HEAT’s permission to process student data

Under Data Protection law, the HEAT Service (as Data Processor) is permitted to process student data on behalf of member providers (Data Controllers) because it is necessary for a task carried out in the public interest. HEAT uses individual data for research purposes by helping its members to:

Record student participation in outreach activities
Share data with other providers to assess wider engagement in outreach
Monitor neighbourhoods that members are reaching with their outreach activity via postcode profiling to assess equality of access
Track individual outcomes through linking HEAT data with administrative data sets from the Department for Education (DfE), Education and Skills Funding Agency (ESFA), Joint Information Systems Committee (JISC), and Universities and Colleges Admissions Service (UCAS)
Report on the effectiveness of outreach programmes to the Office for Students (OfS)

The HEAT Service processes data solely for the monitoring and evaluation purposes described, and does not share, pass on or sell data to any unauthorised third parties. Data is not linked to or used for any decision-making process which might directly affect individual students. Results are presented in aggregate form without disclosing the characteristics of individual students; however student-level data are, in some cases, available to other HEAT members for monitoring purposes.

HEAT’s Data Protection policies

Our comprehensive data protection policies aim to communicate how we comply with data protection legislation, by describing the organisational, technological, operational and good-practice measures we embed into every aspect of the HEAT Service. These include, for example, HEAT’s lawful basis for processing data, what data is collected and how it is used, data sharing arrangements, retention, a range of procedural information, and the HEAT Service Privacy Notice. HEAT takes its responsibility for data protection very seriously, and the following suite of documents demonstrates both compliance with data protection legislation and our commitment to safeguard the personal data we hold and processes.

Please note: you will need to be logged into the HEAT database to access these documents.

Banner image courtesy of the University of Kent

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_132460595_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.