Privacy policy

1. PREAMBLE

UiPath Foundation is a non-profit organisation established by UiPath Romania, which aims to to empower underprivileged children to reach their potential. The main purpose of the Foundation is to ease the equal and non-discriminatory access to learning opportunities for all children who live in disadvantaged families. In order to achieve such purpose, the Foundation organises various educational activities for children in partnership with other non-profit organizations, for the purpose of acquiring the skills and tools necessary to cope with the challenges of the 21st century.

In order to meet our goal, we collect and use personal data of natural persons as essential part of our activities and events.

This privacy policy sets forth the way in which UiPath Foundation collects and uses your personal data. Confidentiality is one of the main commitments of UiPath Foundation. Therefore, your personal data shall be processed in accordance with the principles set forth in the data protection legislation applicable in Romania, including (EU) Regulation no. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

2. WHAT DO WE UNDERSTAND BY PERSONAL DATA?

Personal data is information on a natural person that may be used to identify the concerned person, like: first name, last name, email address, telephone number, username on social media, location data or corporate positions. This means that when you use our website or participate in UiPath Foundation initiatives we collect certain information about you (hereinafter referred to as “personal data”) that can directly (name, email address) or indirectly (IP address or another online identification element) identify you.

3. WHAT KIND OF PERSONAL DATA DO WE PROCESS AND WHY?

The personal data we process and also the purposes and legal grounds of processing shall differ depending on your relationship with UiPath Foundation:

• If you are a member of an UiPath Foundation partner organisation:

We process the relevant data (first name, last name, email address, telephone number, position, signature) in order to conclude and enforce the contract signed with you. In this case, the legal ground for data processing is the partnership agreement.

We use your contract data (name, position, email address, telephone number, address) in order to provide you with news, event invitations, information on the activity of the Foundation.

In this case, we rely on the legitimate interest to maintain a sustainable and collaborative relationship with our partners.

• If you are a volunteer for UiPath Foundation:

UiPath Foundation processes your relevant personal data (first name, last name, telephone number, email address, signature) in order to maintain our contractual relationship which supports our activity.  In this case, UiPath Foundation relies on the enforcement of the volunteering contract as a ground for processing.

• If you are an UiPath Foundation donor:

UiPath Foundation processes your personal data (first name, last name, email address, telephone number, address, IBAN account, donated amount) in order to process donations. In this case, UiPath Foundation relies on the enforcement of the donation contract as a legal ground for processing.

• If you are the beneficiary of one of our projects:

In order to conclude and enforce the grant contract, UiPath Foundation process the relevant personal data: first name and last name of the Beneficiary and legal representative, address, telephone number, email address, age, gender, marital status, nationality, ethnicity (if applicable), data on family situation, date and place of birth, ID series and number, and also its issuing date, personal numerical code, picture (photo and film/video), voice, expressed opinions, data on financial and academic status, skills demonstrated during the activities of the Educational Program, psychological features established based on tests, data contained in school documents and reports or data contained in documents provided by and/or obtained from public institutions and/or authorities.

In this case, the legal ground for data processing is the concerned contract. 

Considering our purpose, UiPath Foundation also processes the personal data of their children and families, as they are the final beneficiaries of our activity and educational programs.

The personal data of minors are processed with the consent of their parents. Children are informed with regard to the data that are collected about them and processed only for the purpose and within the limits necessary to enforce the contracts.

• If you participate in our events:

In order to register for our events, we process your personal data, like: first name, last name, email address, telephone number, location, social media accounts, position, company, voice, photo, based on your participation consent and on the acceptance of the terms and conditions afferent to the event.

In this case, the legal ground for data processing is your consent.

In order to transfer your contact information to our partners or sponsors from our events (if applicable), we process your name, personal email address and business email address based on your consent.

UiPath Foundation implements the Educational Program in partnership with partner organisations, the educational establishment which you are enrolled at and with media partners. They shall be provided with your personal data in order to be used exclusively for the purpose of implementing the Educational Program.

The personal data which we transfer to our partners are limited to minimum personal information necessary to implement and promote the Educational Program, and we request them not to use personal data for any other purpose. We use our best endeavours to ensure that all the entities which we work with safely and securely store your personal data. Such partners are, in turn, data controllers.

Other partners are, in turn, data controllers, like Facebook, Instagram, YouTube, LinkedIn, Pinterest.

Other third parties which UiPath Foundation turns to do not have the role of processing data, but they may have access to such data in order to fulfil the tasks or during their interactions with UiPath Foundation, like the companies which provide technical maintenance, financial or legal auditors.

Your personal data may be made available or provided to third parties also for the purpose of complying with a legal obligation or of protecting the rights and assets of UiPath Foundation or of other entities or persons, like public authorities, institutions habilitated to perform inspections and controls, legal courts, notaries public, bailiffs, if applicable.

In order to organise such events, in certain situations, we resort to the services of third parties, which are data controllers on our behalf or they themselves are data controllers. When you register for our events, please, check out their privacy policies.

• If you visit our website:

In order to monitor the traffic and improve the content of our website, we process the information on our browser, on the device used, IP address and the experience of the user on our website, based on your consent.

In order to be able to manage your requests to UiPath Foundation by using our contact forms, we shall retain your name, email address, telephone number so that we provide satisfactory answers to your questions.

• If you apply for a job at UiPath Foundation:

We may process your name, surname, email, CV data, work experience, education, LinkedIn profile and other information included in your application, based on your consent, for the purpose of processing your job application (recruitment and selection).

For the purpose of meeting our own security and child safeguarding obligations, based on our legitimate interest, with your acknowledgement and in accordance with our internal policies, if you are selected to work at UiPath Foundation, we may perform background checks, as permitted by the local applicable laws, with a third party vendor. For this purpose, UiPath Foundation processes your name, surname, information from previous employers, information from previous schools and information from public registries, as applicable for the role you will perform at UiPath Foundation.

• Notification 

Irrespective of your relationship with UiPath Foundation, we process your personal data in order to inform you with regard to our events, news, reports or to request feedback from you. In this case, processing takes place based on your express consent. In case you want to withdraw your consent, you have the possibility to use the “unsubscribe” option made available in each notification that you receive from us.

4. TO WHOM WE DISCLOSE YOUR PERSONAL DATA?

In accordance with the purposes described in this Policy, we use the services of different contractors, especially of digital service providers. Such contractors process specific categories of personal data on our behalf in order to help us organise the events, manage information and contracts, store data, review and organise the necessary data. With each of the contractors we have concluded contractual agreements which guarantee to us that the personal data are protected and processing of such data is limited to the minimum period necessary to supply the contracted services. We ensure that the concerned contractors do not process your data for purposes other than those we have agreed upon.

We use our best endeavours to ensure that the entities with which we collaborate store your personal data in safe locations and implement proper security measures.

Some of the contractors are third parties which do not intend to process personal data, but they have access to such data as a result of complying with their obligations or of interacting with us, like, maintenance service providers, financial auditors or legal advisors.

Moreover, we may provide personal data to third parties in the following situations:

• to public authorities, auditors, institutions competent to carry out inspections at UiPath Foundation, which may request us to provide them with information according to the legal obligations. Such authorities or public institutions may be authorities competent in the field of data protection.
• in order to comply with a legal provision or to protect the rights and assets of UiPath Foundation or the decisions of other entities or persons, like, law courts.

5. DO WE TRANSFER YOUR PERSONAL DATA ABROAD?

In the context of meeting the goals provided in this Policy, your personal data may be transferred abroad to states from the European Union (hereinafter referred to as “EU”), European Economic Area (hereinafter referred to as “EEA”) or third parties. Any transfer made by UiPath Foundation shall comply with the valid legal requirements stipulated by the European legislation on data protection. With regard to data transfers to third parties, we ensure that there are adequate guarantees to keep the data safe.

A personal data transfer abroad is not currently expected. This kind of situation could occur for the purpose of promoting the activity of UiPath Foundation in presentations / conferences / meetings on topics of interest for UiPath Foundation, a case in which the provided data shall be limited to what is strictly necessary. Data may be transferred with the territory of or outside the European Economic Area for purposes similar to the above mentioned ones, only based on the prior consent expressed by the concerned person. Any transfer made by UiPath Foundation to a member state of the European Union or European Economic Area shall comply with the legal requirements provided in the General Regulation no. 2016/679 on data protection adopted by the European Parliament. Any transfer by UiPath Foundation outside the Economic European Area shall be made only by entities which comply with similar applicable data protection standards or based on a commitment of such entities in this respect.

6. FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We shall keep your personal data only for the period of time necessary to reach the goals described in this Policy, and in accordance with the legal provisions, contractual obligations or relevant policies.

We shall ensure that we shall not keep excessive or irrelevant data, like data that are not updated. Moreover, we shall constantly revise the time periods for which different categories of data that we process are kept.

After the expiry of the processing period and only after UiPath Foundation no longer has legal grounds or legitimate reasons to process your personal data, the data shall be deleted in accordance with its procedures, a fact that could imply archiving, anonymization or destruction of such data.

In case of a contractual relationship between UiPath Foundation and you, your personal data shall be kept for three years as of the termination of the contractual relationship, except as otherwise provided by the law.

In case of collecting personal data for recruitment purposes, they shall be kept for two years as of the date they are provided.

In case of collecting data for notification purposes, they shall be kept until you choose to no longer be contacted by UiPath Foundation, by using the unsubscribe option from our notifications.

If your personal data were collected as a result of your registration and participation in an event organised by the Foundation, they shall be kept for two years as of their collection.

7. PROCESSING PERSONAL DATA BELONGING TO CHILDREN 

The personal data of minors are processed with the consent of their parents (under 16 years old). Minors are informed with regard to the data that are collected about them and processed only for the purpose and within the limits necessary to enforce the contracts.

8. WHICH ARE YOUR RIGHTS?

When we process personal data, it is important to know that you have the following rights:

• Right of access to personal data which we process in relation to you: you have the right to obtain a confirmation whether or not we process your personal data and, if we do, you have the right to access the type of personal data and the processing conditions by submitting to us an application in this respect;

• Right to request rectification or deletion of personal data: you have the right to request the rectification of inaccurate or incomplete personal data that we hold about you or the deletion of personal data in case that:

• the data are no longer necessary for the initial purpose (and there is no other legitimate purpose);
• we initially process your data based on your consent, and you withdraw your consent and, therefore, there is no plausible reason;
• you object and we have no serious reason to continue processing;
• the data were illegally processed;
• deletion is necessary to comply with EU legislation or valid Romanian legislation, or
• the data were collected from children.

• Right to request the restriction of processing: you have the right to request the restriction of processing in the following cases:
• you consider that personal data are inaccurate and only for a period which to allow us to verify the accuracy of the provided personal data;
• processing is illegal, but you do not want for us to delete your data, but only to restrict their use;
• we no longer need your data for the purposes listed in this Policy, but you request the data in order to establish and exercise a right or to defend in case of a legal claim, or
• you opposed processing while expecting verification even though our legitimate reasons prevail;

• Right to withdraw your consent for processing, when processing is based on your consent, without affecting the legality of processing done until that moment;

• Right to oppose data processing because of reasons related to your particular situation, when processing is based on a legitimate interest, and to oppose at any time data processing for marketing purposes, including account creation;

• Right of not being subject to a decision exclusively based on automatic processing, including profiling, which causes legal effects on you and similarly affects you to a significant extent;

• Right of data portability, meaning the right to receive the personal data that you have provided us in an usual structured format that can be automatically read (computer), and the right to transfer such data to another operator, if processing is based on your consent, or on the enforcement of a contract, and it is carried out by automatic means;

• Right to lodge a complaint with Data Protection Authority (ANSPDCP) and the right to address the competent law courts.

You may exercise your rights at any time.

For questions regarding your rights, you can contact us at privacy@uipathfoundation.com. Also, in case you want to withdraw your consent granted for direct marketing purposes, you have the possibility to use the “unsubscribe” option made available in each marketing notification.

9. MODIFICATION OF THIS PRIVACY POLICY

This Privacy Policy may be amended and updated on a regular basis, if necessary. We shall notify any amendment to this Privacy Policy and we shall guarantee you that the notification is prepared so that you can confirm, for example, by using the email address that you have provided to us or any other adequate means which ensure an efficient communication. If you do not agree with the modifications, do not hesitate to contact us at privacy@uipathfoundation.com.

10. HOW CAN YOU CONTACT US FOR QUESTIONS REGARDING CONFIDENTIALITY?

You can ask any question regarding this document by using the following contact data: privacy@uipathfoundation.com.