Skip to main content

Privacy policy

References on this page to “HESA” (or "we" or "us") are to HESA and/or HESA Services Limited (HESA’s wholly owned subsidiary) as appropriate depending on which company is providing the service.

Cookies

This site uses cookies to make it work properly for users and to collect anonymous web metrics - find out more about how we use cookies.

How we use personal data

HESA’s job is to collect, process and share data relating to higher education, so we take Data Protection extremely seriously.

Using any HESA service will generate data. If you buy a product, request a quote for custom data, book a seminar or log in to submit or review data then we will ask you for personal information in order to provide that service. Please see the sections below for details.

We will use your information to provide the service(s) you have requested from us and to keep appropriate records of the provision of the service(s).

We may also use your information to:

  • improve the provision of services,
  • ask your views on our service,
  • tell you about other relevant products, services or events.

We will always provide a clear way to opt out of receiving marketing communications.

When you provide us with your personal information we may store it in a customer relationship management system (CRM). To request that your information is updated or removed from our CRM system please contact us.

Our CRM, payment, and booking systems use cloud data storage. By default, data is stored at data centres located in the UK or the EU. In exceptional circumstances data may be processed at data centres in the USA or elsewhere.

Website users

Browsing the HESA website will generate a log of your IP address. The website will also save cookies to your computer.

Our website contains links to other websites. We are not responsible for the privacy practices or content of other sites. We encourage our visitors to be aware when they leave our website and to read the privacy policy of other sites that collect or use personal data.

This policy applies only to this website, http://www.hesa.ac.uk. This policy does not cover any other website operated by HESA or HESA Services Ltd.

HE provider contacts and statutory data users

If you are involved in the submission or review of HESA data returns you will need an account with the HESA Identity System (IDS). You will need to provide personal data to create an account. Each account has its own specific terms of use.

The personal data provided to set up the account is used for administration of HESA’s data collection and sharing process.

We may send you other relevant information such as newsletters or information about HESA products which you can opt-out of receiving. More details are provided in the IDS terms and conditions.

Product customers

When you buy a HESA publication or other product from the HESA website you will need to provide contact and billing details. If you wish to pay by credit card payments are processed by Stripe

We may send you additional information about our products and services which you can opt out of receiving.

Custom data requests

To request a quote for custom data you will need to complete a data request form with your contact details. We will use your data to administer your data request.

Credit card payments for custom data are processed by Stripe.

We may send you additional information about our products and services which you can opt out of receiving.

Training and seminar bookings

If you book a seminar or training event we will ask you for your details and details of the proposed attendees. We will use this data to administer the seminar or training. We may also use your details to tell you about relevant events in future, but you can opt out of receiving this information via the booking form.

If you book a training place for someone else you must have their permission to do so.

Payments for training and seminars are processed by Realex Payments.

For more details see the training terms and conditions.

Job applicants

Application forms and/or CVs are held in recruitment files and data from these is logged to ensure appropriate administration of applications from initial contact, through interview to outcome, whether successful or not. Applications are destroyed a year after the recruitment process has taken place.

Diversity monitoring information is only available to the Human Resources Team. This information is not provided to the interview panel. Anonymised information may be retained for equal opportunities monitoring, including the publication of statistics.

Students and staff of HE providers

HESA processes data about students and staff at HE providers in the UK. For information about how this data is processed please see the Data protection section of the website, and especially the Collection Notices.

Further information

You can find further information about HESA and HESA Services Ltd on our Who we are and Governance and company information pages.

Individuals have certain rights of access to their personal data. More information on this can be found on the data protection page.