- Release notes
- Getting started
- Introduction
- Installing Automation Suite
- Prerequisites
- Security
- Protection of personal data and privacy of the users
- Legal information
- Recording client overview
- Setup and configuration
- Unassisted Task Mining
- Additional resources
Protection of personal data and privacy of the users
- Within this document, the company employees involved in the recording process will be referred to as users.
- The term customer refers to companies and other various organizations that have signed an agreement to install and use the Task Mining system.
- The recording application used by Task Mining captures screenshots, clicks, and movements for the applications when enabled by the company employee assigned as platform administrator.
- The recording is made for each of the users who have installed the recording application on their machine.
- The persons defined as users or company employees assigned as platform administrators and whose data is being captured and processed are referred to as data subjects.
Task Mining provides insight into and discoveries from the daily and constant activity of the workforce and therefore needs access to record the actions performed by users on a continuous basis. These actions are taken in aggregate and analyzed by the ML algorithm to produce the results, which may contain and be influenced by any and all actions recorded during the recording period. It is important to have constant ingestion of customer data to provide complete and comprehensive results.
After capturing the data, the customer and its users have the option to curate it before sending it to the UiPath® cloud for analysis. UiPath® will save the data in a highly secured storage. Customers can request for their data to be removed from our system. In this case, the data will be deleted as per the customer’s request and the customer will be notified as soon as the request is completed.
UiPath® will be using the data for two main purposes, namely:
- Analyzing the data to identify actionability.
-
Analyzing the data to determine if the machine learning algorithms are working properly.
Although UiPath® does not explicitly require any personal data, it is expected to receive any kind of personal data since the screens of the users will be captured and, as a result, a DPA is attached by default to any agreement concluded with any customer. UiPath® is expressly forbidding the processing of Health Information and Credit Card information.
The Admin Console platform component allows the control, deletion, or accessing of the data by the customer, it also allows the identification of data coming from one specific user. The company employee assigned as platform administrator has full control (setup, view, update, and delete) over the above mentioned Admin Console platform feature.
As a result, the customer has the possibility to request the deletion or extraction of the data that it is being manually sent to UiPath® by submitting a request in this respect to UiPath® Support.
The personal data received by UiPath® is the property of the customers (or the users) and they are the only ones who can decide what data is being processed and for what purpose. The users are in full control over the processing of their data, as they have access to view and edit the data collected and stored locally on the device. Each user can pause the recording application and also see the full list of applications and system interaction that is being recorded.
The customer is the controller and is responsible for the relationship with the data subjects (meaning the actual persons whose data is being processed) and for respecting the applicable legislation. The customer must take all the appropriate legal measures in order to ensure that data subjects are duly notified about the data capturing and processing initiative.
Informing data subjects is the responsibility of the customer as UiPath® has no technical possibility of identifying or taking consent from data subjects.
The following measures have been implemented in order to assure the privacy of the data:
- The data is not being automatically sent to UiPath®. The customer through the company employee assigned as platform administrator and the involved users have the possibility to curate and select the data that is to be transferred.
- The sent data is being encrypted both in transit and at rest.
- The users have the possibility of pausing at any time during the recording. The pause time is limited to a maximum of 1 hour still the pause instances are not limited.
- The Admins and the Users can define only applications they want to be captured in the recording.
Personally identifiable information (PII) data is masked automatically during the processing stage and the original screenshots aren't stored.
Please find below an overview of the data that is collected during the Task Mining usage and the location where it can be accessed.
Raw data
\AppData\Roaming\Task Mining\Projects\{projectID}\{userID}\captured\{action#} where:
- projectID and usertID are collected from Admin Portal after completing the Sign In
-
the action# is a folder created for each captured action. Each file contains the following data:
-
CSV metadata file: where the information about the captured action and user environment is captured.
Note: For browser applications, the CSV includes the captured page URL and domain. The following browsers are supported: Firefox, Edge, Chrome (English only), Internet Explorer. - Screenshot: screengrab of the active window where the action is recorded in .jpg format.
-
Processed data
\AppData\Roaming\Task Mining\Projects\{projectID}\{userID}\ready\{action#.zip}.
\Projects\{projectID}\{userID}\ folder still the final output is a ZIP file that contains the following:
- CSV metadata file
- Screenshot
-
OCR result
Note: If the analysis is to work it's very important not to change the files in any way, not even zipping them again.
