Privacy Policy
At Apache Pizza, we are deeply committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at apacheppizza.com, place an order, use our services, or otherwise interact with us. It also outlines your rights under applicable Irish and European Union data protection law.
This policy is governed by the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Acts 1988–2018 of Ireland, which together form the legal framework for data protection in Ireland. The supervisory authority responsible for overseeing compliance with these laws in Ireland is the Data Protection Commission (DPC).
Please read this Privacy Policy carefully. By using our website, placing an order, or using any of our services, you acknowledge that you have read and understood this policy. If you do not agree with the terms set out here, please discontinue use of our services.
1. Who We Are (Data Controller)
For the purposes of GDPR and the Data Protection Acts 1988–2018, the data controller responsible for your personal information is:
| Company Name | Apache Pizza |
|---|---|
| Registered Address | Ireland |
| Phone | Not provided |
| [email protected] | |
| Website | apacheppizza.com |
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us using the details above. We are committed to responding promptly and transparently to all data protection enquiries.
2. What Personal Data We Collect
We collect various categories of personal data when you interact with Apache Pizza. The types of data we collect depend on how you use our services.
2.1 Personal Information You Provide Directly
When you create an account, place an order, make an enquiry, or contact us, we may collect:
- Identity Data: Your full name, username or similar identifier.
- Contact Data: Your billing address, delivery address, email address, and telephone numbers.
- Financial Data: Payment card details, bank account information, or other payment-related data (processed securely through our payment processors).
- Transaction Data: Details about orders you have placed, products you have purchased, and payments made to or from you.
- Account Data: Your login credentials, saved preferences, order history, and loyalty programme details.
- Communications Data: Any messages, feedback, complaints, or other communications you send to us via email, our website, or social media platforms.
- Marketing Preferences: Your preferences regarding receiving marketing communications from us.
2.2 Data Collected Automatically
When you visit our website or use our mobile application, we automatically collect certain technical data, including:
- Usage Data: Information about how you use our website, including the pages you visit, links you click, the time and duration of your visit, and your search queries.
- Device Data: Information about the device you use to access our services, including your device type, operating system, browser type and version, screen resolution, and device identifiers.
- Location Data: Approximate geographic location derived from your IP address, or more precise location data if you grant permission through your device settings.
- Log Data: Server logs that record your IP address, browser type, referring and exit pages, the date and time of your visit, and error reports.
- Cookie and Tracking Data: Information collected through cookies, pixel tags, web beacons, and similar tracking technologies (see Section 8 on Cookies).
2.3 Data Received from Third Parties
We may also receive personal data about you from third parties, including:
- Payment processors and fraud prevention services.
- Social media platforms, if you choose to interact with us via social media or log in using a social media account.
- Analytics providers who help us understand how our website is used.
- Delivery partners and logistics companies used to fulfil your orders.
- Advertising networks that provide targeted advertising services.
3. How We Use Your Personal Data
We only use your personal data where we have a lawful basis to do so under GDPR. The lawful bases we rely on include:
- Performance of a Contract: Processing your order and delivering our services to you.
- Legitimate Interests: Where we have a genuine business reason that is not overridden by your rights.
- Legal Obligation: Where we are required by law to process your data.
- Consent: Where you have freely given your explicit consent to a specific use of your data.
3.1 Service Provision and Order Fulfilment
- To process and manage your food orders, including preparation and delivery.
- To create and manage your customer account.
- To process payments and handle refunds or complaints.
- To communicate with you about your orders, including order confirmations, updates, and delivery notifications.
- To manage our loyalty programme and any associated rewards.
3.2 Customer Service and Communications
- To respond to your enquiries, complaints, or feedback.
- To send you service-related notifications, such as changes to our terms or this Privacy Policy.
- To manage and resolve any disputes or issues arising from your use of our services.
3.3 Analytics and Website Improvement
- To analyse how our website and services are used in order to improve user experience.
- To monitor and assess the performance and security of our website.
- To conduct research and statistical analysis to help us understand our customers' needs and preferences.
- To test new features, products, and services before wider release.
3.4 Marketing and Promotional Activities
- To send you marketing communications about our products, special offers, promotions, and events — but only where you have given your consent or where we have a legitimate interest to do so.
- To personalise the content and advertising you see on our website and other platforms.
- To conduct surveys and gather customer feedback for marketing and business improvement purposes.
You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, or by contacting us at [email protected]. Please note that opting out of marketing does not prevent us from sending service-related communications.
3.5 Legal and Regulatory Compliance
- To comply with our legal obligations under Irish law and EU law, including food safety regulations and consumer protection legislation.
- To respond to lawful requests from public authorities, courts, or law enforcement agencies.
- To detect and prevent fraud, money laundering, and other illegal activities.
4. Sharing Your Personal Data with Third Parties
We respect your privacy and do not sell your personal data to third parties. However, we do share your data with trusted partners and service providers where necessary to operate our business and deliver our services.
4.1 Service Providers and Data Processors
We engage third-party service providers who process personal data on our behalf. These include:
- Payment Processors: Companies such as Stripe, PayPal, or similar, who securely process your payment card information.
- Delivery Partners: Third-party delivery companies who fulfil your food orders and require your name, address, and contact number.
- IT and Cloud Services: Providers of hosting, data storage, database management, and website infrastructure.
- Analytics Providers: Companies such as Google Analytics that help us understand website traffic and user behaviour.
- Email and Marketing Platforms: Services used to send transactional and marketing emails.
- Customer Support Tools: Software platforms used to manage customer service enquiries.
All third-party service providers are contractually required to handle your personal data securely, to use it only for the specified purposes, and to comply with GDPR and Irish data protection law. We carry out due diligence on all our processors to ensure appropriate safeguards are in place.
4.2 Legal and Regulatory Disclosures
We may disclose your personal data to third parties where required or permitted by law, including:
- Government agencies, regulatory bodies, and law enforcement authorities where required by law.
- Courts, tribunals, and legal professionals in connection with legal proceedings.
- The Data Protection Commission or other supervisory authorities where required.
4.3 Business Transfers
In the event that Apache Pizza undergoes a merger, acquisition, restructuring, or sale of all or part of its business, your personal data may be transferred to the relevant third parties as part of that transaction. We will notify you of any such change and ensure your rights are protected.
4.4 With Your Consent
We may share your data with other third parties where you have given us your explicit consent to do so. You may withdraw this consent at any time by contacting us.
5. Data Security
The security of your personal data is of paramount importance to us. We have implemented a range of technical and organisational measures to protect your data against unauthorised access, accidental loss, destruction, alteration, or disclosure.
5.1 Technical Security Measures
- Encryption: All data transmitted between your browser and our website is encrypted using Secure Socket Layer (SSL) / Transport Layer Security (TLS) protocols.
- Secure Payment Processing: Payment card data is processed through PCI DSS-compliant payment processors. We do not store full payment card numbers on our systems.
- Access Controls: Access to personal data is restricted to authorised personnel on a strict need-to-know basis.
- Firewalls and Intrusion Detection: We use firewalls, intrusion detection systems, and other network security tools to protect our infrastructure.
- Regular Security Audits: We conduct regular reviews and audits of our security practices and systems.
5.2 Organisational Security Measures
- Staff training on data protection and information security.
- Clear internal policies and procedures for handling personal data.
- Data processing agreements with all third-party processors.
- Incident response procedures in place to handle any potential data breaches promptly and in accordance with our obligations under GDPR.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours of becoming aware of the breach, as required under Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
6. Your Rights Under GDPR
Under the General Data Protection Regulation and the Data Protection Acts 1988–2018, you have a number of important rights in relation to your personal data. These rights are outlined below.
| Right | Description |
|---|---|
| Right of Access | You have the right to request a copy of the personal data we hold about you (known as a Subject Access Request or SAR). |
| Right to Rectification | You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. |
| Right to Erasure | You have the right to request that we delete your personal data in certain circumstances (also known as the "right to be forgotten"). |
| Right to Restriction of Processing | You have the right to request that we restrict the processing of your personal data in certain circumstances. |
| Right to Data Portability | You have the right to receive a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another data controller. |
| Right to Object | You have the right to object to the processing of your personal data where we are relying on legitimate interests as the legal basis, or where we are processing your data for direct marketing purposes. |
| Rights Related to Automated Decision-Making | You have the right not to be subject to decisions based solely on automated processing (including profiling) that have a significant effect on you. |
| Right to Withdraw Consent | Where we are processing your data based on your consent, you have the right to withdraw that consent at any time. |
6.1 How to Exercise Your Rights
To exercise any of the rights listed above, please contact us in writing at:
We will respond to your request within one calendar month of receiving it, as required by GDPR. In complex or numerous cases, we may extend this period by a further two months, but we will inform you of any such extension within the first month. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.
To protect your privacy and ensure data security, we may need to verify your identity before processing your request. We may ask you to provide proof of identity such as a copy of a government-issued ID or utility bill.
7. Data Retention
We retain your personal data only for as long as is necessary for the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
| Type of Data | Retention Period |
|---|---|
| Customer account data | For the duration of your account, plus 3 years after account closure |
| Order and transaction records | 7 years (as required by Irish tax and accounting law) |
| Payment records | 7 years (as required for financial and tax compliance) |
| Marketing preferences and opt-outs | Until you withdraw consent or object, plus a suppression list maintained indefinitely |
| Customer service communications | 3 years from the date of the last communication |
| Website usage and analytics data | Up to 26 months (anonymised thereafter) |
| Legal claim-related data | For the duration of the legal claim plus applicable limitation periods under Irish law |
After the applicable retention period has expired, your personal data will be securely deleted or anonymised so that it can no longer be associated with you. If you request deletion of your data before the retention period has ended, we will consider your request in accordance with your rights under GDPR, balanced against our legal obligations.
8. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and deliver personalised content and advertising. A cookie is a small text file that is stored on your device when you visit a website.
8.1 Types of Cookies We Use
- Strictly Necessary Cookies: These are essential for the website to function properly. They enable you to navigate the website, use features such as the shopping basket, and access secure areas. These cookies cannot be disabled.
- Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether error messages are received. This helps us improve the performance and usability of our site.
- Functional Cookies: These cookies allow the website to remember your preferences (such as your location or language settings) and provide enhanced, personalised features.
- Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns.
8.2 Managing Cookies
When you first visit our website, you will be presented with a cookie consent banner that allows you to accept, reject, or customise your cookie preferences. You can change your preferences at any time by accessing your cookie settings on our website.
You can also control cookies through your browser settings. Most browsers allow you to refuse cookies or to alert you when cookies are being sent. However, please note that disabling certain cookies may affect the functionality of our website and your ability to place orders.
For more detailed information about the specific cookies we use and how to manage them, please refer to our full Cookie Policy available on our website at apacheppizza.com.
Our use of cookies is governed by the ePrivacy Regulations (SI 336 of 2011) (which implement the EU ePrivacy Directive in Ireland) as well as the GDPR.
9. Children's Privacy
Our website and services are not intended for use by children under the age of 18. We do not knowingly collect personal data from children under 18 years of age. If you are under 18, please do not use our website, create an account, or provide us with any personal information.
If we become aware that we have inadvertently collected personal data from a child under the age of 18 without appropriate parental or guardian consent, we will take immediate steps to delete such data from our records. If you believe that we may have collected data from a child under 18, please contact us immediately at [email protected].
Parents and guardians are encouraged to monitor their children's online activities and to help enforce this policy by instructing their children not to provide personal data to websites without their permission.
10. International Data Transfers
Apache Pizza is based in Ireland and primarily processes your personal data within the European Economic Area (EEA). However, some of our third-party service providers (such as cloud hosting providers, analytics platforms, and payment processors) may process your personal data outside of the EEA, including in countries such as the United States.
Where we transfer personal data outside of the EEA, we ensure that appropriate safeguards are in place to protect your data and to ensure that such transfers comply with GDPR and the Data Protection Acts 1988–2018. These safeguards may include:
- Transfers to countries that the European Commission has determined provide an adequate level of data protection (an "adequacy decision").
- Use of Standard Contractual Clauses (SCCs) approved by the European Commission.
- Reliance on Binding Corporate Rules (BCRs) where applicable.
- Certification schemes or codes of conduct approved under GDPR.
You can obtain further details about the specific safeguards we have in place for international transfers by contacting us at [email protected].
11. Third-Party Websites and Links
Our website may contain links to third-party websites, applications, or services that are not operated by Apache Pizza. These links are provided for your convenience and information only. If you click on a third-party link, you will be directed to that third party's website. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites.
We strongly encourage you to review the privacy policy of every website you visit. This Privacy Policy applies only to information collected by Apache Pizza through our website and services.
12. Changes to This Privacy Policy
We review and update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, and other factors. When we make significant changes to this policy, we will notify you by posting the updated policy on our website with a revised "Last Updated" date. Where required by law, we will provide more prominent notice or seek your consent for material changes.
We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your personal data. Your continued use of our website and services after the posting of changes will constitute your acknowledgement of those changes.
The current version of this Privacy Policy was last updated on April 28, 2026.
13. Filing a Complaint with the Data Protection Commission
We take your privacy rights very seriously and aim to address all concerns promptly and fairly. If you are not satisfied with how we have handled your personal data or responded to your data protection rights request, you have the right to lodge a complaint with the Irish data protection supervisory authority:
| Address | 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland |
|---|---|
| Phone | +353 (0)1 765 0100 / 1800 437 737 (Freephone) |
| [email protected] | |
| Website | www.dataprotection.ie |
You also have the right to seek a judicial remedy in the courts if you believe your rights under GDPR have been infringed. We encourage you to contact us first so that we have the opportunity to resolve any concerns directly, but we fully respect your right to approach the DPC or the courts at any time.
14. Legal Basis Summary
For transparency, the table below summarises the key lawful bases we rely on for processing your personal data:
| Processing Activity | Lawful Basis |
|---|---|
| Processing orders and delivering food | Performance of a contract (Article 6(1)(b) GDPR) |
| Creating and managing your account | Performance of a contract (Article 6(1)(b) GDPR) |
| Processing payments | Performance of a contract (Article 6(1)(b) GDPR) |
| Sending marketing emails (with consent) | Consent (Article 6(1)(a) GDPR) |
| Website analytics and performance monitoring | Legitimate interests (Article 6(1)(f) GDPR) |
| Fraud detection and prevention | Legitimate interests (Article 6(1)(f) GDPR) / Legal obligation (Article 6(1)(c) GDPR) |
| Compliance with tax and financial regulations | Legal obligation (Article 6(1)(c) GDPR) |
| Responding to legal requests | Legal obligation (Article 6(1)(c) GDPR) |
| Personalised advertising (with consent) | Consent (Article 6(1)(a) GDPR) |
15. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or the way in which Apache Pizza handles your personal data, please do not hesitate to contact us:
Apache Pizza — Data Privacy Contact
Email: [email protected]
Website: apacheppizza.com
Location: Ireland
We are committed to handling all privacy-related enquiries professionally, confidentially, and in a timely manner. Our team will do its best to address your concerns and, where appropriate, implement corrective measures to ensure your personal data is handled in accordance with your rights and our legal obligations.
This Privacy Policy was last reviewed and updated on April 28, 2026, and is compliant with the requirements of the General Data Protection Regulation (EU) 2016/679 and the Data Protection Acts 1988–2018 of Ireland.