UiPath breaking GDPR (UiBank)

UiBank “demo” is pretty big garbage, there is no option to delete account, change account, remove “test” data, once you done with it or if you want “reset” because your robot made mistakes (e.g. created accounts with same name, because the bank “allows” it).

I made an account, I had some error in my robot while testing, so it opened more accounts than I’d like to see, thereis no way to restart/delete.

Also, When I registered they asked for my email address, now they have it for forever? (Breaking GDPR).

I cannot do anyting about it, there is no even a proper contact information so you can just come here to the forum to complain.

UiPath website doesn’t even a normal contact number/email/form to do a complain, if you try contact they let you contact tech support, or sales, or whatever, but to progress you will need license number and stuff like that, so dead end.

hi @Robert_Lovasz ,

First of all, I’m sorry for your experience. We developed UiBank to offer our learners an easy practice environment with UiPath Test Suite. We’re currently considering discontinuing it due to its high maintenance effort.

From your message, I get that you would like some data to be removed. Please write in this thread the users you want the corresponding data removed, and we will process it.

Let me know if there’s anything else that we can support you with.

Hello @RZVP , i’m trying to create an account for learning purposes but the verification email will not work. could you please assist?

nevermind, figured it out. turns our your SSL cert is expired, so i just did http instead of https and it verified. probably something you want to look into!

Thanks @Andrew_Su ! We will check and solve.

I don’t want you to remove data by requesting it on forum. It is private stuff, so I will not discuss it on forum what I want.

Also a support/contact option would be nice that doesn’t force you to spend thousands of $ on licenses.
This behaviour I really hate from companies when you want to send a question/issue and the first thing they ask is your account number/license etc. I DONT have one, and I am not going to buy a license just to send my complaint about you breaking GDPR.

Just stop breaking the law, and fix your UiBank, or take it down. I could fix it if I had access in a few hours. It’s not a huge programming task to add a function to delete a user in a database.

You are not serious you want me to write the data I want removed on an OPEN FORUM?

First of all , I complained about breaking GDPR, and now you trying to do it again asking me to share my information on a forum… Is this some joke?

Create a proper support/contact.

Hi @Robert_Lovasz ,

I apologize for asking you to send your account name in this thread, which is not the way to go.

As you can see from the Ui icon, I am a UiPath employee, so you can write to me in private on the Forum. Alternatively, you can write an email to razvan.petria@uipath.com or to dpo@uipath.com to request the deletion of data. The account self-delete option is not a GDPR provision. GDPR refers to the obligation of a company to follow the request for removing personal data; in this case email address and IP. If you want that data removed, please use the safe channels above and we will do it as soon as possible.

UI Bank is meant to be a free environment to experiment the features and capabilities of our product and it serves the purpose well enough for most of our learners. Again, I’m sorry that it’s not the case for you and I’d be happy to assist with removing the data you are referring to.

With respect, that doesn’t mean you aren’t breaching GDPR. You have given this user no reasonable way to request that deletion until now and they did their best via the forum. That was 3 months ago. According to GDPR you should respond to requests to delete data after 30 days. Now this cannot be considered a proper request since the specific details were not in it but considering it took over 2 months between replies from you it doesn’t suggest these GDPR concerns are being taken seriously.

I’d suggest you raise this with your data protection officer and ask them to take over. This should be addressed properly and if I think they need to take charge of it before it gets uglier. I can fully understand the posters frustration here.

1 Like

@Jon_Smith the user posted on December 4 and I answered on January 4. My answer was far from perfect, yet I was here on the thread from that moment on. I answered right away the next time the user posted, just as I am with you now. Our Privacy Policy clearly states that data removal requests can be sent to privacy@uipath.com on top of dpo@uipath.com, which is a mandatory address for all companies subject to GDPR.

I can assure you that we are processing all the data removal requests in less than 30 days when these requests are clear.

I’m not sure what your point about when you posted was since it was 31 days after the user asked for help. My point was more even after offering and him replying it took two months for another follow up.

Its all well and good now you indicating the correct emails to contact, including your DPO, but my point was that you were seeming to get defensive about GDPR, indicating nothing wrong had been done and I am saying, I respectfully disagree and feel this was not handled in line with GDPR guidelines since very little effort was made to help the user report, especially with the silly suggestion to post the details in the forum.

Had the initial response been to direct him to the privacy site I’d agree. But it shouldn’t take 3 months to get that info, there are no links to that on UiBank etc so its unreasonable to expect him to seek that out.

1 Like

Thats not how the law works… its like when you send spam mails and you put a link to the bottom “unsubscribe here” … No. First of all you need the person’s permission to get him subscribed. It’s not working the other way.

You allowed me to register but there is no unregister option. That is unlawful, you are keeping my data without giving me option to ask for removal. I’m not gonna discuss my email address that I want to be removed on a forum. My email is private information. (and my only option is ask on the forum? why don’t you have a support email, contact email listed anywhere? I guess because you would get a lots of complaints)

UiBank has to be fixed. Or removed.

I can’t accept any answer here, because there was good answer.

Also, your company “Privacy” rules. Do not override the law. The GDPR says you can keep personal data you for reasonable time, with fair use.
}You have to keep it only as long as it is required.
And you need to provide a way to the person to REQUEST their on data, also a way to REMOVE it from your database. This is what GDPR (the law) says.
You need to provide a way. Support email, phone number, web form or letter, any contact.

An open forum is not the way to handle personal data. “Hey tell me your name/email I delete you” … that’s not the proper way.

And I also wouldn’t even like to just DM/PM someone on this forum my private data (even if he has big “admin” logo next to his name), that’s not the way it should work.

@Robert_Lovasz please use the email addresses stated in my previous message to indicate the data you want removed. These addresses are listed in our Privacy Policy, which is the policy you agree to comply when signing up for an Academy account.

Oh by the way, at registration you asking about age, sex, employment status and all kind of extra information that is 100% irrelevant to the function of the page, a developer practicing RPA…

Just by this, It feels like unfair use of data. Also, even if it was ‘fair’ (which is not) to you to keep for example information about my marital status or number of dependents.
(yes I know probably and everyone just “should” put fake data in there, but it’s not stated anywhere)

I just spotted that you say on the bottom:

‘we’ll never share your email with anyone else.’.

After how I see you guys handle information, I don’t even think I can trust this statement, and if I did trust that statement about ‘not sharing your email’, does that mean you share the rest of the data?

Also, GDPR requires you should provide a way for us to be able to update data (not just request new password if you lost it), by law you need to keep the all data updated, that is also your responsibility, you supposed to do something about it, say asked to change password time to time, update your profile time to time… etc. as it is reasonable

The whole website looks like some1 studied a bit html/mysql maybe some css and then put together a practice website in for fun in like 1 weekend… without worrying about anything… :smile:

Again, you are showing your misunderstanding of GDPR and the topic at hand. I strongly urge you to stop replying and get your DPO to take over on this topic. This person has legit grounds for legal recourse against UiPath and your comments are making his case much easier to win. Most people don’t understand GDPR but if you work in government and/or know people who work as privacy lawyers the issues here are glaring. UiPath is breaking the law with that site.

Firstly, addressing the privacy policy on the forum. Thats completely irrelevant. The user is not complaining of data on the forum, they complain of the data on UiBank, this site has no privacy policy on it and is completely disconnected from your forum account, so the user has agreed to no privacy policy on uibank.
Furthermore, as he indicates, your data collection is not in line with the law as he correctly points out you are collecting info you should not as its not needed. Privacy policies do not trump the law, which is good as that prevents companies collecting inappropriate data and defending themselves with a policy.

I realize you perhaps think its ok cause UiPath is so big so it must be correct, but trust me, I had a fight like this last year with a company who was a client of ours that wanted alot of my personal details and I created a stink by refusing. They insisted they were right cause they were big and ‘always did it this way’. The law saw it differently when I pressed the issue.

Please. Get your DPO involved yourself, for your own sake stop replying to this and let someone qualified handle it and correct these issues. That site doesn’t follow GDPR and you should not take responsibility by saying that.

If you compare to your other test site, ACME System 1 - Log In
Someone clearly thought this through better. They linked a privacy policy and don’t collect any personal data, literally just an email address. The UiBank should follow suit.


Whereas this, fields it shouldnt collect and no privacy policy. None on the site.

1 Like

I’m happy someone is on the same page and understands what I am talking about.
Thanks for your reply!

Happy to Robert.
I share your frustration when you try to exercise your data rights and are treated like you are being difficult or the company is not doing anything wrong when they are clearly breaking the law.

So many companies do this then refuse to admit they are wrong without actually checking.

1 Like

I was watching a new private preview and noticed the devs were using UiBank on their demo.
Prompted me to think I should go back and check this, is there an update on this issue? If the GDPR compliance issue is resolved I would be able to use it for demo’s and testing also. Currently its not possible.

Hi @Jon_Smith ! Yes, we are currently working on a patch to address all the issues (several others too). I hope we will push it sometime in June.

1 Like