Last Updated September 2024
Choosing to shop with us means you've placed trust in us to handle your personal data responsibly. In sharing your personal data we hope you in return benefit from a tailored and convenient shopping experience. With trust comes responsibility and we take this responsibility very seriously.
This privacy policy helps you to understand how we use your personal data and who we share it with. It applies if you shop on our websites, use our apps, shop in our stores or if you otherwise share your personal data with us; for example if you contact us with a query or where you tell us that you would like to receive marketing communications from us.
We change the terms of this privacy policy from time to time and you should check it regularly. The last updated date is shown at the beginning of the document. If we make any material changes we will take steps to bring it to your attention.
When we say “we”, “our” or “us” in this policy we are referring to the companies that make up the NEXT Group. This privacy policy applies to the following companies:
Next Retail Limited, Next Holdings Limited, Next Distribution Limited, Next Manufacturing Limited, Next Sourcing Limited, Next Retail Ireland Limited, Next Germany GmbH, Next General Trading LLC, Next General Trading FZE, Next Beauty Limited, Lipsy Limited, Victoria’s Secret (VS Brands Holdings UK Limited), GAP (West Apparel UK Holdings Limited), Reiss (Pink Topco Limited), JoJo Maman Bébé (Regent BidCo 1 Limited) , Joules (The Harborough Hare Limited) and Fatface (Bridgetown Holdco Limited).
The company named within the T&Cs on the website or app is the data controller of your personal data, which means we are responsible for deciding how and why your personal data is used. We are also responsible for making sure it is kept safe, secure and handled legally.
We sometimes work with other organisations in connection with some of the processing activities described in this privacy policy, such as social media platforms. Where that data is collected and sent to other organisations for processing that is for a common purpose, we will be making decisions together in relation to that particular processing and will be ‘joint data controllers’ with the organisations involved. As joint data controllers, we and the other organisations involved in making these decisions will be jointly responsible to you under data protection laws for this processing.
We operate to the highest standards when protecting your personal data and respecting your privacy. If you have any questions about your personal data, or how we use it, you can contact our Data Protection Officer via email at dataprotection@next.co.uk or by writing to our registered office at the following addresses:
UK registered address: Data Protection Officer, NEXT Group, Desford Road, Enderby, Leicester, LE19 4AT.
EU registered address: Data Protection Officer, NEXT Retail (Ireland) Ltd, 13–18 City Quay, Dublin 2, D02 ED70, Ireland.
You have a number of “Data Subject Rights”, we have explained below what they are and how you can exercise them. You can read more about these rights on the UK Information Commissioner's Office website at ico.org.uk/for-the-public, or on your local Data Protection Authority website.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal data about another person, if you ask us to delete data which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your data for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal data.
If you have any general questions or want to exercise any of your rights, please see the “how you can get in touch” section of this privacy policy. In order to maintain the security of our customers' personal details, we may need to request proof of identity before we disclose personal data to you in response to any request.
We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You have the right to lodge a complaint directly with a Data Protection Authority. The Data Protection Authority in the UK, where we are based, is the Information Commissioner's Office (ICO), you can contact the ICO here: ico.org.uk/make-a-complaint. Our main supervisory authority in the EU is the Data Protection Commission (DPC) based in the Republic of Ireland, you can contact the DPC here: forms.dataprotection.ie/contact
We will only ever process your data if we have a lawful basis to do so. The lawful bases we rely on are:
We collect and use the data that you provide to us directly, for example; when you register for an account; we use cookies and other similar technologies to collect data from your devices when you interact with our advertising or use our website (you can find out more information in the “Cookie Policy” section below); we keep records when you speak to our customer service teams; we use CCTV in our stores for security monitoring and market research purposes; we take personal data from a number of third parties to help us manage your account and improve your shopping experience.
To process any orders that you place with us and to facilitate any returns Lawful basis: Contract
To provide you with access to an account Lawful basis: Contract
To provide customer service to you Lawful basis: Legitimate Interest in providing customer support
To offer and manage any credit we provide to you Lawful basis: Contract/Legitimate Interest in ensuring product suitability and managing debts
To personalise and improve your experience when you shop Lawful basis: Consent/Legitimate Interest in providing relevant and personalised experiences when you shop with us
To inform you about products and services that may interest you Lawful basis: Consent
Lawful basis: Legitimate Interest in assessing how and where to place advertising
To personalise and engage with you on social media Lawful basis: Consent/Legitimate Interest to personalise the marketing and services we provide to you
To keep in touch with you Lawful basis: Consent/Contract
Lawful basis: Legitimate interest in marketing to you and keeping customers updated
To ensure the Website and the services we offer you operate properly Lawful basis: Consent
Lawful basis: Legitimate Interest in planning and delivering efficient operations and to prevent and detect crime or fraudulent activity
To develop and improve our products, range and services Lawful basis: Legitimate Interest in understanding our customers’ needs and behaviours to provide a better experience
You can view the privacy policy for Experian and Merkle, including the ways in which they use and share personal data here:
To prevent and detect crime and other incidents Lawful basis: Legitimate Interest in keeping our customers and staff safe, reducing theft and fraud
To fulfil our legal obligations Lawful basis: Legal obligation
We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal data using these platforms in a variety of ways, as follows:
Pages/accounts. We use your personal data when you post content or otherwise interact with us on our official pages and accounts on Facebook, Instagram, Pinterest, Snapchat, TikTok, LinkedIn, X (formally Twitter) and other social media platforms. We also use the Page Insights service for Facebook, Instagram, Pinterest, TikTok, Snapchat and X to view statistical data and reports regarding your interactions with the pages and accounts we administer on those platforms and their content. Where those interactions are recorded and form part of the data we access through these page insights services, we and the relevant platform are joint data controllers of the processing necessary to provide that service to us.
Cookies. We use cookies and similar technologies in our website to collect and send data to social media platforms about actions you take on our website and applications. In particular:
Our relationship with Meta and LinkedIn. As we are joint data controllers with these platforms for certain processing, we and each platform have:
Meta also processes, as our processor, contact information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing Meta carries out when they display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to the social media platforms they operate.
Further information. The Meta company that is a joint data controller of your personal data is Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (if you are a UK-registered user) or Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (if you are an EEA-registered user). The LinkedIn company that is a joint data controller of your personal data is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland For further information regarding these platforms and their use of your personal data, please see:
What are cookies?
What do we use cookies for?
Some cookies are required by our site to enable you to transact whilst other cookies enable us to give you an enhanced, personalised web experience. We use cookies for the following purposes:
We also offer you the facility to share your experience on our website through social sites. More information about how these sites use cookies can be found on their websites.
What cookies do we use?
We use the following cookies on our websites and apps:
Can I turn off or block cookies?
We use cookies to ensure that we provide the best possible standard of service to our online customers. You can change your cookie preferences at any time by clicking on “Manually Manage Cookies” at the bottom of the page. You can then adjust the available sliders to on or off, then click “Confirm my choices”. If you choose not to consent to the use of cookies your experience of our website may be impaired and many integral aspects of the website, including (but not limited to) adding items to your shopping bag and accessing your account, will not work.
Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about how to manage cookies, including how to delete cookies, visit www.allaboutcookies.org
We keep your personal data as long as you are a customer of ours and generally for up to 7 years afterwards to comply with legal requirements. During that time we take steps to remove any personal data as soon as we no longer need it.
We consider you a customer:
We keep CCTV footage on our systems for up to 30 days, it is then deleted. Where accidents, incidents, criminal activities or breaches of our policies are recorded CCTV footage will be kept for longer, however only as long as necessary.
We work with a number of trusted third parties to provide you high quality goods and services. Anybody we work with is subject to stringent security and data protection assessments before we begin to do business with them and on an ongoing basis.
We always make efforts to anonymise data and only pass over personal data that is absolutely necessary for the purposes it is being processed. We always do so securely.
We have contracts in place with all suppliers that help us to ensure security and privacy of your personal data, these are reviewed and updated regularly and always in line with data protection laws.
The identities of the CRAs, and the ways in which they use and share personal data, are explained in more detail at:
- Experian Credit Reference Agency Information Notice
- TransUnion Credit Reference Agency Information Notice
- Equifax Credit Reference Agency Information Notice
We also take data from CRAs to allow us to make decisions about your credit account and credit facility.
The identities of the DCAs, and the ways in which they use and share personal data, are explained in more detail at:
Our main operations are based in the UK and your personal data is generally processed, stored and used within the UK. In some instances your personal data may be processed outside the UK. For example, we operate a customer contact centre in Pune, India. Operatives in this location will have access to your account data in order to assist you with your query. We also work with suppliers and partners who may make use of Cloud and /or hosted technologies across multiple geographies.
If you place an order with us and you are outside of the UK we will transfer the personal data that we hold on you to the UK to facilitate your order and may also transfer your personal data to third parties located in your country of residence to enable us to supply products you order from us. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal data is protected in the same way as if it was being used within the UK.
Where we need to transfer your personal data outside the UK, and if the recipient country has not been determined as providing an equivalent adequate level of protection as the UK, we will use one of the following safeguards:
We always ensure that personal data is secure by continuously developing our security systems and training for our employees. We have implemented appropriate technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.
If you use any third party apps, websites or services to access our services, your usage is subject to the relevant third party's terms and conditions, cookies policy, and privacy policy. For example, if you interact with us on social media, your use is subject to the terms and conditions and privacy policies of the relevant social media platform (Facebook, X etc.). The same applies if you use third party services, like Amazon's Alexa. In certain cases we may be required to share your personal data, in relation to transactions and usage of the services, with the relevant third party.
If you would like to exercise any of your rights mentioned within this privacy policy you can submit these through our privacy portal.
Alternatively, should you need to contact our Data Protection Officer please email: dataprotection@next.co.uk or you can write to:
UK registered address:
Data Protection Officer
NEXT Group
Desford Road
Enderby
Leicester
LE19 4AT
EU registered address:
Data Protection Officer
NEXT Retail (Ireland) Ltd
13–18 City Quay
Dublin 2
D02 ED70
Ireland
Are you sure you want to navigate away from this site?
If you navigate away from this site
you will lose your shopping bag and its contents.