UiPath Privacy Policy

This Privacy Policy (the “Policy”) describes how UiPath and its affiliates (collectively “UiPath” or “we”) collect and process an identified or identifiable information about you (“Personal Data”), including when you are using this website, our products, or our services (collectively, the “Services).

UiPath is a global software company offering an end-to-end platform for automation that has its main offices in Romania and the United States of America. Please find here the locations of our offices around the world.

UiPath SRL is incorporated in Romania at 4 Vasile Alecsandri Str and 11 Constantin Daniel Str., Building A, 010613, 1st District, Bucharest, Romania.

UiPath Inc. is incorporated in the United States of America at 452 5th Avenue, 22nd Floor, New York, NY 10018.UiPath acts as controller with respect to your Personal Data and determines the purpose and manner in which your Personal Data is processed, as described below. At times, UiPath may act as a processor, and will process Personal Data on your behalf, as further detailed in this Policy.

UiPath cares about protecting the right to privacy of individuals and, while we may rely on local laws, we aim to uphold the Personal Data protection standards of the GDPR even for non-EU UiPath entities, as possible. Terms like “personal data”, “processor”, “processing”, “controller”, “data subject” and others terms defined by the GDPR are used in this Policy in accordance with the definitions given by the GDPR and are sanctioned in accordance with the GDPR. If you are a California resident, please have in mind that “data subject” also means “consumer” and “controller” also means “business”.

When you use our Services, we will collect information about you which can identify you directly (name, email) or indirectly (IP address, or other online identifiers). We may also collect information and aggregated data regarding user behavior, navigational information, device information, which helps us improve and tailor our Services and understand usage trends.

For more information about the data we collect when you are using our websites, please check our Cookie Policy.

During its activity UiPath may process different types of Personal Data belonging to a variety of data subjects such as employees of customers, potential customers, business partners, candidates, users of UiPath’s Services, participants to UiPath’s events etc. The categories and nature of Personal Data processed about you depends on your relationship with UiPath, and on the purpose of processing

Please note that, if you are enrolled by a legal entity or you have enrolled by yourself with an e-mail address registered under the domain of a legal entity, we will deem that you are acting on behalf of that entity which is either a customer or a partner of UiPath, as their employee. Therefore, we will process your Personal Data on behalf of the employer, and we may need to make the Personal Data or your activity within the Services available with the employer, upon the latter’s request. We share this information based on our and your employer’s legitimate interest. Please contact us at dpo@uipath.com if you have any questions. Providing our Services

Providing our Services

Customer Enrollment and Provision of Services. If you are a customer, we process your name, job title, company, signature, e-mail address, country, information regarding the usage of our Services, information regarding event participation, recordings (if consented) as necessary to execute and perform the agreement underlying to the Services, in our legitimate interest to improve, secure and market our Services and to provide you with the latest information, as consented or relevant. The purpose includes license management, account activations, contracts and accounts management, providing the Services, improving your experience with our Services and associated communications.

Account Creation and Management. When you create an account with UiPath (Academy, Forum, Marketplace, UiBank, Community, Trial, Partner Portal) to use the associated Services, we process your name, e-mail address, username, country, language, employment status, employer, job title, industry, area of interest, phone number needed to grant you access to the Service and maintain the account. We process this data based on the terms & conditions of the Services (contract).

Please keep in mind that due to the nature of some of our Services, such as Academy, Community Forum and UiPath Marketplace, your profile and your activity may need to be visible to other users. Moreover, by using a corporate email address or by choosing an affiliation in your profile, your profile data, learning progress and other usage data may be shared with the owner of the domain (e.g., your employer) in our legitimate interest and in the legitimate interest of your employer. You can always choose to use a personal email address instead of a corporate one, and not to include an affiliation in your profile. You can always choose to delete your account, here. However, when you delete your Forum account, the content of your posts will still be available on the website.

During your use of the Services, we process information regarding your activity such as: log data information regarding when you use the services, what type of services you use, how you use the services, information about courses, progress and certifications, your posts, interests, downloads.

Authentication for UiPath accounts is provided through Auth0.

Social Media Accounts. When you use your social media accounts to connect to UiPath, you agree to share with UiPath your social media profile data such as your name, telephone number, friends list, photo, birthday, gender, location, interests, and other Personal Data you make available there.

Where the Services support voice command (e.g., through Google Assistant, by enabling Google App Actions), the underlying Personal Data will only be used to provide the Service.

We process these personal databased either on your consent, on the need to perform the contract we have with you (terms & conditions of service) or your employer, or on the basis of our legitimate interest to improve, secure or market our products or on the legitimate interest of your employer; and for the purpose of creating and managing your account, delivering the Services, and providing you with information related your use of the Services.

UiPath Cloud Services. If you are using our cloud Services, you act as a data controller and UiPath will act as a data processor in relation to any Personal Data you use with the Services. As a controller you are in control of how you use Personal Data. Do not use sensitive data with Trial, Community or test versions of UiPath’s cloud products. Some of our Services may transmit data from user-controlled applications and data stores to other user-controlled applications and data stores, either directly or indirectly through connected third parties. This data is encrypted in transit and, if applicable, in storage while waiting to be processed.

Please note that if you use the Services in Preview or Trial, you may have certain restrictions on using Personal Data or sensitive data; please check out the applicable terms of use. When using UiPath Services, we gather usage data, which includes your user ID and information about your interaction with our applications. We gather these data based on our legitimate interest to maintain the accessibility and functioning of our services as well as based on our legitimate interest to know our users and our users’ interests.

UiPath on-premises Services. UiPath does not have access to Personal Data you use with the on-premises Services.

Third-Party Products. Our Services may integrate with third-party products. Any Personal Data you use with third-party products may be visible to the third-party providers and will be processed in accordance with their own privacy documentation, and UiPath will bear no liability thereof.

When you try out our preview products, we will send you surveys in our legitimate interest to improve our products and provide you a better user experience. We use Jotform, our sub-processor, to send you such surveys. We use the services of third party sub-processors such as Jotform and SurveyMonkey to send you such surveys.

Offering Support

If you request our support, we will process the Personal Data needed for support, such as name, email address, country, company, job title and device ID, in accordance with our Support terms. We may also process voice data upon your consent, when support is offered via call center or remote. We process this data to perform the contract we have with you.

We want to limit the usage of Personal Data to what is necessary for support purposes, so we rely on you to limit the disclosure and stick to sharing only technical data.

Access to our Websites

When you visit our websites, we will request your consent to collect your Personal Data, including, without being limited to, browser information, device used, IP address, user experience on the website, name, email, phone number, job level, field of expertise, employer, industry, country, or Twitter username and LinkedIn Profile URL. We will use it to provide you with relevant news, improve your experience on our website, or respond to your inquiries, as well as in our legitimate interest to know our customers and improve our Services.

When you use our websites to report an abuse, a security incident or to ask for the deletion of your accounts, we will process your name e-mail and location to respond to your request.

We also use cookies that collect certain information about your navigation on our website to improve our Services and our online presence. Certain cookies are necessary for the website to function and cannot be switched off in our systems, others allow us to measure and improve the performance of our site, to provide enhanced functionality and personalization, or to show you relevant adverts. Excepting the cookies that are necessary for the website to function, all other cookies will require your consent. For more information, please visit our Cookie Policy.

Participation to Events and Contests

If you attend UiPath events, we will process your Personal Data to register you, to provide information on events, or to ask for your feedback, based on your consent.

If you enroll in our contests and campaigns, we will process your Personal Data to register you and provide the prize, based on your consent, on our legal financial obligations, or on our legitimate interest to comply with our internal financial policies.

The Personal Data we will process may include, without being limited to, name, surname, e-mail address, telephone number, location, social media account, job title, company, voice, image and even ID information, if necessary for compliance with applicable laws and policies.

Please note that when we organize events, contests, or campaigns co-branded or sponsored by us and our partners (resellers, solution providers, etc.), this will be clearly indicated in the applicable documentation. If you sign up, your Personal Data may be collected by, or shared with, UiPath and our partners, in our legitimate interest and the legitimate interest of our partners. You can opt-out any time by sending an e-mail to privacy@uipath.com.

In order to manage access to our events, you will be issued a name badge that you might be asked to show at the entry in the various areas of our events. Our badges usually contain a barcode or QR code that provides the Personal Data that you made available during the registration process. Our partners or sponsors may directly request information about you or may ask to scan your badge. Badge scanning is entirely optional, and you can at any time refuse to have your badge scanned. In all cases, if you allow other Event participants (including UiPath delegates), sponsors or partners to scan your badge, these participants may contact you about their products and services.

We may be taking pictures and video recording our events (including events organized by third parties where we have booths or presentations), based on our legitimate interest to document our events and market their success. If you have any concerns regarding the photos/recordings of you from an event, you can always reach out to our photographers, organizing staff, or contact us at privacy@uipath.com.

With your consent, we may process your personal information to post testimonials on our website or social networks.

If you attend one of our events as a speaker, we will process your image and voice (photos, videos), name, title, company, information about your professional life and education, as well as your presentation slides (if the case). We will always ask for your consent before making this data public through our website, social media, or other channels.

When registering for our events we may process your personal data through third parties we use as sub-processors such as EdInvent.

Partnerships

If you want to become a UiPath partner (e.g., business partner, Academic Alliance partner, Academy partner, etc.) we will process your Personal Data, such as full name, company, institution, job title, position or occupation, location, email, telephone number, industry, location, and other necessary information, in order to perform the underlying partner agreement and to create and manage your account in UiPath’s Partner Portal. We use the services of third parties such as Allbound and Faethm to develop our Partner portals.

Our Marketing Activities

We may process your Personal Data, such as name, e-mail address and telephone number, and other data that was either provided by you, collected from your interactions with our Services, or received from third party sources (such as TechTarget, ZoomInfo, Lusha, 6Sense), for the purpose of enhancing our prospect database, for knowing our users, improving our sales strategy and for sending you marketing communications through e-mail, telephone, or e-mail. We only do so based on your explicit or implied consent, such as when you are using a particular product or service, or based on our legitimate interest, where the applicable privacy laws allow it.

Please be mindful of the fact that when you provide your consent to receive marketing communications regarding UiPath’s products or services, you may receive such communications from UiPath’s Trusted Business Partners. We share your data with our business partners based on our legitimate interest of commercial efficiency and business growth.

Marketing communications include sending information about the Services you use or have shown interest in, Services similar to those you already use, new product releases, service developments, alerts, updates, terms, events, surveys, special offers and associated campaigns and promotions or prices, and may be performed either via targeted marketing e-mails or through our sales representatives, in accordance with the applicable laws.

You may at any time choose not to receive marketing communications from us by clicking on the unsubscribe link included in the e-mail, by indicating so when we call you, or by filling in this form. Please note that if you opt out of marketing communications, we may still contact you regarding your use of our Services and to respond to your questions or requests.

When we process your personal data for marketing purposes, we use third parties who process personal data on our behalf such as: Marketo, Survey Monkey, Survale.

Recruitment

When you apply for a job at UiPath, or when we reach out to you for recruitment purposes, we may process your Personal Data such as name, surname, CV data, work experience, education, contact information, LinkedIn profile, other social media public profiles relevant for our job openings and other information included in your application, based on your consent, or on our legitimate interest, for the purpose of recruiting the best candidates for our job openings. We use the services of third parties, such as AmazingHiring and SeekOut, to find information about you on professional social media platforms. We also process your personal data through the UiPath Talent Community with your consent, when you upload your CV and other information. We use the services of HackerRank to process technical tests and interviews in our legitimate interest to have suitable employees for the job offerings.

CCTV Monitoring

When you enter the monitored spaces in our buildings and facilities, we may process your Personal Data, such as video footages, images, voice (of you and your belongings), based on our legitimate interest to secure our assets and confidential information, for the purpose of ensuring the security and safety of our buildings, facilities, staff ,visitors, property, and information located or stored on the premises.

Your personal data may also be processed when UiPath implements internal automations using its own products, in UiPath’s interest for business efficiency and growth. Please find here the list of sub-processors we use for such processing.

Personal data such as name, e-mail address, associated files or communications may also be processed in our legitimate interest of ensuring data security, to investigate, mitigate, and prevent personal data breaches. We use third party sub-processors such as Microsoft Defender, for this purpose.

We use automated decision making and profiling for the following purposes:

• to comply with our export control regulations, denying access to our Services to individuals or companies identified as restricted parties by the relevant authorities or regulatory bodies;

• to maximize your experience with our Services and to make available personalized offers by building individual profiles using the Personal Data you provided to us, navigational information, information regarding the use of our services and information provided by our partners about you.

• for statistical purposes and to help us improve the way we promote our Services with the help of Personal Data, such as online behavior data.

• for recruitment, in order to ensure that candidates who are selected for further recruitment stages have the right to work in a specific geo-location or have obtained the required score for the logical and reasoning tests.

You can oppose this anytime by filling in this form.

We prohibit children to access our Services and therefore we do not employ profiling or automated decision making on children Personal Data.

As a global company, UiPath may share data with its affiliates, third-party processors, or business partners around the world. UiPath applies caution when contracting with processors or other controllers and performs the relevant activities and puts all the safeguards in place, as required to comply with the GDPR in relation to Personal Data transfers.

With UiPath affiliates

We share personal data with our affiliates as necessary to provide the Services or perform usual business activities. Personal data shared with our affiliates is granted GDPR level of protection.

The list of UiPath affiliates can be found here.

With UiPath service providers

For the purposes described in this Policy we use the services of various contractors, mainly digital service providers, such as Salesforce, Atlassian, Microsoft 365, Marketo, Content Raven, Discourse, Stripe, iCims, Google, Zoom, Gong. Among others, these contractors process specific categories of Personal Data on our behalf to help us organize events, manage business information and contracts, market research, store data, analyze and organize data.

We have contractual agreements with our contractors to ensure that your Personal Data is protected and used only as necessary to perform the contracted services. Some of our contractors are also controllers on their own, carrying out processing activities while using their services and products, which include online advertising technologies, search engines, cloud computing.

Some of the contractors are third parties who are not intended to process the Personal Data but may have access to it upon fulfilling their tasks or interacting with us, such as technical maintenance companies, financial entities, or legal auditors.

Whenever your personal data is transferred outside the EU or outside UK, to a third country, UiPath makes sure that there is a valid transfer mechanism in place, such as Standard Contractual Clauses or an International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers, to make sure that your personal data is protected.

With UiPath partners and distributors

As necessary to maintain an efficient selective channel system with the purpose of creating a retail environment where the commercialization of the Services is performed only by the UiPath authorized partners and distributors and customers’ demand is properly satisfied, we may share certain customers’ data (such as business contact details) with such UiPath authorized partners and distributors. We take appropriate measures, have contractual safeguards and we conduct internal assessment to ensure that the sharing of Personal Data is proportionate, transparent limited to the purpose and beneficial for you, that there are no privacy risks with all data privacy laws being observed during the processing.

If legally required

We may also provide personal data to third parties in the following situations:

• as lawfully requested by public authorities, auditors, or institutions competent to exercise inspections on UiPath, based on their legal obligations, such as data protection authorities or authorities for consumer protection, which may ask us to provide information;

• to comply with a legal requirement or to protect the rights and assets of UiPath or other entities or people, such as courts of law, or enforcement authorities;

• to third parties’ acquirers, as part of a change of control, merger or acquisition or similar procedures, if your Personal Data would be part of the transaction.

UiPath complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. UiPath has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. UiPath has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

UiPath Inc. is adhering to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and Swiss-U.S.

We will store your Personal Data for a limited period, as necessary to achieve the purposes of the Personal Data processing, as described in this Policy, and in accordance with our legal, contractual obligations, legitimate interest and in accordance with our internal policies and procedures regarding personal data retention. This means that we retain different categories of data for different periods of time depending on the type of data, the category of data subject to whom the data relates, and the purposes for which we collected the data. We keep your personal data if you have a relationship with UiPath or are interested in our products or services.

Once the retention period expires for a specific category of data, UiPath will delete, archive, anonymize or destroy it, in accordance with its internal policies and procedures, unless prohibited by the applicable law.

We also delete your personal data whenever you withdraw your consent. You may request to have all your information deleted at any time by filling in this form. Contact dpo@uipath.com for more information about this.

We may process Personal Data from children that attend our workshops or educational programs organized to spread the RPA knowledge and develop educational partnerships. An information notice regarding the processing will be provided to the legal guardians and to the children upon registration.

UiPath commits to comply with the applicable legislation with respect to such processing.

UiPath constantly evaluates and upgrades the security measures implemented to ensure a secure and safe Personal Data processing. For more details on the security measures implemented by UiPath check out: https://www.uipath.com/legal/trust-and-security/security

You have the following rights in respect to your Personal data under the GDPR, which you may exercise at any time by submitting a request on our website here.

• The right of access

• The right to request the rectification or erasure of personal data

• The right to request the restriction of processing

• The right to withdraw your consent for processing

• The right to object to the data processing

• The right not to be subject to a decision based solely on automated processing, including profiling

• The right to data portability

• The right to file a complaint with the Data Protection Authority (ANSPDCP) and the right to address to the competent courts of law.

• The right to not sell or share your information (for California residents). Please opt-out of sharing your personal data by writing at dpo@uipath.com

• The right to non-discrimination

You may use the same form to exercise your right to opt-out of sale of personal information, if you are a resident of the state of California, as provided by the CCPA.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, UiPath commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact UiPath at dpo@uipath.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, UiPath commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

UiPath commits to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to our organization and following the procedures and subject to conditions set forth in Annex I of Principles.

For any other questions regarding your rights please write to us at dpo@uipath.com.

This Privacy Policy may be changed and updated by us as it could become necessary.

We will notify you of any substantial changes to this Privacy Policy and will ensure that the notification is made in a way which ensures that you acknowledge them, for example by use of the email address that you have provided to us, or any other appropriate means that ensure effective communication.

If you do not agree with the changes, please contact us or deactivate your account.

For any questions regarding this Policy, or our privacy practices in general please reach out to us at: privacy@uipath.com.

For any other questions, please reach out to us by filling this form.