HEAT Privacy Notice

What is the HEAT Service and what does it do?

The HEAT Service is a not-for-profit, collaborative organisation enabling its members to monitor and longitudinally track the progression of individuals who have interacted with a HEAT member organisation. It is led by the University of Kent and its membership consists of universities, colleges, or other organisations whose aim is to support your progression choices.

We are a research facilitating service that processes personal data and tracks participants for the purpose of monitoring and evaluating activities delivered by our members. We rely on the following lawful basis as allowed by the UK GDPR for processing your personal data as this is necessary for:

The performance of a task carried out in the public interest or in the exercise of official authority – Article 6(1)(e)

As we also use your special category data, we must identify a further basis for processing that data. The processing is necessary for:

Reasons of substantial public interest (as defined within the Data Protection Act 2018) – Article 9(2)(g) Our substantial public interest reason is equality of opportunity or treatment.

Archiving in the public interest, scientific or historical research purposes or statistical purposes with a basis in law – Article 9(2)(j)

Whilst individual organisations working with the HEAT Service must consider their own approach to compliancy, we encourage reliance upon Public Task or Legitimate Interest for third sector members.

If you are reading this information, you are very likely to have been contacted and/or offered the opportunity to participate in an activity delivered by a HEAT member. You may have been asked to provide information about yourself and your circumstances. The purpose of this data collection is to investigate the impact of member-delivered activities alongside, specifically but not exclusively, individual information regarding attainment, progression, social mobility, graduate outcomes, and eventual employment.

Why is data stored about you?

In accordance with UK General Data Protection Regulation (UK GDPR), the HEAT Service is permitted to store and process individual data for research in the public interest. Personal information is used to underpin research that seeks to make improvements to future activities offered by HEAT member organisations as well as ascertaining the effectiveness of that activity by identifying and questioning purpose. For example:

Are individuals more likely to go onto Higher Education if they have engaged in an activity?
Are participants more likely to go onto Higher Education than those who do not participate?
Do some schools and colleges receive more activity than others?
What can schools, colleges, universities and other outreach organisations do to improve their widening participation work?

What data is stored?

The HEAT member requesting to collect your information may ask and keep one or more of the following information:

Name
Date of Birth
Disability
Ethnicity
Gender Identity
Institution
Postcode
Religion
Sex

How is your data stored?

The HEAT Service provides a secure, central online repository within which member organisations store your information. It does so to facilitate national monitoring, evaluation, and evidence-based research. The service produces standardised or personalised data collection and reporting for members. It provides confidential recording tools to facilitate reporting on your information and the activities you attended. It includes:

The sharing of information across partner institutions and organisations
Data sharing with researchers
Tracking and reporting
Importing and exporting tools to ease data capture and outputs
Individual profiling
Postcode profiling
Storage of data that individual organisations use for their own purpose

How is your data processed?

To examine whether outreach is effective, collected personal information is ‘tracked’. This involves the linking of the information you’ve provided with student ‘outcome’ data via administrative datasets. This is achieved by sharing your information with the following bodies:

The Department for Education (DfE)
The Office for Students (OfS)
The Education and Skills Funding Agency (ESFA)
The Joint Information Systems Committee (JISC)
The Universities and Colleges Admissions Service (UCAS)
Independent research by third parties

The purpose of sharing personal information is to explore the relationship between activity engagement and student success with the aim to improve future outcomes. Your data will never be used for marketing purposes, shared, sold or seen by anyone else. The HEAT Service processes data solely for the monitoring and evaluation purposes described herein. Data is not linked to or used for any decision-making process that directly affects individuals. Results presented outside of the HEAT Service are in aggregate form without disclosing specific detail on individuals.

For how long will your data be kept?

If you have:

Attended an activity within the last 15 years
Supplied your first name, last name, postcode and date of birth
Not withdrawn your permission to be included in outreach participant research

From the year you are ready to enter Higher Education, your data will be used for 15 years for the purpose of monitoring and evaluation*. After this time, your information will be marked as ready for deletion to the HEAT member who collected it for this purpose. Information stored that does not reach the above criteria will be marked as ready for deletion to the collecting organisation within 7 years.

*The year you are considered ready for Higher Education is determined by our ‘Expected HE Entry Year’ field, which is calculated by date of birth but manually adjusted if you are an adult.

Your rights: who to contact about your rights, to make an enquiry or complain if you are unhappy

Under Data Protection law, you have the right to access your personal data, to object to the storing and use of your data and to request to have your data removed from the HEAT system or updated if it is inaccurate. Enquiries about your rights can be made to the HEAT Service in the first instance by contacting HEAT Support. The HEAT Service can signpost you to the member organisation who is Data Controller of your information. Additionally, it can provide a full copy of the HEAT Data Protection Policy and Privacy Notice upon request.

The University of Kent is registered with the Information Commissioner’s Office (ICO) Data Protection Register (Number Z6847902). Data Protection enquiries pertaining to the University of Kent can be made by emailing datapro@kent.ac.uk. For further information about Data Protection; advice and guidance on your right to privacy; or to make a complaint, you should contact the Information Commissioner’s Office (ICO) – the regulatory body for UK Data Protection:

Information Commissioner’s Office
Website: www.ico.org.uk
Telephone helpline: 0303 123 1113

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_132460595_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.