Last updated November 2022
Choosing to shop with Victoria’s Secret means you've placed a great deal of trust in us. In sharing your personal information we hope you in return benefit from a tailored and convenient shopping experience. With trust comes responsibility and we take this responsibility very seriously.
We are Next Plc (company number: 4412362), when we say “we”, “our” or “us” in this policy we are referring to the companies that are part of the Next Group, which are:
Victoria’s Secret, Next Retail Limited, Next Retail Ireland Limited, Next Holdings Limited, Next Distribution Limited, Next Manufacturing Limited, Next Sourcing Limited, Next Germany, Next Beauty Limited, Lipsy Limited, GAP, Laura Ashley and Reiss.
We are the data controller, which means we are responsible for deciding how and why your personal information is used. We are also responsible for making sure it is kept safe, secure and handled legally.
We operate to the highest standards when protecting your personal information and respecting your privacy. If you have any questions about your personal information, or how we use it, you can contact our Data Protection Officer via email at email@example.com or by writing to our registered office at the below address:
UK registered address: Data Protection Officer, Next Group, Desford Road, Enderby, Leicester, LE19 4AT.
You have a number of “Data Subject Rights”, we have explained below what they are and how you can exercise them. You can read more about these rights on the Information Commissioner's Office website at www.ico.org.uk or on the Data Protection Commission website here: www.dataprotection.ie.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
If you have any general questions or want to exercise any of your rights please contact firstname.lastname@example.org or visit Next Help Information for other ways to contact us. In order to maintain the security of our customers' personal details, we may need to request proof of identity before we disclose personal information to you in response to any request.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You have the right to lodge a complaint directly with the Data Protection Commision (DPC), the data protection regulator in Ireland, you can do this by visiting the DPC website: https://forms.dataprotection.ie/contact.
You may also lodge a complaint with your local Data Protection Authority or with the Information Commissioner's Office, the data protection regulator in the UK, their contact details can be found on their website.
We will only ever process your information if we have a lawful basis to do so. The lawful bases we rely on are:
To process any orders that you place with us and to facilitate any returns (Contract)
To provide you with access to an account (Contract)
To provide customer service to you (Legitimate Interest)
To personalise and improve your experience when you shop (Legitimate Interest)
To inform you about products and services that may interest you (Legitimate Interest)
To keep in touch with you (Legitimate Interest)
n.b. If at any point you have made amendments to your contact preferences in the “my account” section of our website, selecting to receive communications from us, we are operating under consent instead of legitimate interest.
To ensure the Website and the services we offer you operate properly (Legitimate Interest)
To develop and improve our products, range and services (Legitimate Interest)
To prevent and detect crime and other incidents (Legitimate interest/Legal obligation)
To fulfil our legal obligations (Legal obligation)
We keep your personal information as long as you are a customer of ours and generally for 7 years afterwards to comply with legal requirements. During that time we take steps to remove any personal data as soon as we no longer need it.
We consider you a customer:
We keep CCTV footage on our systems for up to 30 days, it is then deleted. Where accidents, incidents, criminal activities or breaches of our policies are recorded CCTV footage may be kept for a longer period of time.
We work with a number of trusted third parties to provide you high quality goods and services. Anybody we work with is subject to stringent security and data privacy assessments before we begin to do business with them and on an ongoing basis.
We always make efforts to anonymise data and only pass over personal information that is absolutely necessary for the purposes it is being processed. We always do so securely.
We have contracts in place with all suppliers that help us to ensure security and privacy of your personal information, these are reviewed and updated regularly and always in line with data protection laws.
Our main operations are based in the UK and your personal information is generally processed, stored and used within the UK and other countries in the European Economic Area (EEA). In some instances your personal information may be processed outside the European Economic Area. For example, Next operates a call centre in Pune, India. Operatives in this location will have access to your account information in order to assist you with your query. We also work with suppliers and partners who may make use of Cloud and /or hosted technologies across multiple geographies.
Where we need to transfer your data outside of the UK or EEA we will use one of the following safeguards:
We always ensure that personal data is secure by continuously developing our security systems and training for our employees. We have implemented appropriate technical and organisational security measures designed to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.
Should you need to contact us please write to:
Data Protection Officer
Next Retail (Ireland) Ltd
13–18 City Quay
or you can email:email@example.com
Are you sure you want to navigate away from this site?
If you navigate away from this site
you will lose your shopping bag and its contents.