Privacy information

We use your name, email and phone number to contact you about completing the Graduate Outcomes survey.

We or one of our suppliers may also use your contact details as part of an audit to check that the Graduate Outcomes survey has been undertaken properly.

We rely on the lawful basis of public task for this purpose. Processing your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

We collect the survey responses in fulfilment of our role as the designated data body for England and our equivalent roles for the other countries of the UK. Our role requires us to collect, publish and disseminate information about HE in the UK. The responses to the Graduate Outcomes survey are part of this information.

We aggregate responses into larger datasets which we analyse for research and statistical purposes. You can read more about this in Purpose 4, below. We hold and manage the data to maintain ongoing high standards in security, efficiency and usefulness. For example, we:

• Quality assure data to improve accuracy
• Monitor data systems and procedures to identify problems and areas for improvement
• Monitor overall response rates, and per level and subject, to promote survey performance based on student characteristics
• Monitor the effectiveness of and engagement with Graduate Outcomes survey emails for example, by analysing open rates and content interaction. Further information on how you can opt out of this can be found in the footer of each email
• Create derived fields to enrich data utility and insights

We also use the data for research and analysis about the survey’s use and future development, for example:

• By looking at data quality and the sector’s reliance on time series data
• By considering how it can contextualise the use of HESA Information
• By assessing the implications of changes to processes, systems and software on data outputs

We rely on the lawful basis of public task for these purposes. Processing your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

We may also rely on the lawful basis of legitimate interests, where processing is necessary for maintaining high standards in Graduate Outcomes survey processes, efficiency, data security and usefulness.

We share Graduate Outcomes survey results with your HE provider, the funders and regulators of HE in the UK and other public authorities. This is in fulfilment of our role as the designated data body for England and our equivalent roles for the other countries of the UK. The information assists these organisations in meeting their respective statutory, regulatory and public duties relating to the receipt and use of HE data. These organisations are data controllers of the information they receive from us and have their own privacy information explaining their purposes. Sometimes their purposes include linking the Graduate Outcomes data to other information for research purposes.

The UK HE funding and regulatory bodies are:

• Office for Students
• Medr (the Welsh Commission for Tertiary Education and Research)
• Scottish Funding Council
• Department for the Economy in Northern Ireland

Public authorities we share data with include:

• Department for Education
• Welsh and Scottish Governments
• Department for Business, Energy and Industrial Strategy
• UK Research and Innovation
• Teaching Regulation Agency
• National Health Service and associated bodies such as Health Education England and the Department of Health and Social Care
• General medical Council
• Office for National Statistics
• National Records of Scotland
• Northern Ireland Statistics and Research Agency
• National Audit office
• Student Loans Company

In addition, if you provide your consent, we will share your contact details with our statutory customers – that is the funders and regulators of HE in the UK – for the purposes of them contacting you about participating in future research projects. You may also consent to your provider contacting you about your survey responses after the survey has closed. Otherwise, you will not be contacted by these organisations in relation to your participation in the survey.

We rely on the lawful basis of public task for providing information to HE providers, funders, regulators and other public authorities. Processing your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

We rely on your consent to share your contact details with our statutory customers specifically for the purposes of them contacting you about future research projects.

We use the survey response data for statistical and research purposes including the publication of National Statistics.

For example, we:

• Conduct research to understand outcomes after higher education.
• Produce and publish Office for Statistics Regulation accredited data
• Produce bespoke data extracts and reports
• Create and operate data visualisation and analysis products and tools, such as Heidi Plus and Interactive insights, and other products and services in the public interest and for the benefit of the education and research sector
• Publish information of use and benefit to the education and research sector and of interest to the wider public
• Monitor equality of opportunity through analysis of graduate demographics and characteristics

When producing statistic material for publication, we apply the HESA standard rounding methodology. This disclosure control ensures no personal data is included and no individuals can be identified in the published materials.

We rely on the lawful basis of public task for the above purposes. Processing your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

We may also rely on the lawful basis of legitimate interests, where processing is necessary for researching, analysing and disseminating higher education information.

Information is supplied to third parties under data sharing agreements that prevent recipients from using the data to identify individuals or to make decisions about them. Each agreement specifies the duration for which data may be processed. This is usually one year but may be longer, if necessary, for the specific research purpose.

Each request for data is assessed for its compliance with data protection legislation and its compatibility with the HESA Student Collection Notice. Jisc ensures that only the minimum amount of data necessary for the specified research purpose is supplied to users. If the supplied information is to be published the HESA Rounding Methodology or an equivalent disclosure control must be applied.

Examples of data recipients include:

• Higher education sector bodies
• Higher education providers
• Schools and further education providers
• Academic researchers and students
• Commercial organisations (e.g. recruitment firms, housing providers, graduate employers)
• Unions
• Non-governmental organisations and charities
• Local, regional and national and international government bodies
• Journalists, media and public relations organisations

Jisc publishes a register containing information relating to the recipients to whom we disclose data for statistical purposes.

We rely on the lawful basis of public task for the above purposes. Processing your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

We may also rely on the lawful basis of legitimate interests, where processing is necessary for researching, analysing and disseminating information about HE. Processing may also be necessary for the legitimate interests of recipient third parties, in undertaking research, statistical and journalistic activities relating to HE.

In exceptional circumstances, where Jisc becomes aware that your survey responses indicate that there is a significant risk posed to you or others, we may contact your provider or request a support organisation to contact you.

We will only share what you tell us and take the above steps in the following circumstances:

• If you indicate that you have taken steps to end your life or you appear to be at risk of being unable to keep yourself safe from suicide
• We believe that you or someone else has been, or is, at risk of serious harm

We take your confidentiality very seriously and will only consider speaking to someone else or arranging for you to be contacted in the circumstances set out above. Where those circumstances apply, even if you haven’t given your provider explicit consent to contact you, we may still ask them to arrange contact.

We may rely on the lawful basis of vital interests to protect your life. We may also rely on the lawful basis of legitimate interests where processing is necessary for Jisc to protect your safety and wellbeing.

If you post publicly on social media (X, Facebook, LinkedIn, Instagram) that you completed the Graduate Outcomes survey, we may respond to your post and may send you a direct message in relation to the promotion of the survey.

We sometimes ask graduates who have publicly posted if they’d like to participate in promotional activities designed to encourage fellow graduates to complete the Graduate Outcomes survey. For example, we may ask if we can use a screenshot of your social media post, a quote from your social media post, or a quote, picture or short video that you provide to us. These materials may be used in survey invitation emails, newsletters, on the Graduate Outcomes website, or on Graduate Outcomes social media channels.

Processing your personal data to communicate with you is necessary for the purposes of Jisc’s legitimate interest in promoting engagement with and maximising the responses to the Graduate Outcomes survey.

We rely on your consent to process your personal data in the form of publicly published promotional material.

You have the right to know what personal data we hold about you and why and how we process it. We’re obliged by law to provide you with privacy information and we do this through our privacy notices.

You have the right to ask us for a copy of the personal data we hold about you. This is known as making a subject access request or SAR.

You can ask us for a copy of any information we’re holding about you, but there are times when the law says we may not need to provide it. We’ll make a reasonable and proportionate search for your data and may withhold information that reveals the personal data of someone else.

You have the right to ask us to correct or delete inaccurate personal data. If you think we’re holding incomplete data about you, you can also ask us to complete it by adding more details.

You have the right to ask us to delete personal data we’re holding about you. This is sometimes called ‘the right to be forgotten’ and only applies in limited circumstances.

The right to erasure doesn’t apply to activities covered by the lawful basis of public task. However, our policy is to accept erasure requests made before midnight on 31 December in a given collection year. Deletion requests made later than this date will be denied.

In certain circumstances you have the right to ask us to restrict, or temporarily limit, the way we’re processing your data. For example, when you’ve challenged the accuracy of your data or objected to our use of it, you might ask us to stop doing something with your data until these issues are resolved.

You have the right to object to the way we’re using your personal data at any time. However, this doesn’t mean we’ll always stop using your data for the purposes you’ve objected to. We’ll consider your interests and rights and determine if these outweigh our legitimate reasons for continuing.

At any time after providing consent for us to use your data, you may withdraw your consent.