Unity Educational Products Privacy Notice
Last Updated: April 2024
What’s new as of April, 2024?
In April 2024, we updated our Educational Privacy Notice so that it is easier for you to understand our practices. Please note that we have not materially changed our practices and we continue to provide you with your rights as provided for previously.
Introduction
Unity Technologies and its subsidiaries and affiliates (collectively “Unity”) offer a variety of products and Services for Schools that will be referred to in this Policy as the “Service” or “Services.” The Services include those provided to Schools under the Unity Terms of Service. The Policy refers to Unity as “we” or “us” and to the School or Student as “you.” When we say “device,” we mean any device, including desktop, laptop, PC or Mac computers, smartphones, tablets, or any other device that is used to access or interact with the Service.
Privacy is very important to Unity Technologies, just as it is to the students, parents, teachers, and Schools to whom we offer our Educational Products. We make these products available to Schools to provide students a hands on opportunity to learn about Unity software. This Unity Educational Privacy Notice describes our information practices for information concerning students who are given access to these products via Schools. By using our Educational Products, you acknowledge this Unity Educational Products Privacy Notice, and understand that we may transfer your data outside of the European Economic Area (EEA). For information about our information practices for other products and services, please see the Unity Developer Privacy Policy.
Some Helpful Terms
For purposes of this Privacy Notice:
“Educational Product” means educational versions of Unity's game-development software and/or educational software and materials concerning Unity's game-development software provided to a School or to a Student, such as our Educational Grant License.
“Educational User Data” means information and/or data concerning any Student or their use of any Educational Product.
“Personal Information” means individually identifiable information about a Student; such “Personal Information” does not include information that does not identify an individual or information from which all personally identifiable portions have been removed, aggregated or de-identified.
“School” means any pre-school, elementary, or secondary school or school district, after school program, college, university, academy, or any other educational institution, and includes any teacher or administrative personnel of that School, as relevant.
"School Personnel" means any educator, lecturer, instructor, teacher, faculty, staff, IT administrator, media specialist, lab administrator, or any personnel of the School.
“Student” means any individual who is given access to our Educational Products. "Student" is not inclusive of School Personnel who provide Students with access to our Educational Products.
"Student Plan" means the student version of the "Unity Pro" subscription. Individuals who are currently enrolled in an accredited School are eligible to use the Student Plan. (Age restrictions as determined by GDPR, COPPA and similar regulations apply as outlined in our Terms of Service.
Scope of this Privacy Notice
This Unity Educational Products Privacy Notice only applies to Educational User Data collected by us as a result of Student use or access to the Educational Products; this Notice does not apply to any other information or data we collect, including via our Website (and any successor or related Websites) and any non-Educational User Data collected from any School in connection with making the Educational Products available to Schools—for more information our information practices for other products and services, please see our Developer Privacy Policy.
Please Note: This Unity Educational Products Privacy Notice does not apply to the Educational User Data collected by us as a result of a Students use of the Student Plan. The Student Plan is governed by our Developer Privacy Policy.
Information We Collect Through The Use Of Our Services
The below includes some information which we do not necessarily think is personal information, but is instead information which Schools have an interest in knowing if collected.
Name & Contact Details (Optional)
- This is the student name and email. It is optional to provide and only applicable to the legacy EdLab product.
IP Address
- This provides city-level geolocation. For Educational Grant License, this is associated with the School device.
Random Unique Identifier
- For Educational Grant License, this is associated with the School license
Device Information
- Such as device id and machine id. For Educational Grant License, this is associated with the School device
Student Work Data
- Such as projects made through use of the service
Sensitive Information
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background, or trade union membership) on or through the Unity website, the Services or otherwise to us.
Aggregated, De-Identified, and/ or Anonymized Information:
We may aggregate, de-identify, and/ or anonymize Personal Information, i.e., transform the information so it no longer relates back to a person's identity so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose.
Service Provision & Maintenance | - Providing access to online accounts, verifying User’s information, completing transactions (including purchases), processing orders and related payments, delivering purchases. - Analyzing and acting on the analysis of our core business metrics such as system and log maintenance, technical support, and system debugging. - You cannot opt-out of core business metric analytics as they are strictly necessary for us to run the services. - Carrying out operations and general business such as administering online Services; employee training and managing work activities and personnel generally. | Performing the terms of the contract, including the Terms of Service we enter with you to provide the Services. Legitimate interest in: - Maintaining the Service & operational improvements - Responding to inquiries - Legal obligations* such as when you submit a request to access your personal information. | |||
Customer Service | Administering customer-care services to facilitate and address inquiries, requests, comments, and complaints about any of our Services (such as in person, through phone lines, email, or on social media), e.g., to send you documents or product information you request or assist you in using the Services. | Performing the terms of the contract, including the Terms of Service we enter with you to provide the Services. Legitimate interest in: -Responding to and resolving inquiries or complaints -Providing support to customers so that they can use the service -Legal obligations* such as when you submit a request to access your personal information. | |||
Promotions & Contests | Allowing you to participate in sweepstakes, contests, or other promotions. Some of these promotions have additional rules containing information about how we will use and disclose your Personal Information, which we will communicate to you separately | Manage our contractual relationship, such as fulfilling obligations associated with a contest. | |||
Business Reporting | -Improving the efficiency of our Services -Identifying usage trends - Developing, enhancing, improving, repairing, maintaining or modifying the Services and/or assisting our Developers with this activity | Performing the terms of the contract, including the Terms of Service we enter with you to provide the Services. Legitimate interest in: To support our internal operations such as service maintenance, development, and improvement | |||
Security Purposes | - Fraud and security purposes, such as monitoring to detect and prevent cyberattacks or identity theft attempts - Prevention of criminal activity or harm to Users, such as illegal or harmful content being posted on our message boards | Comply with a legal obligation* Legitimate Interests: -Securing our services, investigating cyber intrusions, fraud, and abuse. -Protecting our operations, rights, safety, or property -Pursuing all available legal remedies, defending claims, and limiting damages we may sustain | Law Enforcement | ||
Legal Purposes | - Reporting to our Board of Directors as required by the Securities & Exchange Commission Audits such as to verify that our internal processes function as intended and are compliant with Legal, regulatory, and contractual requirements - Financial & accounting purposes - Complying with laws and regulations. These may be outside of your country of residence - Other legal reasons such as enforcing terms and conditions, protecting operations, rights, privacy, safety, or property and/or that of our affiliates, you or others; to allow us to pursue available legal remedies, defend claims and limit the damages that we may sustain. | Comply with a legal obligation* such as financial reporting obligations. Legitimate Interests: -Securing our services, investigating cyber intrusions, fraud, and abuse. -Reporting on company progress to key stakeholders and making decisions on such reporting -Protecting our operations, rights, safety, or property -Pursuing all available legal remedies, defending claims, and limiting damages we may sustain | Law Enforcement | ||
Law Enforcement Requests | - Cooperating with public and government authorities, including law enforcement outside of your country of residence - Fulfilling legal and compliance obligations, responding to legal processes, meeting national security or law enforcement requirements | Comply with a legal obligation* Legitimate Interest: Monitoring, reacting to, and documenting an emergency and/or incident | Law Enforcement | ||
Business Transactions | In connection with a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and possible changes to the processing of your Personal Information in accordance with applicable law. | Legitimate Interests: - Pursuing a business transaction - Corporate restructuring | |||
Emergency & Incident Response | - Responding to, handling, and documenting incidents and emergencies - Actively monitoring to ensure adequate incident prevention, response, and documentation - Sending notifications and alerts in the event of incidents or emergencies | Legitimate Interest: - Monitoring, reacting to, and documenting an emergency and/or incident | - Law Enforcement - Incident Reporter |
Service Provision & Maintenance |
- Providing access to online accounts, verifying User’s information, completing transactions (including purchases), processing orders and related payments, delivering purchases. - Analyzing and acting on the analysis of our core business metrics such as system and log maintenance, technical support, and system debugging. - You cannot opt-out of core business metric analytics as they are strictly necessary for us to run the services. - Carrying out operations and general business such as administering online Services; employee training and managing work activities and personnel generally. |
Performing the terms of the contract, including the Terms of Service we enter with you to provide the Services. Legitimate interest in: - Maintaining the Service & operational improvements - Responding to inquiries - Legal obligations* such as when you submit a request to access your personal information. |
Customer Service |
Administering customer-care services to facilitate and address inquiries, requests, comments, and complaints about any of our Services (such as in person, through phone lines, email, or on social media), e.g., to send you documents or product information you request or assist you in using the Services. |
Performing the terms of the contract, including the Terms of Service we enter with you to provide the Services. Legitimate interest in: -Responding to and resolving inquiries or complaints -Providing support to customers so that they can use the service -Legal obligations* such as when you submit a request to access your personal information. |
Promotions & Contests |
Allowing you to participate in sweepstakes, contests, or other promotions. Some of these promotions have additional rules containing information about how we will use and disclose your Personal Information, which we will communicate to you separately |
Manage our contractual relationship, such as fulfilling obligations associated with a contest. |
Business Reporting |
-Improving the efficiency of our Services -Identifying usage trends - Developing, enhancing, improving, repairing, maintaining or modifying the Services and/or assisting our Developers with this activity |
Performing the terms of the contract, including the Terms of Service we enter with you to provide the Services. Legitimate interest in: To support our internal operations such as service maintenance, development, and improvement |
Security Purposes |
- Fraud and security purposes, such as monitoring to detect and prevent cyberattacks or identity theft attempts - Prevention of criminal activity or harm to Users, such as illegal or harmful content being posted on our message boards |
Comply with a legal obligation* Legitimate Interests: -Securing our services, investigating cyber intrusions, fraud, and abuse. -Protecting our operations, rights, safety, or property -Pursuing all available legal remedies, defending claims, and limiting damages we may sustain |
Law Enforcement |
Legal Purposes |
- Reporting to our Board of Directors as required by the Securities & Exchange Commission Audits such as to verify that our internal processes function as intended and are compliant with Legal, regulatory, and contractual requirements - Financial & accounting purposes - Complying with laws and regulations. These may be outside of your country of residence - Other legal reasons such as enforcing terms and conditions, protecting operations, rights, privacy, safety, or property and/or that of our affiliates, you or others; to allow us to pursue available legal remedies, defend claims and limit the damages that we may sustain. |
Comply with a legal obligation* such as financial reporting obligations. Legitimate Interests: -Securing our services, investigating cyber intrusions, fraud, and abuse. -Reporting on company progress to key stakeholders and making decisions on such reporting -Protecting our operations, rights, safety, or property -Pursuing all available legal remedies, defending claims, and limiting damages we may sustain |
Law Enforcement |
Law Enforcement Requests |
- Cooperating with public and government authorities, including law enforcement outside of your country of residence - Fulfilling legal and compliance obligations, responding to legal processes, meeting national security or law enforcement requirements |
Comply with a legal obligation* Legitimate Interest: Monitoring, reacting to, and documenting an emergency and/or incident |
Law Enforcement |
Business Transactions |
In connection with a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and possible changes to the processing of your Personal Information in accordance with applicable law. |
Legitimate Interests: - Pursuing a business transaction - Corporate restructuring |
Emergency & Incident Response |
- Responding to, handling, and documenting incidents and emergencies - Actively monitoring to ensure adequate incident prevention, response, and documentation - Sending notifications and alerts in the event of incidents or emergencies |
Legitimate Interest: - Monitoring, reacting to, and documenting an emergency and/or incident |
- Law Enforcement - Incident Reporter |
*For more information on our legal obligations, please see section ‘Other Disclosures’ below.
** For more information on disclosure of Personal Information in connection with a sale or business transaction, please see ‘Other Disclosures’ below.
Please note: We do not use Student Personal Information for advertising or marketing purposes.
Sharing Information
Below, you will find an outline of scenarios in which information may be shared using our Services.
Recipients | Purpose |
---|---|
Our Affiliates, including ironSource | All purposes described in this Privacy Policy |
Vendors & Service Providers | We share Personal Information with select vendors and service providers to help us provide our Services such as: Website & Data Hosting and Analytics including Cloud Servers. These assist us with operations and general business such as: Fraud & Security These assist us with activities such as: Professional Services Information Technology |
Law Enforcement or other similar parties | For safety, security, and legal compliance, including: |
To third parties in the event of a business transaction | Business Transactions |
With your consent | We may share your information for other purposes if (i) you direct us to do so or (ii) you consent to such sharing. |
Due to your actions | Sharing can happen within our Services and outside it when you take certain actions. Such as if you sign up for a certification program, your Name & Contact Information will be shared with the vendor who runs the certifications. |
Recipients
Recipients | Purpose |
---|---|
Our Affiliates, including ironSource | |
Purpose All purposes described in this Privacy Policy |
Recipients | Purpose |
---|---|
Vendors & Service Providers | |
Purpose We share Personal Information with select vendors and service providers to help us provide our Services such as: Website & Data Hosting and Analytics including Cloud Servers. These assist us with operations and general business such as: Fraud & Security These assist us with activities such as: Professional Services Information Technology |
Recipients | Purpose |
---|---|
Law Enforcement or other similar parties | |
Purpose For safety, security, and legal compliance, including: |
Recipients | Purpose |
---|---|
To third parties in the event of a business transaction | |
Purpose Business Transactions |
Recipients | Purpose |
---|---|
With your consent | |
Purpose We may share your information for other purposes if (i) you direct us to do so or (ii) you consent to such sharing. |
Recipients | Purpose |
---|---|
Due to your actions | |
Purpose Sharing can happen within our Services and outside it when you take certain actions. Such as if you sign up for a certification program, your Name & Contact Information will be shared with the vendor who runs the certifications. |
FERPA, COPPA, and Other Laws
Schools or the Educational User Data provided by Schools to us may be subject to the Family Educational Rights and Privacy Act (“FERPA”) in the United States or other laws or regulations. Unity acts as a “School official” for FERPA purposes, consistent with 34 Code of Federal Regulations (CFR) §99.31(a)(1) and to protect student data accordingly.
The Children’s Online Privacy Protection Act (“COPPA”) is a United States federal law that governs the collection and use of certain information from children under 13 years old (“Child” or “Children”). COPPA requires that a privacy notice be given to, and consent received from, parents or legal guardians for the collection, use, and/or disclosure of personal information (as defined by COPPA) collected from Children. To the extent that a School determines consent from a student’s parent or legal guardian is required, Unity relies on the School, who is acting as an agent, to provide such consent on behalf of parents See https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.
Authorization to Collect Information from or About Students
For Educational User Data provided by Schools, please note we do not collect Personal Information directly from Students, unless we believe that we have the relevant authorization at law to do so, such as by Schools providing consent on behalf of parents or legal guardians where able to do so.
Each School is responsible for determining and implementing its compliance obligations under FERPA, COPPA and/or other applicable laws. In the event a School determines parental consent is required to use the Educational Products, the School is obligated to obtain such consent and ensure it meets the standards required under applicable laws.
Your Choices About Unity’s Collection and Use of Your Information
Below, you will find information about your choices regarding Unity’s collection and use of your information through the use of our Services.
1. You always have the option to refrain from using the Service or to discontinue using the Service if you do not want Personal Information collected about you. If you choose to discontinue using the service and wish for your Personal Information to be deleted, please exercise your rights as described in the “Privacy Rights” section below.
2. You can choose to use the Service in a manner that limits the Personal Information we collect.
- Unity Editor opt-out
- You can opt-out of usage analytics in "Edit Your Privacy Settings" in the Privacy section under "My Account".
- Please note: You cannot opt-out of core business metrics analytics as such analytics are strictly necessary for us to run the services as they are used for items such as testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, deciding whether to continue to support certain operating systems.
- You can opt-out of usage analytics in "Edit Your Privacy Settings" in the Privacy section under "My Account".
- Unity Hub opt-out
- You can opt-out of usage analytics in the Privacy Settings under “Preferences”, indicated by the gear wheel.
3. You can request access to or deletion of your Personal Information in the Privacy section under "My Account".
4. For further assistance, including requests from School Personnel, please contact DPO@unity3d.com
Privacy Rights
Depending on the country or state in which you reside, you may have additional privacy rights. For more information on the applicable rights in, please choose the appropriate location in Brazil, Canada, European Economic Area (“EEA”) and United Kingdom (“UK”), Israel, Japan, Republic of Korea, and U.S.A. (California) below:
Brazil
The Brazilian General Data Protection Act provides you the right to:
- Confirm Unity's processing of your data;
- Access your data;
- Correct your incomplete, inaccurate, or outdated data;
- Request anonymization, blocking or elimination of unnecessary or excessive data or of data processed in noncompliance with the Brazilian General Data Protection Act;
- Port your data to other service providers or suppliers of products;
- Delete your personal data when processed with your consent;
- Obtain information on the public and private entities with whom Unity shared your data;
- Obtain information on the possibility of not providing consent and on the consequences of the denial;
- Revoke your consent to the processing of your data when we seek your consent; and
- Lodge complaints before data protection authorities.
Canada
The Canadian Personal Information Protection and Electronic Documents Act provides certain rights with respect to your personal data, such as:
- Right to Access - You have the right to request Unity provide you with a copy of your personal data.
- Right to Rectification (Correction) - You have the right to request Unity to correct any information about you that you believe is incorrect. You also have the right to request Unity to complete information about you that you believe is incorrect.
EEA and UK
The EU and UK General Data Protection Regulations (collectively, the “GDPR”) provide certain rights (when applicable to you) in relation to the way in which Unity processes your Personal Information as a data controller. You have the following rights:
- Right to Access - You have the right to request Unity provide you with a copy of your Personal Information.
- Right to Rectification (Correction) - You have the right to request Unity to correct any information about you that you believe is incorrect. You also have the right to request Unity to complete information about you that you believe is incorrect.
- Right to Erasure (Deletion) - You have the right to request Unity to erase your Personal Information, under certain conditions.
- Right to Restrict Processing - You have the right to request Unity to restrict the processing of your Personal Information, under certain conditions.
- Right to Object to Processing - You have the right to object to Unity’s processing of your Personal Information, under certain conditions.
- Right to Data Portability - You have the right to request Unity to transfer your Personal Information to another organization, or directly to you, under certain conditions.
- Right to Lodge a Complaint - You may lodge a complaint with an EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. In the UK, you may lodge a complaint with the Information Commissioner’s Office (“ICO”). A list of data protection authorities is available at https://ec.europa.eu/newsroom/article29/items/612080
- If you do have a complaint, we would appreciate the chance to deal with your concerns before approaching your supervisory body, so please contact us at dpo@unity3d.com if you wish to discuss any complaint.
The Israel Protection of Privacy Law 5741-1981:
- Any information provided by you is on a voluntary basis with no legal requirement to do so, but if you refuse to provide such information we may not be able to provide you with the Services. According to the Protection of Privacy Law, each person is entitled to inspect, either himself or through a representative authorized by him in writing or his guardian, any information about him kept in a database.
Japan
The Act on the Protection of the Personal Information of Japan provides certain rights with respect to your personal information, such as:
- The right to request a notification of the purposes of use of your personal information
- The right to request the disclosure, correction, addition, or deletion of your personal information
- The right to request the discontinuation of use or provision to any third party
- The right to request the disclosure of the record of provision of your personal information
- If you are a resident of Japan and wish to exercise any of the above rights, please email us at DPO@unity3d.com (or contact us at the address indicated in the “Contact Us” section listed below)
- Unity Technologies, GINZA SIX 8F, 6-10-1 Ginza, Chuo-ku, Tokyo Japan 104-0061
United States of America
- California
- Please see the Section titled “Additional Information for Residents of California” for additional information on how we handle your Personal Information and the privacy requests you may make under applicable law
Transfers out of Country of Collection
Unity has implemented and maintains a framework consistent with applicable law for transfers of Personal Information outside of the country of collection, including for transfers out of the UK and/or EEA.
Your Personal Information may be stored and processed in any country where we have facilities, including ironSource which is headquartered in Israel, or in which we engage service providers, such as Google Cloud Platform and Salesforce and by using the Services you understand that your Personal Information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
Where this will involve transferring your Personal Information outside the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Adequacy Decisions: Some non-EEA countries are recognized under the UK GDPR and by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here). For example, we may transfer to our affiliates who are located around the world, including Canada, Japan, New Zealand, Republic of Korea, Switzerland, and the United Kingdom.
Standard Contractual Clauses: For transfers of Personal Information from the UK and/or EEA to third countries, which are not considered adequate under the UK GDPR and/or by the European Commission, we have put in place standard contractual clauses adopted under the UK GDPR and/or by the European Commission to protect your Personal Information. For example, we use Google Cloud Platform’s infrastructure and data centers which are located around the world, including the United States. We rely on both controller-controller and controller-processor Standard Contractual Clauses. You may obtain a copy of these measures by contacting us in accordance with the “Contacting Us” section below. “UK GDPR” has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.
Japan
For transfers from Japan to countries other than the EEA/UK, we have put adequate measures in place to protect your Personal Information.
The transferees are obligated to comply with equivalent or comparable rules to those under the Act on the Protection of Personal Information of Japan (APPI) on a continuous basis, and we periodically confirm their compliance. We also periodically confirm any changes to the data privacy regulations of other countries that may affect the compliance measures taken by our overseas affiliates and third-party service providers and take measures such as requesting that they take corrective measures or suspending the provision of Personal Information if any issues arise in the implementation of such compliance measures. We will provide you with further information on the measures we take in this regard upon your request.
Retention
Unity will delete or return Educational User Data and copies thereof upon the request of Customer either: a) following either the discontinuation of the applicable Unity Offering, or termination or expiration of the Terms of Service, or b) upon the request of Customer following either the discontinuation of the applicable Unity Offering or termination or expiration of the Terms of Service.
Notwithstanding the foregoing, we reserve the right to retain Personal Information for as long as is reasonably necessary to fulfill the purpose for which it was collected and consistent with applicable law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. The criteria to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain Personal Information, even after your account has been deleted and/or we no longer provide the Services to you; for example:
- To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your Services account, we will preserve Personal Information subject to such order or warrant after you delete your Services account.
- For fraud and security purposes: We may retain your Personal Information for fraud or security purposes. In the event you have acted fraudulently through the use of the Services (e.g., by refusing monies properly owed for the Services), we may retain IP address.
- To pursue or defend a legal action: We may retain relevant Personal Information in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your Personal Information, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal. The criteria for determining the length of time we will retain this information include:
- Whether there is a legal obligation to which we are subject (for example, if the settlement or decision requires us to keep the records for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Data Security and Protection
We employ a variety of measures to safeguard the collection, transmission and storage of the Educational User Data we collect. Please note that no system can be guaranteed to be 100% secure. Therefore, while we strive to employ reasonable protections for Educational User Data, we cannot guarantee or warrant the security of the information shared with us and we cannot be responsible for the theft, destruction, loss or inadvertent disclosure of such information.
Our Security align with NIST CSF standards. Furthermore, our breach response management aligns with both NIST and the SEC Reporting Rules. Unity will notify Schools with the relevant breach notification law and our agreement with the School.
If you would like more information about our current security measures, please contact Unity at dpo@unity3d.com.
Sites and Services Operated by Others
The Unity Service may contain links to other sites, applications, and services. Because Unity does not operate those other sites, applications, and services, we cannot take responsibility for the privacy practices of the entities that operate them. We recommend that you consistently check privacy policies to understand an operator’s practices. As a reminder, this Privacy Policy describes Unity’s practices.
This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
The Services may provide functionality allowing you to make payments to us using third-party payment services with which you have created your own account. When you use such a service to make a payment to us, your Personal Information will be collected by such a third party and not by us and will be subject to the third party’s privacy policy, rather than this Privacy Policy. We have no control over, and are not responsible for, this third party’s collection, use, and disclosure of your Personal Information.
In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
Contact Information
You can, and should, ask questions about this Privacy Notice and our privacy practices. You should always feel free to contact us at:
- DPO@unity3d.com
- Unity Technologies, 30 3rd Street, San Francisco, CA 94103 (United States contact)
- Unity Technologies ApS, Niels Hemmingsens Gade 24, 1153 Copenhagen, Denmark (European Union contact)
Changes to this Privacy Notice
We reserve the right to change our practices and this Notice at any time. We may also send an email or provide notice within some or all of our offerings when this Notice changes. We encourage you to check this page regularly so that you know what our current practices are.
Additional Information for Residents of California
Collection and Disclosure of Personal Information
The following chart details which categories of Personal Information we collect and process, as well as which categories of Personal Information we disclose to third parties for our operational business purposes, including within the 12 months preceding the date this Privacy Policy was last updated. You may view our CCPA Transparency Report at https://unity.com/legal/privacy-report. This report provides details on our responses to requests to access, delete or opt-out under CCPA.
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Identifiers, such as name, signature, contact information, online identifiers, and government-issued ID numbers | affiliates; service providers; contest sponsors; legal authorities | none | none |
Personal information as defined in the California customer records law, such as name, contact information, payment card number, financial information, medical information, insurance information, education information, employment information, and government-issued ID numbers | N/A | none | none |
Characteristics of protected classifications under California or federal law, such as sex, age, race, disability, and marital status | N/A | none | none |
Commercial Information, such as transaction information and purchase history | N/A | none | none |
Biometric information, such as scans of hand and face geometry | N/A | none | none |
Internet or network activity information, such as browsing history and interactions with our Services | affiliates; service providers; legal authorities | none | none |
Geolocation Data, such as approximate location derived from IP address | affiliates; service providers; legal authorities | none | none |
Audio/Video Data. Audio, electronic, visual, and similar information, such as call and video recordings | N/A | none | none |
Education Information subject to the federal Family Educational Rights and Privacy Act such as student records, directory information | affiliates; service providers; legal authorities | none | none |
Employment Information. Professional or employment-related information, such as work history and prior employer | N/A | none | none |
Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences or characteristics | N/A | none | none |
Sensitive Personal Information. - Personal Information that reveals an individual’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, citizenship, immigration status, or union membership; the contents of mail, email, and text messages unless Unity is the intended recipient of the communication; genetic data; - The processing of biometric information for the purpose of uniquely identifying an individual; - Personal Information collected and analyzed concerning an individual’s health; - Personal Information collected and analyzed concerning an individual’s sex life or sexual orientation; - Personal Information collected from a known child. | N/A | none | none |
Categories of Personal Information
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Identifiers, such as name, signature, contact information, online identifiers, and government-issued ID numbers | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes affiliates; service providers; contest sponsors; legal authorities | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Personal information as defined in the California customer records law, such as name, contact information, payment card number, financial information, medical information, insurance information, education information, employment information, and government-issued ID numbers | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes N/A | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Characteristics of protected classifications under California or federal law, such as sex, age, race, disability, and marital status | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes N/A | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Commercial Information, such as transaction information and purchase history | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes N/A | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Biometric information, such as scans of hand and face geometry | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes N/A | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Internet or network activity information, such as browsing history and interactions with our Services | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes affiliates; service providers; legal authorities | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Geolocation Data, such as approximate location derived from IP address | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes affiliates; service providers; legal authorities | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Audio/Video Data. Audio, electronic, visual, and similar information, such as call and video recordings | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes N/A | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Education Information subject to the federal Family Educational Rights and Privacy Act such as student records, directory information | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes affiliates; service providers; legal authorities | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Employment Information. Professional or employment-related information, such as work history and prior employer | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes N/A | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences or characteristics | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes N/A | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising | Sold to Which Categories of Third Parties |
---|---|---|---|
Sensitive Personal Information. - Personal Information that reveals an individual’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, citizenship, immigration status, or union membership; the contents of mail, email, and text messages unless Unity is the intended recipient of the communication; genetic data; - The processing of biometric information for the purpose of uniquely identifying an individual; - Personal Information collected and analyzed concerning an individual’s health; - Personal Information collected and analyzed concerning an individual’s sex life or sexual orientation; - Personal Information collected from a known child. | |||
Disclosed to Which Categories of Third Parties for Operational Business Purposes N/A | |||
Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising none | |||
Sold to Which Categories of Third Parties none |
Individual Requests
If you are a California resident, you may make the following requests:
- You may request that we disclose to you the following information covering the 12 months preceding your request:
- The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
- The business or commercial purpose for collecting or sharing Personal Information about you;
- The categories of Personal Information about you that we shared (as defined under the applicable privacy law) and the categories of third parties to whom we shared such Personal Information; and
- The categories of Personal Information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such Personal Information (if applicable).
- You may request to correct inaccuracies in your Personal Information;
- You may request to have your Personal Information deleted; and
- You may request to receive specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.
Please note that Unity has placed a California Notice of Rights on its website to explain how California residents may exercise their privacy rights under the California Consumer Privacy Act. This notice is incorporated into this policy.
We will not unlawfully discriminate against you for exercising your rights under applicable privacy law. To make a privacy request, please contact us at DPO@unity3d.com or Unity Technologies, 30 3rd Street, San Francisco, CA 94103. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. We may need to request additional Personal Information from you, such as email address/ username/ country associated with the account where applicable, in order to verify your identity and protect against fraudulent requests. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Information.
We do not sell or “share” the Personal Information of Developers, and we have not engaged in such activities in the preceding 12 months. Without limiting the forgoing, we do knowingly not sell or “share” the Personal Information of Developers who are minors under 16 years of age.
Authorized Agents
If an agent would like to make a request on your behalf as permitted under applicable law, the agent may use the submission methods noted in the section entitled “Individual Requests.” As part of our verification process, we may request that the agent provide, as applicable, proof concerning his or her status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.
- For third party representatives writing in on behalf of Unity account holders, please provide the name and any signed documentation you may have to act on behalf of the account holder, or you may ask the account holder to write to us from their account email to provide us permission to transact with you directly. Unity reserves the right to take reasonable steps to verify the authenticity of identities and authorizations in compliance with applicable laws prior to making any disclosures.
De-Identified Information
Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.
Providing Personal Information to third parties for direct marketing purposes: California residents have the right to request the identity of any third parties to whom the resident’s Personal Information was provided, if such provision was to enable the third party’s direct marketing efforts. If you are a California resident and wish to make such a request, please submit your request to DPO@unity3d.com. Alternatively, you may opt-out of having your personal information shared with third parties for their direct marketing purposes, by emailing us at DPO@unity3d.com.
How we respond to “Do Not Track” signals: We are committed to providing you with meaningful choices about the information collected on our Services. Our cookie management tool on our website recognizes browser-initiated Do Not Track signals. To learn more about Do Not Track signals, you can visit allaboutdnt.com.
Removal of content.
Pursuant to California Business & Professions Code section 22581, if you are a resident of California, under 18, and a registered user of the Services, you may ask us to remove content or information that you have posted to the Services by writing to DPO@unity3d.com. Please note that your request does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.