Last Updated December 2023
Choosing to shop with us means you've placed trust in us to handle your personal data responsibly. In sharing your personal data we hope you in return benefit from a tailored and convenient shopping experience. With trust comes responsibility and we take this responsibility very seriously.
Next Retail Limited, Next Holdings Limited, Next Distribution Limited, Next Manufacturing Limited, Next Sourcing Limited, Next Retail Ireland Limited, Next Germany GmbH, Next General Trading LLC, Next General Trading FZE, Next Beauty Limited, Lipsy Limited, Victoria’s Secret (VS Brands Holdings UK Limited), GAP (West Apparel UK Holdings Limited), Reiss (Pink Topco Limited), JoJo Maman Bébé (Regent BidCo 1 Limited) and Joules (The Harborough Hare Limited).
The company named within the T&Cs on the website or app is the data controller of your personal data, which means we are responsible for deciding how and why your personal data is used. We are also responsible for making sure it is kept safe, secure and handled legally.
We operate to the highest standards when protecting your personal data and respecting your privacy. If you have any questions about your personal data, or how we use it, you can contact our Data Protection Officer via email at firstname.lastname@example.org or by writing to our registered office at the following addresses:
UK registered address: Data Protection Officer, NEXT Group, Desford Road, Enderby, Leicester, LE19 4AT.
EU registered address: Data Protection Officer, NEXT Retail (Ireland) Ltd, 13–18 City Quay, Dublin 2, D02 ED70, Ireland.
You have a number of “Data Subject Rights”, we have explained below what they are and how you can exercise them. You can read more about these rights on the UK Information Commissioner's Office website at ico.org.uk/for-the-public, or on your local Data Protection Authority website.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal data about another person, if you ask us to delete data which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your data for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal data.
We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You have the right to lodge a complaint directly with a Data Protection Authority. The Data Protection Authority in the UK, where we are based, is the Information Commissioner's Office (ICO), you can contact the ICO here: ico.org.uk/make-a-complaint. Our main supervisory authority in the EU is the Data Protection Commission (DPC) based in the Republic of Ireland, you can contact the DPC here: forms.dataprotection.ie/contact
We will only ever process your data if we have a lawful basis to do so. The lawful bases we rely on are:
To process any orders that you place with us and to facilitate any returns Lawful basis: Contract
To provide you with access to an account Lawful basis: Contract
To provide customer service to you Lawful basis: Legitimate Interest in providing customer support
To offer and manage any credit we provide to you Lawful basis: Contract/Legitimate Interest in ensuring product suitability and managing debts
To personalise and improve your experience when you shop Lawful basis: Consent/Legitimate Interest in providing relevant and personalised experiences when you shop with us
To inform you about products and services that may interest you Lawful basis: Consent
Lawful basis: Legitimate Interest in assessing how and where to place advertising
To personalise and engage with you on social media Lawful basis: Consent/Legitimate Interest to personalise the marketing and services we provide to you
To keep in touch with you Lawful basis: Consent/Contract
Lawful basis: Legitimate interest in marketing to you and keeping customers updated
To ensure the Website and the services we offer you operate properly Lawful basis: Consent
Lawful basis: Legitimate Interest in planning and delivering efficient operations and to prevent and detect crime or fraudulent activity
To develop and improve our products, range and services Lawful basis: Legitimate Interest in understanding our customers’ needs and behaviours to provide a better experience
To prevent and detect crime and other incidents Lawful basis: Legitimate Interest in keeping our customers and staff safe, reducing theft and fraud
To fulfil our legal obligations Lawful basis: Legal obligation
We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal data using these platforms in a variety of ways, as follows:
Pages/accounts. We use your personal data when you post content or otherwise interact with us on our official pages and accounts on Facebook, Instagram, Pinterest, Snapchat, TikTok, LinkedIn, X (formally Twitter) and other social media platforms. We also use the Page Insights service for Facebook, Instagram, Pinterest, TikTok, Snapchat and X to view statistical data and reports regarding your interactions with the pages and accounts we administer on those platforms and their content. Where those interactions are recorded and form part of the data we access through these page insights services, we and the relevant platform are joint data controllers of the processing necessary to provide that service to us.
Our relationship with Meta and LinkedIn. As we are joint data controllers with these platforms for certain processing, we and each platform have:
Meta also processes, as our processor, contact information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing Meta carries out when they display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to the social media platforms they operate.
Further information. The Meta company that is a joint data controller of your personal data is Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (if you are a UK-registered user) or Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (if you are an EEA-registered user). The LinkedIn company that is a joint data controller of your personal data is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland For further information regarding these platforms and their use of your personal data, please see:
What are cookies?
What cookies do we use?
We use the following cookies on our websites and apps:
Can I turn off or block cookies?
Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about how to manage cookies, including how to delete cookies, visit www.allaboutcookies.org
We keep your personal data as long as you are a customer of ours and generally for up to 7 years afterwards to comply with legal requirements. During that time we take steps to remove any personal data as soon as we no longer need it.
We consider you a customer:
We keep CCTV footage on our systems for up to 30 days, it is then deleted. Where accidents, incidents, criminal activities or breaches of our policies are recorded CCTV footage will be kept for longer, however only as long as necessary.
We work with a number of trusted third parties to provide you high quality goods and services. Anybody we work with is subject to stringent security and data protection assessments before we begin to do business with them and on an ongoing basis.
We always make efforts to anonymise data and only pass over personal data that is absolutely necessary for the purposes it is being processed. We always do so securely.
We have contracts in place with all suppliers that help us to ensure security and privacy of your personal data, these are reviewed and updated regularly and always in line with data protection laws.
The identities of the CRAs, and the ways in which they use and share personal data, are explained in more detail at:
We also take data from CRAs to allow us to make decisions about your credit account and credit facility.
The identities of the DCAs, and the ways in which they use and share personal data, are explained in more detail at:
Our main operations are based in the UK and your personal data is generally processed, stored and used within the UK. In some instances your personal data may be processed outside the UK. For example, we operate a customer contact centre in Pune, India. Operatives in this location will have access to your account data in order to assist you with your query. We also work with suppliers and partners who may make use of Cloud and /or hosted technologies across multiple geographies.
If you place an order with us and you are outside of the UK we will transfer the personal data that we hold on you to the UK to facilitate your order and may also transfer your personal data to third parties located in your country of residence to enable us to supply products you order from us. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal data is protected in the same way as if it was being used within the UK.
Where we need to transfer your personal data outside the UK, and if the recipient country has not been determined as providing an equivalent adequate level of protection as the UK, we will use one of the following safeguards:
We always ensure that personal data is secure by continuously developing our security systems and training for our employees. We have implemented appropriate technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.
Alternatively, should you need to contact our Data Protection Officer please email: email@example.com or you can write to:
UK registered address:
Data Protection Officer
EU registered address:
Data Protection Officer
NEXT Retail (Ireland) Ltd
13–18 City Quay
Are you sure you want to navigate away from this site?
If you navigate away from this site
you will lose your shopping bag and its contents.