Privacy Policy
Last Updated October 1, 2021

Handshake UK Privacy Policy

Updated October 1, 2021

Welcome to Handshake, a career services platform that connects students and employers to democratize the job finding experience, in university and beyond. From the very beginning, our goal has been to design privacy into our platform in a way that respects the rights of students, the obligations of Universities, and the needs of employers. We understand that data privacy is important so we want to make clear the very basic privacy principles that guide our policies and practices:

  • Students are in complete control of what data they make public. We give students control over whether they want to make their profile public to employers and what information they share on it. No student data uploaded to Handshake by a University is ever viewable by any employer until a student has chosen to make their profile public.
  • Universities choose the student data they share with Handshake We respect the rights of students regarding their own personal data, and we are proud to work with Universities to find the best ways to maximise the impact of their careers service without compromising student privacy.
  • Handshake will never sell personal student data. We have never done it and we never will! Our business model is based on offering valuable tools for our student and employer users that enhance the career discovery process. Your email address and personal data will never be sold to any third party.

You should read our full Privacy Policy to understand what data we collect, how we use it, and the limited circumstances where we may share it.

In this policy we refer to the European Union as ‘EU’ (which for the purposes of this policy includes the European Economic Area (EEA)) and the United Kingdom as ‘UK’.

____________________

Welcome to Handshake!

We are a career services platform that connects students, education institutions, and employers to democratise the job finding experience at university and beyond.

This Privacy Policy applies to all users (including students and alumni, careers services and employers) of  the joinhandshake.co.uk platform and the Handshake Service (collectively “the Handshake Service” or “the Service”), as well as your relationship with Stryder Corp. (“Handshake”). In the event of a conflict between an existing contract in place with Handshake or its subsidiaries and these Terms, the Terms of that contract shall supersede the terms in this document.

This policy is part of Handshake’s Terms of Service. By using the Service, you agree to both our Terms of Service and this Privacy Policy; if you do not agree, please do not use the Service.

Accounts and data stored on our US service (on the joinhandshake.com domain) are independent from the UK/EEA platform (currently limited to users on the .joinhandshake.co.uk domain). If you have an account on our US based service, the data associated with that account is protected by the Privacy Policy dedicated to that service. This Privacy Policy only covers data associated with the UK/EEA Platform.

Data Controller and Data Protection Officer

For personal data transferred from your University to Handshake, your University is the Data Controller and Handshake processes your data at your University’s direction. You should contact your University directly for requests regarding that data.

For personal data you share through the Handshake platform, Stryder Corp. (“Handshake”) and your University are each Controllers.  You should contact Handshake directly for requests regarding that data.  Handshake’s Data Protection Officer can be reached by sending an email to privacy@joinhandshake.com  with the Subject: EU Data Privacy Officer or by addressing a letter to our mailing address (please add "Attn: Data Protection Officer”).

Stryder Corp - Handshake

Attn: Privacy

P.O. Box 40770

San Francisco, CA 94140

VeraSafe has been appointed as Handshakes's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are unable to reach Handshake at privacy@joinhandshake.com, VeraSafe can be contacted on matters related to the processing of personal data under GDPR. To make such an inquiry, please contact VeraSafe using this contact form.

Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o

Klimentská 46

Prague 1, 11002

Czech Republic

VeraSafe Ireland Ltd

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland

Data Storage and Transfers:

Personal data collected through our Service will be stored and processed in the EU or UK wherever possible. In some instances data stored on the UK/EEA platform may be accessed by Handshake employees outside the EU or UK.

Handshake and Handshake’s sub-processors may process personal data outside the UK and the EU. Where this is the case, Handshake takes all measures to ensure that data subjects continue to have a level of protection essentially equivalent to that under the UK data protection regime, as further discussed below under Transferral of Data outside of the UK/EEA, and will only do so in full compliance with Handshake’s legal obligations.

In providing the Services, Handshake may use sub-processors that store personal data outside of the UK/EU. Details of these sub-processors can be found here. Whenever data is transferred outside of the UK/EU region every attempt is made to limit the scope of data transferred. See also Transferral of Data outside of the UK/EEA below.

Changes to the Privacy Policy

This Privacy Policy may change over time. If we make minor changes to it without materially changing your rights, we will post the modified Policy on our website. We will notify you by email, through the Handshake Service, or by presenting you with a new Privacy Policy to accept if we make a modification that materially changes your rights. When you use the Handshake Service after a modification is posted, you are telling us that you accept the modified terms.

What information we collect

We collect personal and non-personal data from you when you use our Services. Personal Data is data that includes a personal identifier like your name, email or address, phone number, IP address or device identifier, or is data that could reasonably be linked back to you. It also may include demographic information, geolocation information, educational information, or commercial information as described below.

In order to deliver a more personalised and inclusive service, Handshake asks students to self-report their gender, race and ethnicity on the platform if they wish to do so. Students are under no obligation to do so, and may enjoy Handshake’s services without doing so. This Personal Data includes categories of data classed as ‘special categories’. Handshake provides extra protection and precautions in relation to all data on gender and race, in accordance with its legal obligations. We will never collect this data without the student’s explicit consent, and data is anonymised and aggregated before being shared with employers. Handshake does not process this information for any purpose other than to provide the Service to you.

You need to have an account to use Handshake. You can create an account on Handshake as a student seeking a job or career advice or as an employer looking for exciting new talent. You may also create an account as a career centre or institution employee, or as an invited mentor, ambassador or prospect.

We collect data as follows:

  • Student or alumni data: We receive personal data about you when you create a Student or Alumni Account, update your profile, respond to questions or surveys on our website or otherwise use the Handshake Services, from our Partner Universities, and from other third party data sources.
  • From University Partners: Our University Partners share information about their students with us so we can provide them with services that they use to manage their career centres. Each University Partner chooses what it shares, which may include your name, mailing and email address, course, and graduation date. It may also include protected characteristics used for their reporting purposes. Your University Partner is the Data Controller for this data and it is only processed by Handshake at the Partner’s direction.
  • From you, your account and your profile: You can choose to share additional information with us, such as a personal email address, phone number, work experience, resume and transcript, and answers to questions about your interests and activities that will be covered by this Privacy Policy and our Terms of Service. You can also share this information by updating your profile, uploading documents that include personal information, or answering questions or surveys (such as the First Destination Survey) delivered to you via email or presented to you on the Services. We will not use your phone number to send any commercial or marketing messages to you.
  • From employer reviews: We receive any personal information you choose to include in submitted employer reviews. Handshake collects this information even if the review is not published or made public.
  • From communications, transcripts or recordings: We receive and store personal information when you choose to participate in a video or audio meeting or call or webinar initiated through the Handshake Service or when you choose to communicate with other users by way of video, audio, or messaging during any Handshake video or audio conference or call (collectively, “Handshake Communications”). By participating in Handshake Communications, you are giving Handshake consent to store the content and recordings of any Handshake Communications. For audio or video recordings, you will receive a notification (visual or otherwise) when recording is enabled, and you should leave the meeting or webinar if you do not consent to being recorded. If we use a third party video and/or communications service provider to facilitate Handshake Communications, that service provider may not use your personal information or the content of the communications for any purpose other than to provide the service to us.
  • From third parties: We may receive additional information about you from other universities, alumni or career counseling organizations, or from other sources.
  • Usage and log data. When you visit the Site, we log and store your IP Address and technical information about your visit like your browser type and how you progressed through the Site, where you abandoned it, etc. (“Usage Data”). We can use your IP address to determine your general location.
  • Mobile data: When you use the Handshake mobile app, we collect analytic information about your device, such as IP address, OS version, and clickstream.
  • Precise location data: For a limited set of features, we allow users to opt-in to our collection of precise location data (GPS data). We only use this information to enable these features, such as displaying your precise location on a map at a career fair. We do not share precise location data with third parties, and we do not combine precise location data with personal information for advertising purposes.
  • Employer data: When Employers create a Handshake Employer Account, we request contact information, including email address and telephone number, to provide a point of contact for Universities and administrative staff and which is made available on your public profile. We will not use your phone number to send any commercial or marketing messages not related to your use of Handshake Services to you without your express consent.

How we process your personal data and our legal basis for processing your data

We use, process and store your Personal Data to provide the Handshake Service and to maximise opportunities to connect you with potential employers. This legal basis for processing your data and the purpose for processing is as follows:

To fulfil our contract with you: By joining Handshake, we will be required to collect, store, use and otherwise process information about you for any purposes deemed necessary for your use of the Service and for the performance of your agreement with Handshake including:

  • Providing services such as allowing you to make appointments with your University centre professionals, to sign up for career fairs and other events, engage with university resources, and so on.
  • Delivering job opportunities and communications from potential employers by email in accordance with your account settings and communication preferences.
  • With your Consent: For some uses, we will obtain consent from you in order to provide additional services. Such uses include:
  1. Allowing you to choose whether your profile is public or private, so potential employers, or others, can find you--or not.
  2. Allowing you to contact employers and employers to contact you through the Handshake Service, including by way of messaging, audio and video conferencing, and webinars.
  3. Contacting you about additional Handshake or Partner services you might be interested in.
  4. Allowing you to post reviews and other content on employers and employment experiences.
  5. Personalizing the Service. For example, we may suggest employers to you based on the information in your CV/resume or the demographic information you provide or suggest students with public profiles to employers based on search criteria.

For our legitimate interests: Processing of your personal data may also be necessary for the pursuit of our legitimate interests or by a third party’s legitimate interests - but only where the processing is not unwarranted and will not cause a prejudicial effect on your rights and freedoms, or legitimate interests. Examples are:

  • Processing your data along with other Handshake users’ data to create automated profiles that are used to recommend employers to you and other Handshake users.
  • Researching new ways to improve the Handshake Service.

When we may share your personal data

We will only share your personal data with third parties under the following circumstances:

  • With your consent. For example, you may choose to make your profile public so that we can share it with employers through the Services or choose to apply to a job and we will share your profile information, resume and transcript with the employers you choose. Employers are required only to use Handshake data to provide employment services and to safeguard any personal data they receive. You may also choose to make your profile public to specific audiences to help grow your professional brand and network. When posting an employer review or other related content, you may choose to publish your name and profile alongside the content publicly. You may also choose to post the content without any directly identifying information (i.e. you may post “pseudonymously”). Please note, even when posting pseudonymously, it may be possible to infer your identity from the content, and we share the identities of both public and pseudonymous content with Universities.
  • With your University. If your account is associated with a Handshake University Partner we share all information with that University Partner so that they and we together can provide services to you.  Your University is also a Controller of the Data collected through the Handshake Services.
  • With vendors that are contractually engaged to provide us with services, such as cloud service providers and other services for maintaining our systems, Handshake communications-related telecommunications services, order fulfillment, email management and credit card processing. These companies are obligated by contract to safeguard any personal data they receive from us.
  • With relevant law enforcement bodies, if we believe that disclosure is reasonably necessary to comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or governmental or regulatory request, to enforce or apply the Terms of Service, to protect the security or integrity of the Handshake Service, and/or to protect the rights, property, or safety of Handshake, its employees, users, or others.  This happens only as necessary and in consideration of your rights and freedoms. If we are going to release your data, we will do our best to provide you with notice in advance by email, unless we are prohibited by law from doing so.
  • With professional services, potential purchasers or investors in connection with the sale, merger, bankruptcy, sale of assets or reorganization of our company. We will notify you if a different company will receive your personal data and the promises in this Privacy Policy will apply to your data as transferred to the new entity

When we use and share non-personal data

Non-personal data is data that itself cannot reasonably be linked back to you or data that is combined with other data in a way that cannot reasonably be linked back to you. We use and share your non-personal, de-identified or aggregated data in a variety of ways to help our Partners and the public understand trends in the job seeking market through analytics reports, statistics and other metrics and guides. For example, to understand:

  • What percentage of students from certain university work in a specific geographic area.
  • Whether a certain course or extra-curricular activity fits well with a particular employer’s hiring patterns.
  • How employers compare to each other in the number of applicants they receive from different colleges.

Cookies

As a Site visitor, we place a small piece of software referred to as a “session cookie” on your computer. If you use the Services and create an account, we also use this cookie to recognize you on return visits and expedite the login process. You can remove this and other cookies through your browser preferences menu, though the exact method varies depending on the type of browser you use – but note that you won’t be able to log into our service if your cookies are disabled. If you visit from a mobile device, we may reference your device identifier or other information about where your visit originated.

Our email communications contain web beacons or similar technology which track when the email has been opened or read. This functionality sends the resulting records back to our Service, which may be associated with other information you have provided us.

How to opt-out of email communications

We only send marketing communications to users located in the EEA with your prior consent. To stop receiving notifications or promotions, please click the unsubscribe link found at the bottom of each email or update your account preferences.

Storage, security and how to remove your information

We use industry standard technical, administrative and physical controls to protect your data including encrypting it at rest and as it is transferred from you to Handshake. While we take reasonable precautions against possible security breaches, no website or internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss or other breach will never occur. In the event of a breach, we will take reasonable steps to investigate the situation and, where appropriate, notify affected individuals in accordance with any applicable laws and regulations.

De-activating your account or deleting your personal data

You can choose to deactivate your account so that you are no longer viewable on the Service or you can make your account private. You may also request Handshake delete information about you, however we may be obligated as a Processor or Controller with your college or university to retain certain data about you. This means that if they re-send us your data to process on their behalf, we will retain it as their Data Processor unless they request we delete it. You can request deactivation or deletion by sending a message to privacy@joinhandshake.com or by contacting your University to ask them to delete your information.

Third party links

The Services may contain links to and from third party websites of our Employer and University Partners or other Handshake Partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We also cannot be responsible for your personal data that you submit to employers using the Services. Please check their individual policies before you submit any information to those websites.

Children

Minors under 16 are not permitted to use our Site without express parental consent to both use the Services and be bound by our Terms of Service and this Policy. We do not intentionally collect information from minors under 13. If you believe we have collected any personal information from a child younger than 13 years of age, please notify us immediately here and we will take reasonable measures to remove that information from our systems.

Payments

Handshake provides the ability for employers to pay partner institutions for collateral expenses, such as hosting a booth at a career fair, through the use of a third party payment processor. Handshake does not collect or use any of that payment information. If an employer has any conflicts regarding the method of payment acceptance, they should contact the school. Handshake claims no responsibility or liability for payment transactions.

Exercising your Rights

You have certain rights in respect of your personal information:

  • The right of access to your personal data;
  • The right to correct or rectify any inaccurate personal data;
  • The right to restrict or oppose processing of personal data;
  • The right to erase your personal data; and
  • The right to personal data portability and
  • The right to lodge a complaint with the relevant Supervisory Authority.

When Handshake processes your data at the direction of your University we act as their Processor and comply with requests they send us. You become a Handshake user by agreeing to this Handshake European Union Privacy Policy and Terms of Service which describes that the personal data Handshake collects as a co-Controller of your data.  

You may exercise your rights regarding your personal information as follows:

  • You can access your personal data through your account settings in the Handshake platform or by contacting us to request a personal data report at privacy@joinhandshake.com.
  • You may withdraw your consent to receive cookies by adjusting your browser settings.
  • You may withdraw your consent to receive marketing or promotional communications at any time by clicking the “unsubscribe” link found within Handshake email updates and changing your contact preferences. Please note, you will continue to receive essential account-related information, even if you unsubscribe from promotional emails.
  • You can request deletion of your data as described in the section “De-Activating Your Account or Deleting Your Personal Data.”

You may contact us at privacy@joinhandshake.com with questions or requests regarding your personal information. Please note that Handshake may request additional information from you to verify your identity before we disclose any personal or account information.

For Employers

Prospective employers who create a Handshake Employer Account must only process Personal Data a student chooses to make available for the purposes of any job enquiry or application a student may make in the course of using the service and must process such data strictly in accordance with the General Data Protection Regulation and the Data Protection Act 2018. Such data may not be shared, transferred, retained or otherwise used in any manner to which a student has not given express and informed consent.

Transferral of Data outside the EU

Handshake makes every effort to store and process data within the United Kingdom or European Economic Area. We encourage you to review the list of sub-processors linked below for details on transfers.

Handshake and Handshake’s sub-processors may process personal data outside the UK and the EU  in order to deliver services to you. We may need to share data:

•                    with our offices or other companies within our group located outside the UK/EU;

•                    with your and our service providers located outside the UK[/EU;

•                    if you are based outside the UK[/EU;

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EU where:

•                    the UK government or, where the EU GDPR applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);

•                    there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects.

These are explained below.

Adequacy decision

We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:

•                    all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);

•                    Gibraltar; and

•                    Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

Other countries we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Transfers with appropriate safeguards

Where there is no adequacy decision, we may transfer your personal data to another country if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally-approved standard data protection contract clauses.

To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards, please contact us (see above).