Within this document, the company employees involved in the recording process will be referred to as users.
The term customer refers to companies and other various organizations that have signed an agreement to install and use the Task Mining system.
The Client App application used by Task Mining captures screenshots, clicks, and movements for the applications when enabled by the company employee assigned as platform administrator.
The recording is made for each of the users who have installed the Client App on their machine.
The persons defined as users or company employees assigned as platform administrators and whose data is being captured and processed are referred to as data subjects.
Task Mining provides insight into and discoveries from the daily and constant activity of the workforce and therefore needs access to record the actions performed by users on a continuous basis. These actions are taken in aggregate and analyzed by the ML algorithm to produce the results, which may contain and be influenced by any and all actions recorded during the recording period. It is important to have constant ingestion of customer data to provide complete and comprehensive results.
After capturing the data, the customer and its users have the option to curate it before sending it to the UiPath cloud for analysis. UiPath will save the data in a highly secured storage. Customers can request for their data to be removed from our system. In this case, the data will be deleted as per the customer’s request and the customer will be notified as soon as the request is completed.
UiPath will be using the data for two main purposes, namely:
- Analyzing the data to identify actionability
- Analyzing the data to determine if the machine learning algorithms are working properly.
Although UiPath does not explicitly require any personal data, it is expected to receive any kind of personal data since the screens of the users will be captured and, as a result, a DPA is attached by default to any agreement concluded with any customer. UiPath is expressly forbidding the processing of Health Information and Credit Card information.
The Admin Console platform component allows the control, deletion, or accessing of the data by the customer, it also allows the identification of data coming from one specific user. The company employee assigned as platform administrator has full control (setup, view, update, and delete) over the above mentioned Admin Console platform feature.
As a result, the customer has the possibility to request the deletion or extraction of the data that it is being manually sent to UiPath by submitting a request in this respect to UiPath Support.
The personal data received by UiPath is the property of the customers (or the users) and they are the only ones who can decide what data is being processed and for what purpose. The users are in full control over the processing of their data, as they have access to view and edit the data collected and stored locally on the device. Each user can pause the Client App application and also see the full list of applications and system interaction that is being recorded.
The customer is the controller and is responsible for the relationship with the data subjects (meaning the actual persons whose data is being processed) and for respecting the applicable legislation. The customer must take all the appropriate legal measures in order to ensure that data subjects are duly notified about the data capturing and processing initiative.
Informing data subjects is the responsibility of the customer as UiPath has no technical possibility of identifying or taking consent from data subjects.
The following measures have been implemented in order to assure the privacy of the data:
- The data is not being automatically sent to UiPath. The customer through the company employee assigned as platform administrator and the involved users have the possibility to curate and select the data that is to be transferred.
- The sent data is being encrypted both in transit and at rest.
- The users have the possibility of pausing at any time during the recording. The pause time is limited to a maximum of 1 hour still the pause instances are not limited.
- The Admins and the Users can define only applications they want to be captured in the recording.
Personally identifiable information (PII) data is masked automatically during the processing stage and the original screenshots aren't stored. To find out more about this feature, check PII Data Masking section.
Updated about a month ago