or policies is taken seriously. If you have any concerns, please report them at: legal.compliance@uipath.com

Exclusion of AntiSocial Forces

This Policy applies to entities located in Japan and is read together with the agreement (“ToU”) between UiPath and such entities (“you”).

 

  1. Organized Crime Group Members. Each of the Parties (a) represents, and covenants with respect to the future, to the other Party that the representing and covenanting Party is not currently, and will not be in the future, an organized crime group, an organized crime group member, a person for whom a period of five years has not elapsed since that person was an organized crime group member, a quasi-member of an organized crime group, a corporation affiliated with an organized crime group, a shareholder meeting extortionist (sokaiya) or the like, a corporate extortionist acting under the guise of a social movement or political activity (shakai undo-to hyobo goro), a group or individual that exploits its specialist knowledge in cooperation with an organized crime group (tokushu chino boryoku shudan to), or any other person similar to any of these entities (collectively, “Organized Crime Group Members”) and (b) represents, and covenants with respect to the future, to the other Party that the representing and covenanting Party does not currently, and will not in the future, fall under any of the following:
    1. the representing and covenanting Party has a relationship through which its management is considered to be controlled by an Organized Crime Group Member;
    2. the representing and covenanting Party has a relationship through which an Organized Crime Group Member is considered to be substantially involved in the representing and covenanting Party’s management;
    3. the representing and covenanting Party has a relationship through which an Organized Crime Group Member is considered to be unjustly used for the purpose of pursuing illicit gains for the representing and covenanting Party or a third party, causing damage to a third party, or for any other similar purpose;
    4. the representing and covenanting Party has a relationship through which it is considered to provide funds or benefits to an Organized Crime Group Member or otherwise be involved in an Organized Crime Group Member; or
    5. an officer of the representing and covenanting Party or any person substantially involved in that Party’s management has a socially reprehensible relationship with an Organized Crime Group Member.
  2. Unlawful acts. Each of the Parties covenants to the other Party that the covenanting Party will not, by itself or using a third party, commit any of the following acts with respect to the other Party:
    1. a violent demand;
    2. an unjust demand that exceeds the legal liability of that demand’s recipient;
    3. use of threatening behavior or violence in connection with a transaction;
    4. spreading of rumors or use of fraudulent means or force to damage the reputation of the other Party or to obstruct the other Party’s operations; or
    5. any other act similar to those provided for in (i) through (iv) above.
  3. Specific termination. Either Party may terminate this Agreement without providing the other Party with any demand for remedy if it is discovered that the other Party is an Organized Crime Group Member or falls under Section “Organized Crime Group Members” above, if the other Party commits any act provided for under Section “Unlawful acts” above, or if it is discovered that the other Party has made any false declaration in relation to its representations and covenants under Section “Organized Crime Group Members” above, and the Party considers it inappropriate to continue transactions with the other Party.
  4. No liability. Even if the terminated Party incurs any damage as a result of the provisions in Section “Specific Termination” above being applied, the Party may not make any claim against the other Party in relation to the damage. If the terminating Party incurs any damage, the terminated Party shall be the only one liable, therefore.

 

We reserve the right to update this Policy on https://www.uipath.com at any time without prior written notice.
Last update made on: 4.06.2020.