Privacy Policy

The following statement explains Blue Prisms' policy regarding the personal information we collect about you.

Blue Prism Privacy Policy – updated July 2019

Blue Prism takes its data privacy responsibilities seriously. This privacy policy explains what personal information Blue Prism collects on visitors to our website, customers, partners, vendors and marketing contacts, and how we use it.

If you have any queries regarding this privacy policy or our use of your information, please contact privacy@blueprism.com.

Blue Prism Limited (registered in England & Wales under company number 04260035) is the data controller of your personal information, although it may have been initially collected by a subsidiary of Blue Prism Limited based in another country or by a partner organisation.

What personal information does Blue Prism have?

The personal information we collect from you may include your name, email address, job information, phone number, address and cookie information. Personal information can be collected through use of our service, sales inquiries, marketing events and downloads, use of the Blue Prism websites and the Blue Prism portal and from third parties.

How is my personal information used?

If you are a customer or a partner your personal information will be used for contract management, sales administration, Blue Prism portal access and product updates. We will also use your personal information to respond to your product support requests. This will allow us to fulfil our contractual obligations owed to you and to support our business relationship with you, without such information we will not be able to provide our service to you.

If you are a Blue Prism Digital Exchange user your personal information will be used to provide you with the Digital Exchange asset(s) you have accessed and relevant updates and information. We may also pass on your personal information to the asset provider for the same purpose.

We may also use your personal information for marketing purposes if we have your consent or a legitimate interest in doing so. We may, from time to time, contact you to keep you informed about our products and services, special offers, events or our partners’ products and services. You can unsubscribe from marketing emails at any time. We may also pass your personal information to the Digital Exchange asset providers for the assets that you have accessed for marketing purposes if you have given your express consent.

If you provide us with your personal information using one of our website forms we will hold this information to track if you visit the Blue Prism website again, and to follow up with you if you request Blue Prism to do so. We may also collect information about the use of the Blue Prism website such as the types of information accessed and how many users we receive daily. Blue Prism may use this data for statistical analysis, marketing, or similar promotional purposes. Please see the Cookies policy for more details.

Is my personal information shared with third parties?

We may share your personal information with other Blue Prism companies. Details of Blue Prism companies can be found on our website homepage. Where another Blue Prism company processes your information the same principles of this policy will apply.

We may also share your personal information with our suppliers to process your personal information on our behalf and with Digital Exchange asset providers as described above.

We may disclose your personal information to selected third parties we work with for the purposes of running our website or performing transactions through our website and, in the case of e-commerce, for payment processing.

We may disclose your personal information to any other third party where necessary to enable us enforce our legal rights or where such disclosure may be permitted or required by law.

If you would like further information on our suppliers and their privacy policies, please contact us at privacy@blueprism.com

If Blue Prism needs to transfer your personal data to a third party outside of the European Economic Area we will ensure that your personal information is appropriately protected through US Privacy Shield, standard contractual clauses approved by the EU Commission or other means of adequate protection approved by our supervisory authority. We will still be liable for your personal information if it is transferred to a third party, including if the third party uses it incorrectly.

What rights do I have over my personal information?

You have the right to request a copy of the personal information Blue Prism holds about you and to have any inaccuracies corrected. You also have the right to have your personal information removed from our marketing database if you no longer wish to receive marketing communications. You may have a right to restrict or object to the processing of your personal information, to have your personal information deleted, or to exercise a right to data portability under applicable data protection law. Additionally, if we rely on consent to process your personal information, you have a right to withdraw it at any time and free of charge.

Please send your requests to privacy@blueprism.com.

How long will you keep my personal information?

For customers, partners, portal users and vendors, we will keep your personal information for up to six years after your contract with us ends. For marketing contacts, we will keep your personal information for up to one year after the last marketing communication we send to you unless you request for Blue Prism to delete it sooner.

How do I complain about use of my personal information?

If you would like to make a complaint about our use of your personal data please send details of your complaint, including the personal information it relates to, to privacy@blueprism.com. We will investigate your complaint and respond as soon as we can, and no more than one month later. If you are not satisfied with our response you may contact the Information Commissioners Office (www.ico.org.uk) as Blue Prism’s external supervisory body or your local personal data privacy authority.

No spam policy

We maintain a strict ‘No Spam’ policy that means that we do not intend to sell, rent, or otherwise give your personal information to a third-party without your consent except as set out in this policy and unless we are obliged by law to disclose information.

Purchase transaction

In addition, if you use the Digital Exchange to purchase assets the following privacy terms will apply in respect of your payment.

Credit and debit card details

Blue Prism does not collect or process your credit or debit card details. Instead, these details are collected and processed directly by our payment processing service provider, Stripe Payments Europe, Ltd (“Stripe”). For more information about how Stripe processes your personal information please see Stripe's privacy policy.

In accordance with all applicable data protection law, we require Stripe, and all of our partners and vendors to maintain adequate and appropriate levels of security over your personal information.

Stripe may periodically provide us with basic information regarding the payments you've made via the Digital Exchange in order to assist Blue Prism provide our service to you, and to facilitate us in reconciling our accounts.

We will never be able to access your credit or debit card information, however in some instances we may access basic information about your account activity held by Stripe so that we can effectively administer our service to you, and for the purposes of account reconciliation, including invoicing, payments, refunds, and the resolution of any conflicts between us that may occur.

Privacy Shield

Notice of Certification: Blue Prism complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Blue Prism has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

Scope: This Privacy Shield section of the privacy policy applies to all personal information received or processed by Blue Prism in the United States from the EU or Switzerland, in any format, including electronic, paper or verbal.

Blue Prism is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Compelled Disclosure: Blue Prism may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Complaints: In compliance with the Privacy Shield Principles, Blue Prism commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with enquiries or complaints regarding our Privacy Shield policy should first contact Blue Prism at: privacy@blueprism.com Blue Prism will respond within 28 days.

Dispute Resolution: If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, Blue Prism has committed to refer unresolved Privacy Shield complaints to JAMS (Judicial Arbitration and Mediation Services, Inc), an alternative dispute resolution provider located in the United States. In either of those cases, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS (Judicial Arbitration and Mediation Services, Inc) are provided at no cost to you.

Arbitration: For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration before the Privacy Shield Panel as detailed in the Principles. If neither Blue Prism nor our dispute resolution provider resolves your complaint, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

Links to other sites

This privacy policy covers the Blue Prism web site at www.blueprism.com. Other links within this site to other web sites are not covered by this policy. Please check with those sites to determine their privacy policy.

Cookies Policy

What information is collected?

The Blue Prism web site captures personal information to allow us to follow up with you using cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.

Cookie

Purpose

Expiry

_mkto_trk

This cookie used to track page visits and clicks

2 years

_ga

Google Analytics Cookie used to distinguish users

2 years

_gid

Google Analytics Cookie used to distinguish users

24 hours

_gat

Google Analytics Cookie used to throttle request rate

1 minute

_sess[id]

Portal session cookie used to maintain logged in state for users

1 hour

JSESSIONID

This the individual user session ID

Session cookie

dpSessionCookie

This holds the user's email & username (encrypted)

cookie expirations are controlled via the setting dpSessionCookie.maxAgeInSeconds - the default value of this is -1, meaning no expiration

jforum-secure-sso

This holds user's email, forum username OR dpEngine username (if the former is null) and collection of up to two role names indicating if the user has USER_READ_ALL or USER_EDIT_ALL priviliges (encrypted) (used by our forum module)

cookie expirations are controlled via the setting dpSessionCookie.maxAgeInSeconds - the default value of this is -1, meaning no expiration

softslate_login

A session ID (used by softslate, an e-commerce module, you’re not using it.)

Session cookie

sscaltoken

A session ID (used by softslate, an e-commerce module, you’re not using it.)

cookie expirations are controlled via the setting dpSessionCookie.maxAgeInSeconds - the default value of this is -1, meaning no expiration

resource

Enables users to download resources without having to login multiple times.

30 Days

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org.

Close