Privacy & Cookie Policy

Choosing to shop with us means you've placed trust in us to handle your personal data responsibly. In sharing your personal data we hope you in return benefit from a tailored and convenient shopping experience. With trust comes responsibility and we take this responsibility very seriously.

This privacy policy helps you to understand how we use your personal data and who we share it with. It applies if you shop on our websites, use our apps, shop in our stores, contact customer services or if you otherwise share your personal data with us; for example if you contact us with a query or where you tell us that you would like to receive marketing communications from us.

We change the terms of this privacy policy from time to time and you should check it regularly. The last updated date is shown at the beginning of the document. If we make any material changes we will take steps to bring it to your attention.

When we say “we”, “our” or “us” in this policy we are referring to the companies that make up the NEXT Group. This privacy policy applies to the following companies:

Next Retail Limited, Next Holdings Limited, Next Distribution Limited, Next Manufacturing Limited, Next Sourcing Limited, Next Retail Ireland Limited, Next Germany GmbH, Next General Trading LLC, Next General Trading FZE, Next Beauty Limited, Lipsy Limited, Victoria’s Secret (VS Brands Holdings UK Limited), GAP (West Apparel UK Holdings Limited), Reiss (Pink Topco Limited), JoJo Maman Bébé (Regent BidCo 1 Limited), Joules (The Harborough Hare Limited) and Fatface (Bridgetown Holdco Limited).

The company named within the T&Cs on the website or app is the data controller of your personal data, which means we are responsible for deciding how and why your personal data is used. We are also responsible for making sure it is kept safe, secure and handled legally.

We sometimes work with other organisations in connection with some of the processing activities described in this privacy policy, such as social media platforms. Where that data is collected and sent to other organisations for processing that is for a common purpose, we will be making decisions together in relation to that particular processing and will be ‘joint data controllers’ with the organisations involved.

We operate to the highest standards when protecting your personal data and respecting your privacy. If you have any questions about your personal data, or how we use it, you can contact our Data Protection Officer via email at dataprotection@next.co.uk or by writing to our registered office at the following addresses:

UK registered address: Data Protection Officer, NEXT Group, Desford Road, Enderby, Leicester, LE19 4AT.

EU registered address: Data Protection Officer, NEXT Retail (Ireland) Ltd, 13–18 City Quay, Dublin 2, D02 ED70, Ireland.

You have a number of “Data Subject Rights”, we have explained below what they are and how you can exercise them. You can read more about these rights on the UK Information Commissioner's Office website at ico.org.uk/for-the-public, or on your local Data Protection Authority website.

• Right of access – You have the right to request a copy of the personal data that we hold about you.
• Right to rectification – If you think any of your personal data that we hold is inaccurate, you have the right to request it is updated.
• Right to erasure – (also known as the right to be forgotten) - You have the right to request that we delete your personal data that we hold. This right is not absolute and only applies in certain circumstances.
• Right to restriction of processing – You have the right to request we restrict or suppress the personal data we hold about you.
• Right to data portability – You have the right to ask us to electronically transfer your personal data to another organisation in certain circumstances.
• Rights with regards to automated decision making, including profiling – You have the right not to be subject to a decision that is based solely on automated processing if the decision affects your legal rights.
• Right to withdraw Consent – Where we are relying on your consent for processing you can withdraw or change your consent at any time.

If you have any general questions or want to exercise any of your rights, please see the “how you can get in touch” section of this privacy policy.

We will only ever process your data if we have a lawful basis to do so. The lawful bases we rely on are:

• Contract – Processing to fulfil a contractual arrangement or service you requested.
• Consent – Where you have provided explicit permission.
• Legitimate Interests – To provide the best products and services in the most secure way, provided our interests are not overridden by yours.
• Legal Obligation – To comply with statutory or regulatory requirements.
• Vital Interests – Necessary to protect someone’s life.

We collect and use data provided directly (e.g., account registration), via cookies, from customer service records, CCTV in stores, and third-party sources to manage your account and improve your experience.

To process orders and facilitate returns
Lawful basis: Contract

• We use account and delivery data to fulfill purchases and process returns.
• Payment details are shared with processors to secure your transactions.

To provide customer service
Lawful basis: Legitimate Interest

• We record calls and keep correspondence to effectively manage queries.
• We use artificial intelligence technologies, including automated systems, chatbots and other machine learning models, to enhance and improve efficiency for our customer service interactions.

To process orders via third party platforms
Lawful basis: Legitimate Interest

• Third party platforms provide us with your name and address details to fulfill your purchases and process returns.

We use various social media platforms (Facebook, Instagram, TikTok, etc.) to communicate and promote services. We use Page Insights and cookies (like Meta Pixel) to deliver relevant marketing. In these cases, we and the platforms act as joint data controllers.

Further information can be found in Meta’s Privacy Center at www.facebook.com/privacy and LinkedIn’s privacy policy.

What are cookies?
Small text files stored on your device that allow us to “remember” your preferences or actions. We also use pixels and tags.

What do we use cookies for?

• Secure sign-in and account management.
• Storing shopping bag contents.
• Personalising marketing and improving site design.
• Detecting and preventing fraud.

Can I turn off cookies?
You can manage preferences via the “Manually Manage Cookies” link at the bottom of our site or through your browser settings. Visit www.allaboutcookies.org for more details.

Our main operations are in the UK. Some data may be processed abroad (e.g., our contact centre in India). We ensure appropriate security using standard contractual clauses or the International Data Transfer Agreement to protect your data as it would be in the UK.

If you wish to complain about a breach of the Australian Privacy Principles, you may contact our Data Protection Officer. We aim to investigate and communicate a decision within 30 days. You may also contact the Australian Information Commissioner:

Office of the Australian Information Commissioner
GPO Box 5218, SYDNEY NSW 2001
Website: www.oaic.gov.au

Submit requests via our privacy portal.

UK Registered Address: Data Protection Officer, NEXT Group, Desford Road, Enderby, Leicester, LE19 4AT.

EU Registered Address: Data Protection Officer, NEXT Retail (Ireland) Ltd, 13–18 City Quay, Dublin 2, D02 ED70, Ireland.