Privacy policy

NXT partners with leading creators and talent to build culture-first, commercially scalable brands. We transform creative ideas into trend-driven products, global brand extensions, and long-term ownership opportunities — not one-off collaborations.

Head office

Hero NXT Ltd, 5 REDWOOD PLACE, GLASGOW, G74 5PB. A company registered in Scotland with company number SC781810.

Privacy policy

This privacy policy explains how we use, collect, and protect your personal data in compliance with the UK General Data Protection Regulation (“UKGDPR”).

We ask that you read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

Who we are

This website is operated by Hero NXT Ltd.

We collect, use and are responsible for certain personal information about you. For the purposes of data protection legislation, the controller of any personal information collected through this website is Hero NXT Ltd (company number SC781810), 5 Redwood Place, Glasgow, Scotland, G74 5PB (NXT). With regard to information received from third parties, Hero NXT Limited is the processor of your data.

If you have any questions about our privacy policy, you may raise them with our data protection officer by contacting dpo@heronxt.com. You may also contact the Information Commissioner’s Office at any time should you have a complaint. Their website is at https://ico.org.uk/.

Our website

This privacy policy relates to your use of our website, www.heronxt.com only.

Throughout our website we may link to other websites owned and operated by certain trusted third parties to promote Hero Brands Ltd worldwide franchise. These other third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate.

This website is not intended for children under the age of 13, and we do not knowingly collect or use personal information about children.

Our collection and use of your personal information

We may collect personal information about you, which is categorised together as follows:

Personal data we collect Where does this personal data come from?
Identity data (such as name, date of birth, marital status, etc) i) Application forms you submit to us;
ii) Contact with us via our website, email, phone or post or similar, including registration for services, submission of feedback, enquiries and other interactions with us;
iii) When you complete a non-disclosure agreement with us;
iv) When your information is passed to us by a business partner, recruiter or intermediary.
Contact data (such as your address, email address, telephone numbers) i) When you request marketing from us or register for any other services via our website;
ii) When you contact us with a general enquiry, compliment, or complaint, via our website;
iii) When you submit an application form to us;
iv) When your information is passed to us by a business partner, recruiter, or intermediary.
Technical and Usage data (such as IP address, browser type and version, location, operating system details etc). i) When you use our website or app. We collect this information by using cookies and similar technologies. Our Cookie Policy gives further details.
Other general personal types of data (including language proficiencies, information relating to other skills and work experience etc). i) When you submit an enquiry to us;
ii) When your information is passed to us by a business partner, recruiter, or intermediary.
How we use your personal data and legal bases

We only use your personal data where we are allowed to do so legally. We rely on certain lawful bases for this. The most common bases we rely on are:

  1. Where we need to process your personal information in order to fulfil the contract we have, or are about to, enter into with you;
  2. Where it is in the legitimate interests of ourselves, or a third party, that the processing takes place and your data rights do not override these legitimate interests;
  3. Where we need to comply with a legal or regulatory obligation;
  4. We may also rely on consent, where we seek your agreement that you would like to receive marketing material from us.
Purposes of processing your data

We use your personal information to:

Purpose of processing Data type(s) Lawful basis for processing
Contact you about worldwide business opportunities Identity data, contact data Contract. Without this information, we would not be able to respond to your request to learn more about entering into a franchisee agreement with us.
Assess your suitability to become a Business Identity data, general personal data Contract. Without this information, we would not be able to proceed through the process through which you may become a franchisee with us.
Customise our website and its content to your preferences Identity data, contact data, marketing data, technical data Legitimate Interest. Without this data, we would not be able to offer you the best experience on our website.
Notify you of changes to website or services which may affect you Identity data, contact data, technical data Consent. We would seek, with your permission, to keep you informed of changes to your favourite services.
Retain records of correspondence Identity data, contact data Legitimate Interest. Without retaining such data, we would not be able to deal with enquiries, nor be in a position to revert on such matters at a later date.
Administer website including internal operations such as troubleshooting, data analysis, surveys etc. Identity data, contact data, marketing data, technical and usage data Legitimate Interest. Without such data, we would not be able to ensure that the website always behaves as our customers expect it to, nor to understand how to give you the best experience on our site.
Change of purpose

We will only use the data collected for the purposes we have specified above, unless we reasonably consider we need to use if for another purpose which is compatible with the original purpose. If there is any change in purpose, we will inform you both of the purpose and the legal basis upon which such processing will take place. There may be instances where we process your personal data without your knowledge or consent, if this is legally required.

Marketing

We would like to send you information about NXT business opportunities or other brands owned by our parent company, Hero Brands Limited, or associated group companies, which may be of interest to you. Where we have your consent, we may do this by e-shot, personal email or the appropriate website/app. We would also like to share your information with other companies within the group in order to promote other group owned franchise opportunities to you. We will only ask whether you would like us and our group companies to send you marketing messages when you tick the relevant boxes when you submit an application or make an enquiry. Click here . to see what this form looks like. If you have previously agreed to being contacted in this way, you can opt-out of receiving further marketing materials at any time by:

  • Contacting us at dpo@heronxt.com;
  • Using the 'unsubscribe' link in emails.
  • It may take up to 10 working days for this to take place.
International Transfers

We share your data within the Hero Brands group and with selected third parties to provide certain services to you. These selected third parties are:

  • Google
  • Meta

When doing so, we ensure that your data is transferred only to jurisdictions with equivalent data protection standards in place, affording your data a similar level of protection. The above mentioned parties operate in jurisdictions such as the USA, European Union, and Canada, Sweden or India.

Further, some limited technical data, such as IP addresses, may pass between the systems of NXT’s establishments in the UK and USA.

In other cases, we may specify in an agreement with third parties with whom we share your data that they must have in place data protection safeguards which meet the standards in the UK. Such agreement is known as the International Data Transfer Agreement (“IDTA”).

Some providers are also certified confirming they meet such standards and we will always seek reassurance on this score.

Cookies

You can set your browser to reject any cookies which are not strictly necessary. Please note that if you do choose to reject certain cookies, this may mean that you will not be able to use some website components. Please see our Cookie Policy for more information relating to cookies used on the website.

Data Retention

We will only retain your data for as long as it is needed for the purpose it was collected for. However, we may have to retain some types of data (such as transactional records) for up to 5 years for regulatory reasons. We may also retain your data for longer if you have made a complaint, including if there is a reasonable prospect of legal proceedings resulting from our relationship with you.

Below please see how long your information is retained in particular use cases. Note that most data is shared with third parties in order to fulfil the purposes for which it was collected. Further information on third parties we share your data with appears in the relevant section immediately below this table.

System Purpose Data Type Retention
Meta/Facebook Marketing Pseudonymised identifiers 3 months.
Google Ads & Analytics Aggregated user activity This depends on the cookie, and can vary between 24 hours and two years.
Sharing your data with third parties

We may share your personal data with third parties in order to carry out the purposes laid out above. In these cases, we will be the controller of your data.

Some of the types of third parties we may share with include:

  1. Group companies (e.g., Hero Brands)
  2. Facebook (via tracking)
  3. Email platforms (Mailchimp, Mailjet)
  4. Google
  5. Government bodies, such as HMRC, who may require data from us for financial and regulatory purposes;
  6. Legal and regulatory professional partners, who may be required to advise us in relation to data protection or other matters.

We may also require to share your data with a third party where any part of our business is being acquired by another company. In such a case, the new owner(s) may use your personal data for similar purposes.

All third parties are obligated to use your personal data in accordance with the law and only for the purpose of carrying out services for us.

Data receieved from third parties

We will receive personal data about you from various third parties, where we will act as the processor of your data. These may include:

  • Business Partners;
  • Third-party recruitment platforms (e.g., fanchisedirect.com);
Your Data Rights

Note that generally there will be no fee attached to your exercise of any of the rights below, unless your request is complex or the related information has to be delivered to you in an usual manner. We may require proof of identity to verify that the individual making the request is entitled to copies of any personal data.

Right of access

You are entitled to access any data we hold about you. To do so, you should make a Subject Access Request to us. Where you do so, we will seek to acknowledge your request within three working days, and to fulfil it within one month. More complex requests make take longer than this, but we will keep you informed should we need more time.

To make a subject access request, you may contact our Data Protection Officer at dpo@heronxt.com.

Should you be unhappy with our handling of a request that you make, you can contact the Information Commissioner’s Office (ICO) by visiting https://ico.org.uk/make-a-complaint/. Further methods of communication with ICO are detailed there.

Right to correction

Should you be of the view that we hold inaccurate or incomplete information about you, then you may ask us to correct this. In such a case, you can contact our Data Protection Officer at dpo@heronxt.com, to ask for this and we will update things, pending checks on the veracity of any new data that you send us. Where you do so, we will seek to acknowledge your request within three working days, and to fulfil it within one month. More complex requests make take longer than this, but we will keep you informed should we need more time.

Right to erasure

You may request that we erase data in cases where you believe that there is no good reason why we retain it. In such a case, you can contact our Data Protection Officer at dpo@gdk.com, to ask for this. We will consider whether there is any legal, regulatory or other reason blocking fulfilment of your request and inform you of our decision and any actions to be taken. Where you do so, we will seek to acknowledge your request within three working days, and to fulfil it within one month. More complex requests make take longer than this, but we will keep you informed should we need more time.

Right to object

You may object to the processing of your data where this is based on our legitimate interests to carry it out, if you feel it damages your data rights and freedoms. In such a case, you can contact our Data Protection Officer at dpo@heronxt.com, to ask for this. We will consider your request, although we may reject it if we believe there are compelling legitimate grounds that the processing should continue and that these prevail over your rights and freedoms. Where you make such an objection, we will seek to acknowledge your request within three working days, and to fulfil it within one month. More complex requests make take longer than this, but we will keep you informed should we need more time.

Right to request processing restriction

You may make a request that we restrict processing where you do not want us to erase your data but you would like us suspend processing and ascertain that the data held is accurate, or because you await our decision on a request to object to processing of your data. In such a case, you can contact our Data Protection Officer at dpo@heronxt.com, to ask for this. Where you do so, we will seek to acknowledge your request within three working days, and to fulfil it within one month. More complex requests make take longer than this, but we will keep you informed should we need more time.

Right to request data transfer

You can request that we transfer your personal data to a third party. Where you make such a request, we will provide the data in a commonly-used format. This right holds true for cases in which processing took place where you consented to it, or where it was undertaken in order to fulfil a contract with you. It does not apply in other circumstances. To make such a request, you can contact our Data Protection Officer at dpo@heronxt.com, to ask for this. Where you do so, we will seek to acknowledge your request within three working days, and to fulfil it within one month. More complex requests make take longer than this, but we will keep you informed should we need more time.

Right to withdraw consent

You can withdraw any consent previously given at any time of your choosing. We will take steps to ensure that processing founded on such grounds no longer takes place and that you do not receive any further marketing materials from us, unless you give us fresh consent at a later date.

Let's do
something
great
© 2025 NXT
Privacy PolicyManage Cookies
General Enquiries
enquiries@heronxt.com
LinkedIn