Introduction

Choosing to shop with REISS means you've placed a great deal of trust in us. In sharing your personal Information we hope you in return benefit from a tailored and convenient shopping experience. With trust comes responsibility and we take this responsibility very seriously.

This privacy policy helps you to understand how we use your personal data and who we share it with. It applies if you shop on a REISS website, use the REISS app, shop in a REISS store, contact our customer contact centre or if you have indicated you are happy to receive marketing and other communications from us.

We change the terms of this privacy policy from time to time and you should check it regularly. The last updated date is shown at the beginning of the document. If we make any material changes we will take steps to bring it to your attention.

Who we are

NEXT and REISS are joint data controllers of your data which means we are jointly responsible for deciding how and why your personal data is used. We're both also responsible for making sure it is kept safe, secure and handled legally when we are processing it. We operate to the highest standards when protecting your personal data and respecting your privacy.

when we say "we", "our" or "us" in this policy we are referring to the companies that make up the NEXT Group.

We sometimes work with other organisations in connection with some of the processing activities described in this privacy policy, such as social media platforms. Where that data is collected and sent to other organisations for processing that is for a common purpose, we will be making decisions together in relation to that particular processing and will be ‘joint data controllers’ with the organisations involved. As joint data controllers, we and the other organisations involved in making these decisions will be jointly responsible to you under data protection laws for this processing.

If you have any questions about your personal data, or how we use it, you can contact our Data Protection Officer via email at dataprotection@next.co.uk or by writing to our registered offices below:

UK registered address: Data Protection Officer, NEXT Retail Limited, Desford Road, Enderby, Leicester, LE19 4AT.

EU registered address: Data Protection Officer, NEXT Retail (Ireland) Ltd, 13-18 City Quay, Dublin 2, D02 ED70, Ireland.

Your rights

You have a number of "Data Subject Rights", we have explained below what they are and how you can exercise them. You can read more about these rights on the Information Commissioner's Office website at www.ico.org.uk/for-the-public, or on your local Data Protection Authority website.

Right of access - You have the right to request a copy of the personal data that we hold about you.

Right to rectification - If you think any of your personal data that we hold is inaccurate, you have the right to request it is updated. We may ask you for evidence to show it is inaccurate.

Right to erasure - (also known as the Right to be Forgotten) - You have the right to request that we delete your personal data that we hold.

Right to restriction of processing - You have the right to request we restrict or suppress the personal data we hold about you.

Right to data portability - You have the right to ask us to electronically transfer your personal data to another organisation in certain circumstances.

Rights with regards to automated decision making, including profiling - We sometimes use your personal data to make decisions by automated means. This involves us analysing your account activity including applications, orders, payments etc. We do this to confirm your identity, prevent and detect crime, and lend responsibly. This automated decision making is necessary if you would like to continue to shop with us online. You have a right to reject automated decisions, but it may mean that you can only shop with us in our stores.

Right to withdraw Consent - Where we are relying on your consent for processing you can withdraw or change your consent at any time.

The above rights may be limited in some circumstances, for example: if fulfilling your request would reveal personal data about another person; if you ask us to delete data which we are required to have by law; or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your data for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal data.

If you have any general questions or want to exercise any of your rights, please see the "how you can get in touch" section of this privacy policy. In order to maintain the security of our customers' personal details, we may need to request proof of identity before we disclose personal data to you in response to any request.

We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You have the right to lodge a complaint directly with a Data Protection Authority. The Data Protection Authority in the UK, where we are based, is the Information Commissioner's Office (ICO), you can contact the ICO here:www.ico.org.uk/make-a-complaint. Our main supervisory authority in the EU is the Data Protection Commission (DPC) based in the Republic of Ireland, you can contact the DPC here: forms.dataprotection.ie/contact.

The lawful bases we use to process data

We will only ever process your data if we have a lawful basis to do so. The lawful bases we rely on are:

Contract - This is where we process your data to fulfil a contractual arrangement we have made with you.

Consent - This is where we have asked you to provide explicit permission to process your data for a particular purpose.

Legitimate Interests - This is where we rely on our interests as a basis for processing. Generally this is to provide you with the best products and services in the most secure and appropriate way, but not where our interests are overridden by your interests.

Legal Obligation - This is where we have a statutory or other legal obligation to process the data, such as for the investigation of crime or to meet responsible lending criteria.

Vital Interests - This is where the processing of personal data is necessary to protect someone's life.

The Data we collect and how we use it

We collect and use the data that you provide to us directly, for example; when you register for an account; we use cookies and other similar technologies to collect data from your devices when you interact with our advertising or use our website (you can find out more information in the "Cookie Policy" section below); we keep records when you speak to our customer service teams; we take personal data from a number of third parties to help us manage your account and improve your shopping experience.

To process any orders that you place with us and to facilitate any returns (Lawful basis: Contract)

We take payment details to process payment for any credit or debit card orders you place with us. We share these details with our chosen payment processors.

We use your account data plus your chosen delivery address details to deliver your purchases and keep you informed of their status, and to process any returns including (where appropriate) collecting the item from you.

Additionally, where you consent our chosen payment processors may store your payment card details at your request to speed up your checkout in the future.

To provide you with access to an account (Lawful basis: Contract)

To register an account with us we capture data such as your name, contact and delivery information, and a password to protect your account (account data). We use the same data on an ongoing basis to manage and provide secure access to your account, and provide you with the services you request.

To provide customer service to you (Lawful basis: Legitimate Interest in providing customer support/Contract)

We record calls and keep correspondence (customer service records) when you contact our customer service teams or interact with us on social media. Using these customer service records is necessary to manage your queries or complaints effectively, for quality monitoring, for the defence of any claims and to continually improve our services.

We may use automated machine learning systems to generate responses when you communicate with our customer contact centres. This helps us to resolve common queries quickly, provide you with a more efficient service and reduce the average response time for our customers.

When you book an appointment in store for a personal styling or tailoring session, we will use the data you provide to send any communications or confirmations in relation to this booking.

To offer and manage any credit we provide to you ( Lawful basis: Contract/Legitimate Interest in ensuring product suitability and managing debts)

When you apply for and use credit with us we will use your account data to make searches with third parties who will give us data about you, such as your financial history. We do this as it is necessary to assess your creditworthiness and product suitability.

We use purchase and payment history, along with your account data on a cyclical basis, as it is necessary to manage your credit facility with us.

We use your account data, purchase history, payment history and third party data as it is necessary to collect and recover money that is owed to us (debt recovery) should your account fall into arrears. Please see the section on "third parties we share data with and receive data from" below for more information.

To personalise and improve your experience when you shop (Lawful basis: Consent/Legitimate Interest in providing relevant and personalised experiences when you shop with us)

We keep a record of how you interact with our website or app and any marketing you are exposed to. We use this data, along with purchase history across the NEXT Group, demographics, account data and third party data. We do this so we can create a profile about you, which helps us to tailor your shopping experience, to show you products and offers from across our brands that we think you will be most interested in, and find ways to improve our stores, apps and websites.

We use your account data, information about the devices you use to access our sites and your interactions with us to operate personalised features across our websites, apps and communication.

We record your purchases made in one of our stores using tokenised data from your payment card. Your payment card(s) have a unique tokenised reference number and this is used to match it to your profile.

We will send you a receipt by email if you have requested this when you shop in one of our stores. We use your email address to link your purchases to your profile.

To inform you about products and services that may interest you (Lawful basis: Consent)

We use technologies such as cookies within digital marketing networks, ad exchanges and social media networks such as Facebook’s Custom Audience to get relevant marketing messages across to you and other customers. We share aggregated and anonymised data about the customer segments we are interested in reaching with advertising partners, so they can focus on showing adverts to those who are most likely to be interested in our products, services and offers, and to prevent them showing you irrelevant or repetitive advertisements.

We share limited data with selected suppliers to enable them to identify new prospective customers on our behalf and to prevent us repeatedly advertising products or services you have already bought.

(Lawful basis: Legitimate Interest in assessing how and where to place advertising )

We receive data on how you interact with our adverts and content on third party websites and social media platforms (such as Google or Facebook) which it is necessary to use to tailor and personalise the products and services that are displayed to you.

To personalise and engage with you on social media (Lawful basis: Consent/Legitimate Interest to personalise the marketing and services we provide to you)

We use your personal data to engage with you on social media.

We place targeted advertising in social media. You may receive advertising based on data about you that we have provided to a social media platform, or allowed it to collect using cookies on our website or code in our applications (or a combination of the two). For some of our marketing campaigns, we may use this data to exclude you from receiving advertising, if we believe it will not be relevant to you.

You may also receive advertising because, at our request, the platform has identified you as falling within a group whose attributes we have selected or a group that has similar attributes to the individuals whose details it has received from us (or a combination of the two).

We view statistical data and reports regarding your interactions with the pages and accounts we administer on social media platforms.

To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us. Please also see the section below for further information regarding our use of social media, including specific platforms and the arrangements we have in place with them.

To keep in touch with you (Lawful basis: Consent/Contract)

When you agree to receive marketing we will keep you up to date with news of products and services including store events, offers, promotions and sale data. We may send you marketing via email, SMS, post or push notification, depending on your preferences. You can unsubscribe from marketing at any time through the "my account"or using the link in every email that we send to you.

If you enter or apply for a prize draw or competition we will collect your contact details so that we can inform you if you are a winner.

(Lawful basis: Legitimate interest in marketing to you and keeping customers updated )

Where we are permitted to market to you without consent, we will update you on the latest similar products and services sold on our websites or in our stores that we think you will be interested in.

When we send you communications we use records of how you interact with our website and any other marketing we have sent to you, along with purchase history, to personalise the marketing we send you so it is relevant and interesting.

When we respond to any communications and queries from you if you contact us via any of our customer contact channels, including when we interact with you through the chat function on our websites or apps or via WhatsApp.

We use your account data to notify you about important service messages, such as material changes to this policy, product recalls or information about your account.

When we send you targeted and specific communication for retail updates you may be interested in, such as product launches in store, markdown and sale dates, new collections and store events.

To ensure the Website and the services we offer you operate properly (Lawful basis: Consent)

We use cookies and other similar technologies to keep track of your preferences when using our site.

We use cookies and similar technologies to help us understand how you use the site, this allows us to optimise your shopping experience and continually improve our site.

(Lawful basis: Legitimate Interest in planning and delivering efficient operations and to prevent and detect crime or fraudulent activity )

We use data for logistics planning, demand forecasting, management information, dealing with errors on our site, and general research and development as it is necessary to keep the business running efficiently.

We gather data about the devices you use to access our sites (desktop and mobile) for example your IP address and device type, to ensure the site is secure and works across multiple platforms.

To develop and improve our products, range and services (Lawful basis: Legitimate Interest in understanding our customers’ needs and behaviours to provide a better experience)

We share insights about our customers (in an anonymised and aggregated format) with the companies whose products we sell. This is necessary to help them better understand the different profiles of our customers, focusing on those who buy their products or are interested in them.

We may contact you to take part in customer satisfaction surveys, if you respond we collect your feedback and contributions (customer feedback). We use this information to develop the products and services we offer.

We work with information providers that specialise in consumer profiling, such as Experian and Merkle. These organisations provide demographic or other data as it is necessary to help us better understand customers' demographics, lifestyles or shopping behaviours, usually linked to the areas where people live. This helps us to understand our customers better and provide products and services that people will want to purchase.

You can view the privacy policy for Experian and Merkle, including the ways in which they use and share personal data here:

experian.co.uk/privacy/privacy-policies

merkle.com/privacy

When we send you electronic communications, such as emails, we capture whether the message has been opened, if you have clicked on any links within that message and the device you used. We do this because we want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our services.

We use data about how you browse and engage with our website or app to improve our websites and app.

We use all data, including third party data in the development of new products, services and systems to ensure they work as expected and will be useful to our customers

To prevent and detect crime and other incidents ( Lawful basis: Legitimate Interest in keeping our customers and staff safe, reducing theft and fraud )

When you shop in a REISS store we use CCTV for the prevention and detection of crime, for operational efficiency and analytics purposes or for the protection of our staff, customers and products. This includes for the investigation of accidents, incidents, criminal activities and breaches of our policies.

When you register an account, apply for credit or contact our customer contact centres we use your account, application and purchase history data as they are necessary to confirm your identity.

We use device identifiers, IP addresses and account numbers in fraud prevention and investigation, as they are necessary to maintain network and data security.

To fulfil our legal obligations (Lawful basis: Legal Obligation)

We use your data to ensure we comply with any requirements imposed on us by law or court order, including disclosure to law or tax enforcement agencies and authorities or pursuant to legal proceedings.

We use your account data, order history and payment history to assist in monitoring for fraudulent transactions or suspected money laundering.

We maintain a record of any health and safety incidents that occur in our stores or in our premises. We will share data with regulatory and other official bodies if they make formal requests.

We will maintain records to meet regulatory and tax requirements.

We will use your account data to contact you in connection with product recalls or other similar product quality issues and to comply with our legal obligations in connection with the sale of age restricted products.

Our use of social media

We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal data using these platforms in a variety of ways, as follows:

Pages/accounts.

Cookies.

Meta (who operates the Facebook and Instagram platforms) uses this data to provide services to us and also for further processing for its own business purposes. We and Meta are joint data controllers of the processing involved in collecting and sending your personal data to Meta using cookies and similar technologies as each of us has a business interest in Meta receiving this data. The services we receive from Meta that use this data are delivered to us through Meta Business Tools, which include Meta pixel, social plugins, code in our applications and website custom audiences. These tools allow us to target advertising to you within Meta’s social media platforms by creating audiences based on your actions on our website and applications and allow Meta to improve and optimise the targeting and delivery of our advertising campaigns for us.

Our relationship with Meta and LinkedIn.

entered into agreements in which we have agreed each of our data protection responsibilities for the processing of your personal data described above;

agreed that we are responsible for providing to you the information in this privacy policy about our relationship with each platform; and

agreed that each platform is responsible for responding to you when you exercise your rights under data protection law in relation to that platform's processing of your personal data as a joint data controller.

Meta also processes, as our processor, contact information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing Meta carries out when they display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to the social media platforms they operate.

Further information.

Meta's Controller Addendum for Page Insights and UK Controller Addendum for Business Tools (for users located in the UK) and Controller Addendum (for users located in the EEA), and LinkedIn's Page Insights Joint Controller Addendum, which include information regarding how our and these platforms' responsibilities to you are allocated as controllers of your personal data;

Meta's Privacy Center including its privacy policy at www.facebook.com/privacy and LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy which include details of the legal reasons (known as 'lawful bases') on which each platform relies to process your personal data, together with details regarding your data protection rights.

Cookie Policy

What are cookies?

Cookies are small text files that are stored on your computer, mobile device or other web enabled device when you visit one of our websites or apps. Cookies allow us to "remember" your actions or preferences over a period of time, or they may contain data related to the function or delivery of our websites. We also use the term "cookie" to describe similar technologies such as pixels or tags.

What do we use cookies for?

Some cookies are required by our site to enable you to transact whilst other cookies enable us to give you an enhanced, personalised web experience. We use cookies for the following purposes:

To allow you to securely sign in to your account, so that you can use "My Account" features such as order information, making payments and viewing statements.

To store the content of your online shopping bag whilst you browse the site and to complete an order.

To record the areas of the website that you have visited, products you have viewed and time spent browsing, as well as the products you purchased. We use this data to help make the websites more user friendly, develop our website design and to continuously improve the quality of the service we provide.

To distribute visitors to our websites evenly across platforms to ensure the content is served at the fastest possible speed.

Provide relevant products and services to you when you come to the website and ensure that relevant marketing material is provided to you.

Detect and prevent fraud and other crimes.

We also offer you the facility to share your experience on our website through social sites such as facebook and twitter. More information about how these sites use cookies can be found on their websites.

What cookies do we use?

Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off. They are used, for example, to make sure your transaction is secure, to enable you to log in to the secure areas of your account, such as your order history and to add items to your basket. Blocking these cookies through your browser will mean that some parts of our website won't work.

Performance Cookies or Analytical Cookies. These cookies allow us to monitor visitors to our website and ensure it is performing correctly. We use this data to measure overall performance,improve your website experience and improve the design of our website.

Functionality Cookies.These cookies enable enhanced functionality on our website, such as allowing you to add to favourites or remember your language preferences.

Onsite Targeting: Marketing and Personalisation Cookies. These cookies are placed by us and are used to help us to build an understanding of your interests (for example by understanding what products you have browsed on our website) and show you products, services and advertisements relevant to you whilst you are on the website. These cookies make it possible for us to personalise your experience on the websites and (if you are subscribed) in our email marketing.

Off Site Targeting: Marketing and Personalisation Cookies. These cookies are placed by our advertising and marketing partners (including social networks). These help us to build an understanding of your interests (for example by understanding what products you have browsed on our website) and show you products, services and advertisements relevant to you. These cookies make it possible for us to ensure that you don't see irrelevant, duplicate or multiple ads from us in a short period of time. We do want to prevent ads continuously re-appearing and annoying you.

Can I turn off or block cookies?

We use cookies to ensure that we provide the best possible standard of service to our online customers. You can change your cookie preferences at any time by clicking on "Manually Manage Cookies" at the bottom of the page. You can then adjust the available sliders to on or off, then click "Confirm my choices". If you choose not to consent to the use of cookies your experience of our website may be impaired and many integral aspects of the website, including (but not limited to) adding items to your shopping bag and accessing your account, will not work.

Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about how to manage cookies, including how to delete cookies, visit www.allaboutcookies.org

How long we keep your data for

We keep your personal data as long as you are a customer of ours and generally for 7 years afterwards to comply with legal requirements. During that time we take steps to remove any personal data as soon as we no longer need it.

We consider you a customer:

As long as you hold an open credit account,

For 2 years from the point you last made a purchase from our website using a non-credit account, or

During any time we are managing a customer service request from you.

We keep CCTV footage on our systems for up to 35 days, it is then deleted. Where accidents, incidents, criminal activities or breaches of our policies are recorded CCTV footage will be kept for longer, however only as long as necessary.

Third Parties we share data with and receive data from

We work with a number of trusted third parties to provide you high quality goods and services. Anybody we work with is subject to stringent security and data protection assessments before we begin to do business with them and on an ongoing basis.

We always make efforts to anonymise data and only pass over personal data that is absolutely necessary for the purposes it is being processed. We always do so securely.

We have contracts in place with all suppliers that help us to ensure security and privacy of your personal data, these are reviewed and updated regularly and always in line with data protection laws.

NEXT Group companies - We will share your personal data, in certain circumstances with the other companies within the NEXT Group. This is so that we can provide personalised services across our group companies.

NEXT and REISS - as joint data controllers NEXT and REISS will share personal data in order to maintain the working relationship, provide continuity of business to you as a customer and to ensure that personal data remains accurate and up to date.

Delivery Partners - Helping us to deliver the goods you order to you including our brand partners that dispatch and deliver goods to you directly.

IT Companies - Supporting us in maintaining our website and other business systems including; providing phone lines, data storage facilities, and providing and supporting Cloud based infrastructure used in providing our products and services.

Marketing Companies and Online Advertising - Helping us to manage our electronic communications to you and to help us show you the advertising you are most likely to be interested in, companies that provide marketing and advertising assistance (including management of email marketing operations, mobile messaging services such as SMS, and services that deploy advertising on the internet or social media platforms, such as Facebook and Google) as well as analysis of the effectiveness of our advertising and communications campaigns.

We use technologies such as cookies, pixels, and device IDs within digital marketing networks, ad exchanges and social media networks such as Facebook's Custom Audience to get relevant marketing messages across to you.

Consumer profiling organisations - These organisations provide demographic or other data to help better understand customers' demographics, lifestyles or shopping.

Payment processors - Payment card processors to process credit and debit card payments and store payment data.

Credit Reference Agencies (CRAs) - We share your personal data with CRAs on an ongoing basis, including details of settled accounts and any debts not fully repaid on time. CRAs will share your data with other organisations.

The identities of the CRAs, and the ways in which they use and share personal data, are explained in more detail at:

- Experian Credit Reference Agency Information Notice

- TransUnion Credit Reference Agency Information Notice

- Equifax Credit Reference Agency Information Notice

We also take data from CRAs to allow us to make decisions about your credit account and credit facility.

Fraud prevention services - Before we provide goods and services to you, we use third parties to undertake fraud and money laundering checks and verify your identity. These organisations will report to us on industry fraud indicators and if they have reason to believe an identity is fraudulent. If we have reason to suspect fraud or other criminal offences we will pass your personal data to fraud prevention agencies or law enforcement agencies for the detection, investigation and prevention of crime. If we think there is a risk of fraud, we may suspend activity on your account or refuse access to your account and/or cancel an order. If we do this we will inform you by email or SMS and ask you to contact us.

Claims management companies - where we have received appropriate instruction we will share your data with them if it is requested in order to manage your claim.

Debt collection agencies (DCAs) - If you default on repayments to your credit account we may share your data with DCAs to allow them to collect the outstanding debts from you.

The identities of the DCAs, and the ways in which they use and share personal data, are explained in more detail at:

- tdxgroup.com/privacy

Debt purchase companies - Where appropriate will share certain data on defaulted accounts with prospective debt purchasers as part of the negotiations for sale of the debt.

Debt management companies - where we have received appropriate instruction we will share data about your credit account with debt management companies to allow them to assist you with managing your debts.

Research and analytics companies - We may share personal details to allow research companies and feedback providers to contact you directly on our behalf in order to capture your opinions on our products, services, websites and apps. We may ask these research companies to analyse the results so that we can better understand your online experience, which will help us to improve our services. We only provide them with the data they need to perform their function. This may take the form of a survey, where you may be asked to review a product or service you've bought or provide general feedback on our products and services. You will always have the choice about whether to take part in our market research or surveys. We may share data with specialist companies to analyse customer data to help us better understand how you use our services and to tailor products, services and offers that may be relevant for you. We utilise companies that help us track and record the way you navigate our website, so that we can understand your online experience and use it to improve our services and offer a more personalised experience.

Product technicians - We use professional third party companies to assist us in independently reviewing issues and complaints with our products. We will share data with these technicians to allow them to review the product and return it to you or to review the product in your home.

General service companies - Such as insurance companies, printers and mailing houses that assist us in providing our products and services.

Regulators and law enforcement - We will share data with regulators and other official bodies (including law enforcement) if they make formal requests or pursuant to legal proceedings.

International Transfers

Our main operations are based in the UK and your personal data is generally processed, stored and used within the UK. In some instances your personal data may be processed outside the UK. For example, we operate a customer contact centre in Pune, India. Operatives in this location will have access to your account data in order to assist you with your query. We also work with suppliers and partners who may make use of Cloud and /or hosted technologies across multiple geographies.

If you place an order with us and you are outside of the UK we will transfer the personal data that we hold on you to the UK to facilitate your order and may also transfer your personal data to third parties located in your country of residence to enable us to supply products you order from us. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal data is protected in the same way as if it was being used within the UK.

Where we need to transfer your personal data outside the UK, and if the recipient country has not been determined as providing an equivalent adequate level of protection as the UK, we will use one of the following safeguards:

The use of European Commission approved standard contractual clauses in contracts for the transfer of personal data to third countries; and/or

The International Data Transfer Agreement or Addendum for the transfer of personal data to third countries.

Keeping your personal data secure

We always ensure that personal data is secure by continuously developing our security systems and training for our employees. We have implemented appropriate technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.

Third party apps, websites and services

If you use any third party apps, websites or services to access our services, your usage is subject to the relevant third party's terms and conditions, cookies policy, and privacy policy. For example, if you interact with us on social media, your use is subject to the terms and conditions and privacy policies of the relevant social media platform (Facebook, X etc.). The same applies if you use third party services, like Amazon's Alexa. In certain cases we may be required to share your personal data, in relation to transactions and usage of the services, with the relevant third party.

Additional Information for customers based in California, and certain other U.S. states

In certain U.S. states consumers have certain rights regarding the personal data that businesses have about them, such as the California Consumer Privacy Act (the 'CCPA'). This includes the rights to request access or deletion of your personal data, as well as the right to direct a business to stop selling your personal data.

Categories of Personal data and Purposes

The categories of personal data we may collect about you (or have collected in the preceding 12 months) include:

Personal Identifying Information such as full name, email address, date of birth, postal address, telephone number, user account number, social media accounts amongst others

Commercial Information such as your purchasing history, delivery Information and communications relating to your order(s) or purchase(s).

Information collected through automated technologies like cookies such as browser data, IP address and geolocation, device type, browser type, visited sites, browsing time, etc.

Payment data such as name, card issuer and card type, credit or debit card number, expiration date, CVV code and billing address

Sensitive Information under California or Federal Law, such as age and gender

Inferences drawn from Information identified in CCPA Section 1798.140(o); and used to create consumer profiles or predict consumer preferences, characteristics, or behaviours

Please see the section on "The data we collect and how we use it" above for more Informationon the purposes for which we collect your personal data.

Disclosing Your Personal Data

Please see the section on "Third Parties we share data with and receive data from" for a description of the third parties with whom we may share your personal data (or have shared your personal data in the last 12 months).

Your rights
Right to opt-out of sale: While we do not sell personal data in exchange for any monetary consideration, we do share personal data for other benefits that could be deemed a "sale," as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). We support the CCPA and wish to provide you with control over how your personal data is collected and shared. To make an opt-out of sale request, contact us according to the ‘How to get in touch’ section below and please include "Do Not Sell" in the subject line.

Right to request disclosure:

You have the right to request disclosure about what categories of personal data we have sold or disclosed for a business purpose about you and the categories of third parties to whom the personal data was sold or disclosed. You have a right to request disclosure of specific pieces of personal data. Below is a complete list of the personal data that you can include in your request.

The categories of personal data that we have collected about you.
The categories of sources from which we collected the personal data.
The business or commercial purpose for collecting or selling personal data.
The categories of third parties with whom we share personal data.
The specific pieces of personal data we collected about you.
The categories of personal data that we disclosed about you for business purposes.
The categories of personal data that we have sold about you, as well as the categories of third parties to whom we sold your personal data.

Right to request deletion:
You have the right to request that we delete any personal data about you that was collected from you. Please note that there are exceptions where we do not have to fulfil a request to delete personal data, such as when the deletion of data would create problems with completing a transaction or compliance with a legal obligation.

Right to non-discrimination:
We will not discriminate against you (e.g. through denying goods or services or providing a different level or quality of goods /or services) for exercising any of the rights afforded to you.

Right to rectification:
You have the right to request that we correct any incorrect personal data we hold on you to ensure that it is complete and as accurate as possible.

California shine the light:
Under California’s “Shine the Light” law California residents who use our website and who provide personal data to us in order to obtain our products and services may request certain Information regarding our disclosure of personal data to third parties for their own direct marketing purposes. This includes the categories of personal data and the names and addresses of those businesses with which we shared your personal data with in the previous calendar year. You may request this data once per calendar year. To make such a request, please send an email to dataprotection@next.co.uk.

Limit the use of my personal data:
You have the right to limit the use of your sensitive personal data in certain circumstances. We will only collect sensitive personal data, as defined by the applicable California or other local law, for the purposes allowed by law or with your consent.

How do we handle your requests?

We endeavour to respond to a verifiable consumer request within the required timeframes. If we need more time, we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding receipt of the verifiable consumer request. The response we provide will also explain why we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Children

We do not knowingly collect or solicit personal data from anyone under the age of 13. If you are under 13, please do not attempt to register for services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 13, we will delete that data as quickly as possible. If you believe that a child under 13 may have provided us their personal data, please contact us.

How you can get in touch

If you would like to exercise any of your rights mentioned within this privacy policy you can submit these through our privacy portal.

Alternatively, should you need to contact our Data Protection Officer please email: dataprotection@next.co.uk or you can write to:

UK registered address:

Data Protection Officer

NEXT Retail Limited

Desford Road

Enderby

Leicester

LE19 4AT

EU registered address:

Data Protection Officer

NEXT Retail (Ireland) Ltd

13-18 City Quay

Dublin 2

D02 ED70

Ireland

Privacy & Cookie Policy