GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that came into effect on May 25, 2018. This page outlines how Handshake complies with GDPR requirements and explains your rights under GDPR.

We are committed to protecting the privacy and security of personal data for all users, including those in the EU/EEA.

For the purposes of GDPR, Handshake Inc. is the data controller responsible for your personal data. Our contact details are:

Handshake Inc.
123 Market Street
San Francisco, CA 94103
Email: dpo@handshake.com

We process your personal data under the following legal bases:

• Contract Performance: To provide our Services as agreed in our Terms of Service
• Consent: When you have given explicit consent for specific processing activities
• Legitimate Interests: To improve our Services, prevent fraud, and ensure security
• Legal Obligations: To comply with applicable laws and regulations

Under GDPR, you have the following rights:

Right to Access: You can request a copy of the personal data we hold about you.

Right to Rectification: You can ask us to correct inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data in certain circumstances.

Right to Restriction: You can ask us to restrict processing of your data in certain situations.

Right to Data Portability: You can request your data in a structured, machine-readable format.

Right to Object: You can object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

Right to Lodge a Complaint: You can file a complaint with your local data protection authority.

To exercise any of your GDPR rights, please contact us at dpo@handshake.com or use the data management tools in your account settings.

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.

We may ask you to verify your identity before processing your request to ensure the security of your data.

Your personal data may be transferred to and processed in countries outside the EU/EEA, including the United States. We ensure appropriate safeguards are in place for such transfers:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

When you close your account, we will delete or anonymize your data within 90 days, unless retention is required for legal compliance or legitimate business purposes.

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at:

Email: dpo@handshake.com
Address: Data Protection Officer, Handshake Inc., 123 Market Street, San Francisco, CA 94103