Skip to main content

Collection notices

Student collection notice

HESA_Student_Collection_Notice_2017-18.pdf

Note: Reference in this notice to “we” and “us” refers to the Higher Education Statistics Agency Limited (www.hesa.ac.uk/about) and its wholly-owned subsidiary company HESA Services Limited. HESA is the official body responsible for collecting and disseminating information about higher education in the UK. Both HESA and HESA Services Ltd process personal data as ‘Data Controllers’. HESA Services Ltd also acts as a ‘Data Processor’ to do work on behalf of HESA and other organisations described in the notice below.

Reference to "your provider" refers to the higher education provider which you attend. This notice relates to information about you which will be collected by your provider and passed to HESA and to other organisations as described below.

This notice is regularly reviewed and sometimes updated, for example when organisations change their name, or to clarify how your information is used. Updates may be made at any time and you will always find the most up to date version at www.hesa.ac.uk/fpn.

The boxes below summarise the key information you need to know. Click on each box for more detail.

Submission of your information to HESA
Data about you will be supplied to HESA for the purposes set out below. All information is used in compliance with the Data Protection Act 1998, and from 25 May 2018 with the General Data Protection Regulation (GDPR).

Every year your provider will send some of the information it holds about you to HESA (“your HESA information”). HESA is the official source of data about UK universities, higher education colleges, alternative HE providers, and recognised higher education courses taught at further education institutions in Wales. HESA is a registered charity and operates on a not-for-profit basis.

Your HESA information is used for a variety of purposes by HESA and by third parties as described below. HESA may charge other organisations to whom it provides services and data. Uses of your HESA information may include linking parts of it to other information, as described below. Information provided to HESA is retained indefinitely for statistical research purposes. Your HESA information will not be used to make automated decisions about you.

All uses of HESA information must comply with the Data Protection Act 1998 (DPA): www.legislation.gov.uk/ukpga/1998/29/contents. From 25 May 2018, the DPA will be replaced by the EU General Data Protection Regulation (GDPR): eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN. All uses of HESA information will comply with the GDPR from that date onwards.

HESA is developing a new system for collecting student information called the HESA Data Platform that will go live from the 2019/20 academic year. More information about this programme of work can be found here: www.hesa.ac.uk/innovation/data-futures. If personal data about you is sent to HESA as part of any pilot of the new HESA Data Platform, it will only be used by HESA, your provider, and higher education funding and regulatory bodies to evaluate system functionality and will be deleted at the end of the Data Platform development programme in 2020.

Categories of information submitted to HESA, including special categories of data
HESA collects data about the personal characteristics of students and information about their studies and qualifications. This might include sensitive details about students’ personal lives used for equality and diversity monitoring.

Data submitted to us by your provider includes details about the course you are studying and any qualifications awarded to you during the academic year. It also includes personal details about you such as your name and date of birth, your prior qualifications, and where you lived before starting your course.

Information about your disability status, ethnicity, sexual orientation, gender reassignment or religion is classed as ‘Sensitive personal data’ under the DPA, and ‘Special categories of data’ under the GDPR. If your Provider provides this information to us it will be included in your HESA information. This information is necessary for monitoring equality of opportunity and eliminating unlawful discrimination in accordance with the Equality Act 2010. Your sensitive information will be used for research purposes and will not be used to make decisions about you.

Some other information is used to enable research into the provision of fair access to higher education, for example information as to whether you are a care leaver. If your provider is in England your HESA information may include details of any financial support you may receive from your higher education provider.

A full list of data items that may be included in your HESA information for the 2017/18 academic year can be found here: www.hesa.ac.uk/collection/c17051/. Please note that not all data items are collected for all students.

Purpose 1 – Named data used for public functions
Your HESA information is used by public authorities for their statutory and/or public functions including funding, regulation and policy-making purposes. Your information is provided by reference to your name, but your information will not be used to make decisions about you.

Education statistics and data
HESA shares your HESA information with public authorities who require it to carry out their statutory and/or public functions. This data sharing is carried out in the public interest or in the exercise of official authority vested in HESA and the public authorities. Your HESA information will be shared with these organisations as part of a large dataset which contains similar information about other people who have followed higher education courses in the UK.

These organisations are data controllers in common of your HESA information. This means that they make their own decisions about how to use it, and this may include publishing statistics and sharing the information with third parties, such as other government or public bodies or other organisations of the type listed elsewhere in this collection notice. However, all uses that they make of your HESA information will be within the purposes set out in this collection notice and covered by data sharing agreements with HESA. These organisations will not use the data for the purposes of identifying you as an individual or to take decisions about you, except as described in Purpose 2 below. These organisations may retain HESA information indefinitely for statistical and research purposes, or for fixed terms depending on the terms of their data sharing agreements with HESA.

Such organisations may include:

  • Department for Education
  • Department for Business, Energy and Industrial Strategy
  • Welsh Government
  • Scottish Government
  • Department for the Economy, Northern Ireland
  • Higher Education Funding Council for England
  • Higher Education Funding Council for Wales
  • Scottish Further and Higher Education Funding Council
  • Research Councils
  • Education and Skills Funding Agency
  • National College for Teaching and Leadership
  • National Health Service bodies and organisations working with them e.g. Health Education England
  • General Medical Council
  • Office for Fair Access
  • Quality Assurance Agency for Higher Education
  • UCAS

and any successor bodies. Further data controllers may be added to the list from time to time – please see the online version of this notice at www.hesa.ac.uk/fpn

.

Other uses of named data
Your HESA information may also be used by some organisations who are also data controllers in common who carry out statistical and research tasks in the public interest or in the exercise of official authority that are not connected with education. Such uses may include the following:

  • Measurement of population levels and migration by the Office for National Statistics, National Records of Scotland and the Northern Ireland Statistics and Research Agency
  • Monitoring of public expenditure by the National Audit Office
  • Monitoring of the accuracy of electoral registers by Electoral Registration Officials

The above list of organisations who may receive your HESA information will be subject to change over time. For example, HESA is seeking to reduce the burden on higher education providers by encouraging other organisations who currently collect information about students direct from higher education providers to collect and receive information through HESA. The above list will be updated on the HESA website at www.hesa.ac.uk/fpn from time to time, and you will need to monitor this link yourself if you wish to be aware of changes

Legal basis for processing your information for Purpose 1
Processing of your HESA information for Purpose 1 is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller (See GDPR Article 6(1)(e)) and for statistical and research purposes (See GDPR Article 89).
Processing of Special Categories of data is necessary for statistical and research purposes in accordance with Article 89(1) based on the duties in the Equality Act 2010 (See GDPR Article 9(2)(j))

Purpose 2 - Administrative uses
Your named data may be processed by public authorities for the detection or prosecution of fraud. These uses of your HESA information may result in decisions being made about you.

In the exercise of their official authority it may be necessary for the four UK higher education funding bodies listed in Purpose 1 to use your HESA information which is passed to them for Purpose 1 to identify you and take decisions about you as an individual for the following purposes only:

Fraud detection and prevention - Your HESA information may be used to audit claims to public funding and student finance, and to detect and prevent fraud.

Previous study - If your higher education provider is in England: The Higher Education Funding Council for England (HEFCE) may share your previous education records with this provider, including HESA information submitted by other higher education providers, to determine the nature of any prior higher education study, including your current qualifications. This may be used to make decisions about the fees you are required to pay, the support available to you or the availability of a place for you to study with a higher education provider.

For these purposes your HESA information may be held separately (in addition to being held within datasets for Purpose 1) and retained for as long as necessary for the purposes of detection or prosecution of fraud and any associated legal or audit purposes.

Legal basis for processing your information for Purpose 2
Processing of your HESA information for Purpose 2 is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller (See GDPR Article 6(1)(e)).

Purpose 3 - HESA publications
HESA publishes statistics about students in higher education.

Part of HESA’s role is to produce and publish information about higher education in the public interest. This includes some National Statistics publications (www.statisticsauthority.gov.uk/national-statistician/types-of-official-statistics) and online business intelligence and research services.

When producing this material for publication, HESA applies its disclosure control, the HESA Standard Rounding Methodology, to ensure that no Personal Data is included and that individuals cannot be identified from published material.

Processing within this Purpose 3 may also be carried out by HESA Services Limited, HESA's wholly-owned subsidiary company.

Legal basis for processing your information for Purpose 3
Processing of your HESA information for Purpose 3 is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller (See GDPR Article 6(1)(e)) and for statistical and research purposes (See GDPR Article 89).
Processing of Special Categories of personal data is necessary for statistical and research purposes in accordance with Article 89(1) based on the Equality Act 2010 (See GDPR Article 9(2)(j))

Purpose 4 - Equal opportunity, research, journalism and other processing for statistical and research purposes
HESA information is used for research into higher education and the student population. This research can be academic, commercial, journalistic or for personal reasons. HESA prohibits the identification of individual students by those carrying out this research and information is not shared on a named basis.

HESA and the other data controllers in common (see Purpose 1) may also supply information to third parties where there is a legitimate interest in doing so for statistical and research purposes. Examples of use for this purpose include:

  • Equal opportunities monitoring
  • Research - This may be academic research, commercial research or other statistical research where this is in the public interest
  • Journalism - Where the relevant publication would be in the public interest e.g. league tables
  • Provision of information to students and prospective students

Users to whom information may be supplied for Purpose 4 include:

  • Higher education sector bodies
  • Higher education providers
  • Academic researchers and students
  • Commercial organisations (e.g. recruitment firms, housing providers, graduate employers)
  • Unions
  • Non-governmental organisations and charities
  • Local, regional and national government bodies
  • Journalists

Information supplied by HESA to third parties within Purpose 4 is supplied under contracts which require that individuals shall not be identified from the supplied information and this means that they also cannot use it to take decisions about you. A copy of HESA’s current agreement for the supply of information is available at www.hesa.ac.uk/services/custom/data/timescales-costs. Each agreement specifies the duration for which data may be processed. This is usually one year but may be longer if necessary for the specific research purpose. Each request for HESA information under Purpose 4 is assessed for its compliance with data protection legislation and its compatibility with this Collection Notice. HESA ensures that only the minimum amount of HESA information necessary for the specified research purpose is supplied to users. If the supplied information is to be published HESA's Rounding Methodology or an equivalent disclosure control must be applied to ensure that individuals cannot be identified from the published material and it does not constitute Personal Data.

HESA student information may be linked to school and/or further education college information and supplied to researchers. A copy of the Agreement for the supply of linked data about pupils from schools in England is available at www.gov.uk/government/collections/national-pupil-database.

Processing within this Purpose 4 is carried out by HESA, HESA Services Limited, HESA's wholly-owned subsidiary company. Other data controllers (listed under Purpose 1 above) may also process data for this purpose where this is necessary to fulfil their public functions.

Legal basis for processing your information for Purpose 4
Processing of your HESA information for Purpose 4 is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller (See GDPR Article 6(1)(e)).
Processing may also be necessary for the purposes of the legitimate interests of HESA in disseminating higher education information, or the legitimate interests of third parties in undertaking research in the field of higher education (See GDPR Article 6(1)(f)).
In either case processing of your HESA information is necessary for statistical and research purposes in accordance with GDPR Article 89(1).
Processing of Special Categories of personal data is necessary for statistical and research purposes in accordance with Article 89(1) based on the duties in the Equality Act 2010 (See GDPR Article 9(2)(j))

Linking of your HESA information to other information
HESA information is sometimes linked to other data sources to enable more detailed research and analysis.

As indicated above, where HESA and organisations covered by Purpose 1 use HESA information this may include linking named or pseudonymised HESA information to other information for research purposes. Examples include linking to:

  • UCAS data – to understand entry rates to higher education
  • National Student Survey data – to place the results of this survey in context
  • School and Further Education data – to research progression to higher education
  • Student Loans Company data – to research the use of student finance
  • Qualification Awarding Bodies data – to research the value and outcomes of qualifications
  • Tax, Benefits, and Employment data – to research the salaries of graduates and to better understand the outcomes of education (Guidance on the use of HESA records matched to Tax, Benefits and Employment data is available at: www.gov.uk/government/publications/longitudinal-education-outcomes-study-how-we-use-and-share-data)
  • If you are a medical student your HESA information may be included in the UKMED research database (www.ukmed.ac.uk). The General Medical Council is the data controller for this database used for researching doctors’ progression through their education and training.

Where HESA provides information from your HESA information to third parties under Purpose 4, the permitted uses of the information by a third party may include linking HESA information to other information held by the third party. Permission for such use is considered on a case by case basis. It is only given where the linking is for the purposes outlined in Purpose 4 and subject to the requirement not to carry out linking to identify individuals.

Destinations information for schools and colleges – If you attended a school or college in England or Wales linked data may be disclosed to the last school or college you attended (or its successor body) and to Ofsted or Estyn in the exercise of their official authority to enable them to assess the outcomes of secondary education.

 

The HESA Initial Teacher Training record (“ITT”)
Information about teacher training students in England is submitted to the National College of Teaching and Leadership via HESA.

If you are on an ITT course at a higher education provider in England, HESA will collect additional information about you and provide this to The National College for Teaching and Leadership (NCTL). ITT courses are those that lead to Qualified Teacher Status (QTS).

NCTL is an executive agency of the Department for Education (DfE) and for the purposes of the Data Protection Act 1998 and the GDPR DfE and HESA are data controllers in common of the ITT record. NCTL will process your personal data in the exercise of its official authority, namely the award of qualified teacher status (QTS) and the funding, administration and monitoring of initial teacher training schemes, including the allocation of teacher reference numbers (TRNs). NCTL will contact you to provide confirmation of your TRN and any subsequent award of QTS.

NCTL may share personal data with your provider, and where the law allows it or there is a legal requirement for sharing to take place, its partners and contractors, including employers of teachers, teacher employment agencies, Ofsted, Capita Teachers’ Pensions and the Department for Education (DfE) and its Executive Agencies, for this purpose and may link it to other sources of information about you.

Student and leaver surveys
You may be asked to provide information about your experience as a student and your activities after you graduate as part of national surveys.

Your contact details may be passed to survey contractors to carry out the National Student Survey (NSS), other surveys of students’ views about their study, and surveys of student finances, on behalf of some of the organisations listed under Purpose 1 above.

After you graduate you may be contacted and asked to complete one or more surveys into the outcomes of higher education and your activities after graduation. These surveys are used to create statistics to meet the public interest in the outcomes of higher education. Information from third parties (such as your parent, or your provider if you’re in further study) might be used to complete sections of the surveys if you can’t be contacted. The surveys may be undertaken by your provider or by an organisation contracted for that purpose. Your provider will hold your contact details after you graduate in order for you to be contacted to complete a graduate outcomes survey.

Your contact details may be passed to HESA and/or an organisation contracted to undertake a graduate outcomes survey. The survey contractor will only use your contact details for the survey and will delete them when the survey is closed. HESA may hold your contact details for further graduate outcomes surveys where these are in the public interest.

Your responses to the survey of graduate outcomes will be made available to your provider, and your provider may choose to add additional questions to the survey for their own use.

Further privacy and data protection information will be provided if you are contacted for any of these surveys. You might also be contacted as part of an audit to check that the survey has been undertaken properly.

Legal basis for processing your information to conduct national surveys
Processing of your information to conduct the student and graduate surveys is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller (See GDPR Article 6(1)(e)) and for statistical and research purposes (See GDPR Article 89).

Your rights
Data protection legislation gives you rights over your personal data. These include rights to know what information is processed about you and how it is processed. These rights have to be met by HESA and any other organisation which takes decisions about how or why your information is processed.

You have the right to be informed about how your personal data is used. This Student Collection Notice is regularly reviewed to ensure that it accurately describes how your HESA information is used. This notice may be updated from time to time, for example when new legislation is enacted, or when new policies are implemented by the public authorities listed under Purpose 1. The most up to date version can always be found at www.hesa.ac.uk/fpn.

For further information about data protection and HESA’s data protection officer please see www.hesa.ac.uk/dataprot. If you have questions about how your HESA information is used, please contact [email protected].

Under the Data Protection Act 1998 you have rights of access to the information HESA holds about you. You will have to pay a small fee for this. If you think there is a problem with the way HESA are handling your data, you have the right to complain to the Information Commissioner's Office: ico.org.uk.

Under the General Data Protection Regulation you will have the right of access to your personal information. You will also have additional rights i.e. the right to rectify inaccurate information; restrict processing; and object to processing. These rights are limited in certain circumstances by the GDPR, and may be limited further by future UK legislation where data is only processed for research or statistical purposes.

Data transfers to other countries
Your HESA information may be transferred to countries outside the European Union for the purposes described above.

Your HESA information will only be transferred to countries whose data protection laws have been assessed as adequate by the European Commission, or where adequate safeguards, such as the EU-US Privacy Shield, are in place to protect your HESA information. European Commission decisions on the adequacy of the protection of personal data in third countries are published here: ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.

 


 

Staff collection notice

Note: Reference in this notice to "we" and "us" refers to the higher education provider at which you are employed.

Submission of your information to the Higher Education Statistics Agency (HESA)1

Every year, we send some of the information we hold about you to HESA (“your HESA information”). HESA is the official source of data about UK universities and higher education colleges. Your HESA information does not contain your name or contact details, but may contain your Open Researcher and Contributor ID (ORCID.org) number if you have one. If you leave your current employment and move to another higher education provider we may pass your HESA Staff ID number to your new employer to enable research into employment in the higher education sector.

It is not intended to use your HESA information to make decisions about you.

HESA collects, and is responsible for, the database in which your HESA information is stored. HESA is a registered charity and operates on a not-for-profit basis. HESA uses your HESA information itself for its own purposes. HESA also shares information from your HESA information with third parties. It may charge other organisations to whom it provides services and data. HESA information is retained indefinitely by HESA for statistical research purposes. All uses of your HESA information must comply with the Data Protection Act 1998.

Sensitive information

If you give us information about your disability status, ethnicity, sexual orientation, gender reassignment, parental leave or religion these may be included in your HESA information and used to assist with monitoring equality of opportunity and eliminating unlawful discrimination in accordance with the Equality Act. Your sensitive information will not be used to make decisions about you.

Purposes for collecting your HESA information

Your HESA information is used for four broad purposes:

Purpose 1 - Public functions

Your HESA information is used by some organisations to help carry out public functions connected with education in the UK. These organisations are data controllers in common of your HESA information under the terms of the Data Protection Act (this link explains what this means). Such organisations may include:

  • Department for Education
  • Department for Business, Energy and Industrial Strategy
  • Welsh Government
  • Scottish Government
  • Department for the Economy, Northern Ireland
  • Higher Education Funding Council for England
  • Higher Education Funding Council for Wales
  • Scottish Further and Higher Education Funding Council
  • Research Councils
  • Quality Assurance Agency for Higher Education
  • National Health Service bodies and organisations working with them e.g. Health Education England

and any successor bodies. These bodies may retain HESA information indefinitely for statistical research purposes, or for fixed terms depending on the terms of their data sharing agreements with HESA.

Your HESA information may also be used by some organisations who are also data controllers in common to help carry out public functions that are not connected with education such as monitoring of public expenditure by the National Audit Office.

HEFCE will link information about academic staff to Research Excellence Framework submissions in order to monitor equal opportunities in relation to that exercise.

Purpose 2 - HESA publications

HESA uses your HESA information to produce and publish information and statistics. This includes some National Statistics publications and online business intelligence and research services. HESA will take precautions to ensure that individuals are not identified from any information which is processed for Purpose 2.

Purpose 3 - Equal opportunity, research, journalism and other processing in which there is a legitimate interest

HESA and the other data controllers in common listed under Purpose 1 may also supply information to third parties where there is a legitimate interest in doing so. Examples of use for this purpose include:

  • Equal opportunities monitoring
  • Research - This may be academic research, commercial research or other statistical research where this is in the public interest
  • Journalism - Where the relevant publication would be in the public interest e.g. league tables
  • Provision of information to students and prospective students.

Users to whom information may be supplied for Purpose 3 include:

  • Higher education sector bodies
  • Higher education providers
  • Academic researchers and students
  • Commercial organisations
  • Unions
  • Non-governmental organisations and charities
  • Local, regional and national government bodies
  • Journalists.

Information supplied by HESA to third parties within Purpose 3 is supplied under contracts which require that individuals shall not be identified from the supplied information. A copy of HESA’s current agreement for the supply of information is available here.

Purpose 4 – Clinical academic staff and health professionals only

If you work in a clinical or health-related role or department the following organisations may use your HESA information for the additional purposes described below:

The Medical Schools Council and Universities UK through the activities of its Dental Schools Council – for the purposes of:

  • Monitoring trends in clinical academic staffing as a basis for partnership between the NHS and universities.
  • Promoting, maintaining and improving high quality education, research and clinical practice in the UK.
  • Publishing results of research into clinical academic staffing at a detailed statistical level from which there may be a risk of identification of individuals through combinations of characteristics.

About the HESA Staff Collection Notice

The HESA Staff Collection Notice is regularly reviewed. The most up to date version can be found here. Minor updates to the Staff Collection Notice (including organisation name changes and clarification of previously specified purposes) may be made at any time. Major updates (such as a new purpose) will be made no more than once per year.

Your rights

For further information about data protection and your HESA information please see here. If you have questions about how your HESA information is used please contact [email protected]. Under the Data Protection Act 1998 you have rights of access to the information HESA holds about you. You will have to pay a small fee for this. If you think there is a problem with the way HESA are handling your data you have the right to complain to the Information Commissioner's Office.


Destinations of Leavers from Higher Education Longitudinal survey (LDLHE) collection notice

For leavers who graduated between 1 Aug 2012 and 31 July 2013

Note: Reference in this notice to "we" and "us" refers to IFF Research who conduct the Destinations of Leavers from Higher Education Longitudinal survey (LDLHE).

Higher Education Statistics Agency (HESA)

We will send information from this survey to HESA. HESA is the official source of data about UK universities and higher education colleges www.hesa.ac.uk. This survey information will be linked to other information held about you as a student, including information you gave when you enrolled, and details of the qualification you gained. Together this forms your HESA information. More details about HESA and about how your HESA information is used can be found in the Student Collection Notice at: here.

Your LDLHE survey responses will not be used to make decisions about you.

HESA collects, and is responsible for, the database in which your HESA information is stored. HESA is a registered charity and operates on a not-for-profit basis. HESA uses your HESA information, including the LDLHE survey responses, itself for its own purposes. HESA also shares information from your HESA information with third parties. It may charge other organisations to whom it provides services and data. HESA's use of your HESA information may include linking information from it to other data, as described further below. HESA information is retained indefinitely by HESA for statistical research purposes. All uses of HESA information must comply with the Data Protection Act 1998 www.legislation.gov.uk/ukpga/1998/29/contents.

Purposes for collecting LDLHE survey responses

Your HESA information, including Destinations of Leavers from Higher Education (DLHE) and LDLHE survey responses, is used for three broad purposes:

Purpose 1 - Public functions

Your HESA information is used by some organisations to help carry out public functions connected with education in the UK. These organisations are data controllers in common of your HESA information under the terms of the Data Protection Act (this link explains what this means ico.org.uk/for-organisations/guide-to-data-protection/key-definitions). Such organisations may include:

  • Your higher education provider
  • Department for Education
  • Department for Business, Energy and Industrial Strategy
  • Welsh Government
  • Scottish Government
  • Department for the Economy, Northern Ireland
  • Higher Education Funding Council for England
  • Higher Education Funding Council for Wales
  • Scottish Further and Higher Education Funding Council
  • Research Councils
  • Education Funding Agency
  • Skills Funding Agency
  • National College for Teaching and Leadership
  • National Health Service bodies and organisations working with them e.g. Health Education England
  • General Medical Council
  • Office For Fair Access
  • Quality Assurance Agency for Higher Education

and any successor bodies. These bodies may retain HESA information indefinitely for statistical research purposes, or for fixed terms depending on the terms of their data sharing agreements with HESA.

Your HESA information may also be used by other organisations who are also data controllers in common to help carry out public functions that are not connected with education. Such users include the Office for National Statistics and the National Audit Office who may use the information to fulfil their statutory functions of measuring population levels and monitoring public expenditure.

The use of data under this Purpose 1, by HESA and other organisations, may include linking your HESA information to other data as described further below.

Purpose 2 - HESA publications

HESA uses your HESA information to produce and publish information and statistics. This includes some National Statistics publications (www.statisticsauthority.gov.uk/national-statistician/types-of-official-statistics) and online business intelligence and research services. HESA will take precautions to ensure that individuals are not identified from any information which is processed for Purpose 2.

Purpose 3 - Equal opportunity, research, journalism and other processing in which there is a legitimate interest

HESA and the other data controllers in common (see Purpose 1) may also supply information to third parties where there is a legitimate interest in doing so. Examples of use for this purpose include:

  • Equal opportunities monitoring
  • Research - This may be academic research, commercial research or other statistical research where this is in the public interest
  • Journalism - Where the relevant publication would be in the public interest e.g. league tables
  • Provision of information to students and prospective students.

Users to whom data may be supplied for Purpose 3 include:

  • Higher education sector bodies
  • Higher education providers
  • Academic researchers and students
  • Commercial organisations (e.g. recruitment firms, housing providers, graduate employers)
  • Unions
  • Non-governmental organisations and charities
  • Local, regional and national government bodies
  • Journalists.

Information supplied by HESA to third parties within Purpose 3 is supplied under contracts which require that individuals shall not be identified from the supplied information. A copy of HESA's current Agreement for the Supply of Information Services is available at www.hesa.ac.uk/services/custom/data/timescales-costs#agreement.

HESA information may be linked to school and/or further education college information and supplied to researchers. A copy of the current Agreement for the supply of linked data about pupils from schools in England is available at www.gov.uk/government/collections/national-pupil-database.

Linking of your HESA information to other information

As indicated above, where HESA and organisations covered by Purpose 1 above use HESA information this use may include linking HESA information to other information for example:

Where HESA provides information from your HESA information to third parties under Purpose 3, the permitted uses of the information by a third party may include linking HESA information to other information held by the third party. Permission for such use is considered on a case by case basis. It is only given where the linking is for the purposes outlined in Purpose 3 and subject to the requirement not to carry out linking to identify individuals.

Further contact

You may be contacted as part of an audit to check that we have undertaken this survey properly.

You may be included in further longitudinal surveys of leavers from higher education. If you do not want to take part in any of these surveys, please let your HE Provider know.

Your rights

For further information about data protection and your HESA information please see www.hesa.ac.uk/dataprot. If you have questions about how your HESA information is used please contact [email protected]. Under the Data Protection Act 1998 you have rights of access to the information HESA holds about you. You will have to pay a small fee for this. If you think there is a problem with the way HESA are handling your data you have the right to complain to the Information Commissioner's Office: ico.org.uk.

Your HE Provider

If you authorise us to do so we will share your contact details with the HE Provider you attended.