Privacy Policy

Last Updated: May 7, 2026  |  Effective Date: May 7, 2026

At Apache Pizza, we are deeply committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at apachs-pizza.com, place orders online, use our mobile application, or otherwise interact with our services. We encourage you to read this document carefully so that you fully understand our data practices and your rights under applicable law.

This Privacy Policy is governed by the General Data Protection Regulation (GDPR) (EU) 2016/679, the Data Protection Acts 1988–2018 of Ireland, and any other relevant Irish and EU data protection legislation. Apache Pizza acts as the Data Controller in respect of the personal data we collect and process.

1. Who We Are

Apache Pizza is an Irish food service business operating through our website and ordering platforms. For all privacy-related matters, Apache Pizza is the Data Controller responsible for your personal information.

Company Name Apache Pizza
Website apachs-pizza.com
Email Address [email protected]
Country of Operation Ireland

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us at [email protected].

2. Scope of This Privacy Policy

This Privacy Policy applies to:

  • All visitors to our website at apachs-pizza.com
  • Customers who register an account with us or place orders through our website or app
  • Individuals who contact us via phone, email, or social media
  • Users who subscribe to our newsletters, promotional offers, or loyalty programmes
  • Job applicants or individuals who submit enquiries about employment

This policy does not apply to third-party websites or services that may be linked from our website. We encourage you to review the privacy policies of any third-party services you visit.

3. Personal Data We Collect

We collect various categories of personal data, depending on how you interact with us. The types of data we may collect include:

3.1 Information You Provide Directly

  • Identity Data: Your first name, last name, username, or similar identifiers
  • Contact Data: Your email address, telephone number, billing address, and delivery address
  • Account Data: Login credentials including your username and encrypted password
  • Order Data: Details of food items ordered, special instructions, and order history
  • Payment Data: We do not store full payment card details. Payment processing is handled by our secure third-party payment providers. We may retain limited transaction reference data such as the last four digits of a card, transaction ID, and payment method type
  • Communication Data: Records of correspondence if you contact us by email, phone, or through our website contact form, including complaints, feedback, and general enquiries
  • Marketing Preferences: Your preferences regarding whether you wish to receive marketing communications from us

3.2 Information Collected Automatically

When you visit our website or use our digital services, we automatically collect certain technical and usage data, including:

  • Device Data: Information about the device you use to access our website, including device type, operating system, browser type and version, screen resolution, and unique device identifiers
  • Usage Data: Information about how you navigate and interact with our website, such as pages viewed, links clicked, time spent on pages, referring URLs, and exit pages
  • Location Data: Your approximate geographic location derived from your IP address. Where you have provided consent, we may collect more precise location data to assist with finding your nearest Apache Pizza outlet or facilitating delivery services
  • Log Data: Server logs including your IP address, date and time of access, browser type, and pages requested
  • Cookie Data: Information collected through cookies and similar tracking technologies. Please refer to Section 10 of this policy for detailed information about our cookie use

3.3 Information from Third Parties

We may receive personal data about you from third-party sources, including:

  • Social media platforms if you choose to log in or connect your account using a social media account (such as Facebook or Google)
  • Third-party delivery platforms or ordering aggregators where Apache Pizza products are available
  • Analytics providers that help us understand how users interact with our website
  • Payment service providers who confirm payment success or failure

4. How We Use Your Personal Data

We use your personal data only where we have a lawful basis to do so under GDPR and the Data Protection Acts 1988–2018. The lawful bases we rely upon include:

  • Performance of a contract: where processing is necessary to fulfil your order or provide our services
  • Legitimate interests: where processing is necessary for our legitimate business interests, provided these are not overridden by your rights
  • Legal obligation: where we are required to process your data to comply with Irish or EU law
  • Consent: where you have freely given your explicit consent, for example for marketing communications or non-essential cookies

4.1 Service Provision and Order Fulfilment

We use your personal data to:

  • Process and fulfil your food orders, including arranging delivery to your address or preparing your collection order
  • Create and manage your customer account
  • Process payments and issue receipts or invoices
  • Communicate with you about your order status, estimated delivery times, and any issues that may arise
  • Provide customer support and handle complaints or disputes
  • Verify your identity and prevent fraudulent transactions

4.2 Marketing and Communications

With your consent, or where we have a legitimate interest in doing so, we may use your personal data to:

  • Send you promotional offers, special deals, and news about Apache Pizza via email, SMS, or push notification
  • Notify you about changes to our menu, opening hours, or services
  • Invite you to participate in surveys, competitions, or loyalty programmes
  • Personalise marketing communications based on your order history and preferences

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send you, by adjusting your account preferences, or by contacting us at [email protected]. Please note that even if you opt out of marketing, we may still send you essential transactional communications related to your orders and account.

4.3 Analytics and Website Improvement

We use data to analyse how our website and services are used, in order to:

  • Improve the functionality, layout, and user experience of our website and app
  • Understand customer preferences and ordering patterns
  • Monitor and address technical issues or security incidents
  • Conduct internal reporting and business planning
  • Develop new products, promotions, and services

4.4 Legal and Compliance Purposes

We may process your data to:

  • Comply with applicable Irish and EU laws, regulations, and legal obligations
  • Respond to requests from regulatory bodies, law enforcement agencies, or courts
  • Enforce our terms and conditions and protect our legal rights
  • Prevent, detect, and investigate fraudulent or unlawful activity

5. Sharing Your Personal Data with Third Parties

We do not sell your personal data to third parties. However, we may share your personal data with carefully selected third parties in the following circumstances:

5.1 Service Providers and Data Processors

We engage trusted third-party service providers who process personal data on our behalf, under written data processing agreements that comply with GDPR requirements. These include:

  • Payment Processors: To securely process your payment transactions
  • Delivery Partners: To arrange and complete delivery of your food orders to your specified address
  • IT and Hosting Providers: To host our website, manage our IT infrastructure, and store data securely
  • Email and Communication Platforms: To send transactional and marketing emails and SMS messages
  • Analytics Providers: To help us understand website usage patterns (e.g., Google Analytics)
  • Customer Support Tools: To manage customer enquiries and support tickets
  • Marketing Platforms: To manage our marketing campaigns and promotional communications

5.2 Legal and Regulatory Disclosure

We may disclose your personal data to third parties where required to do so by law, including:

  • Compliance with a court order, legal process, or governmental request
  • Requests from An Garda Síochána, the Revenue Commissioners, or other Irish authorities
  • Regulatory investigations by bodies such as the Data Protection Commission (DPC)
  • Where disclosure is necessary to protect the vital interests of an individual

5.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of all or part of our business, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you via email or a prominent notice on our website if such a transfer takes place and inform you of any choices you may have.

5.4 With Your Consent

We may share your data with other third parties where you have explicitly consented to such sharing.

6. Data Security

We take the security of your personal data seriously and have implemented a range of appropriate technical and organisational measures to protect your information against unauthorised access, accidental loss, destruction, disclosure, or alteration. These measures include:

  • Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our website
  • Access Controls: Access to personal data is restricted to authorised personnel who have a legitimate need to access the information in order to perform their duties
  • Password Security: User account passwords are stored using industry-standard hashing techniques and are never stored in plain text
  • Secure Payment Processing: All payment card data is processed by PCI-DSS compliant third-party payment processors. We do not store full card details on our systems
  • Regular Security Assessments: We conduct regular reviews of our information security practices and update our systems to address new threats
  • Staff Training: Our staff receive training on data protection obligations and best practices for handling personal data
  • Incident Response: We have procedures in place to detect, report, and investigate personal data breaches in accordance with our obligations under GDPR Article 33 and the Data Protection Acts 1988–2018

Despite these measures, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

7. Your Rights Under GDPR and Irish Data Protection Law

As a data subject under GDPR and the Data Protection Acts 1988–2018, you have a number of important rights with regard to your personal data. These rights are summarised below. To exercise any of these rights, please contact us at [email protected].

7.1 Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we use it, who we share it with, and how long we retain it. This is known as a Subject Access Request (SAR). We will respond to your request within one month of receipt, as required under GDPR Article 15.

7.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. We will make the necessary corrections as promptly as possible and notify any third parties with whom we have shared the incorrect data where feasible.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected, or where you withdraw consent and there is no other lawful basis for processing. Please note that we may be unable to erase certain data where we are required to retain it for legal, regulatory, or contractual reasons.

7.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while you contest the accuracy of the data, or while we consider your objection to our processing.

7.5 Right to Data Portability

Where processing is based on your consent or the performance of a contract, and where the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transferred to another data controller where technically feasible.

7.6 Right to Object

You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis, including profiling for direct marketing purposes. Where you object to direct marketing, we will cease processing your data for that purpose immediately.

7.7 Rights in Relation to Automated Decision-Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you, unless such processing is necessary for entering into or performing a contract, authorised by law, or based on your explicit consent.

7.8 Right to Withdraw Consent

Where we rely on your consent as the lawful basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to the withdrawal. To withdraw consent, please contact us at [email protected] or use the unsubscribe link in our marketing communications.

Please Note: We will not charge a fee for handling your rights requests unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to act on the request. We may need to verify your identity before processing a request.

8. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The following general retention periods apply:

Category of Data Retention Period Reason
Customer account data Duration of account plus 3 years after last activity Service provision and customer support
Order history and transaction records 7 years Tax and accounting obligations under Irish law
Payment transaction references 7 years Legal and financial compliance
Marketing preferences and consent records 3 years from last interaction or withdrawal of consent Legitimate interests and legal compliance
Customer correspondence and complaints 3 years from resolution Legal claims and customer service
Website analytics and usage data 26 months Business analytics and improvement
Cookie data (analytics) Up to 24 months Website performance monitoring

When personal data is no longer required, we will securely delete or anonymise it in accordance with our data retention and destruction procedures.

9. Children's Privacy

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from individuals under 18 years of age. If you are under 18, please do not provide us with your personal data or use our online services without the supervision and consent of a parent or legal guardian.

If we become aware that we have inadvertently collected personal data from a child under 18 without appropriate parental consent, we will take immediate steps to delete that data from our systems. If you believe we may have collected data from a minor, please contact us immediately at [email protected].

Parents or guardians who believe their child has provided personal information to Apache Pizza without their consent are encouraged to contact us so that we can promptly remove the information concerned.

10. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site usage, and deliver personalised content and advertising. A cookie is a small text file placed on your device when you visit a website.

We use the following types of cookies:

  • Strictly Necessary Cookies: Essential for the operation of our website, including enabling you to log in, place orders, and use the shopping basket. These cookies cannot be disabled
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting information about pages visited and links clicked (e.g., Google Analytics)
  • Functional Cookies: Allow our website to remember your preferences and customise your experience, such as your location, language, or saved address details
  • Marketing and Targeting Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These are only placed with your consent

When you first visit our website, you will be presented with a cookie consent banner giving you the opportunity to accept or reject non-essential cookies. You can change your cookie preferences at any time through our cookie management tool or through your browser settings.

For full details of the cookies we use, including their names, purposes, and expiry periods, please refer to our Cookie Policy.

11. International Data Transfers

Apache Pizza operates primarily within Ireland and the European Economic Area (EEA). However, some of our third-party service providers may transfer or process your personal data outside the EEA, including in countries such as the United States.

Where your personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with GDPR Chapter V requirements. These safeguards may include:

  • Adequacy Decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection
  • Standard Contractual Clauses (SCCs): Use of the European Commission's approved Standard Contractual Clauses, which contractually bind the recipient to GDPR-equivalent data protection standards
  • EU-U.S. Data Privacy Framework: Where applicable, transfers to U.S. entities certified under the EU-U.S. Data Privacy Framework
  • Binding Corporate Rules: Where a third-party provider has approved Binding Corporate Rules in place

If you would like more information about the specific safeguards in place for any particular international transfer, please contact us at [email protected].

12. Third-Party Links and Services

Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

13. How to File a Complaint

If you are unhappy with how we have handled your personal data, we encourage you to contact us in the first instance so that we can attempt to resolve your concern:

If you are not satisfied with our response, or if you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Irish supervisory authority for data protection:

Data Protection Commission (DPC)
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Website: www.dataprotection.ie
Phone: +353 (0)1 765 0100 / +353 (0)57 868 4800
Email: [email protected]

You also have the right to seek a judicial remedy against a data controller or processor in the relevant courts, or to bring a complaint to any supervisory authority within the EU where you habitually reside, work, or where an alleged infringement occurred.

14. Automated Decision-Making and Profiling

We may use automated processes to analyse your ordering patterns and preferences for the purpose of personalising offers, recommendations, and marketing communications. However, we do not make decisions that produce significant legal effects on you based solely on automated processing without human oversight, except where necessary for fraud prevention or where you have explicitly consented.

Where automated decision-making or profiling is used in a way that significantly affects you, you have the right to request human review of the decision, to express your point of view, and to contest the decision. Please contact us at [email protected] to exercise this right.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Post the revised policy on our website at apachs-pizza.com
  • Where required, notify you by email or through a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services following the posting of changes constitutes your acceptance of the updated policy, where such acceptance is permissible under law.

16. Legal Basis Summary

Purpose of Processing Lawful Basis (GDPR Article 6)
Processing and fulfilling your orders Performance of a contract (Art. 6(1)(b))
Creating and managing your account Performance of a contract (Art. 6(1)(b))
Processing payments Performance of a contract (Art. 6(1)(b))
Sending marketing communications Consent (Art. 6(1)(a)) or Legitimate Interests (Art. 6(1)(f))
Analytics and website improvement Legitimate Interests (Art. 6(1)(f))
Fraud prevention and security Legitimate Interests (Art. 6(1)(f)) / Legal Obligation (Art. 6(1)(c))
Compliance with legal obligations Legal Obligation (Art. 6(1)(c))
Non-essential cookies Consent (Art. 6(1)(a))

17. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have a concern about how we are handling your personal data, please do not hesitate to contact us:

Apache Pizza — Data Privacy Enquiries
Email: [email protected]
Website: apachs-pizza.com
Country: Ireland

We aim to acknowledge all privacy-related enquiries within 72 hours and to respond fully within one calendar month of receipt, in accordance with our obligations under GDPR Article 12.

This Privacy Policy was last reviewed and updated on May 7, 2026. Apache Pizza is committed to processing your personal data in a lawful, fair, and transparent manner in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Acts 1988–2018 of Ireland.