Skip to content
Homepage
Login

Privacy Policy

Last Updated October 29, 2024

Handshake Privacy Policy UK


Welcome to Handshake, a career services platform that connects students, schools, and employers to democratise the job finding experience, in college and beyond.

From the very beginning, our goal has been to design privacy into our platform in a way that respects the rights of students, the obligations of colleges and universities, and the needs of employers. This policy (the “Privacy Policy”) describes how Handshake Europe (“Handshake”, “we”, “us”, or “our”) collects, uses, and shares your personal data. By “personal data”, “personal information” or similar terms, we mean any data relating to an identified or identifiable natural person that is processed by us in accordance with this Privacy Policy and that is subject to applicable data privacy laws.

The information about us handling your personal data is provided in the following privacy policies:

  1. PRIVACY POLICY FOR OUR WEBSITE
  2. PRIVACY POLICY FOR OUR HANDSHAKE PLATFORM (“HANDSHAKE APP”)
  3. PRIVACY POLICY FOR ONLINE MEETINGS AND VIDEO CONFERENCES
  4. PRIVACY POLICY FOR JOB APPLICANTS FOR HANDSHAKE

I. PRIVACY POLICY FOR OUR WEBSITE

1. Controller and Data Protection Officer

The controller is:

Stryder Corp., dba “Handshake”

225 Bush Street, Suite 1200

San Francisco, CA, 94104

E-Mail: contact.eu@joinhandshake.com

We also have a local point of contact in the UK:

Handshake International UK Ltd

Woolyard

Building 52, Floor 2

52-56 Bermondsey Street

London SE1 3JG

E-Mail: contact.eu@joinhandshake.com

Data Protection Officer:

Handshake’s Data Protection Officer can be reached by sending an email to privacy@joinhandshake.com or by addressing a letter to our mailing address (please add "Attn: Data Protection Officer”).

2. Processing of personal data

This policy lists all types of data that is processed on our website, the purposes for which they are processed, and the legal basis for their processing.

2.1. Visiting our Website

Every time you visit our website, data is collected and exchanged between your browser and our server. To this end, we automatically collect and store data, (log file information), that your browser transmits to our server. This information includes the following:

  • IP address
  • type and version of your internet browser
  • operating system used
  • the page visited
  • the page previously visited (referrer URL)
  • date and time of the server request

If you are using a mobile device, we may also collect this information: country code, language, device name, name of the operating system and version

This data is processed to: (1) ensure the security, availability and integrity of the website (e.g., detection and defense against DoS attacks or access by bots); (2) improve the quality and presentation of the website; (3) identify; and correct errors; and (4) for statistical purposes.

This data is retained no longer than 7 days.

Our website is hosted by a service provider within the EU in accordance with a data processing agreement pursuant to Art. 28 GDPR.

The legal basis for processing this data is Art. 6 (1) (f) GDPR. Our overriding legitimate interest is reflected in the above purpose. As we use the data to also fulfill our legal obligations for data security reasons, the processing is also covered by Art. 6 (1) (c) GDPR.

2.2. Contact form and Email

If you write to us, for example by sending us an email or contacting us using the contact form, we will store the contact details you provide such as name, address, mobile phone number, email and the information provided in your query.

The processing of personal data provided when contacting us serves to process the contact request and ensures the security of our information technology systems.

When you use Handshake as part of an existing contractual relationship or seek information about our Handshake App, the personal data you provide will be processed for the sole purpose of handling and responding to your inquiry. . This processing is justified under Article 6(1)(b) GDPR, which relates to processing necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.

If you have explicitly consented to the processing of your data for the purpose of resolving your query, such processing is based on your consent in accordance with Article 6(1)(a) GDPR. In the absence of your consent, we process your data based on our legitimate interests, as outlined in Article 6(1)(f) GDPR, which allows us to process personal data when it is necessary to pursue our legitimate interests in effectively managing customer and contact inquiries.

2.3. Newsletters / Marketing Emails

You have the option to subscribe to our newsletter/marketing emails, which we use to keep you updated about our offerings and news. The only requirement for the subscription is your email address. Upon registration, your email address is transmitted to and stored by us or our designated mail provider. You will then receive a confirmation email to complete the registration process using a double opt-in method. During this process, the following data types may be processed:

  • Contact Details: Including name, email address, and telephone number (if applicable).
  • Content Data: Entries you make in the online form.
  • Device Data: Such as device name, country code (if applicable), language, operating system name, and version.
  • Connection Data: IP address and email provider details.
  • Registration and Confirmation Times: Date and time of these actions are logged.

You will only receive our newsletter/marketing emails if we’ve received your explicit prior consent, under Article 6(1)(a) GDPR. You have the right to withdraw your consent for data processing in connection with the newsletter and its associated data analysis at any time. This can be done through a dedicated link in each newsletter or by sending us a separate communication at privacy@joinhandshake.com.

Marketing Emails/Newsletter for Existing Users:

By registering as a user of our app and providing your email address, you agree to receive marketing emails/newsletters unless you opt out. These marketing emails/newsletters will solely promote our own similar goods or services. You may withdraw your consent to use your email for these purposes at any time without incurring costs beyond the basic transmission fees. To opt out, you can use the unsubscribe link in every newsletter/marketing email or contact us using the details provided above.

The legal basis for sending the newsletter following the purchase of goods or services is our legitimate interest under Article 6(1)(f) GDPR.

Marketing Emails/Newsletter Analytics/Tracking:

We conduct statistical analyses of our newsletters to evaluate their effectiveness. This involves tracking the opening rates and clicks within the emails. Such tracking helps us tailor our newsletter content more effectively to our audience.

Your consent, under Article 6(1)(a) GDPR, serves as the legal basis for this analysis.

Marketing Emails/Newsletter Service Provider:

We use an external service provider to manage the sending and analysis of our newsletter, based on a data processing agreement, in accordance with Article 28 GDPR.

2.4. Download and Use the Handshake App

To download the app, a QR code is available on our website which directly links to the App Store or Play Store. During the download process, the following data is transmitted to the respective store provider:

  • Username
  • Email address
  • Customer number of your account
  • Time of download
  • Payment information
  • Individual device code

We process this data only to the extent necessary to facilitate the download of the app to your mobile device.

Once the app is in use, we collect data needed to ensure functionality and security:

  • IP address
  • Date and time of request
  • Time zone
  • Content of the request
  • Access status/HTTP status code
  • Amount of data transferred
  • Operating system
  • GPS location
  • Language used

Additional necessary identifiers include:

  • Device ID (IMEI)
  • Network subscriber ID (IMSI)
  • Mobile phone number (MSISDN)
  • MAC address for WLAN connections
  • Name of your mobile device
  • Email address linked to the device

These identifiers are crucial for securing and optimising your app experience, facilitating device and account verification, improving app functionality, and managing the app on devices that are lost or stolen.

The processing of your personal data is based on Article 6(1)(b) GDPR, which allows processing necessary to fulfill our contractual obligations and provide the services you have requested.

2.5. Registration and Login

On our website, you will also find dedicated buttons for both "Login" and "Sign Up." Whether you are creating a new account or accessing an existing one, start by clicking the appropriate button. An email address is required to register. Once you have registered, you will receive a confirmation email via a “double opt-in” process to verify your email address. During registration, we also provide all mandatory information required by law. The processed data includes login information, such email address and password).

During the use of our registration, login functions, and ongoing account management, we store the IP address and the exact time of your activities to safeguard against misuse and unauthorised access. This data is only shared with third parties when necessary to enforce our rights or to comply with legal obligations.

Types of data processed:

  • Contact Details: such as name, address, Email address, phone number (if applicable), photo, work experience, skills, city, or region.
  • Device Data: Device name, country code (if applicable), language preferences, and operating system details and other technical information, such as your IP address and email service provider.
  • Dates and Times: We record the date and time of your registration and the confirmation of your account.
  • Any other information you (voluntarily) provide within the registration process.

The processing of your data during registration is necessary to establish or fulfill the contract with you, as stipulated in Article 6(1)(b) GDPR. This includes preparatory actions taken at your request prior to entering into a contract. Moreover, under Article 6(1)(f) GDPR, we process your data based on legitimate interests, which includes providing customer support, handling inquiries, and ensuring the security of your account and our network infrastructure. These activities are crucial to maintaining the integrity and functionality of our services and to protecting your information from unauthorised access.

Terminating the user account: Should you decide to terminate your user account, we will delete your data associated with your user account, subject to any legal requirements or consents that allow/require for data retention. Please ensure that you back up any data you wish to retain before canceling your account. Depending on legal requirements, we may irretrievably delete all data stored on your account.

2.6. Use of our Service

When you engage with our services through our website or mobile app, we process various types of personal data:

  • Student or Alumni Information: We collect personal information when you set up or update your student or alumni account, respond to surveys, or interact with our website in other ways.
  • From University Partners: We receive information about students from university partners who utilize the Handshake App to manage their career centers. This may include your name, contact details, field of study, and grades.
  • Your Account and Profile: You may opt to provide additional details such as an updated email address, telephone number, work experience, CV, and credentials. This can be done through profile updates, document uploads, or by responding to surveys. We assure you that your phone number will not be used for sending promotional or marketing messages.
  • Employer Reviews: We collect personal information you include in employer reviews, regardless of whether these reviews are published.
  • Communications, Logs, or Recordings: We capture and store personal information when you participate in video or audio meetings, calls, or webinars facilitated by Handshake, or when you communicate with other users via Handshake communications. Third-party providers facilitating these communications are prohibited from using your personal data for purposes other than service provision. Users are notified of circumstances when a call is being recorded upon entering a call.
  • Employer Information: For employer accounts, we collect contact details such as email addresses and phone numbers, which serve as contact points for universities and are displayed on your public profile.

Our legal basis for the processing of this data is the performance of the contract we have with you when you registered to use our service, Article 6(1)(b) GDPR. Depending on the features you use, the processing may also be based on your consent, Article 6(1)(a) GDPR, or our legitimate interest to ensure our service to be secured and to deliver an optimized user experience, Article 6(1)(c) GDPR.

Further details can be found in our Privacy Policy for the Handshake App.

2.7. Job Applications

On our website, you can also apply for jobs at Handshake. If you apply for a job with us, we collect and process the information and personal data you provide as part of the application process. This data includes your name, email address, address and telephone number, employment history, qualifications, country of residence, language skills and any other personal data you provide in the context of your interaction with us.

For further information, please consult our Privacy Policy for Job Applicants.

2.8. Use of Cookies

Cookies help retain information for a specified duration, making it easier to recognize your device and enhance site navigation for a more user-friendly experience. They also enable us to identify the most frequented areas of our site. We differentiate between session cookies, which are deleted when you close your browser, and persistent cookies, which remain stored after your session ends.

Essential Cookies: Essential cookies are set upon your first visit to the website, as deemed necessary for its operation. . This includes cookies for displaying the website using a content management system, recognizing language preferences, and recording your consent (or non-consent) for the use of additional non-essential cookies. The details of these cookies, including their purpose and lifespan, are available in our cookie banner at first access.

The processing of personal data via essential cookies is based on our legitimate interest (Article 6(1)(f) GDPR), primarily to ensure the functionality and provision of our website.

Non-Essential Cookies: We also deploy non-essential cookies to gather more detailed information about visitor interests and behavior. This data helps us to further analyze and improve our website and customer interactions. Information regarding these cookies, their purposes, and their storage or deletion timelines is detailed in our cookie banner.

Non-essential cookies are set only with your explicit consent. You can manage your preferences for different categories of non-essential cookies through the cookie banner.

For non-essential cookies, the legal basis for storing and accessing information is § 25 (1) TDDDG in Germany. Regarding the processing of personal data, this is governed by Article 6(1)(a) GDPR.

2.9. Cookie Consent

Our website employs technology to manage cookie consents which helps to ensure compliance with data protection laws by requesting and recording your permission to store specific cookies on your device. This technology is provided by OneTrust LLC ("OneTrust"). During your visit, the following personal data is transmitted to OneTrust:

  • Consent given or withdrawn
  • IP address
  • Browser details
  • Device details
  • Time of visit

Additionally, OneTrust places a cookie on your browser to manage your consent. The processing of this data is based on Article 6(1)(c) GDPR and local laws on cookies, if applicable. We use OneTrust to collect the necessary consent for the use of non-essential cookies and to document these consents as required by Articles 7(1) and 5(2) GDPR, thereby ensuring we accurately record and respect user preferences for evidentiary purposes.

Your Choices: You have several options to control or limit how we and our partners use cookies, including for marketing and advertising. You may:

  • Manage your cookie preferences at any time by by accessing “Cookie Settings” within a user’s account.
  • se your browser or device settings to clear or reject nonessential cookies;
  • Check your mobile device for settings that control ads based on your interactions with the applications on your device;
  • Opt out of certain third-party partners’ Handshake App directly with the third-party, as described above.

Do Not Track Signals: Some internet browsers may be configured to send “Do Not Track” signals to the online Handshake App that you may visit. We are currently unable to respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit www.allaboutdnt.com.

2.10. Web Analytics

We use web analytics services to understand how our website and our Platform are used by their visitors or users and to optimize the website and the Platform in terms of content and technology.

We process this data only after receiving your consent (Art. 6 (1) (a) GDPR).You can revoke your consent at any time. Please follow this link and make the appropriate settings via our consent banner.

Disclosure of Third-Party Providers

What follows is a list of the third-party providers that we use for web analytics services. If data is processed outside the EU or the EEA (European Economic Area), particularly in the USA, we provide information on the data protection level below.

Google LLC (Google Analytics)

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

LinkedIn Corporation (LinkedIn Analytics)

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

2.11. Cross-Device Tracking and Targeted Advertising

We employ cross-device tracking technologies to display targeted advertising based on your activity on our website when you visit other websites. This also enables us to assess the effectiveness of our advertising campaigns.

Basis for Data Processing

The processing of your data is based on your explicit consent, in accordance with Art. 6(1)(a) GDPR. Providing your consent is entirely voluntary, and you may withdraw it at any time.

How Tracking Operates

During your visit to our website, it is possible for these third-party entities to collect data identifiers such as your device’s browser fingerprint or IP address, and to store or retrieve information such as cookies or tracking pixels on your device. These identifiers allow third parties to recognize your device across different websites, enabling us to commission targeted advertisements based on your previous interactions with our site.

Understanding Cross-Device Tracking

Cross-device tracking integrates the recognition features from various devices and browsers when you use your login credentials with a third-party provider. For example, if distinctive features are developed for each device you use (laptop, desktop PC, smartphone, or tablet), these can be linked through your account. This linkage allows third-party providers to manage and coordinate our advertising campaigns across your devices effectively.

Disclosure of Third-Party Providers

Below, we list the third-party providers we engage for advertising purposes. Should any data processing occur outside the EU or EEA, particularly in the USA, we will provide specific information regarding the applicable data protection standards below.

Google LLC (Google Analytics)

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

LinkedIn Corporation (LinkedIn Analytics)

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Marketo

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Salesforce

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

2.12. Embedding of Third-Party Videos on Our Website

Our website includes videos hosted by third-party providers, not directly stored on our servers. When you access pages containing these embedded videos, it triggers content reloads from the third-party providers, thereby notifying them that you have visited our site. This process also transmits the technically necessary usage data to them.

Please note that we do not control the subsequent data processing activities of these third-party providers after the initial data transmission.

The integration of third-party content on our website is grounded on Art. 6(1)(f) GDPR, which reflects our legitimate interest in making our website as engaging and informative as possible.

For data that is processed outside of the European Union or European Economic Area, particularly in the USA, we provide detailed information about the standards of data protection applied in such instances in the table below.

YouTube / Google

The processing of data is handled by Google Ireland Limited in Gordon House, Barrow Street, Dublin 4, IrelandIf you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Vimeo (USA)

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Sanity.io

EU Standard Contractual Clauses

1.13. Integration of Other Technical Third-Party Content and Functions on Our Website

Our website also incorporates other technical functions and content provided by third-party suppliers to enhance user experience. When you visit our web pages, these third parties receive information indicating your visit to our site along with the technically necessary usage data.

We do not control any further processing of your data by third-party providers once it has been transmitted.

The processing of your data through these third-party functions is contingent upon your explicit consent, pursuant to Art. 6(1)(a) GDPR, which you may provide through our consent management platform.

Please be aware that interacting with third-party content and functions might result in the processing of your data outside the European Union (EU) or theEEA, particularly to the United States. For such transfers, compliance with an adequate level of data protection is ensured, i.e. by the EU-U.S. Data Privacy Framework.

Google LLC

jQuery (Java Script Bibliothèque)

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Amazon.com, Inc. CloudFront

(Content Delivery Network)

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Google LLC

Google Fonts

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Google LLC

Google Tag Manager

EU-US Data Privacy Framework

If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

1.14. Service Providers/Data Processors

We transfer your data to service providers who support the operation of our website and its associated processes, in accordance with Art. 28 GDPR. These providers include, for instance, companies that host our data. All service providers are rigorously bound by our directives and have corresponding contractual obligations to ensure compliance.

Below, we specify the data processors with whom we collaborate, unless already mentioned earlier in this privacy notice. Should any data processing occur outside the European Union (EU) or the European Economic Area (EEA), we will provide specific details regarding such instances.

Stryder Corp.

Webhosting und Support

EU-US Data Privacy Framework

Google LLC

Webhosting

EU-US Data Privacy Framework

2.15. Social Media

a. Social Media Buttons

Our website features buttons from various social media platforms (e.g., LinkedIn, Instagram, Twitter, and Facebook) to enhance user engagement. Clicking these buttons will redirect you to our respective social media pages.

Upon clicking, regardless of whether you are logged in or have an account with these networks, the relevant social media provider is notified that our website page was accessed from your device. This includes the transmission of your IP address directly to the provider's server. If you are logged in to the network, or subsequently log in, this information may be linked to your social media account.

For details on the scope of data collection, processing by these social networks, and your data protection rights and settings, please consult the respective privacy policies of these networks.

The integration and use of social media buttons are based on Art. 6(1)(f) GDPR, justified by our legitimate interest in marketing our services.

b. Social Media Pages

We maintain active profiles across various social media platforms to interact with users and market our services.

Visiting our social media pages while logged into these networks enables the providers to analyze your activity and potentially link and enhance data associated with your account, such as your IP address or cookie data. This data may be used to create user profiles and deliver targeted advertisements on their platforms and elsewhere.

If you engage with our social media pages, both we and the social media network provider are jointly responsible for the data collected during your visit. For comprehensive details on how your data is handled, refer to the privacy policies of the respective networks.

You can exercise your rights under GDPR—including rights to access, rectification, erasure, restriction of processing, and data portability—against both us and the social media provider. Please note that our capacity to influence data processing is limited to the tools provided by the respective social media platform.

Our use of social media profiles is also based on Art. 6(1)(f) GDPR, driven by our legitimate interest in promoting our services online.

3. Storage Duration

Unless previously specified for individual cases, we will delete personal data when they are no longer necessary for the specified processing purposes, and when deletion is not prohibited by any legitimate interests or other legal retention requirements.

4. Your Rights as a Data Subject

  • Right to Access: You have the right to request, free of charge, information about the personal data we hold about you (Art. 15(1) GDPR).
  • Right to Correction: If certain legal conditions are met, you may request the correction of inaccurate personal data (Art. 16 GDPR).
  • Right to Deletion: You may request the deletion of your personal data under certain circumstances (Art. 17 GDPR).
  • Right to Restriction of Processing: You can ask Handshake to limit the processing of your personal data. (Art. 18 GDPR).
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format (Art. 20 GDPR).
  • Right to Revoke Consent: You may withdraw your consent at any time, which will affect data processing activities based on consent from that point forward (Art. 6(1)(a) or Art. 9(2)(a) GDPR).
  • Right to Object: You have the right to object to the processing of your data if it is based on legitimate interests (Art. 6(1)(e) or (f) GDPR).

Right to File a Complaint: If you believe the processing of your personal data violates the GDPR, you have the right to submit a complaint with a supervisory authority, especially in the Member State of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77 GDPR).

II. PRIVACY POLICY FOR OUR HANDSHAKE PLATFORM (“HANDSHAKE APP”)

The Privacy Policy applies to your access and use of Handshake’s user-facing application, commonly known as “Handshake,” and the features therein (collectively the “Handshake App”). It governs the collection and other processing of personal data from different types of users, including students, employer and university partners.

Reference to this Privacy Policy is also made in Handshake’s Terms of Service. By using the Handshake App, you agree to our Terms of Service. Additionally, you are informed about this Privacy Policy; if you do not agree to the Terms of Service, please do not use the Handshake App. Unless otherwise stated, defined terms used in this Privacy Policy have the meanings associated with them in our Terms of Service.

We’re constantly trying to make improvements to our Handshake App, so we may need to change this Privacy Policy from time to time. If any changes are made, we’ll post them on this page and otherwise inform you if necessary.

1. Controller and Data Protection Officer

The controller is:

Stryder Corp., dba “Handshake”

225 Bush Street, Suite 1200

San Francisco, CA, 94104

E-Mail: contact.eu@joinhandshake.com

We also have a local point of contact in the UK:

Handshake International UK Ltd

Woolyard

Building 52, Floor 2

52-56 Bermondsey Street

London SE1 3JG

E-Mail: contact.eu@joinhandshake.com

Data Protection Officer:

Handshake’s Data Protection Officer can be reached by sending an email to privacy@joinhandshake.com or by addressing a letter to our mailing address (please add "Attn: Data Protection Officer”).

2. Data Processing within the Handshake Platform

The Handshake App is a platform that brings together students, employers, and universities

  • Students: The Handshake platform serves current and former students as a hub for applying, connecting, and communicating with employers selected by universities ("connected" employers) and as a tool for interaction and communication with their university Career Centers and other students within the network. Students can bookmark events from employers and universities, manage their profile and application documents in their Handshake account, and utilize additional functionalities. Students from universities not partnered with Handshake can also use the platform with certain limitations. There are also certain features which you may use:
    • Follow: When you follow a student or employer, you become visible to them as a follower as long as your profile is set to ‘community’. Additionally, your network of your followers and people you follow is displayed on your community profile. If you no longer wish to follow a person or employer, you can unfollow them at any time.
    • Message: When your profile is set to ‘community’, other users will be able to send you messages.
    • ‘Looking for’: When your profile is set to ‘community’, details that you have entered in the “looking for” tab will be visible on your profile to other users.
  • Employers: Employers use the platform to connect with universities and subsequently engage with students, receive applications, and recruit potential new employees.
  • Universities: For university users, predominantly from the Career Centers, the Handshake platform facilitates communication with their students to aid their search for internships and jobs. Universities can connect with and interact with employer profiles, enabling communication between employers and students.

2.1. Registration

Users need to establish an account to fully access the Handshake App. You can create an account on Handshake as a student seeking a job or career advice, as a representative of an employer working with Handshake to find exciting new talent (“Employer Partner”), or as a career center professional at a college or university working with Handshake (“University Partner”).

To register, please click "Login" and complete the registration process. During registration, you will be required to provide the name of your company or university, full name, business or university email address, and a password of your choice.

The processing of this data is necessary for the performance of a contract to which you are a party, as outlined under Art. 6(1)(b) GDPR, specifically for facilitating your registration and use of the Handshake platform.

Students and alumni can register on our platform without requiring a prior invitation from universities.

For further details please consult our Privacy Policy for the Website.

2.2. Account Management

The Handshake app processes the following data:

  • Information From University Partners. When University Partners sign up for Handshake, they send us certain personal data about their students so that Handshake may pre-populate accounts to provide the Handshake App. It is up to each University Partner to choose what information it shares, but this data may include the student’s first and last name, mailing address, email address, major, and/or GPA (average grade). Refer to this article (https://support.joinhandshake.com/hc/en-us/articles/233086688-Importing-Student-Data) for a full list of information a University Partner may share with Handshake.
  • Information From Students and Alumni. When students of University Partners claim their pre-populated account by logging in for the first time, or when students and alumni of non-partner institutions create an account using their .edu email address, in addition to the information described above, we also collect username and password. Student and alumni users have the option to provide additional profile information when claiming or creating their account, including gender, phone number, work experience, professional skills, interests, activities, profile picture and in some jurisdictions also race and ethnicity. Student and alumni users also have the option to upload documents such as resume and transcript.
  • Information From Employer Partners. When representatives of Employer Partners create a Handshake account, we collect basic contact information, including first and last name, email address and telephone number.
  • Information From Career Center Professionals of University Partners. When career center professionals of University Partners create a Handshake account, we collect basic contact information, including first and last name, email address and telephone number.
  • Information Collected Through Use of the Handshake App. See sections below.

Here is a more detailed breakdown:

Data Categories

Table
Table 2
Table 3
Table 4

Students and Alumni

  • Name, pronouns, contact details (address, email address), university affiliation, education level, graduation year, enrollment data, internship data, resume/CV, photo, and Handshake history (sent applications, internships, jobs at employers, attended events).

Employers

  • Name, contact details (phone number, email address), employer, and position.

Universities

  • Name, contact details (phone number, email address), and position.

Data Sources

  • Students and Alumni: Handshake receives your name, email address, and possibly other university-related data from your university or yourself. All other data is provided by you.
  • Employers: Handshake receives your name and email address from a university or from yourself. All other data is provided by you.
  • Universities: You enter your data yourself.

Purpose of Data Processing

Students and Alumni: Handshake uses data for account creation, execution of Handshake membership (including application and placement with employers, communication with users), and platform functions.

Employers: Handshake provides the account and membership features, including connecting with universities, receiving applications, and platform functions to support contract fulfillment.

Universities: Handshake provides the account and membership features, including an overview of student careers, communication, and connecting with employers, to fulfill contractual obligations and provide platform functionalities.

Recipients of Data

Students & alumni

  • Universities: If a student or alumni account is associated with a University Partner, that partner can access personal data uploaded by the user, even if the account is set to "private." Universities can also view and access information used to create Employer Partner accounts. University Partners must safeguard any personal data they receive.
  • Employers: Student and alumni information is shared with employers via the Handshake App if the student or alumni makes their profile public (by selecting "community" in settings) or chooses to apply to a job. In these cases, profile information, resume, and transcript are shared with the chosen employers. Employers are required to use this data for employment services and to safeguard the data.
  • Other Users: Student and alumni data is only shared with other users if they make their profile public (in “community” settings) or use community features. When posting reviews or related content, users can choose to display their name publicly or post pseudonymously; however, identity inference may still be possible, and the content is shared with University Partners.
  • Handshake: Handshake has access to all data for platform functionality.

Employers

  • Universities: They have access to your profile data and may contact you.
  • Students: Students from connected universities can access your profile data and may contact you.
  • Authorized Agents: If you use the Handshake App on behalf of an Employer Partner or University Partner, Handshake may share your account information with an authorized agent of your organization.

Data Deletion

If users delete their account, the data remains in the system for an additional 30 days.

Legal Basis for Data Processing

  • Students and Alumni: The processing is based on the contract formed upon registration for the Handshake App (Art. 6(1)(b) GDPR). Some features may require consent under Art. 6(1)(a) GDPR.
  • Employers and Universities: Supporting students in professional development—such as connecting users with potential employers and arranging career events—is based on the contractual agreement with universities and employers (Art. 6(1)(b) GDPR).
  • Statistics Provision: Handshake may deidentify, aggregate, or anonymize data to offer insights and trends, such as:
    • The percentage of students from certain colleges working in specific areas.
    • How certain majors or extracurriculars align with employer hiring trends.
    • Applicant comparisons across employers from various colleges.
  • This reporting for statistical purposes is based on Handshake’s legitimate interests (Art. 6 (1)(f) GDPR).
  • Security: Handshake provides secure services under legitimate interests (Art. 6 (1)(f) GDPR).

Processing of Pre-claimed Student Data: This data is processed on behalf of the university under a Data Processing Agreement.

2.3. Use of Cookies

To better understand how you interact with our Handshake App, we and our third-party partners may use cookies, web beacons, pixels, tags, scripts, or other technologies to automatically collect certain information. Examples of the types of information are:

  • Log and Device Data. When you use the Handshake App, we and our third-party partners may log certain information, such as IP address, device type and version, unique identifiers, cookie information, browser type and settings, mobile device carrier, network information, and general location information such as city, state, or geographic area.
  • Usage Data. When you use the Handshake App, we collect certain information about your use, such as pages or screens you view, how long you spent on a page or screen, navigation paths, and how and when you log into your account.

For more information about how we use cookies, and to learn how to manage your cookie preferences, please consult our Privacy Policy for our Website.

2.4. Push Services and Email Notifications

The Handshake App employs push services provided by operating system manufacturers, delivering brief notifications that appear on your mobile device's screen. These notifications, which require your consent, keep you informed about current events. When utilizing push services, either the device token from Apple or the registration ID from Google is exchanged to facilitate these services. Additionally, you may opt to receive updates from the organizer directly to your email address.

You have the flexibility to manage your preferences for receiving both push notifications and email communications. This can be done at any time via the app's settings, where you can easily enable or disable notifications by adjusting the corresponding sliders.

The processing of this data is based on your explicit consent, as stipulated by Article 6(1)(a) GDPR, ensuring that your personal information is handled in compliance with regulatory standards.

2.5. Account Claiming

Universities may provide Handshake with the names and email addresses of their current, former, and prospective students to facilitate the creation of student accounts on the Handshake App ("Pre-claimed Accounts"). The processing of this data is subject to a Data Processing Agreement executed between Handshake and the universities. The data shared by universities is exclusively used for the creation, operation, and maintenance of accounts and is not disclosed to other users, such as employers.

Upon their first login, students can claim these Pre-claimed Accounts, thereby gaining complete access to all platform features as per the Handshake’s Terms of Use to which they consent ("Claimed Account"). The processing of student data for Claimed Accounts is subject to a Joint Controller Agreement concluded between Handshake and the university (see below under “Joint Responsibility”).

It is important to note that once an account is claimed, the student has exclusive control over all personal data associated with their Claimed Account (“Student Data”). This means that the student alone can exercise their data subject rights related to their Student Data, and the university no longer has any rights with respect to the student information initially provided to Handshake.

The legal basis for processing data related to Claimed Accounts is the performance of a contract initiated upon the student's registration to use the Handshake App, Article 6(1)(b) GDPR.

2.6. Video Meetings

To enhance career opportunities for students through interactive video experiences with employers and universities, we utilize the services of Daily.co, located at 548 Market St Unit 39113, San Francisco, CA, United States ("Daily"). This solution facilitates remote video meetings and offers the following accessibility features:

  • ASL Interpreter: An interpreter joins the call to sign (e.g., ASL) the spoken content of participants.
  • Auto-Captions: This feature provides computer-generated audio-to-text translations using machine learning technologies.
  • Professional Transcriber: A transcriber joins the call to type what is spoken by participants.

Live captions can be viewed during the meeting as an assistive technology. Handshake does not require students to disclose any health information (e.g., hearing disability) to use this feature.

Transcriptions:

For some meetings, the host may enable the transcription of the video meeting to be available for download following the meeting. A transcript is a written output of what was said during the meeting. For transcriptions to be provided, participants will be informed and consent will be obtained prior to the meeting. By selecting “Join now,” the participant explicitly consents to the transcripts being made available. If you do not wish for your voice to be transcribed, please join the call only as a listener. You can also withdraw your consent at any time by sending an email to privacy@joinhandshake.com.

Transcriptions will be deleted 30 days after the meeting.

Recordings:

Some meetings may also be recorded. If this is the case, participants will be informed and consent will be obtained prior to the meeting. By selecting “Join now” the participant explicitly consents to the recording of the meeting. If you do not wish for your audio and/or video to be captured in this meeting, please do not turn on your camera and/or keep your microphone muted. You can also withdraw your consent at any time by sending an email to privacy@joinhandshake.com.

Recordings will be deleted 30 days after the meeting.

Chat Transcripts:

Chat transcripts are a record of the conversation that takes place during a live chat session. All participants in the call, including the host, can view the conversations in the chat box. Participants of the call can download the chat transcript after the meeting.

Chat transcripts are not retained but automatically deleted following the conclusion of the meeting.

Legal basis: The processing of data through Daily is based on the performance of a contract with our users, Article 6(1)(b) GDPR. Additionally, providing these accessibility options aligns with our legitimate interest in making our services accessible to as many students as possible, Article 6(1)(f) GDPR. Also, chat transcripts are shared based on the legitimate interest. If a meeting is recorded and/or a transcription of the call is made available, the processing of the data is based on your consent, under Article 6(1)(a) of the GDPR.

A Data Processing Agreement was concluded with Daily which is certified under the EU-U.S. Data Privacy Framework. For more information on how Daily processes data, please visit Daily's Privacy Policy (https://www.daily.co/privacy) and our Privacy Policy for Online Meetings and Video Conferences.

3. International Data Transfers

Your personal data may be transferred to countries outside the EU/EEA which may include countries such as the United States where Handshake’s parent company is located.

When transferring personal data to third countries outside the EU/EEA, we will rely either on adequacy decisions of the European Commission under Article 45 GDPR (where the European Commission recognizes that a third country ensures a level of protection adequate to the GDPR) or on Standard Contractual Clauses agreed with the parties with which we share the data internationally.

The countries recognized by the European Commission as having an adequate level of protection can be found on the webpages of the European Commission (see here (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en)) and includes the United States for commercial organizations participating in the EU-US Data Privacy Framework.

Where we cannot rely on an adequacy decision (such as the EU-U.S. Data Privacy Framework and the adequacy decision on data transfer to United Kingdom), we will rely on data transfer agreements based on the Standard Contractual Clauses approved by the European Commission to ensure an adequate level of protection for your personal data.

4. Storage and How to Remove Your Information

Unless stated otherwise, we will retain your personal information only as long as necessary for the processing purposes outlined. As such, we will delete your data once it is no longer required for these purposes, provided there are no legitimate interests or legal obligations that necessitate further retention.

If you wish to no longer be visible on the Handshake App, you may choose to deactivate your account or make your account private. You may also request that Handshake delete information about you, however we may be obligated as a service provider to your university to retain certain data about you. This means that if they re-send us your data to process on their behalf, we will retain it unless they request we delete it. You can request deactivation or deletion by sending a message to privacy@joinhandshake.com or by contacting your University to ask them to delete your information.

5. Security

We use industry standard technical, procedural, and administrative safeguards to protect the data we collect, process, and store, which includes controlling access to the data, securely encrypting it in transit and at rest, and implementing monitoring and detection of suspicious activity. While we take reasonable precautions against possible security breaches, no website or internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss or other breach will never occur. In the event of a breach, we will take all necessary steps to investigate the situation and, where appropriate and/or legally required, notify the competent data protection authority and affected individuals in accordance with any applicable laws and regulations.

You should also take steps to protect against unauthorized access to your device and account by, among other things, appropriately selecting your password, limiting access to your computer, device, and account, and signing off after you have finished accessing your account.

You can find more information about Handshake's security posture, certifications, and controls on our customer trust portal https://trust.joinhandshake.com. Please reach out to security@joinhandshake.com if you notice any suspicious activity on your account or have additional questions regarding the security of the application.

6. Recipients of Data

In addition to the information provided in the above table, there are other limited circumstances in which we may share information, including personal data, with others, as set forth below:

  • Affiliates: We may share personal data with our corporate affiliates and subsidiaries, if any, for purposes consistent with this Privacy Policy.
  • Business Transfers: We may choose to buy or sell assets. In these types of transactions, personal data may be one of the transferred assets. We may share personal data with professional servicesHandshake App, potential purchasers, or investors in connection with the sale, merger, consolidation, bankruptcy, transfer of assets, or reorganization of our company. We will notify you and collect your consent, if legally required, if a different company will receive your personal data, and this Privacy Policy will apply to your data as transferred to the new entity.
  • Legal Requirements: We may share personal data with relevant law enforcement bodies if we believe that disclosure is reasonably necessary to comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or governmental or regulatory request; to enforce applicable terms in this Privacy Policy or the Terms of Service (https://joinhandshake.com/tos/); to protect the security or integrity of the Handshake App, and/or to protect the rights, property, or safety of Handshake, its employees, users, or others; to detect, prevent, or otherwise address security or technical issues, illegal, or suspected illegal activities (including fraud); or as evidence in litigation in which we are involved, as part of a judicial or regulatory proceeding. If we are going to release your data, we will do our best to provide you with notice in advance by email, unless we are prohibited by law from doing so.
  • Service Providers, Advisors, Consultants. We sometimes contract with third parties to assist us with providing the Services and communicating with you. Examples include: cloud service providers, Handshake Communications-related telecommunications services, and other services for maintaining our systems, order fulfillment, email management, and credit card processing. When we contract with others to perform functions of this nature, we only provide them with the information that they need to perform their specific function, and they are obligated to protect and secure your information.

7. Third-Party Links

The Handshake App may contain links to and from third-party websites and applications, and any access to and use of such linked websites and applications is not governed by this Privacy Policy. If you follow a link to any of these websites or applications (including Employer Partners), please note your access to and use of the same is governed by their own privacy policies, and we do not accept any responsibility or liability for those policies or the practices set forth in them. Please check their individual policies before you submit any information to those websites.

8. Joint Responsibility

When a university partnered with Handshake and invites students and/or alumni to create a user account on the Handshake platform, both Handshake and the university operate as joint controllers within the meaning of Art. 26 GDPR for the processing of personal data associated with Claimed Accounts (see above under “Account Claiming”).

Handshake and the universities have determined their respective responsibilities in an agreement. As a joint controller, the university has access to the account data you enter or upload. This also applies to alumni accounts. The university also receives statistical information from Handshake about the students’ use of the Handshake platform.

For additional information on the joint controller agreement, please contact privacy@handshake.com.

9. Children and Minors

Minors under 16 are not permitted to use our Site without express parental consent to both use the Handshake App and be bound by our Terms of Service and this Policy. We do not intentionally collect information from minors under 16. If you believe we have collected any personal information from a child younger than 16 years of age, please notify us immediately at privacy@joinhandshake.com and we will take reasonable measures to remove that information from our systems.

9. Amendment of this Privacy Policy

We’re constantly trying to make improvements to our Handshake App, so we may need to change this Privacy Policy from time to time. Significant changes to this policy will be displayed via notice on our Handshake App, or through other communication channels such as the email address provided during your registration. This provides you the opportunity to review the changes before they become effective. Should you object to these changes, you may close your account.

When you continue to use the Handshake App after the changes to this Privacy Policy have been communicated, you acknowledge and agree that your personal data will be processed in accordance with the revised Privacy Policy.

10. Your Rights as a Data Subject

You have the right to request access to any personal data we process about you. Additionally, you have rights to correction, deletion, or restriction of processing, as well as a right to object to processing and a right to data portability, in accordance with the law. You have the right to lodge a complaint with a data protection supervisory authority about how we process your personal data.

For further details please refer to the Privacy Policy for our Website. If you wish to exercise any of these rights, please contact privacy@joinhandshake.com. We will respond to any requests in accordance with applicable law.

III. PRIVACY POLICY FOR ONLINE MEETINGS AND VIDEO CONFERENCES

If you participate in one of our video meetings or video conferences, the following information regarding the processing of your personal data applies:

1. Controller and Data Protection Officer

The controller is:

Stryder Corp., dba “Handshake”

225 Bush Street, Suite 1200

San Francisco, CA, 94104

E-Mail: contact.eu@joinhandshake.com

We also have a local point of contact in the UK:

Handshake International UK Ltd

Woolyard

Building 52, Floor 2

52-56 Bermondsey Street

London SE1 3JG

E-Mail: contact.eu@joinhandshake.com

Data Protection Officer:

Handshake’s Data Protection Officer can be reached by sending an email to privacy@joinhandshake.com or by addressing a letter to our mailing address (please add "Attn: Data Protection Officer”).

2. Purpose of Processing

We utilize services such as "Zoom" and “Daily” to conduct online meetings, video conferences, and webinars (hereinafter referred to as "Online Meetings"). "Zoom" is provided by Zoom Video Communications, Inc., based in the United States. “Daily” is a service provided by Daily.co, also located in the US. Both providers are certified under the EU-US Data Privacy Framework.

3. Types of Data Processed

During Online Meetings, we may process the following types of personal data:

  • User Details: Username and email address (not verified and not stored).
  • Meeting Metadata: Theme, description (optional).
  • Chat Messages: Messages entered are visible to all participants and may be downloaded by participants.
  • Audio and video recordings: MP4 files for all video, audio and presentation recordings, M4A files for all audio recordings
  • Text, audio and video files: During an online meeting, you may use the chat functions. Any text entries you make are processed to be displayed and potentially recorded within the meeting. Additionally, data from your device’s microphone and camera are processed to facilitate video display and audio output throughout the meeting. You have the option, with the host's permission, to disable or mute your camera or microphone at any time. If your video or audio is enabled, your contributions are visible to all participants and may be included in the chat.
  • Accessibility Options: For further details on the data processed with respect to the availability options please consult our Privacy Policy for the Handshake App.

To join an Online Meeting or enter the “meeting room,” you’re required to, at a minimum, to provide your username.

4. Scope of Processing

If a host plans to record an Online Meeting, participants will be informed in advance and consent will be obtained if required. Participants will be notified the meeting is being recorded upon joining the call.

5. Legal Basis for Data Processing

For Handshake employees, data processing is based on Article 6(1)(b) (performance of contract) and Article 6(1)(f) (legitimate interests) GDPR. If the meeting is being recorded, the processing of the data is based on your consent, Article 6(1)(a).

Furthermore, the legal basis for data processing when Online Meetings are held is Art. 6 (1) (b) GDPR, insofar as the meetings are held within the framework of contractual relationships (i.e. for users of our Handshake App).

Otherwise, the legal basis is Article 6(1)(f) GDPR, reflecting our legitimate interest in conducting efficient Online Meetings.

6. Recipient of the data

Personal data processed during Online Meetings is generally not disclosed to third parties except in cases where sharing is explicitly intended. It is important to note that content from both Online Meetings is often used to communicate with users of Handshake and other parties and is thus intended for disclosure.

Further recipients: The providers of ‘Zoom’ and ‘Daily’ obtain access to the personal data in accordance with the data processing agreements with those companies.

7. Transfer of data to countries outside the European Economic Area

"Zoom" and “Daily” are services provided by US service providers, as such any processing of personal data by these entities takes place in a country outside the EU/EEA.

We have entered into a data processing agreement with both service providers as required under GDPR to ensure adequate data protection. Both providers are certified under the EU-US Data Privacy Framework.

8. Retention Period

Your data will be routinely deleted when it is no longer necessary for the purpose for which it was originally collected and there are no statutory retention periods or other statutory grounds for further retention. Other reasons for further retention may be, for example, reasons of public interest or the assertion, exercise or defense of legal claims.

9. Your rights

You have the right to request access to any personal data we process about you. Additionally, you have the right to correction, deletion, or restriction of processing, as well as a right to object to processing and a right to data portability, in accordance with the law. You have the right to lodge a complaint with a data protection supervisory authority about how we process your personal data.

For further details please refer to the Privacy Policy for our Website.

If you wish to exercise any of these rights, please contact privacy@joinhandshake.com. We will respond to any requests in accordance with applicable law.

IV. PRIVACY POLICY FOR JOB APPLICANTS

1. Controller and Data Protection Officer

The controller is:

Stryder Corp., dba “Handshake”

225 Bush Street, Suite 1200

San Francisco, CA, 94104

E-Mail: contact.eu@joinhandshake.com (mailto:contact.eu@joinhandshake.com)

We also have a local point of contact in the UK:

Handshake International UK Ltd

Woolyard

Building 52, Floor 2

52-56 Bermondsey Street

London SE1 3JG

E-Mail: contact.eu@joinhandshake.com (mailto:contact.eu@joinhandshake.com)

Data Protection Officer:

Handshake’s Data Protection Officer can be reached by sending an email to privacy@joinhandshake.com (mailto:privacy@joinhandshake.com) or by addressing a letter to our mailing address (please add "Attn: Data Protection Officer”).

2. Type of data we process

We process the data you submit as part of your application. This may include the following:

  • Information which you have provided to us via LinkedIn, such as your full name, country, e-mail, phone number.
  • Information which you have provided to us in your application documents (such as your CV, cover letter) including: work experience, qualifications, and language skills.
  • Data from assessments, (e.g. assignments), and video interviews, (if applicable).
  • Information provided to us by your references, (if applicable). These are reference points that you have given us to contact.

3. Purpose of the processing and legal basis

We process this data as part of your application to evaluate your suitability for the position, (or potentially other vacancies within our company), and to facilitate the application process.

The primary legal basis for processing your personal data in this application process is Article 6(1)(b) GDPR, which allows for the processing of data necessary for the decision-making process regarding employment relationships. Additionally, Handshake has a legitimate interest based on Article 6(1)(f) GDPR to process personal data throughout the hiring process and create records to ensure employment of the most suitable and qualified candidates for a position. Processing your personal data during the recruitment process is essential to evaluate and verify a candidate's suitability for employment and to make hiring decisions.

Moreover, in certain instances, we must process data to fulfill our legal obligations or to address and defend against legal claims as stipulated in Article 6(1)(c) GDPR. We may also process data when you have explicitly consented to such processing under Article 6(1)(a) GDPR. For example, to enable Handshake to inform you about potential job opportunities that might interest you.

If special categories of personal data as per Article 9 GDPR are processed (e.g., health data), the processing is also based on Article 9(2)(b) GDPR.

4. Retention Period

If your application is not successful, your data will be deleted from our systems within 6 months after closing the recruitment for the position to which you applied.

If you consent to further storage of your personal data, we will retain your data in our applicant pool, which is deleted after two years.

In the event your application is successful, we will store your personal data within the subsequent employment relationship in compliance with the applicable laws. More information can be found in the Privacy Policy for employees, which Handshake will provide to you upon your acceptance of any job offer.

5. Disclosures and Recipients of Personal Data

To manage the application process, we utilize LinkedIn and other service providers for additional support in connection with the hiring process.

The People team first reviews your application data. Suitable applications are then internally forwarded to the relevant department heads. This internal sharing is conducted securely and strictly on a need-to-know basis. All relevant company personnel are bound by confidentiality obligations.

6. Transfer of Personal Data to Countries outside the EU/EEA

Handshake is a US-based company. By applying for or accepting employment with Handshake, your information may be transferred to the United States. However, in the event that your data is transferred outside the EU/EEA, and the transfer involves countries that have not been designated by the European Commission as having adequate legal protection for personal data, we will take all necessary steps to ensure adequate protection of the information, such as entering into appropriate data transfer agreements based on Standard Contractual Clauses approved by the European Commission as referred to in Article 46(5) GDPR or by other adequate means.

7. Your rights

You have the right to request access to any personal data we process about you. Additionally, you have rights to the correction, deletion, or restriction of processing, as well as a right to object to processing and a right to data portability, in accordance with the law. You have the right to submit a complaint with a data protection supervisory authority with any concerns about how we process your personal data.

For further details please refer to the Privacy Policy for our Website. If you wish to exercise any of these rights, please contact privacy@joinhandshake.com. We will respond to any requests in accordance with applicable law.