Last Updated September 2024
Choosing to shop with us means you've placed trust in us to handle your personal data responsibly. In sharing your personal data we hope you in return benefit from a tailored and convenient shopping experience. With trust comes responsibility and we take this responsibility very seriously.
This privacy policy helps you to understand how we use your personal data and who we share it with. It applies if you shop on our websites, use our apps, shop in our stores or if you otherwise share your personal data with us; for example if you contact us with a query or where you tell us that you would like to receive marketing communications from us.
We change the terms of this privacy policy from time to time and you should check it regularly. The last updated date is shown at the beginning of the document. If we make any material changes we will take steps to bring it to your attention.
When we say “we”, “our” or “us” in this policy we are referring to the companies that make up the NEXT Group. This privacy policy applies to the following companies:
Next Retail Limited, Next Holdings Limited, Next Distribution Limited, Next Manufacturing Limited, Next Sourcing Limited, Next Retail Ireland Limited, Next Germany GmbH, Next General Trading LLC, Next General Trading FZE, Next Beauty Limited, Lipsy Limited, Victoria’s Secret (VS Brands Holdings UK Limited), GAP (West Apparel UK Holdings Limited), Reiss (Pink Topco Limited), JoJo Maman Bébé (Regent BidCo 1 Limited), Joules (The Harborough Hare Limited) and Fatface (Bridgetown Holdco Limited).
The company named within the T&Cs on the website or app is the data controller of your personal data, which means we are responsible for deciding how and why your personal data is used. We are also responsible for making sure it is kept safe, secure and handled legally.
We sometimes work with other organisations in connection with some of the processing activities described in this privacy policy, such as social media platforms. Where that information is collected and sent to other organisations for processing that is for a common purpose, we will be making decisions together in relation to that particular processing and will be ‘joint data controllers’ with the organisations involved. As joint data controllers, we and the other organisations involved in making these decisions will be jointly responsible to you under data protection laws for this processing.
We operate to the highest standards when protecting your personal data and respecting your privacy. If you have any questions about your personal data, or how we use it, you can contact our Data Protection Officer via email at dataprotection@next.co.uk or by writing to our registered office at the following addresses:
UK registered address: Data Protection Officer, NEXT Group, Desford Road, Enderby, Leicester, LE19 4AT.
EU registered address: Data Protection Officer, NEXT Retail (Ireland) Ltd, 13–18 City Quay, Dublin 2, D02 ED70, Ireland.
You have a number of “Data Subject Rights”, we have explained below what they are and how you can exercise them. You can read more about these rights on the UK Information Commissioner's Office website at ico.org.uk/for-the-public, or on your local Data Protection Authority website.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal data about another person, if you ask us to delete data which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your data for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal data.
If you have any general questions or want to exercise any of your rights, please see the “how you can get in touch” section of this privacy policy. In order to maintain the security of our customers' personal details, we may need to request proof of identity before we disclose personal data to you in response to any request.
We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You have the right to lodge a complaint directly with a Data Protection Authority. The Data Protection Authority in the UK, where we are based, is the Information Commissioner's Office (ICO), you can contact the ICO here: ico.org.uk/make-a-complaint. Our main supervisory authority in the EU is the Data Protection Commission (DPC) based in the Republic of Ireland, you can contact the DPC here: forms.dataprotection.ie/contact
We will only ever process your information if we have a lawful basis to do so. The lawful bases we rely on are:
We collect and use the data that you provide to us directly, for example; when you register for an account; we use cookies and other similar technologies to collect data from your devices when you interact with our advertising or use our website (you can find out more information in the “Cookie Policy” section below); we keep records when you speak to our customer service teams; we use CCTV in our stores for security monitoring and market research purposes; we take personal data from a number of third parties to help us manage your account and improve your shopping experience.
To process any orders that you place with us and to facilitate any returns Lawful basis: Contract
To provide you with access to an account Lawful basis: Contract
To provide customer service to you Lawful basis: Legitimate Interest in providing customer support
To offer and manage any credit we provide to you Lawful basis: Contract/Legitimate Interest in ensuring product suitability and managing debts
To personalise and improve your experience when you shop Lawful basis: Consent/Legitimate Interest in providing relevant and personalised experiences when you shop with us
To inform you about products and services that may interest you Lawful basis: Consent
Lawful basis: Legitimate Interest in assessing how and where to place advertising
To personalise and engage with you on social media Lawful basis: Consent/Legitimate Interest to personalise the marketing and services we provide to you
To keep in touch with you Lawful basis: Consent/Contract
Lawful basis: Legitimate interest in marketing to you and keeping customers updated
To ensure the Website and the services we offer you operate properly Lawful basis: Consent
Lawful basis: Legitimate Interest in planning and delivering efficient operations and to prevent and detect crime or fraudulent activity
To develop and improve our products, range and services Lawful basis: Legitimate Interest in understanding our customers’ needs and behaviours to provide a better experience
You can view the privacy policy for Experian and Merkle, including the ways in which they use and share personal data here:
To prevent and detect crime and other incidents Lawful basis: Legitimate Interest in keeping our customers and staff safe, reducing theft and fraud
To fulfil our legal obligations Lawful basis: Legal obligation
We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal data using these platforms in a variety of ways, as follows:
Pages/accounts. We use your personal data when you post content or otherwise interact with us on our official pages and accounts on Facebook, Instagram, Pinterest, Snapchat, TikTok, LinkedIn, X (formally Twitter) and other social media platforms. We also use the Page Insights service for Facebook, Instagram, Pinterest, TikTok, Snapchat and X to view statistical data and reports regarding your interactions with the pages and accounts we administer on those platforms and their content. Where those interactions are recorded and form part of the data we access through these page insights services, we and the relevant platform are joint data controllers of the processing necessary to provide that service to us.
Cookies. We use cookies and similar technologies in our website to collect and send data to social media platforms about actions you take on our website and applications. In particular:
Our relationship with Meta and LinkedIn. As we are joint data controllers with these platforms for certain processing, we and each platform have:
Meta also processes, as our processor, contact information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing Meta carries out when they display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to the social media platforms they operate.
Further information. The Meta company that is a joint data controller of your personal data is Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (if you are a UK-registered user) or Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (if you are an EEA-registered user). The LinkedIn company that is a joint data controller of your personal data is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland For further information regarding these platforms and their use of your personal data, please see:
What are cookies?
What do we use cookies for?
Some cookies are required by our site to enable you to transact whilst other cookies enable us to give you an enhanced, personalised web experience. We use cookies for the following purposes:
We also offer you the facility to share your experience on our website through social sites. More information about how these sites use cookies can be found on their websites.
What cookies do we use?
We use the following cookies on our websites and apps:
Can I turn off or block cookies?
We use cookies to ensure that we provide the best possible standard of service to our online customers. You can change your cookie preferences at any time by clicking on “Manually Manage Cookies” at the bottom of the page. You can then adjust the available sliders to on or off, then click “Confirm my choices”. If you choose not to consent to the use of cookies your experience of our website may be impaired and many integral aspects of the website, including (but not limited to) adding items to your shopping bag and accessing your account, will not work.
Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about how to manage cookies, including how to delete cookies, visit www.allaboutcookies.org
We keep your personal data as long as you are a customer of ours and generally for up to 7 years afterwards to comply with legal requirements. During that time we take steps to remove any personal data as soon as we no longer need it.
We consider you a customer:
We keep CCTV footage on our systems for up to 30 days, it is then deleted. Where accidents, incidents, criminal activities or breaches of our policies are recorded CCTV footage will be kept for longer, however only as long as necessary.
We work with a number of trusted third parties to provide you high quality goods and services. Anybody we work with is subject to stringent security and data protection assessments before we begin to do business with them and on an ongoing basis.
We always make efforts to anonymise data and only pass over personal data that is absolutely necessary for the purposes it is being processed. We always do so securely.
We have contracts in place with all suppliers that help us to ensure security and privacy of your personal data, these are reviewed and updated regularly and always in line with data protection laws.
The identities of the CRAs, and the ways in which they use and share personal data, are explained in more detail at:
- Experian Credit Reference Agency Information Notice
- TransUnion Credit Reference Agency Information Notice
- Equifax Credit Reference Agency Information Notice
We also take data from CRAs to allow us to make decisions about your credit account and credit facility.
The identities of the DCAs, and the ways in which they use and share personal data, are explained in more detail at:
Our main operations are based in the UK and your personal data is generally processed, stored and used within the UK. In some instances your personal data may be processed outside the UK. For example, we operate a customer contact centre in Pune, India. Operatives in this location will have access to your account data in order to assist you with your query. We also work with suppliers and partners who may make use of Cloud and /or hosted technologies across multiple geographies.
If you place an order with us and you are outside of the UK we will transfer the personal data that we hold on you to the UK to facilitate your order and may also transfer your personal data to third parties located in your country of residence to enable us to supply products you order from us. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal data is protected in the same way as if it was being used within the UK.
Where we need to transfer your personal data outside the UK, and if the recipient country has not been determined as providing an equivalent adequate level of protection as the UK, we will use one of the following safeguards:
In certain U.S. states consumers have certain rights regarding the personal information that businesses have about them, such as the California Consumer Privacy Act (the ‘CCPA’). This includes the rights to request access or deletion of your personal information, as well as the right to direct a business to stop selling your personal information.
Categories of Personal Information and Purposes
The categories of personal information we may collect about you (or have collected in the preceding 12 months) include:
Please see the section on “The information we collect and how we use it” above for more information on the purposes for which we collect your personal information.
Disclosing Your Personal Information
Please see the section on “Third Parties we share data with and receive data from” for a description of the third parties with whom we may share your personal information (or have shared your personal information in the last 12 months).
Your rights
Right to opt-out of sale:
While we do not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). We support the CCPA and wish to provide you with control over how your personal information is collected and shared. To make an opt-out of sale request, contact us according to the ‘How to get in touch’ section below and please include “Do Not Sell” in the subject line.
Right to request disclosure:
You have the right to request disclosure about what categories of personal information we have sold or disclosed for a business purpose about you and the categories of third parties to whom the personal information was sold or disclosed. You have a right to request disclosure of specific pieces of personal information. Below is a complete list of the personal information that you can include in your request.
Right to request deletion:
You have the right to request that we delete any personal information about you that was collected from you. Please note that there are exceptions where we do not have to fulfil a request to delete personal information, such as when the deletion of information would create problems with completing a transaction or compliance with a legal obligation.
Right to non-discrimination:
We will not discriminate against you (e.g., through denying goods or services or providing a different level or quality of goods o/r services) for exercising any of the rights afforded to you.
Right to rectification:
You have the right to request that we correct any incorrect personal information we hold on you to ensure that it is complete and as accurate as possible.
Califorina shine the light:
Under California’s “Shine the Light” law California residents who use our website and who provide personal information to us in order to obtain our products and services may request certain information regarding our disclosure of personal information to third parties for their own direct marketing purposes. This includes the categories of personal information and the names and addresses of those businesses with which we shared your personal information with in the previous calendar year. You may request this information once per calendar year. To make such a request, please send an email to dataprotection@next.co.uk
Limit the use of my personal information:
You have the right to limit the use of your sensitive personal information in certain circumstances. We will only collect sensitive personal information, as defined by the applicable California or other local law, for the purposes allowed by law or with your consent.
How do we handle your requests?
We endeavour to respond to a verifiable consumer request within the required timeframes. If we need more time, we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain why we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Children
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us their personal information, please contact us.
We always ensure that personal data is secure by continuously developing our security systems and training for our employees. We have implemented appropriate technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.
If you use any third party apps, websites or services to access our services, your usage is subject to the relevant third party's terms and conditions, cookies policy, and privacy policy. For example, if you interact with us on social media, your use is subject to the terms and conditions and privacy policies of the relevant social media platform (Facebook, X etc.). The same applies if you use third party services, like Amazon's Alexa. In certain cases we may be required to share your personal data, in relation to transactions and usage of the services, with the relevant third party.
If you would like to exercise any of your rights mentioned within this privacy policy you can submit these through our privacy portal.
Alternatively, should you need to contact our Data Protection Officer please email: dataprotection@next.co.uk or you can write to:
UK registered address:
Data Protection Officer
NEXT Group
Desford Road
Enderby
Leicester
LE19 4AT
EU registered address:
Data Protection Officer
NEXT Retail (Ireland) Ltd
13–18 City Quay
Dublin 2
D02 ED70
Ireland
You have reached your limit of 0 items. Please review your Wishlist to keep this item.
Manage Wishlist
Please try again
Wishlist currently unavailable
Add to Wishlist
Remove from Wishlist
This item has been added/removed from a user's Wishlist.
Not already logged in? Sign Out
Are you sure you want to navigate away from this site?
If you navigate away from this site
you will lose your shopping bag and its contents.
There are no Recently Viewed items to show. Items will appear here as you view them. You can then select the images to revisit the items.
Oops' Something's gone wrong! Please try again