Privacy policy - last updated on 4 August 2020

Blue Prism takes its data privacy responsibilities seriously. We respect privacy rights and are committed to managing personal data in a professional, lawful and ethical way.

Personal information is information that can be used to identify an individual either directly or indirectly. This privacy policy explains the types of personal information we process about our business contacts (including visitors to our websites, prospects, customers, partners and service providers), how we use it and the rights that individuals have. It applies to our activities involving personal information about our business contacts, including personal information we collect via our websites and personal information we collect, use and create as part of running and growing the Blue Prism business. In certain circumstances, we may provide additional information to supplement this privacy policy (e.g. at the point of collecting information from you or otherwise interacting with you). For more information in relation to any specific sections in this privacy policy, please click on the relevant links below.

If you have any queries regarding this privacy policy or our use of personal information, please contact [email protected].

What personal information do we have and who provides it?

We collect personal information directly from you/individuals, including the type of information included in work email footers and on business cards (e.g. name, work email address, job information, work phone number and work address collected when you get in touch with us, download a document or register for an account) and technical information arising from your interactions with our websites.

We use publicly available information and service providers to provide us with business contact details for businesses and people that we think may be interested in our solutions (“prospects”). We also obtain business contact details from Blue Prism affiliates, customers, partners, service providers and those organising or hosting events that we participate in. 

The categories of personal information that we have and the sources of that information are summarized below.

Categories of personal information Examples of personal information in this category Who may provide the personal information to us (categories of sources)?

Business contact details (including professional or employment-related information)

Name, email address, job information, organisation, phone number and address
  • You/individual
  • Organisation/group/network or academic institution you have a role with (e.g. a customer, partner or supplier)
  • Blue Prism affiliates
  • Partners (e.g. distribution partners and/or technology partners providing information about customers and prospects)
  • Customers
  • Event organisers/hosts (e.g. about people attending an event Blue Prism is involved with)
  • Service providers including business to business lead generation service providers (e.g. business contact information for prospects and customers)
  • Publicly available information (e.g. from internet searches and social networks)
Online and other identifiers Username, unique account/user identifier
  • You/individual
  • Created by us (e.g. unique identifier generated when you register for an account)
Images, videos, audio files Photograph voluntarily uploaded to Blue Prism account profile, video conferencing and recording, filming and photography at events
  • You/individual

Interests, activity and preference details

Registrations for events, downloads of content, information about interaction with our websites, solutions or adverts, query logs, usage logs and inferences drawn from this information to determine interest in our solutions.
  • You/individual (e.g. by interacting with Blue Prism websites, communications, solutions)
  • Blue Prism affiliates
  • Event organisers/hosts (e.g. about people attending an event Blue Prism is involved with)
  • Advertising and social networks (e.g. LinkedIn) and marketing agencies
  • Publicly available information (e.g. from internet searches)

Customer relationship management information, commercial and contractual details

Records of business contacts that purchase or are interested in our solutions, billing/payment contacts and details (we do not collect or process credit or debit card details), contract signatories
  • You/individual
  • Organisation/group/network you have a role with (e.g. a customer, partner or supplier)
  • Our payment processing service providers. See “Digital Exchange purchases” section for more information.

Correspondence and content

Any personal information included in communications with us (including audio, electronic, and visual information) and content on websites and forums (e.g. feedback, ideas, suggestions, or commentary on websites and forums provided by us)
  • You/individual
  • Users of the online services

Training and certification details

Training issued, date issued, progress, performance completion date, qualifications / certifications achieved
  • You/individual
Survey, feedback and customer satisfaction details Feedback, ratings, survey responses
  • You/individual directly
  • Organisation/group/network or academic institution you have a role with (e.g. a customer, partner or supplier)
  • Partners
  • Customers
  • Training participants

Internet, device and technical details

IP address, device model, the type of browser being used
  • You/individual

Security and log-in details

Username, password, security questions, security logs
  • You/individual

When collecting personal information via forms on our website, we indicate whether it is mandatory for you to provide the information. If it is mandatory to provide personal information (e.g. to register for an account or obtain access to restricted content), you will not be able to complete the request or access the information unless you provide the information to us.

How do we use personal information?

Our vision is “A Digital Workforce for Every Enterprise” and we use personal information to help us work towards that vision. As you would expect, this involves using personal information to grow robotic process automation, digital workforce adoption and our business (e.g. by raising awareness of robotic process automation and complimentary technologies by running and participating in events, looking for and winning new customers, strengthening our relationship with existing customers and partners and raising awareness about our solutions). We also need to use personal information to run our business and this includes, providing our solutions, training and customer support and looking for ways to develop and improve (e.g. by analysing data, asking for and acting on feedback). 

More details about our reasons for collecting, creating and using personal information (i.e. the purposes for which we do so) and legal basis for our activities are described in the table below.

Purpose Activity Legal basis

To grow the Blue Prism business

Researching prospects using publicly available information (e.g. from internet searches and social networks) and information obtained from service providers (e.g. business to business lead generation service providers)

Legitimate interest to grow the Blue Prism business

Marketing to business contacts, mostly via email and telephone calls Legitimate interest to grow the Blue Prism business or consent if it is required

Running and participating in events, including webinars, podcasts, in person events and trade shows and other activities, such as advertising, to promote and raise awareness of Blue Prism and robotic process automation

Legitimate interest to grow the Blue Prism business

Maintaining and developing our relationship with business contacts and communicating regarding potentially relevant opportunities

Legitimate interest to grow the Blue Prism business

Carrying out surveys and asking for feedback

Legitimate interest to grow the Blue Prism business

Improving and developing new websites, content, training and solutions. Where proportionate, we take steps to de-identify data before using it for these purposes and look for ways to minimize the privacy impact on individuals

Legitimate interest to grow the Blue Prism business or, for cookies, consent if it is required
To run the Blue Prism business Negotiation and performance of contracts, including providing our solutions, support and maintenance and billing and invoicing

Legitimate interest to run the Blue Prism business

Sending service and transactional communications and responding to inquiries and requests

Legitimate interest to run the Blue Prism business

Management forecasting and planning, including analysis of sales pipeline

Legitimate interest to run the Blue Prism business

Providing training, exams and/or certifications and related support and mentoring

Contract and legitimate interest to run the Blue Prism business
Preventing, detecting and remediating any security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and taking action, as appropriate, against those responsible Legitimate interest to run the Blue Prism business

Providing our websites, related support and maintenance (e.g. debugging software to identify and repair errors that impair functionality)

Legitimate interest to run the Blue Prism business

Monitoring and auditing (e.g. to assess and verify quality of our solutions and training, compliance with applicable laws, regulations, contractual obligations, policies and procedures)

Legal obligation or legitimate interest to run the Blue Prism business

Complying with legal, tax, accounting, and other regulatory or reporting obligations

Legal obligation or legitimate interest to run the Blue Prism business

To assert or defend against legal claims or to enable us to enforce or exercise our rights

Legitimate interest to run the Blue Prism business
Other business activities involving processing of personal information in order to run the Blue Prism business (e.g. obtaining professional advice) Legitimate interest to run the Blue Prism business

Who do we share personal information with?

We share personal information with our affiliates, customers, partners, event sponsors and organisers, service providers (including IT providers, auditors and professional advisers) as part of running and growing our business. If a regulator, government or law enforcement authority asks for personal information, we will provide the information that we are legally required or permitted to provide. We do not sell personal information.

The table below includes information about the categories of recipients (which may include third parties) that may receive personal information from us and the categories of personal information they may receive.

Category of recipient/third party Categories of personal information we may share

Blue Prism affiliates

  • Business contact details
  • Online and other identifiers
  • Interests, activity and preference details
  • Customer relationship management information, commercial and contractual details
  • Correspondence and content
  • Training and certification details
  • Survey, feedback and customer satisfaction details
  • Internet, device and technical details
  • Security and log-in details
Organisation/group/network or academic institution you have a role with and/or their related entities/bodies.
  • Business contact details
  • Interests, activity and preference details
  • Customer relationship management information, commercial and contractual details
  • Correspondence and content
  • Training and certification details
  • Survey, feedback and customer satisfaction details

Customers

  • Business contact details
  • Customer relationship management information, commercial and contractual details
  • Correspondence and content
  • Training and certification details
  • Survey, feedback and customer satisfaction details

Partners

  • Business contact details
  • Customer relationship management information, commercial and contractual details
  • Correspondence and content
  • Training and certification details
  • Survey, feedback and customer satisfaction details

Digital Exchange asset providers

  • Business contact details
  • Customer relationship management information, commercial and contractual details
  • Interests, activity and preference details

Users of the online services

  • Business contact details
  • Correspondence and content
Regulators, government, law enforcement authorities, courts or other third party to assert or defend against legal claims or to enable us to enforce or exercise our rights Any of the categories of personal information included in the section “What personal information do we have and who provides it?” may be shared in order to respond to a request or to assert or defend against legal claims or to enable us to enforce or exercise our rights

Service providers, including:

  • Auditors
  • Cloud, IT and SaaS providers
  • Consultants
  • Event organisers
  • Banks
  • Insurers
  • Professional advisers
  • Business contact details
  • Online and other identifiers
  • Interests, activity and preference details
  • Customer relationship management information, commercial and contractual details
  • Correspondence and content
  • Training and certification details
  • Survey, feedback and customer satisfaction details
  • Internet, device and technical details
  • Security and log-in details

Event sponsors (e.g. information about people attending the event being sponsored)

  • Business contact details
  • Correspondence and content
  • Interests, activity and preference details
  • Survey, feedback and customer satisfaction details

Third parties described in our Cookies Policy, including advertising and social networks

  • Online and other identifiers
  • Interests, activity and preference details
  • Internet, device and technical details

See our Cookies Policy for more details.

Third parties in connection with corporate transactions relating to our business (e.g. potential transaction counterparties, their agents and advisers)

Any of the categories of personal information included in the section “What personal information do we have and who provides it?” may be shared as reasonably necessary in relation to a proposed purchase, merger or acquisition of any part of our business subject to confidentiality obligations and limits on the use of the personal information for the purposes of the transaction.

Other category of recipient/third party included in a separate privacy notice provided to you covering a specific activity

Any of the categories of personal information included in the section “What personal information do we have and who provides it?” may be shared as described in the separate privacy notice provided.

Which countries is personal information transferred to?

As a global business, we operate worldwide and transfer and store personal information overseas in countries that may have data privacy laws that differ from the laws in your country. All Blue Prism affiliates have access to personal information in order to run and grow the Blue Prism business, such as business contact details and customer relationship management information. When transferring personal data overseas, we make sure there are necessary safeguards in place where required, such as contractual commitments (e.g. the European Commission’s Standard Contractual Clauses for transfers to non-UK or EEA organisations, Privacy Shield certifications (find out more about Blue Prism’s certification in the “Privacy Shield” section) or Binding Corporate Rules.

If you have questions or need further information about international data transfers, please email [email protected].

Privacy Shield

Notice of certification - Blue Prism complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU) and the United Kingdom (UK) and/or Switzerland, as applicable to the United States in reliance on Privacy Shield. Blue Prism has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Scope - This Privacy Shield section of this privacy policy applies to all personal information received or processed by Blue Prism entities in the United States (Blue Prism Software, Inc. and Blue Prism Cloud, Inc.) from the EU, UK and/or Switzerland, in any format, including electronic, paper or verbal.

Blue Prism is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Compelled Disclosure - Blue Prism may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Complaints - In compliance with the Privacy Shield Principles, Blue Prism commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with enquiries or complaints regarding our Privacy Shield policy should first contact Blue Prism at: [email protected]. Blue Prism will respond within 28 days.

Dispute Resolution - If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, Blue Prism has committed to refer unresolved Privacy Shield complaints to JAMS (Judicial Arbitration and Mediation Services, Inc), an alternative dispute resolution provider located in the United States. In either of those cases, please contact or visit www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS (Judicial Arbitration and Mediation Services, Inc) are provided at no cost to you.

Arbitration - For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration before the Privacy Shield Panel as detailed in the Principles. If neither Blue Prism nor our dispute resolution provider resolves your complaint, as a last resort and in limited situations, EU, UK and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

How long do we keep personal information?

We keep personal data for as long as is necessary to:

When determining the retention period for personal information, we consider the applicable legal, tax, accounting, and other regulatory or reporting requirements, the purposes for which we process the personal information, the type of personal information and the potential risk of harm from unauthorized use or disclosure.

If you ask us to delete personal information, object to our processing based on legitimate interests or withdraw consent, where our use of personal information is based on consent, we will delete personal information as appropriate in response to your request. Please see the section “What personal information rights may be available?” for more information.

Where we de-identify personal information so it is no longer reasonably likely to identify an individual (e.g. in order to use it to analyse, improve and develop our business and solutions) we may keep the information indefinitely.

If you would like to find out more about our retention periods for specific categories of personal information please email [email protected].

What personal information rights may be available?

You have certain rights to know and control how information about you is collected and used. You can also complain about how your personal information has been handled by us. You will not receive discriminatory treatment if you exercise your rights or raise a concern. We prefer that you let us know about a concern so that we can look into it for you. 

Information about the rights that may be available when an organisation processes personal information is set out below.

When processing customer data in the course of providing our solutions (e.g. Blue Prism Cloud), Blue Prism acts on the instructions provided by its customer. If you would like to know more about a customer’s processing of personal information using Blue Prism solutions, please contact the relevant customer directly. For any questions or concerns about our privacy practices or to submit a request to us, please email [email protected] or follow any specific instructions below.

Before we provide you with information or delete information in response to a request, we will ask you to provide evidence of your identity so that we can verify that it is a genuine request (e.g. a recognized identification document or information about your account). An authorized agent can make a request to exercise your rights on your behalf by submitting a request to [email protected] with a signed authorization, which we may contact you to verify.

Cookies

Any website you visit may store on or retrieve information from your browser, mostly by using cookies. This information might be about your device, activities or preferences and is mostly used to make the site work effectively. The information does not usually directly identify you, but it can give you a more tailored experience. For information about the cookies we use or to manage your cookies please go to our Cookies Policy.

Digital Exchange purchases

If you use the Digital Exchange to make purchases, the following privacy terms apply in respect of your payment.

Blue Prism does not collect or process your credit or debit card details. Instead, these details are collected and processed directly by our payment processing service provider, currently Stripe Payments Europe, Ltd (“Stripe”). For more information about how Stripe processes your personal information please see Stripe's privacy policy.

Stripe may periodically provide us with basic information regarding payments made via the Digital Exchange in order to assist Blue Prism to provide its solutions to you, and to facilitate us in reconciling our accounts.

We will never be able to access your credit or debit card information, however in some instances we may access basic information about your account activity held by Stripe so that we can effectively administer our service to you, and for the purposes of account reconciliation, including invoicing, payments, refunds, and the resolution of any conflicts between us that may occur.

Contact us

You can contact us about privacy matters by emailing [email protected].

Blue Prism Limited (registered in England & Wales under company number 04260035) registered office 2 Cinnamon Park Crab Lane Warrington WA2 0XP, UK is the data controller of your personal information, although it may have been initially collected by affiliate, by a partner, customer or another organisation as explained in the section on “What personal information do we have and who provides it?”.

Automation you can bank on…

Intelligent automation is grown-up, governed, enterprise-ready, people-first automation that’s smart, secure, scalable and way more successful than desktop task-bots.

©2020 Blue Prism Limited. “Blue Prism”, the “Blue Prism” logo and Prism device are either trademarks or registered trademarks of Blue Prism Limited and its affiliates. All Rights Reserved.