Privacy Policy

Effective Date: June 1, 2026 | Last Updated: June 1, 2026

At Apache Pizza, we are deeply committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at appache-pizza.com, place an order, use our services, or otherwise interact with us. We encourage you to read this document carefully to understand our practices regarding your personal data and how we will treat it.

This Privacy Policy is governed by the General Data Protection Regulation (GDPR) (EU) 2016/679, the Data Protection Acts 1988–2018 of Ireland, and any other applicable Irish and European Union data protection legislation. Apache Pizza acts as the Data Controller in respect of the personal data we collect and process.

1. Who We Are

Apache Pizza is a food service company operating in Ireland. We provide pizza and food delivery, takeaway, and related services to customers across Ireland through our website, mobile applications, and physical store locations.

Company Name	Apache Pizza
Registered Address	Ireland
Phone	Not provided
Email	[email protected]
Website	appache-pizza.com

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, you may contact us at any time using the details provided above or in Section 15 of this policy.

2. Information We Collect

We collect and process a variety of personal data about you depending on how you interact with us. The categories of personal data we collect include the following:

2.1 Personal Identification Information

Full name
Date of birth (where relevant for age verification)
Email address
Phone number
Delivery and billing address
Account login credentials (username and encrypted password)

2.2 Order and Transaction Data

Details of orders you have placed, including food items, quantities, prices, and special requests
Payment information — note that we do not store full card details; payment processing is handled by secure third-party payment processors
Order history and purchase records
Delivery instructions and preferences
Voucher and promotional codes used

2.3 Account and Profile Data

Information you provide when creating or updating your online account
Saved delivery addresses
Loyalty programme membership details
Preferences and saved favourites
Communication preferences

2.4 Usage and Behavioural Data

Pages visited on our website and mobile application
Time and duration of visits
Links clicked and features used
Search queries made within our platform
Browsing and navigation patterns
Cart abandonment data

2.5 Device and Technical Information

IP address
Browser type and version
Operating system and device type
Screen resolution and language settings
Referring URLs (the website you came from before visiting ours)
Mobile device identifiers (IDFA, Android Advertising ID)

2.6 Location Data

Delivery address and general location for order fulfilment
Approximate geolocation derived from your IP address
Precise GPS location data, only if you grant permission through our mobile application

2.7 Communications Data

Messages and enquiries you send us via email, contact forms, or live chat
Customer service interaction records
Feedback and reviews you submit
Responses to surveys or promotions

2.8 Cookie and Tracking Data

We use cookies and similar tracking technologies on our website and application. Please refer to Section 11 of this policy and our dedicated Cookie Policy available on our website for full details.

3. How We Collect Your Data

We collect personal data in the following ways:

3.1 Directly From You

When you register for an account, place an order, contact our customer service team, sign up for our newsletter or marketing communications, participate in competitions or promotions, or complete surveys and feedback forms.

3.2 Automatically

When you visit our website or use our mobile application, we automatically collect certain technical and usage data through cookies, web beacons, pixels, log files, and similar technologies.

3.3 From Third Parties

We may receive personal data about you from third parties, including:

Social media platforms (if you log in using a social account such as Facebook or Google)
Payment service providers confirming transaction status
Analytics providers who help us understand website usage
Advertising partners and marketing networks
Fraud detection and security service providers

4. Legal Basis for Processing Your Personal Data

Under the GDPR and the Data Protection Acts 1988–2018, we are required to have a legal basis for processing your personal data. The legal bases we rely upon are as follows:

Purpose of Processing	Legal Basis
Processing your food orders and delivering services	Performance of a contract (Article 6(1)(b) GDPR)
Managing your account	Performance of a contract (Article 6(1)(b) GDPR)
Sending transactional emails and order updates	Performance of a contract (Article 6(1)(b) GDPR)
Fraud prevention, security, and legal compliance	Legal obligation (Article 6(1)(c) GDPR) and Legitimate interests (Article 6(1)(f) GDPR)
Improving our services through analytics	Legitimate interests (Article 6(1)(f) GDPR)
Sending marketing and promotional communications	Consent (Article 6(1)(a) GDPR)
Complying with tax and accounting obligations	Legal obligation (Article 6(1)(c) GDPR)
Personalising your experience on our platform	Legitimate interests (Article 6(1)(f) GDPR) or Consent

Where we rely on legitimate interests as our legal basis, we have carefully considered and balanced those interests against your rights and freedoms. You have the right to object to processing based on legitimate interests at any time.

Where we rely on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

5.1 Service Provision and Order Fulfilment

Processing, managing, and delivering your food orders
Creating and maintaining your online account
Sending order confirmations, updates, and delivery notifications
Processing payments and issuing receipts or invoices
Managing delivery logistics and coordinating with local franchise locations
Handling returns, complaints, and customer service queries

5.2 Account Management and Customer Relationship

Verifying your identity and managing account access
Administering our loyalty and rewards programme
Remembering your preferences and saved addresses to enhance convenience
Responding to your enquiries, complaints, and feedback

5.3 Marketing and Promotional Communications

Sending you promotional offers, deals, and news about Apache Pizza (with your consent)
Personalising marketing messages based on your order history and preferences
Administering competitions, prize draws, and special events
Conducting customer satisfaction surveys

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email, updating your account preferences, or contacting us directly at [email protected].

5.4 Analytics and Service Improvement

Analysing website and app usage to improve user experience
Monitoring performance, identifying technical issues, and testing new features
Conducting internal research and business analytics
Developing new products, menu items, and services

5.5 Safety, Security, and Fraud Prevention

Detecting, investigating, and preventing fraudulent transactions and suspicious activity
Ensuring the security and integrity of our platform
Protecting the rights, property, and safety of Apache Pizza, our customers, and the public

5.6 Legal and Regulatory Compliance

Meeting our obligations under Irish and EU law, including tax, accounting, and consumer protection regulations
Responding to lawful requests from regulatory authorities or law enforcement
Enforcing our Terms and Conditions and other legal agreements

6. Sharing Your Personal Data with Third Parties

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. However, we may share your data with trusted third parties in the following circumstances:

6.1 Service Providers and Data Processors

We engage trusted third-party service providers who process data on our behalf and under our instructions. These include:

Payment processors — to securely process credit, debit, and other payment methods
Delivery and logistics partners — to coordinate food delivery operations
IT and cloud hosting providers — to host our website, databases, and applications
Email and SMS communication providers — to send transactional and marketing messages
Analytics providers (such as Google Analytics) — to help us understand how our services are used
Customer service software providers — to manage support queries and live chat
Fraud detection services — to protect against unauthorised transactions
Marketing and advertising platforms — to display relevant advertisements and manage campaigns

All service providers are bound by appropriate data processing agreements and are required to implement adequate technical and organisational security measures to protect your data.

6.2 Franchise Locations

Where your order is fulfilled by a local Apache Pizza franchise location, relevant order and delivery information will be shared with that franchisee solely for the purpose of completing your order.

6.3 Legal Requirements

We may disclose your personal data where required to do so by law or in response to valid requests from public authorities, including the Revenue Commissioners, An Garda Síochána, the Data Protection Commission, courts, or other government bodies in Ireland or the EU.

6.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business assets, your personal data may be transferred to the relevant third party as part of that transaction. We will notify you prior to your data being transferred and becoming subject to a different privacy policy.

6.5 With Your Consent

We may share your data with any other third party where you have given us your explicit consent to do so.

7. International Data Transfers

Apache Pizza is based in Ireland and primarily processes your personal data within the European Economic Area (EEA). However, some of our third-party service providers — such as cloud hosting companies, analytics platforms, and marketing tools — may process personal data outside the EEA, including in the United States and other countries.

Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements. These safeguards may include:

Transfers to countries that the European Commission has determined provide an adequate level of data protection (adequacy decisions)
Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules (BCRs) where applicable
Other lawful transfer mechanisms as permitted under GDPR Chapter V

You may request information about the specific safeguards we have in place for international data transfers by contacting us at [email protected].

8. Data Retention Periods

We retain your personal data only for as long as is necessary for the purposes for which it was collected, to comply with our legal and regulatory obligations, and to resolve disputes and enforce our agreements. The following general retention periods apply:

Category of Data	Retention Period
Active account data (name, email, contact info)	For the duration of your account, plus 2 years after account closure
Order and transaction history	7 years (in compliance with Irish Revenue and tax requirements)
Payment records	7 years (for financial and accounting compliance)
Customer service communications	3 years from the date of the last interaction
Marketing consent records	Until consent is withdrawn, plus 1 year thereafter
Website usage and analytics data	Up to 26 months (aggregated thereafter)
Fraud prevention and security logs	Up to 5 years
Cookie data	As specified in our Cookie Policy (typically 30 days to 2 years)

After the applicable retention period has expired, your personal data will be securely deleted or anonymised so that it can no longer be linked to you personally.

9. Data Security

We take the security of your personal data extremely seriously and have implemented a comprehensive range of technical and organisational measures to protect it against unauthorised access, loss, alteration, disclosure, or destruction. These measures include:

9.1 Technical Measures

SSL/TLS encryption for all data transmitted between your browser and our website
Encryption of sensitive data at rest, including payment-related information
Firewalls, intrusion detection systems, and access controls
Regular security vulnerability assessments and penetration testing
Secure, access-controlled cloud infrastructure with reputable providers
Multi-factor authentication for administrative access

9.2 Organisational Measures

Staff training on data protection and privacy best practices
Strict access controls ensuring data is accessible only on a need-to-know basis
Data processing agreements with all third-party processors
Incident response and data breach notification procedures
Regular review and updating of our privacy and security policies

While we take every reasonable precaution to secure your data, no method of electronic transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) within 72 hours as required by Article 33 of the GDPR, and we will notify you directly where required by Article 34.

10. Your Rights Under GDPR

As a data subject resident in Ireland and the European Economic Area, you have the following rights under the GDPR and the Data Protection Acts 1988–2018. We are committed to facilitating the exercise of these rights in a timely and transparent manner.

10.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you and to receive information about how we process it. This is known as a Subject Access Request (SAR). We will respond to your request within one calendar month of receipt, free of charge in the vast majority of cases.

10.2 Right to Rectification (Article 16 GDPR)

If any personal data we hold about you is inaccurate, incomplete, or out of date, you have the right to request that we correct or update it without undue delay. You may also update certain information directly through your online account settings.

10.3 Right to Erasure / Right to be Forgotten (Article 17 GDPR)

In certain circumstances, you have the right to request that we delete your personal data. This right applies where:

The data is no longer necessary for the purpose for which it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Erasure is required to comply with a legal obligation

Please note that this right is not absolute and may be limited in circumstances where we are required to retain your data for legal, regulatory, or contractual reasons.

10.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while we investigate a complaint you have raised about the accuracy of your data or the legitimacy of our processing activities.

10.5 Right to Data Portability (Article 20 GDPR)

Where processing is based on your consent or the performance of a contract and is carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format (such as JSON or CSV). You may also request that we transmit this data directly to another controller where technically feasible.

10.6 Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data where we rely on legitimate interests or where processing is for direct marketing purposes. Where you object to direct marketing, we will cease processing your data for that purpose immediately and without exception.

10.7 Rights Related to Automated Decision-Making and Profiling (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing — including profiling — that produces legal or similarly significant effects on you. Where we use automated decision-making, we will provide you with information about the logic involved and the likely significance and consequences.

10.8 Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

How to Exercise Your Rights: To exercise any of the rights listed above, please contact us in writing at [email protected]. We may need to verify your identity before processing your request. We will respond within one calendar month, though this may be extended by a further two months in complex cases, in which case we will notify you of the extension and the reasons for the delay.

11. Cookies and Tracking Technologies

Our website at appache-pizza.com uses cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, personalise content, and support our marketing activities.

Cookies are small text files placed on your device when you visit our website. We use the following categories of cookies:

Strictly Necessary Cookies: Essential for the operation of our website and online ordering system. These cannot be disabled.
Functional/Preference Cookies: Remember your preferences, such as saved addresses and login details, to improve your experience.
Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). Data collected is aggregated and anonymised where possible.
Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our campaigns on third-party platforms.

Upon your first visit to our website, you will be presented with a Cookie Consent Banner allowing you to accept, reject, or customise your cookie preferences. You can also manage or withdraw cookie consent at any time through your browser settings or our Cookie Preference Centre.

For detailed information about the specific cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

12. Children's Privacy

Our services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, process, or store personal data from children under the age of 18.

If you are under 18 years of age, please do not use our website, mobile application, or services, and do not provide us with any personal information.

If we become aware that we have inadvertently collected personal data from a person under the age of 18 without appropriate parental or guardian consent, we will take immediate steps to delete that data from our records. If you believe that we may have received personal data from a child, please contact us immediately at [email protected].

Parents or legal guardians who believe their child has submitted personal data to us are encouraged to contact us so that we can take prompt corrective action.

13. Marketing Communications

We would love to keep you informed about the latest Apache Pizza deals, new menu items, promotions, and exclusive offers. We will only send you direct marketing communications if you have opted in to receive them or if we are otherwise permitted to do so under applicable Irish and EU law.

13.1 How We Market to You

We may communicate with you via:

Email newsletters and promotional messages
SMS/text messages (with your consent)
Push notifications via our mobile application (with your consent)
Targeted online advertising through social media and advertising networks

13.2 Opting Out

You can opt out of marketing communications at any time by:

Clicking the "Unsubscribe" link included in every marketing email
Replying "STOP" to any marketing SMS
Disabling push notifications in your mobile device settings or within our app
Updating your communication preferences in your Apache Pizza account settings
Contacting us directly at [email protected]

Please note that even if you opt out of marketing communications, you will continue to receive transactional and service-related messages that are necessary for the administration of your account and the fulfilment of your orders.

14. Third-Party Links and Platforms

Our website and application may contain links to third-party websites, social media platforms, and external services. These third parties operate independently and have their own privacy policies, which we strongly encourage you to review. Apache Pizza is not responsible for the content, privacy practices, or data processing activities of any third-party websites or services.

When you interact with Apache Pizza on social media platforms such as Facebook, Instagram, X (formerly Twitter), or TikTok, those platforms may collect data about your interaction in accordance with their own terms and privacy policies.

15. Contact Us — Privacy Enquiries

If you have any questions, concerns, or requests relating to this Privacy Policy or the way in which Apache Pizza processes your personal data, please do not hesitate to contact us. We will do our best to address your concerns promptly and transparently.

Data Controller Contact Details

Company: Apache Pizza

Address: Ireland

Email: [email protected]

Website: appache-pizza.com

When contacting us with a privacy-related request or enquiry, please include your full name, email address associated with your account (if applicable), and a clear description of your request so that we can respond to you as efficiently as possible.

16. How to Lodge a Complaint with the Data Protection Commission

If you are not satisfied with our response to your privacy concerns, or if you believe that we have processed your personal data in a manner that is not compliant with the GDPR or the Data Protection Acts 1988–2018, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority responsible for data protection in Ireland.

Data Protection Commission (DPC)

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Phone: +353 57 868 4800 / +353 1 765 0100

Email: [email protected]

Website: www.dataprotection.ie

We would always encourage you to contact us directly in the first instance so that we have the opportunity to address your concerns before you escalate your complaint to the DPC. We are fully committed to resolving any data protection issues in a fair and timely manner.

17. Changes to This Privacy Policy

We may update and revise this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons. When we make significant changes to this policy, we will take appropriate steps to inform you, which may include:

Displaying a prominent notice on our website
Sending an email notification to registered account holders
Requesting renewed consent where required

The "Last Updated" date at the top of this page will always reflect the most recent revision. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our website and services following the publication of an updated Privacy Policy constitutes your acknowledgement of the changes and your agreement to the updated terms, where applicable.

Archived versions of previous Privacy Policies are available upon request by contacting us at [email protected].

18. Applicable Law

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Ireland and applicable European Union data protection law, including:

The General Data Protection Regulation (GDPR) (EU) 2016/679
The Data Protection Acts 1988–2018
The ePrivacy Regulations (SI No. 336 of 2011, as amended)
Any subsequent or related Irish or EU legislation relating to data protection and privacy

Any disputes arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Ireland, without prejudice to your right to lodge a complaint with the Data Protection Commission or another competent supervisory authority.

Thank you for trusting Apache Pizza with your personal information. We are committed to handling your data with the highest standards of care, transparency, and integrity. If you have any questions about this Privacy Policy, please reach out to us at [email protected]. We are happy to help.