Setting the standards in the highway electrical sector

Privacy Notice

This Notice Explains how the Highway Electrical Association (HEA) and each associated part uses the personal information collected from you, or provided to the HEA to process the associated functions. It also describes how long the information is kept for and the limited circumstances in which we might disclose it to third parties.

Personal Details We Hold

The HEA manages seven types of personal information routes, which allow the HEA to manage the various activities in support of the Highway Electrical and other associated sectors.

  1. HEA – Member information which includes applicant provided information which includes; organisation, applicant name, position, contact details.
  2. HESA – ATO – Customer provided information to facilitate the approval and management of Approved Training Providers within the HESA requirements, this includes organisation name, trainer name, personal CV, contact e-mail address and phone number. Supporting evidence for course approval, which may include certifications and statements.
    HESA – certification – for the production and reissue of certification. Customer provided information includes Learner Name, Trainer name, course title and course assessment outcome.
  3. HEA Training –Customer provided employee information for notification of training course attendance, this includes Learner Name, Reasonable Adjustments and HERS status. For Apprenticeship notification, additional information is required, which includes ethnic origin code, gender and date of birth.
  4. NVQ – Customer provided employee information for the registration of Learners on the Awarding Body (Lantra Awards) qualification registration system (further details on their privacy notice can be obtain from Lantra Awards. Information collected will include, Learner Name, Date of Birth, Ethnic Code, Gender and postcode. Where applicable information will be provided to Practical Performance Assessment Centres, information will include (ULN as applicable) Name, Awarding Body Learner Registration Number and name of employer.
  5. PPA Centre – Learner information provided by the associated NVQ centre, which includes (ULN as applicable) Name, Awarding Body Learner Registration Number and name of employer
  6. PPA Moderator/Certification – Learner information provided by the PPA centre, which includes (ULN as applicable) Name, Awarding Body Learner Registration Number and name of employer, it will also include associated assessment evidence in support of the final outcome.
  7. HERS – Customer provided employee information for ECS test request and HERS registration. Information provided includes operative name, gender, date of birth, National Insurance Number and name of employing company. Employee portfolio HERS documents and NVQ certification evidence will also be stored on the HERS system
  8. HEN – Contractor, Supplier and subscriber provided information, which includes name, address telephone number and e-mail address

Length of Time Held

In order to comply with the General Data Protection Regulations, your details will only be kept for the shortest time required. This will vary according to the type of data being held, and within which function.

The only exceptions to this are where:

Data Protection says that we are allowed to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are:

Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are.

What We Use Your Personal Information for Our Reasons (Legal Basis) Explanation of Legitimate Interests
To Set up your Account Legitimate Interest To ensure efficiency of dealing with this activity
Storage of payment details Consent None
Processing of your orders Legitimate Interest To ensure efficiency of dealing with this activity
Website personalisation and administration Legitimate Interest To promote providers, ATO service and HERS System
Communications to inform you of courses, updates, website updates, new services and safety notices Legitimate Interest Improving customer awareness
Contact you to undertake customer satisfaction surveys Legitimate Interest Develop and inform the HEA on possible improvements
Producing Certifications Legitimate Interest, Consent To provide appropriate certificates to reflect levels of approval, achievement and qualification requirements
Qualification Registrations Legitimate Interest, Consent To meet the requirements of the Awarding Body
HEA/HEMSA Membership Legitimate Interest, Consent To promote organisations and best practice

How to Access Your Details

If you wish to see full details of the information held for ATO and HERS the HERS system can be accessed using your login details, for all other enquiries, and to initiate a subject access request email

Sharing Personal Information

The HEA will not share your information to any other third party, except under the following situations;

The HEA, HESA and HEA Training may contact you relating to services, queries and safety alerts as these arise.

Data Controller and Data Processing

The HEA and HESA have fully committed to the adherence of the General Data Protection Regulations (GDPR). For the collection and processing of personal data, the following applies;

Collection of Data

The HEA and HESA will be the data controller for a number of functions, which includes, HEA, HESA ATO, HEA Training and related NVQ requirements.

Collected data will be held within secure electronic storage systems

Data Controller: HEA Office Manager – Sue East

Processing of Data

Personal data will be stored for the shortest time necessary

Under the GDPR you have the following rights to request information from the company:


Privacy Notice Iss 3.0

Published: 21 September 2020

Website By: