Providing robust Data Protection is a top priority and something we take seriously. Alongside the HEAT Privacy Notice and HEAT Data Protection Policy, we provide a suite of resources to help ensure each member organisation complies with legislation.
To comply with GDPR law on collecting and retaining personal data, HEAT members should follow the HEAT Data Retention Policy which makes clear how long they will retain personal information. This allows them to use the Data Retention Tool to identify and delete Student records when required.
We also require all HEAT members to include a link to HEAT’s Privacy Notice and HESA’s Data Protection Notice in any notice served to an individual (including their own organisation’s Privacy Notice), to ensure we remain compliant.
The HEAT Technical Compendium outlines our technological and organisational measures and implemented security procedures that minimise the risk of unauthorised access or disclosure. It should provide answers to most queries when completing a technological audit or Data Protection Impact Assessment (DPIA).
Download the HEAT Technical Compendium (members only)
If you would like to report a high priority concern, data breach or security emergency, please see our Contact Us page.
All members are required to sign a legal agreement between HEAT c/o University of Kent (Coordinating Institution) and the member (Participating Institution) that outlines the terms of the HEAT Service. Agreements are entered into for a three-year period, from the effective date of the Agreement, and administered to the Member’s designated Legal ‘Point of Contact’ and Operational ‘Point of Contact’ via DocuSign. Agreements are renewable every three years (unless different terms are negotiated).
In line with our Governance requirements, we review the HEAT Agreement terms on a 3-year basis to ensure it is fit for purpose, especially in light of data protection laws.
Our current Agreement (v.9) was implemented in 2024/25 following member consultation.
A timetable for legal agreement revisions for the next ten years:
| Agreement Version | v.10 2027/28 | v.11 2030/31 | v.12 2033/34 | v.13 2036/37 |
| Consultation Period | March – April
2027 |
March – April 2030 | March – April
2033 |
March – April 2036 |
| Revised Agreement implemented
|
1st August 2027 |
1st August 2030 |
1st August 2033 |
1st August 2036 |
Although we need to administer a universal legal agreement, so that our members are signed up to the same terms, we always build in a consultation window a few months prior to implementing a new version so that members can review a draft and we can listen to feedback from your legal colleagues. Our legal counsel considers this feedback before finalising the new version.
As members have joined HEAT at different times we are renewing agreements at different points in the year for each member. This means that many members will only be part way through the three-year term on their current agreement when we produce a new agreement.
Members can sign up to the new version straight away; where there have been significant revisions, this is strongly recommended. When members sign a new revision, they can choose to sign for a three-year period from that point, or if their current Agreement still has time to run, for the term they previously signed to.
All members pay a financial contribution (subscription) to the cost of the HEAT Service in each year of their Agreement, which is subject to an annual percentage increase in line with inflation that is agreed by the HEAT Governance Group (more information on how we set the inflationary rise in the next section). Such increases shall take effect on the 1st of August each year.
HEAT c/o University of Kent invoices each member annually in advance of the anniversary of their Agreement, or where members pay for more than one year in advance then HEAT shall invoice in advance of the Agreement effective date for the full three-year term. VAT shall be added to all such invoices at the prevailing rate and members shall adhere to the published payment terms of the University of Kent, which are 30 days from date of invoice.
The membership decided that HEAT should apply a set annual inflationary rise each year to avoid inflationary fluctuations and aid budget forecasts. In the Agreement v.9 2024/25– 026/27 the inflationary rise was set as “increasing annually thereafter by 7% up until 2027”, to strengthen HEAT’s financial sustainability.
The inflationary rise, which is set by our Governance Group (with member representation), will be reviewed and agreed prior to each version of the Agreement, with notice provided to the membership.
Following previous Governance guidance, we anticipate that the next Agreement (v.10) for the period 2027/28-2029/30 will include an annual inflationary rise between 5%-7%. This will be guided by service inflation rates and supplier forecast costs with the aim of ensuring that our member owned service remains self-sustaining and a shared service that is value for money.
In the case that the new version of the Agreement in 2027/28 (v.10) sets a lower inflationary rise than Agreement v.9, members that are signed up to v.9 with a remaining term that extends into and beyond 2027/28 can re-sign to v.10, or if easier we will administer an email confirmation that the inflationary rise has changed (e.g. has reduced). This means that the same inflationary rise will be applied across the membership.
It is unlikely that the inflationary rise will increase above the 7% rate for the period 2027/28-2029/30 and where inflationary rate rises become significant, we will always ensure that there is extensive consultation.
The HEAT Service will make every effort to ensure that the information contained on this website is fair and accurate at the time of publication.