task-mining
latest
false
Task Mining
Automation CloudAutomation Cloud Public SectorAutomation Suite
Last updated Nov 4, 2024

Protection of personal data and privacy of the users

Note:
  • Within this document, the company employees involved in the recording process will be referred to as users.
  • The term customer refers to companies and other various organizations that have signed an agreement to install and use the Task Mining system.
  • The recording application used by Task Mining captures screenshots, keyboard actions, clicks, and movements for the applications when enabled by the company employee assigned as platform administrator.
  • The recording is made for each of the users who have installed the recording application on their machine.
  • The persons defined as users or company employees assigned as platform administrators and whose data is being captured and processed are referred to as data subjects.

Task Mining provides insight into and discoveries from the daily and constant activity of the workforce and therefore needs access to record the actions performed by users on a continuous basis. These actions are taken in aggregate and analyzed by the Machine Learning (ML) algorithm to produce the results, which may contain and be influenced by any and all actions recorded during the recording period. The ML algorithm of the product is dependent on the constant ingestion of customer data for it to be able to provide the expected services.

  • The purpose of Task Mining is to help customers understand their users' daily work, and find automation opportunities. In order to achieve this, Task Mining needs to have enough data about the actions that the users performed. Recording of data is possible only from apps or websites that are configured at the project level using the allow/deny list. Refer to Settings for more information. Task Mining requires the recording to be continuous, to have enough information about what users have done.

  • To provide comprehensive results, Task Mining needs to know the temporal relations of the users' actions. Therefore, Task Mining requires the recording to be continuous.

  • Users have the ability to pause the recording at any time and can also view the full list of applications and system interaction that is being recorded.

After capturing the data, UiPath® will save the data in a highly secured storage. Customers can request for their data to be removed from our system. In this case, the data will be deleted as per the customer’s request and the customer will be notified as soon as the request is completed.

UiPath will be using the data for two main purposes, namely:

  1. Analyzing the data to identify actionability.

  2. Analyzing the data to determine if the machine learning algorithms are working properly.

Although UiPath does not explicitly require any personal data, it is expected to receive any kind of personal data since the screens of the users will be captured and, as a result, a DPA is attached by default to any agreement concluded with any customer. UiPath is expressly forbidding the processing of Credit Card information. UiPath also forbids the processing of Personal Health Information, unless the customer has executed a Business Associate Agreement (BAA) with UiPath that permits this.

The Admin Console platform component allows the control, deletion, or accessing of the data by the customer, it also allows the identification of data coming from one specific user. The company employee assigned as platform administrator has full control (setup, view, update, and delete) over the above mentioned Admin Console platform feature.

As a result, the customer has the possibility to request the deletion or extraction of the data that it is being manually sent to UiPath by submitting a request in this respect to UiPath Support.

The personal data received by UiPath is the property of the customers (or the users) and they are the only ones who can decide what data is being processed and for what purpose. The users are in full control over the processing of their data, as they have access to view and edit the data collected and stored locally on the device. Each user can pause the recording application and also view the full list of applications and system interaction that is being recorded.

The customer is the controller and is responsible for the relationship with the data subjects (meaning the actual persons whose data is being processed) and for respecting the applicable legislation. The customer must take all the appropriate legal measures in order to ensure that data subjects are duly notified about the data capturing and processing initiative.

Informing data subjects is the responsibility of the customer as UiPath has no technical possibility of identifying or taking consent from data subjects.

The following measures have been implemented in order to assure the privacy of the data:

  • The sent data is being encrypted both in transit and at rest.
  • The users have the possibility of pausing at any time during the recording. The pause time is limited to a maximum of 1 hour still the pause instances are not limited.
  • The Admins and the Users can define only applications they want to be captured in the recording.

Personally identifiable information (PII) data is masked automatically during the processing stage. Refer to the official Microsoft documentation on Personally Identifiable Information (PII) detection in Azure Cognitive Service for more information on PII masking.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.