General terms and conditions

General terms and conditions for HESA Identity System accounts

You accepted these terms when you registered an identity.

HESA Identity System General Terms and Conditions

  1. Background
    1. The Higher Education Statistics Agency Limited (HESA) goal is to operate a safe and secure environment for our services and therefore we require all users to abide by these terms when using our services.
  1. Agreement
    1. By registering a HESA Identity you agree to abide by this agreement. If you do not agree, do not register a HESA Identity.
    2. HESA may, from time to time, change or amend these terms. If we do, we will notify you, either through the user interface, in an email notification, or through other reasonable means. Your continued use of your HESA Identity after notification will be your consent to the changed terms. If you do not agree to the changes, you must stop using your HESA Identity.
  1. HESA Identity
    1. You need a HESA Identity to access some of the services HESA provides. A HESA Identity provides the credentials for you to authenticate your use of these services. You are responsible for keeping your account information and password confidential. You are responsible for all activity that occurs under your account. You must inform HESA immediately if you believe that there has been any compromise of your HESA Identity.
    2. If you've forgotten your password or otherwise can't access your HESA Identity, you can recover your HESA Identity by visiting the Account Recovery webpage and providing account recovery information. You are responsible for setting up account recovery information and for keeping that information confidential. If you cannot recover your HESA Identity using the method above you may reset your HESA Identity by visiting the Account Reset webpage.
  1. HESA Identity Organisation Role
    1. As well as requiring a HESA Identity to authenticate, access to some of our services is further restricted to only those people who act in a relevant capacity on behalf of an organisation and have appropriate authorisation. Such services will require your HESA Identity to show you as holding the appropriate HESA Identity Organisation Role before access to these services is authorised. You may be invited to hold such a role or you may request such a role. You must be authorised to act in such a capacity for that organisation before accepting or requesting a role. You will be required to accept any additional responsibilities that holding a role may entail.
    2. If you cease to work for an organisation in the same capacity you must remove the non-applicable roles from your HESA Identity. If you cease to work for an organisation completely you must remove all the roles you hold for that organisation from your HESA Identity.
    3. If you reset your HESA Identity, as described above, all roles and associated information will be removed from your HESA Identity. If you require a role in order to fulfil your or your organisation's obligations to HESA you will have to re-acquire it. You accept that any delay or inability to carry out your activities caused by an account reset is your responsibility.
  1. Privacy
    1. We may use your personal data to monitor the use of HESA's website.
    2. We use cookies that are necessary for the provision of the HESA Identity System and the services we provide to you, and for security monitoring purposes. The information collected for security monitoring purposes will include, but not be limited to, unique device identifiers, IP address, operating system and browser versions you are using. We also use cookies to collect anonymous information about pages visited on our website. We may use cookies to remember choices you make to improve your experience of our services. We do not use cookies to share information about your use of our services with any third parties. By accepting these terms, you consent to our use of cookies.
    3. We may pass your personal data to third parties who need your personal information in order for us to provide our services to you. For example:
      • If you request or accept a HESA Identity Role in order to act on behalf of an organisation we will provide information about you to members of that organisation so that they may contact you, manage their role delegation and review your activity.
      • If you hold a role that means you approve or reject role requests for an organisation we will provide information about you to people requesting roles so that they may contact you in connection with their request.
    4. We may use your personal data to inform you about changes and improvements to our systems, operational documentation, and website.
    5. For more information on how your personal data may be used by HESA please see
  1. Cancellation
    1. If you do not comply with the terms of this agreement we may take action against you including suspending your HESA Identity, suspending or removing roles, asking you to refrain from certain activities and referring your activity to your organisation or other appropriate authority e.g. The Information Commissioner's Office.
    2. At our sole discretion we may permanently suspend your HESA Identity and prevent you from further registration. You accept that any delay or inability to carry out your activities caused by any such action is your responsibility.
    3. If your HESA Identity is not used for 390 days it will be reset. You may reset your HESA Identity yourself at any time.