This Privacy Notice outlines how Canterbury Christ Church University (the Data Controller) collects, uses, and protects personal data in relation to services provided by the Careers and Enterprise Service. It applies to you if you have engaged with the Careers and Enterprise Service, use their services or shown interest in using their services.
We are committed to handling your personal data responsibly and transparently, in accordance with the Data Protection Act 2018 and UK GDPR and any other relevant legislation. This notice is intended to ensure you are fully informed about how your personal information is used and the rights you have in relation to it.
You can access our Data Protection Policy here.
1. What personal information do we collect about you?
When you engage with the University in relation to services provided by the Careers and Enterprise Service, we collect and retain relevant personal data. This information is used for the purposes set out in Section 3 of this Privacy Notice.
We may process the following categories of personal data about you:
-
Account information such as your University email address and username
-
Information about account activity such as your access and use of University systems
-
Name
-
Student ID
-
Gender
-
Educational or professional background
-
Communications data such as email correspondence
-
Contact details
-
Course details
-
Racial or ethnic origin
-
Health or disability information
-
Sexual orientation
2. How do we collect your information?
The University may collect your personal data through a range of methods and sources, depending on your relationship with us and the nature of our interaction. We may collect your personal information:
-
Directly from you – for example, information you choose to share with us such as through forms or when signing up for services.
-
Through automated technologies – the Careers & Enterprise platform Handshake is integrated with our student record system (SITS). Some of the data listed in section 1 of this privacy notice will be transferred automatically to Handshake to create your account.
We also process your personal data when you interact with the University’s website and the Careers and Enterprise platform; and when you engage with our services utilising AI tools such as CV360 and Interview 360. CV360 is an AI-powered CV tool designed to help students improve their CVs by scanning against checks that are commonly used by Applicant Tracking Systems. Interview360 is an AI-powered interview simulation tool that helps students prepare for interviews.
3. How do we use your personal data?
The University may process your personal data for the following purposes:
-
To provide you with relevant services such as interview and CV guidance
-
To manage your profile for the purposes of providing services
-
To enable us to contact you about services and for feedback
-
To provide you with newsletters and correspondence about workshops or other events relevant to you
-
For reporting purposes, to ensure that we are meeting our funding requirements and reporting for the purposes of improving our services.
4. The lawful basis we use to process your data
Data protection law sets out reasons for collecting and processing your personal data. In this section, we outline the legal bases the University uses.
We will be processing your data under:
-
Article 6(1)(b) Contract "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract"
-
Article 6(1) (f) Legitimate Interests "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child"
We use this legal basis to process your personal data, outside of the main provisions of the contract, when our legitimate interest overrides your right to privacy.
This includes processing your contact details to inform you about possible placements or job opportunities. We might also inform you about any additional events or opportunities we consider you could be interested in.
5. Who do we share your personal data with?
We may share your personal data with trusted third-party service providers who act as data processors on our behalf. When you use the services on our Careers and Enterprise platform, your data is shared with The Access Group and Handshake who are the service providers for our platforms. All third parties are required to handle your data securely and in accordance with data protection legislation.
We may also disclose your personal data where necessary to meet our legal or statutory obligations under the Data Protection Act 2018 and UK GDPR. This may include sharing information with government departments, regulatory bodies, funding agencies, or law enforcement authorities where disclosure is legally required.
Whoever we share your information with, we will only share what is relevant and necessary to perform the specific task or to meet our legal obligations.
6. How long do we keep your personal data?
We retain personal data only for as long as is necessary to fulfil the purposes set out in this Privacy Notice, including to satisfy legal, regulatory, and contractual obligations. This includes our obligations under the Data Protection Act 2018 and UK GDPR.
In relation to the provision of services to you, we retain personal data for a minimum of six years after the conclusion of your contract with us, in line with the statutory limitation period for Simple Contract stated by the Limitation Act 1980.
When identifiable records are no longer required for the purposes set out in this Privacy Notice, they are either anonymised or securely disposed of according to our Confidential Waste Policy.
7. How do we protect and store your personal information?
We are committed to safeguarding the personal data we process and have robust internal policies and controls to prevent unauthorised access, accidental loss, destruction, misuse, or disclosure of personal data. Access to personal information is strictly limited to authorised University personnel who require it for the performance of their duties in connection with Careers and Enterprise services.
Where personal data is shared with third-party processors, such parties are contractually required to act solely on our instructions, implement appropriate technical and organisational safeguards, and comply fully with the requirements of the Data Protection Act 2018 and UK GDPR.
8. The data controller and further information
Canterbury Christ Church University is the Data Controller for this personal data.
Please click the link below to access further information regarding:
Version Control
| Title: | Careers & Enterprise Privacy Notice |
| Process Owner: | Director of Careers and Enterprise |
| Date approved: | 2 June 2026 |
| Date of review: | 2 June 2028 |
| Date last amended: | 2 June 2026 |