Handshaik External Privacy Notice

This Privacy Notice explains how Handshaik Limited ('Handshaik', 'we', 'our', or 'us') collects, uses, and protects your personal data. Handshaik is a UK-based software-as-a-service (SaaS) provider that enables business developers to identify, manage, and nurture client relationships. Handshaik Limited is registered with the UK Information Commissioner’s Office (ICO) under registration number ZB795545.

Introduction & Scope

This Privacy Notice applies where Handshaik acts asa data controller in accordance with the UK General Data Protection Regulation (UK GDPR). It describes how we collect, use, and protect personal information, whether provided directly by you, from third-party sources, or through your use of our website and services. We will only process your personal data when we have a lawful basis to do so. These may include:

• Being fair and transparent with you
• Clearly identifying our purpose for processing your information and checking any additional purpose is compatible with data protection legislation. We document these purposes and periodically review these purposes.
• Making sure that the information we process is adequate, relevant and limited to what is necessary for the purpose of processing your information.
• We take all reasonable steps to make sure the information we hold, and process is accurate and where information is incorrect take remedial action to correct this.
• We do not keep information for longer than is required, we identify personal information we no longer need and erase or anonymise information where appropriate.
• Ensuring that we have appropriate technical security measures in place to maintain the integrity and confidentiality of your information.

Collection & Use of Personal Information

How we get the personal information and why we have it

We collect and process your data for different reasons in different circumstances, but we’ll only collect and process your data where we have a legal basis for doing so. Our purposes and legal basis for using each type of data are set out below.

Personal data may be provided to us by you directly, or it may be provided to us from other sources, and we have shared below a variety of examples of when and why we process personal information. This list is not exhaustive, and due to the nature of our services there may be times when new categories of personal information may be shared with us for new and evolving reasons, and as a result, we keep this policy under constant review:

• To deliver, manage and audit our services
• To protect our customers, suppliers and employees
• To recruit new members of our team
• To help us identify and manage improvements to our services
• To comply with our legal obligations
• To investigate queries, incidents, complaints or legal claims
• For internal administrative and management purposes, such as record keeping of enquiries, feedback or complaints
• We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.

‍

Lawful bases under the UK GDPR

‍

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for our processing of this information are:

• Your consent. Where consent has been given, you are able to remove your consent at any time. You can do this by contacting us.
• We have a contractual obligation. For example, where the processing is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you.
• We have a legal obligation. For example, where processing is necessary in order for us to meet our requirements under the company and finance legislation, or to provide information to law enforcement organisations or the Courts.
• We have a legitimate interest. For example, where it is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you).

To determine this, we shall consider several factors such as, what you were told at the time you provided your data, what your expectations are about the processing of your personal data, the nature of the personal data, and the impact of the processing on you.

When we process your personal information in this way, we also consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your information for activities where our interests are overridden by the impact on you, for example where collection and use of your information would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

An example of processing based on legitimate interest grounds are:

• To measure and understand how our services are used. For example, generating analytics on the demographics of our customers and services to ensure our services and programmes meet the needs of our customers.

Types of Data & Information Sharing

To be able to provide you with services and support, we must process your personal data. The type of personal data we collect depends on the way you interact and use Handshaik’s services. For example, accessing our services as a customer may be a different experience than interacting with us as a supplier.

We may collect and process the following personal data from you:

• Information you give us. You may give us information by enquiring about or using our services. The information you give us may include both company and personal details such as your company name, your name, address, work email address and phone number, and company financial information for billing purposes.
• Information we collect from your use of our site. With regard to each of your visits to our site we may automatically collect the following information:
  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, device details
  • Information about your visit, including date and time, page response times, and forms you have submitted.
• Information given about others. As a client, where you provide us with information about your employees or when we receive information during the recruitment process relating to potential employees of Handshaik, you will be giving us information about another person. When sharing this data with us you may be the data controller of this data. In this case, please ensure the appropriate information about your data sharing with us is provided to the data subject via your own internal privacy notices and processes.

Special Categories of Personal Data

Some categories of personal information are regarded by the law as more sensitive than others. This is known as 'special category' or 'sensitive personal data' and covers things like information about your health, ethnic origin, religious beliefs, political opinions or any genetic or biometric data that is used to identify you.

We do not routinely obtain or process sensitive personal data in the delivery of Handshaik services.

‍

Information sharing

Where necessary and in accordance with data protection legislation we share information internally within Handshaik and with third parties as required and where we have a legal basis to do so.

Sometimes we might share your data with third parties. This could include:

• Engaging third-party service providers to perform a variety of business operations on our behalf. For example, service providers we use for specific purposes, such as for our IT systems or legal counsel for the provision of legal advice and guidance.
• Regulatory authorities, law enforcement agencies and courts.
• In the event of a transfer of all or a part of our organisation, for example new owners, directors, or their professional advisers.
• If we are under a duty to disclose or share your personal data to comply with any legal or regulatory obligation, or to protect the rights, property, or safety of our company, our client, employees, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

‍

Third party (Sub-Processor) organisations

For our general day-to-day data processing activities, we use third party organisations or systems to help us administer, deliver, and monitor the services we provide:

• For the provision of IT and software services (e.g. Microsoft who provide our office software) to enable the management of Handshaik and office administration
• For financial transactions and accounting
• To help us improve our organisation
• For the administration of our website and online platforms
• For any legal and regulatory guidance regarding the provision of our services

Access to your personal information is only allowed when required by the law or is required as part of fulfilling our service obligations.

‍

‍

International transfers

Where we have employees, partners and service providers based outside of the UK (e.g. Microsoft for our IT Services), your personal data may be accessed or otherwise processed in other countries. Where the transfer is not made on the basis of an adequacy decision by the European Commission under Article 45 of the UK GDPR, we implement measures and safeguards to ensure that any transfer of data is compliant with the UK data protection laws. For example, we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place. We carry out a detailed assessment to ensure the companies receiving your data can comply with these clauses. Please contact us if you wish to know more.

There are also some occasions when you may be based outside the UK. Where this is the case, as we are a UK organisation, you will be sharing your personal information with us here in the UK.

Data Security, Retention & Accuracy

Keeping your information safe and secure

We are committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost. We endeavour to ensure that our suppliers take similar steps to keep your data secure. We take organisational measures to keep information secure and provide regular training for staff on data protection.

‍

How long we keep your data

We will only keep your information for as long as necessary to perform our obligations and to fulfil the original processing purpose. Based on the legal basis we may need to keep some information for longer i.e. to comply with tax and accounting law and in some cases, we will anonymise your information so that it can no longer be associated with you.

Due to periods set by the Limitation Act, we will keep information for a maximum of 6 years after our relationship with you ends unless we are otherwise required to remove such data from our records.

When establishing our Retention Schedule, we consider the legal basis, sensitivity of information, the type of information and once the retention period has ended, how we deal with the information.

‍

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

‍

Keeping your data correct

We are committed to keeping your information up to date. If you believe that we have made an error, then please contact us as we have outlined below, and we will use reasonable endeavours to correct.

Your Rights, Complaints & Policy Updates

Your data protection rights

Under data protection law, you have rights including:

• Your right of access - You have the right to ask us for copies of your personal information.
• Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
• Your rights in relation to automated decision making and profiling - As a matter of principle, you have the right not to be subject to a decision based solely on automated processing, including profiling. However, we may automate such a decision if it is necessary for the entering into or performance of a contract between us, authorised by law or regulation or if you have given your explicit consent. However, we do not currently make any decisions by automated means.

You are not usually required to pay any charge for exercising your rights. If you make a request, we have a calendar month to respond to you. Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

Where requests are manifestly unfounded or excessive, in particular where they are repetitive, we may charge a reasonable fee, taking into account the administrative costs of providing the information, or we may refuse to provide the information. Where we refuse a request, we will explain our reasons for the refusal and remind you of your right to complain.

‍

If you would like further information on your rights or wish to exercise them, please email privacy@handshaik.com

‍

Complaints

At Handshaik, we take the management of your personal data seriously. However, if you believe that your data protection or privacy rights have been infringed, you should contact us in the first instance at privacy@handshaik.com and we will endeavour to resolve the issues. If you feel that we have failed to do this then you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at:

‍

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ico.org.uk/make-a-complaint/

‍

Cookies and website tracking

We may use cookies and similar technologies to analyse website usage. To do this our website uses Google Analytics. You can opt out of the use of these cookies at any time using the banner available on the website. A more detailed cookie policy will be available at launch date.

‍

Changes to this policy

We’ll amend this privacy policy from time to time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. Please check back regularly to see if there have been any updates.