Unity Educational Products Privacy Notice
Last Updated: February 12, 2021
What’s new as of February, 2021?
Some Helpful Terms
For purposes of this Privacy Notice:
“Educational Product” means educational versions of Unity's game-development software and/or educational software and materials concerning Unity's game-development software provided to a School or to a Student.
“Educational User Data” means information and/or data concerning any Student or their use of any Educational Product.
“Personal Information” means individually identifiable information about a Student; such “Personal Information” does not include information that does not identify an individual or information from which all personally identifiable portions have been removed, aggregated or de-identified.
“School” means any pre-school, elementary, or secondary school or school district, after school program, college, university, academy, or any other educational institution, and includes any teacher or administrative personnel of that School, as relevant.
"School Personnel" means any educator, lecturer, instructor, teacher, faculty, staff, IT administrator, media specialist, lab administrator, or any personnel of the School.
“Student” means any individual who is given access to our Educational Products. "Student" is not inclusive of School Personnel who provide Students with access to our Educational Products.
"Student Plan" means the student version of the "Unity Pro" subscription. Individuals who are currently enrolled in an accredited educational institution are eligible to use the Student Plan. (Age restrictions as determined by GDPR, COPPA and similar regulations apply; e.g., you must be at least 13 in the U.S. and 16 in the EU.)
Scope of this Privacy Notice
How We Collect Educational User Data
From Schools. Schools may provide us with data that contains the School Personnel's name and email address associated with the use of the Educational Product. Depending on the product, School Personnel may provide a Student's full name, email, and/or username generated from Student access to, and use of, our Educational Products
How and Why We Use Educational User Data
Educational User Data will be used for the purpose of making the Educational Products available to Students (either directly or indirectly through a school administrator); to administer use of the Educational Products by Students; and to provide certificates and other documentation concerning Students’ use of the Educational Products. Personal Information shall not be used for any other purposes, unless required by law.
Educational User Data may be used to develop and improve our Educational Products, services, and features made available to Students, to provide product reports to Schools, and to improve Students’ educational experience.
We will not use Personal Information for advertising or marketing purposes.
When and How We Share Educational User Data
We may provide Educational User Data to our affiliates or third parties in the United States and/or other countries who provide services on our behalf solely to deliver and administer the Educational Products.
We may also disclose Educational User Data to comply with a court order, law, or legal process, including any administrative or regulatory request. To the extent feasible and permissible, prior to doing so, we will provide the relevant School with notice of the request so that the School, if it so chooses, may seek a protective order or another remedy.
We may disclose and transfer Educational User Data, including Personal Information, in connection with a merger, acquisition or sale of all, or components, of our business. If such a transaction would affect practices under this Privacy Notice, we will notify Schools of any alternatives that may be available to them with respect to Personal Information.
We may disclose Educational User Data as needed to establish, exercise, or defend against potential, threatened, or actual legal proceedings.
FERPA, COPPA, and Other Laws
Schools or the Educational User Data provided by Schools to us may be subject to the Family Educational Rights and Privacy Act (“FERPA”) in the United States or other laws or regulations. Each School is responsible for determining and implementing its compliance obligations under FERPA and/or other applicable laws.
The Children’s Online Privacy Protection Act (“COPPA”) is a United States federal law that governs the collection and use of certain information from children under 13 years old (“Child” or “Children”). COPPA requires that a privacy notice be given to, and consent received from, parents or legal guardians for the collection, use, and/or disclosure of personal information (as defined by COPPA) collected from Children. However, schools may receive such privacy notice and consent on behalf of parents or legal guardians for collection and use of personal information from Children in the educational context. See https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.
Authorization to Collect Information from or About Students
For Educational User Data provided by Schools, please note we do not collect Personal Information directly from Students, unless we believe that we have the relevant authorization at law to do so, such as by Schools providing consent on behalf of parents or legal guardians where able to do so.
Transfers out of Country of Collection
Unity has implemented and maintains a framework consistent with applicable law for transfers of data outside of the country of collection, including for transfers out of the EEA.
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information. ADDITIONAL INFORMATION REGARDING THE EEA: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Information. You may obtain a copy of these measures by contacting DPO@unity3d.com.
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.
Data Security and Protection
We employ a variety of measures to safeguard the collection, transmission and storage of the Educational User Data we collect. Please note that no system can be guaranteed to be 100% secure. Therefore, while we strive to employ reasonable protections for Educational User Data, we cannot guarantee or warrant the security of the information shared with us and we cannot be responsible for the theft, destruction, loss or inadvertent disclosure of such information.
Our breach incident response plan uses a consistent process that is modeled after those used by industry leading CSIRTs (Computer Security Incident Response Team), as documented by FIRST https://www.first.org/ (Forum of Incident Response and Security Teams) members. We have five phases: watch, alert & mobilize, assess, stabilize & recover, and resolve.
If you would like more information about our current security measures, please contact Unity at firstname.lastname@example.org.
We only accept requests to change such data from a School Personnel. If you are a School Personnel, please contact DPO@unity3d.com.
Changes to this Privacy Notice
We reserve the right to change our practices and this Notice at any time. We may also send an email or provide notice wihtin some or all of our offerings when this Notice changes. We encourage you to check this page regularly so that you know what our current practices are.
You can, and should, ask questions about this Privacy Notice and our privacy practices. You should always feel free to contact us at:
- Unity Technologies, 30 3rd Street, San Francisco, CA 94103 (United States contact)
- Unity Technologies ApS, Niels Hemmingsens Gade 24, 1153 Copenhagen, Denmark (European Union contact)