Asset Store Controller DPA
Last Updated: May 24, 2018
Controller Data Protection Addendum
GDPR Terms (Controller-Controller) (Asset Store Terms)
This Addendum applies to the services identified in the main Terms of Service found at www.unity3d.com/legal covering Parties purchasing and selling items on the Asset Store. Parties subject to offline agreements may receive a version of these addenda for execution and incorporation to such offline agreement if such offline agreement does not include similar data protection language already.
This Addendum is an integral part of the terms and conditions for Unity’s Asset Store, including Unity’s Asset Store Terms of Service and EULA and Asset Store Provider Agreement. This Addendum supersedes such terms of service in case of discrepancy. The Parties agree that this Addendum is designed to state the Parties obligations resulting from the General Data Protection Regulation, and all local implementing legislation within the European Economic Area and, as necessary, to state the obligations of the Parties with respect to legislation of countries following similar regulatory rules to protect data to the extent such laws are subject to an adequacy finding under European laws.
2. Data Protection
Definitions: In this Clause, the following terms shall have the following meanings:
- "controller", "processor", "data subject", "personal data", "processing" (and "process") and "special categories of personal data" shall have the meanings given in Applicable Data Protection Law;
- “Customer” shall mean any party using Unity’s Asset Store to license content or distribute content; a “Provider” shall mean any distributor of assets using Unity’s Asset Store as a point of distribution, and “Userr” shall mean any party licensing Assets for use from Unity’s Asset Store (collectively “Customer”);
- “End User” shall mean customers of Unity’s Customers and/or viewers of Publishers’ content or Advertisers’ content
- "Applicable Data Protection Law" means any and all applicable privacy and data protection laws (including, where applicable, EU Data Protection Law) as may be amended or superseded from time to time;
- "EU Data Protection Law" means (i) prior to 25 May 2018, the EU Data Protection Directive (Directive 95/46/EC); (ii) on and after 25 May 2018, the EU General Data Protection Regulation (Regulation 2016/679); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iv) any national data protection laws made under or pursuant to (i), (ii) or (iii).
Security: Each party shall implement appropriate technical and organisational measures to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a "Security Incident"). In the event that a party suffers a confirmed Security Incident, it shall notify the other party without undue delay and both parties shall cooperate in good faith to agree and action such measures as may be necessary to mitigate or remedy the effects of the Security Incident. Nothing herein prohibits either party with moving forward to notify regulatory authorities as may be required by law prior to notification of the other party so long as the notifying party provides notification to the other party without undue delay.
Treatment of Data Rights in Prior Agreements: Customers agree that this Addendum does not enlarge any rights provided for in their Terms of Service whether such rights are provided in online Terms of Service or in offline Agreements and they continue to be limited to the use rights and restrictions provided for therein. For clarity to the Advertiser Terms of Service, Advertisers agree that to the extent they require Unity to present data to a third party install tracker that they have such parties under a valid data processing agreement clearly directing the install tracker as to its usage instructions, duties, and liabilities for processing such data.
Survival: This Clause shall survive termination or expiry of any terms of service or other agreement to permit Unity to comply with its legal obligations. Upon termination or expiry of the Customer relationship, Unity may continue to process the Data for the Permitted Purpose provided that such processing complies with the requirements of this Clause and Applicable Data Protection Law.
Effect of this Addendum on other legal terms. This Addendum in no way alters the limitations of liability or other legal terms set out in any terms and conditions for service or any services agreement entered between the Parties.