Privacy Notice

Last updated on May 12th 2023

1. About this Privacy Notice

Protecting your privacy is important to us.  Accordingly, we’re providing this Privacy Notice to explain our  online information practices including the collection of information, and how we intend to use and disclose information that we receive when you use our Services. Please note that when providing our Services Unitu acts as a data processor. This means that Unitu processes Personal Data on behalf of the data controller which is your educational institution. To ensure full transparency of our processing activities, we have included information about the processing of your Personal Data in this Privacy Notice, even though we act as a data processor.

Our Services include your (“you”, “user”) use of our websites including unitu.co.uk and any of our subdomains (“Site” or “Sites” or “Website”); mobile applications (“App(s)”), application program interface(s) (“API(s)”) . This Privacy Notice applies to Personal Information that is collected, used or Processed by Unitu in the course of our business and applies only to those websites, services and Apps included within “Services” and doesn’t apply to any third-party websites, services or applications, even if they are accessible through our Services. Everyone whose responsibilities include the Processing of Personal Information  on behalf of Unitu are expected to protect that information and data by adhering to this Privacy Notice. Please read this Privacy Notice carefully to understand how we process your Personal Information.

2. Controller of your personal data 

Unitu Website

Unitu Ltd.  is committed to safeguarding your privacy. Personal Information subject to this privacy notice will be collected and retained by Unitu, with its office at 2 Viscount House, 8 Lakeside Drive, London, United Kingdom, NW10 7GS and company number 7993739. You can contact us by email at support@unitu.co.uk.

Unitu Platform

Your respective educational institution is the controller of your Personal Information and it provides Unitu with specific personal information for the sole purpose of creating your Unitu account and for using the service as it was intended. 

Lawful Basis
Consequently, Your educational institution is responsible for ensuring lawful basis when processing Your Personal Data.

2.1 Definition

The following capitalised terms shall have the meanings herein as set forth below. 

Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Personal Information or Personal Data” is any information relating to an identified or identifiable natural person (“Individual”). 

Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. 

Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by notice as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding UK and EU residents that is classified as a “Special Category of Personal Data” under UK and EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offence.

Services” means the services that are provided to  you made available by through Unitu platform.

 “Third Party ” is any company, natural or legal person, public authority, agency, or body other than the Individual or Unitu. 

3. What personal data do we process?

3.1 Personal Data of users of Services offered by Unitu (Any person whose data has been shared with Unitu by the university for the purpose of obtaining services through the Unitu platform.)

Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services (including your account, if you are an account holder), and to enable you to enjoy and easily navigate our Services. The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with Unitu and the requirements of applicable law. 

We endeavour to collect only that information which is relevant for the purposes of Processing. Some of the ways that Unitu may collect Personal Information include:

A. Information provided to Unitu  by your educational institution:

Your educational institution has provided Unitu with specific personal information for the sole purpose of creating your Unitu account and for using the service as it was intended. The below information is what Unitu requests from your educational institution:

  • First Name
  • Second Name
  • University Email Address
  • Year of study
  • Programme of study
  • Academic Department and/or Faculty
  • Specific role within institution (i.e. student, course rep, staff, student union staff)

B. You may provide Personal Information directly to Unitu by interacting with the Services, participating in surveys, and requesting services.

C. As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies.

D. Information You Provide Directly to Us. When you use the Services or engage in certain activities such as activating your account with Unitu, we may ask you to provide some or all of the following types of information: 

  • Account Information. When you create or activate an Account we’ll collect certain information that can be used to identify you, such as your name, email address, year, programme of study, academic department and picture (“Personally Identifiable Information” or “Personal Information”). We may also collect certain information that is not Personal Information because it cannot be used by itself to identify you.
  • Information collected using Cookies and Log Data.
  • Location Information. In some cases we collect and store information about where you are located. We may use location information to improve and personalise our Services for you.
  • Chat Data. Depending on the information you insert in the 
  • Meetups and/or Conferences. If you participate in conferences or meetup events, whether organised by Unitu or a third-party, Unitu may collect or obtain, and retain information you provide in connection with signing up and/or participating in that event.

E. Sharing with other Service users. When you use the Services, we share certain information about you with other Service users.

  • Managed accounts and administrators. If you access the Services using an email address with a domain that is owned by your educational institution, or associate that email address with your existing account and such organisation wishes to establish a Unitu services account, certain information about you including your name, profile picture, contact info, content, and account use may become accessible to that organisation’s administrator and other Unitu service users, as permitted by your administrator, to provide you additional products and services or to integrate with Unitu or other products and services. For example, your organisation may request that we provide extra security controls around your account to protect information about your organisation or your organisation may request that we link your Unitu account with your organisation’s account to enhance collaboration and functionality among tools you use. If you are the administrator of a team, organisation or enterprise account within the Services, we may share your contact information with current or past Service users, for the purpose of facilitating Service related requests.

F. Information You Submit Through Services. You agree that Unitu is free to use information regarding your use of the Services, for the sole purpose of improving the product and services that are delivered to the end user. Unitu does not, however, claim any ownership rights in any user content that you make available through the Services and nothing in this privacy notice will be deemed to restrict any rights that you may have to use and exploit your user content. 

G. Our Policy Toward Children. Our Services are not directed to children under 13, or other age as required by local law. We do not knowingly collect Personal Information from children under 13, or other age as required by local law. If we learn that we have collected any Personal Information from children under 13 (or other age as required by local law), we will promptly take steps to delete such information and terminate the child’s account. 

3.2 Of Unitu website visitors who visit the website and voluntarily submit Personal Information (for e.g. you may be asked to submit your name and email address if you request for a live demo.). The following information may be requested from you:

  • First Name
  • Last Name
  • Email address
  • University Name
  • Job Title

In addition, each time you visit our website we may collect your IP address.

4. Why do we use your personal data?

We use your Personal Data to facilitate your use of the Unitu platform. It’s important to note that we do not define the purposes and methods of processing your Personal Data. Instead, your educational institution is responsible for defining these aspects and instructing us to handle your Personal Data in compliance with applicable data processing agreements and data protection laws.

 As a result, your educational institution acts as the data controller and ensures the legality of processing your personal data. Nevertheless, we process your data in accordance with all relevant laws and take the same necessary precautions as your educational institution to protect your data.

5. Cookies and similar technologies

  • Our website uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work more efficiently, as well as to provide information to the owners of the site.


Please consult our cookie policy available on our website/platform to inform yourself of the cookies we may use on this website/platform.

6. Who do we share your personal data?

We will not share any Personal Information that we have collected from you except as described below: 

  • Information Shared with Our Services Providers. We may engage third party service providers to work with us to administer and provide the Services. These third-party services providers have access to your Personal Information for the purpose of performing services on our behalf. The types of service providers (processors) to whom we entrust Personal Information service providers for: (i) provision of IT and related services; (ii) provision of information and services you have requested; ; (iv) customer service activities; and (v) in connection with the provision of the Services. Unitu has executed appropriate contracts with the service providers that prohibit them from using or sharing Personal Information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.

  • Information Shared with Third Parties. We may share aggregated information and non-identifying information with third parties for industry analysis, payment processing, demographic profiling and other similar purposes.

  • Information Disclosed for Our Protection and the Protection of Others. It is our policy to protect you from having your privacy violated through abuse of the legal system, whether by individuals, entities or government, and to contest claims that we believe to be invalid under applicable law. However, it is also our policy to cooperate with government and law enforcement officials and private parties. Accordingly, we reserve the right to disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary: (i) to satisfy or comply with any applicable law, regulation or legal process or to respond to lawful requests, including subpoenas, warrants or court orders; (ii) to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and (iii) to prevent or stop activity we consider to be illegal or unethical.

    In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorised activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies or Third Party service providers in order that they may identify users in connection with their investigation of the unauthorised activities or otherwise assist us with security related activities. 

  • Information We Disclose With Your Consent or at Your Request. We will share your Personal Information with third-party sites or platforms if you have expressly consented or requested that we do so.

7. Third Party Link

Our Services may contain links to other websites and applications, e.g. Facebook, Instagram, Twitter or any other similar sites. Any information that you provide on or to a third- party website or service is provided directly to the owner of the website or service and is subject to that party’s privacy notice. Our Privacy Notice does not apply to such websites or services and we are not responsible for the content, privacy or security practices and policies of those websites or services. To protect your information we recommend that you carefully review the privacy policies of other websites and services that you access.

8. Security | How do we protect your personal data? 

We take reasonable security measures to ensure that your information is treated securely and in accordance with this Privacy Notice. The internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure. By using the Site or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Site or sending an email to you. You may have a legal right to receive this notice in writing.

We will take appropriate technical and organisational precautions to protect your personal data:

a. Encryption. We encrypt all the data we store with different keys. When you provide personal data online, we use the industry standard for encryption on the Internet – Transport Layer Security (TLS) technology – to help protect the data that you provide. This internet encryption standard scrambles data as they are transferred from your device to our server. We also use digital certificates to ensure that you are connected to authentic channels.

b. Data Storage. All personal data is stored on a server. We use secured servers located in the European Economic Area to store the data.

c. Restricted Access. Internal access to the personal data is limited on a strict ‘need-to-know’ basis. Only authorized personnel, whose activity will be monitored to prevent any misuse, will be able to access the personal data.

9. Our commitment to your privacy

To make sure your personal data is secure, we communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within the company. 

10. International transfers of personal data

We will only store or transfer your personal data within the United Kingdom and the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the applicable data protection laws including UK GDPR, and/or to equivalent standards by law.  

11. Data Retention

We retain the Personal Information of our website visitors for as long as it is  necessary to fulfil the purpose(s) for which it was collected. In respect of the personal data provided by educational institutions, we retain the Personal Information for as long as the educational institution instructs us to retain it. 

12. UK GDPR Data Protection Rights 

We would like to make sure you are fully aware of all of your data protection rights. Where we act as a data processor, we will always forward your request to your relevant educational institution, provide the necessary assistance to them with responding to your request and act in accordance with their instructions. When we act as a data controller in respect of Personal Information of our website visitors, we will be in charge of every data subject request you submit to us. Every user of this website and our services (based in the EEA & the UK) is entitled to the following rights, under certain conditions:

  • The right to be informed – You have the right to be informed about the collection and use of your personal data. 
  • The right to access – You have the right to request copies of your personal data.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
  • The right to erasure – You have the right to request that we erase your personal data.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data.
  • The right to object to processing – You have the right to object to processing of your personal data.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you.
  • The right not to be subject to a decision based solely on automated processing – including profiling, which produces legal effects concerning you or similarly significantly affects you.

Your exercise of these rights is subject to certain exemptions like the safeguarding of public interest (e.g.prevention or detection of crime) and our interests (e.g. maintenance of legal privilege).

If you would like to exercise any of these rights, please contact us at support@unitu.co.uk. Please include your full name, email address associated with your account, and a detailed description of your data request. Such requests will be processed in line with local laws. We will check your entitlement and respond to you within a month. If you are not satisfied with how we have addressed your concerns, you can also contact the competent Data Protection Authority (DPA). 

13. How can you change or review your information and preferences? 

  • Account information. Please go to your Account Settings.
  • Marketing communication preferences. If you currently receive marketing communications and promotional offers and wish to stop receiving such communications, you can choose to unsubscribe or send an email to support@unitu.co.uk with a request to be removed from our marketing and promotions database.
  • Email communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. We will process your request within a reasonable time after receipt. 
  • Mobile devices. We may occasionally send you push notifications through our mobile applications with notices that may be of interest to you. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. We may also collect location based information if you use our mobile applications. You may opt out of this collection by changing the settings on your mobile device.


14. Changes to this Privacy Notice

We reserve the right to change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our platform/application in a way that affects personal data processing.

Every change will be published on our website/platform or through our other usual communication channels.

15. Grievance Officer 

If you think any part of this Privacy Notice violates any law or you have any feedback or comment, then kindly submit a request for action/removal to our Grievance Officer. We will redress your grievances within a month.

Email: support@unitu.co.uk

 

Unitu helps universities to improve the student experience by effectively engaging with the student voice in real time.

Company
Security
Support

Unitu. 2024. All rights reserved.