Privacy Policy

Last Updated: June 15, 2026

Important Notice: This Privacy Policy explains how Apache Pizza collects, uses, stores, and protects your personal data when you visit our website at apacpizza.com, place orders, or otherwise interact with our services. Please read this policy carefully before using our services.

1. Introduction and Who We Are

Welcome to Apache Pizza. We are committed to protecting your personal data and respecting your privacy in accordance with applicable Irish and European Union data protection law. This Privacy Policy has been prepared in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Acts 1988–2018 of Ireland, as enforced by the Data Protection Commission (DPC).

Apache Pizza operates the website apacpizza.com and provides food ordering, delivery, and related services to customers throughout Ireland. In the context of this Privacy Policy, "we," "us," and "our" refer to Apache Pizza, and "you" or "your" refers to any individual who accesses our website, places an order, creates an account, or otherwise engages with our business.

As a data controller, Apache Pizza determines the purposes and means by which your personal data is processed. We take our responsibilities under data protection law very seriously and have implemented appropriate technical and organisational measures to safeguard your information.

1.1 Contact Details

Company Name	Apache Pizza
Website	apacpizza.com
Email Address	[email protected]

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to contact us using the details above.

2. What Personal Data We Collect

We collect various categories of personal data depending on how you interact with us. We only collect data that is necessary, relevant, and proportionate to the purposes for which it is being processed — a principle known as data minimisation under the GDPR.

2.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect the following personal identification details:

Full name
Delivery address (including Eircode)
Billing address
Email address
Phone number
Date of birth (where required for age verification or promotional purposes)
Account username and password (stored in encrypted form)

2.2 Order and Transaction Data

When you place an order through our website or app, we collect:

Details of the products ordered (menu items, quantities, customisations)
Order history and previous purchases
Payment information — note that we do not store full card details; payment processing is handled by secure third-party payment processors
Order status and delivery tracking information
Special dietary requirements or preferences you voluntarily provide
Voucher codes, promotional offers, and loyalty points used

2.3 Usage Data and Website Analytics

When you visit apacpizza.com, we automatically collect certain technical and usage data, including:

IP address
Browser type and version
Operating system
Pages visited, time spent on each page, and links clicked
Referring website or source (how you arrived at our site)
Search queries entered on our website
Date and time of your visit
Session identifiers and crash logs

2.4 Device Information

If you access our services via a mobile device or application, we may also collect:

Device type and model
Mobile operating system
Unique device identifiers (such as IMEI or advertising ID)
Mobile network information
Location data (if you grant permission for location services to facilitate local store detection and delivery estimates)

2.5 Communications Data

If you contact our customer service team, submit feedback, or engage with us through any channel, we may collect:

The content of your messages or enquiries
Email correspondence
Records of phone calls (where calls are recorded for quality and training purposes)
Social media interactions or messages sent through social media platforms
Responses to surveys, competitions, or promotional activities

2.6 Cookie Data

We use cookies and similar tracking technologies on our website. For full details about the cookies we use and how to manage your preferences, please refer to our Cookie Policy. In summary, cookies collect information such as your session preferences, login status, shopping basket contents, and browsing behaviour on our site.

2.7 Data You Provide Voluntarily

From time to time, you may choose to provide us with additional information, such as through completing surveys, entering competitions, submitting reviews, or signing up for newsletters. We will collect whatever information you choose to share in those contexts.

3. How We Use Your Personal Data

We process your personal data only where we have a lawful basis for doing so, as required by Article 6 of the GDPR. The lawful bases we rely upon include:

Performance of a contract: where processing is necessary to fulfil your order or provide our services
Legitimate interests: where we have a genuine and proportionate business need that does not override your rights
Consent: where you have given clear, informed, and freely-given consent (e.g., for marketing communications)
Legal obligation: where we are required to process your data to comply with Irish or EU law

3.1 Service Provision and Order Fulfilment

The primary reason we collect your personal data is to provide you with our food ordering and delivery services. This includes:

Processing and confirming your orders
Arranging delivery to your specified address
Processing payments and issuing receipts
Managing your customer account
Communicating with you about your order status
Handling returns, complaints, and refund requests
Providing customer support services

3.2 Analytics and Service Improvement

We use aggregated and anonymised usage data to understand how customers interact with our website and services. This helps us to:

Improve the functionality and user experience of our website
Analyse ordering trends and popular menu items
Optimise our delivery routes and timings
Identify and resolve technical issues or bugs
Make data-driven decisions about our product and service offerings
Conduct internal research and business analysis

3.3 Marketing and Promotional Communications

With your explicit consent, we may use your contact details to send you marketing communications, including:

Promotional offers, discounts, and vouchers
New menu announcements and seasonal specials
Newsletters and company updates
Loyalty programme information
Competition and prize draw details

You may withdraw your consent to receive marketing communications at any time by clicking the "unsubscribe" link in any email we send, by adjusting your account preferences on apacpizza.com, or by contacting us directly at [email protected]. Withdrawing consent will not affect the lawfulness of any processing carried out before withdrawal.

3.4 Legal Compliance and Fraud Prevention

We may process your personal data where necessary to comply with our legal obligations under Irish and EU law, including:

Maintaining financial records and accounting records as required under Irish company and taxation law
Complying with food safety and hygiene regulations
Detecting, investigating, and preventing fraudulent transactions
Responding to lawful requests from An Garda Síochána, regulatory authorities, or courts
Enforcing our Terms and Conditions

4. Sharing Your Personal Data with Third Parties

We do not sell, rent, or trade your personal data to any third parties for their own commercial purposes. However, we may share your data with trusted third parties in the following circumstances:

4.1 Service Providers and Data Processors

We engage carefully selected third-party service providers who process data on our behalf and under our instructions. These include:

Payment processors: to handle card transactions and payment security (e.g., Stripe, PayPal, or other PCI-DSS compliant providers)
Delivery management platforms: to coordinate and track order deliveries
Cloud hosting providers: to store data securely on servers
Email and communications platforms: to send transactional and marketing emails
Analytics providers: such as Google Analytics, to analyse website usage (data is anonymised where possible)
Customer relationship management (CRM) software providers
IT support and cybersecurity service providers

All third-party data processors are required to enter into a Data Processing Agreement (DPA) with us, ensuring they meet GDPR standards for data protection and only process your data as instructed by us.

4.2 Legal and Regulatory Authorities

We may disclose your personal data to law enforcement agencies, regulatory bodies, courts, or other public authorities in Ireland or the EU where we are legally required or permitted to do so. This may include responding to court orders, statutory requests, or to protect the vital interests of individuals.

4.3 Business Transfers

In the event that Apache Pizza undergoes a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you in advance of any such transfer and ensure that your data continues to be protected in accordance with this Privacy Policy.

4.4 Franchise and Affiliated Stores

If Apache Pizza operates through a franchise model, certain order and account data may be shared with the relevant franchise store responsible for fulfilling your delivery. Such sharing is strictly limited to what is necessary to complete your order.

5. Data Security

We take the security of your personal data extremely seriously and have implemented a range of technical and organisational measures designed to protect your data against unauthorised access, loss, alteration, disclosure, or destruction.

5.1 Technical Security Measures

SSL/TLS encryption: All data transmitted between your browser and our website is encrypted using Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology
Password hashing: User passwords are stored using industry-standard cryptographic hashing algorithms, never in plain text
Firewalls and intrusion detection systems: Our servers are protected by firewalls and monitored for suspicious activity
Secure payment processing: We do not store full payment card numbers; all card data is handled by PCI-DSS compliant payment processors
Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis
Regular security audits: We conduct periodic reviews and testing of our security measures

5.2 Organisational Security Measures

Staff training on data protection obligations and best practices
Data protection policies and internal procedures
Confidentiality agreements with employees and contractors
Incident response procedures in the event of a data breach

5.3 Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay, in accordance with Article 34 of the GDPR.

6. Your Rights Under GDPR and Irish Data Protection Law

Under the GDPR and the Data Protection Acts 1988–2018, you have significant rights in relation to your personal data. We are committed to upholding these rights and will respond to all valid requests within one calendar month, as required by law. In complex cases, we may extend this period by a further two months, but we will inform you of any extension within the first month.

6.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether we are processing your personal data and, if so, to receive a copy of that data along with information about how it is being used. This is known as a Subject Access Request (SAR). We will provide this information free of charge in most cases.

6.2 Right to Rectification (Article 16 GDPR)

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay. You may also update certain details directly through your account on apacpizza.com.

6.3 Right to Erasure — "Right to be Forgotten" (Article 17 GDPR)

In certain circumstances, you have the right to request the deletion of your personal data. This right applies where:

The data is no longer necessary for the purposes for which it was collected
You withdraw consent and there is no other lawful basis for processing
You object to the processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Erasure is required for compliance with a legal obligation

Please note that this right is not absolute and may be limited where we have overriding legal grounds to retain data (e.g., financial records required under Irish tax law).

6.4 Right to Restriction of Processing (Article 18 GDPR)

You may request that we restrict the processing of your personal data in certain circumstances, such as while the accuracy of data is contested or where you have objected to processing pending verification of our legitimate grounds.

6.5 Right to Data Portability (Article 20 GDPR)

Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible.

6.6 Right to Object (Article 21 GDPR)

You have the right to object to:

Processing based on our legitimate interests — we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms
Direct marketing — you have an absolute right to object to the use of your data for direct marketing purposes, and we will always honour such objections promptly
Profiling carried out for direct marketing purposes

6.7 Rights Related to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you. We do not currently make any such automated decisions about our customers, but if this changes, we will update this policy accordingly and ensure appropriate safeguards are in place.

6.8 How to Exercise Your Rights

To exercise any of the rights described above, please contact us in writing at:

Email: [email protected]
Subject Line: Data Subject Rights Request

We may ask you to verify your identity before processing your request to ensure the security and confidentiality of your personal data. We will not charge a fee for reasonable requests but reserve the right to charge an administrative fee for manifestly unfounded or excessive requests, or alternatively to refuse such requests.

7. Cookie Policy Overview

Our website, apacpizza.com, uses cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, analyse site traffic, and support our marketing activities.

7.1 Types of Cookies We Use

Strictly necessary cookies: Essential for the functioning of our website (e.g., maintaining your shopping basket and login session)
Performance and analytics cookies: Help us understand how visitors use our website (e.g., Google Analytics)
Functionality cookies: Remember your preferences, such as your preferred store location or language settings
Marketing and targeting cookies: Used to deliver relevant advertisements and track the effectiveness of our campaigns

7.2 Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner. You can accept all cookies, reject non-essential cookies, or manage your preferences in detail. You can change your cookie settings at any time through the cookie preferences link on our website.

For comprehensive information about the specific cookies we use, their purposes, and how to manage them, please refer to our full Cookie Policy.

8. Data Retention Periods

We do not retain personal data for longer than is necessary for the purposes for which it was collected, in accordance with the data minimisation and storage limitation principles under Article 5 of the GDPR. Our standard retention periods are as follows:

Category of Data	Retention Period	Reason
Customer account data	Duration of account + 2 years after last activity	Service provision and legitimate interests
Order history and transaction records	7 years	Irish tax and accounting obligations (Taxes Consolidation Act 1997)
Payment transaction data	7 years	Financial record-keeping requirements
Customer service communications	3 years	Dispute resolution and legitimate interests
Marketing consent records	Until consent is withdrawn + 1 year	Evidencing lawful basis for marketing
Website analytics data	26 months (anonymised)	Analytics and service improvement
Cookie consent records	1 year	Evidencing consent under ePrivacy Regulations
CCTV footage (if applicable at premises)	28 days	Security purposes

At the end of each applicable retention period, personal data is securely deleted or anonymised. Where anonymisation is not possible, data is securely destroyed using industry-standard methods.

9. Children's Privacy

Apache Pizza's services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect or process personal data from children under the age of 18.

In Ireland, the Data Protection Act 2018 sets the digital age of consent at 16 years for information society services; however, given the nature of our services, which involve financial transactions and the ordering of food products, we apply an 18-year minimum age threshold.

If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal data without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete any such data upon verification.

Our website is not directed at children, and we do not knowingly display targeted advertising to minors or include content specifically designed to attract children.

10. International Data Transfers

Apache Pizza is based in Ireland and primarily processes your personal data within the European Economic Area (EEA). However, some of our third-party service providers may process data outside the EEA. Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR.

10.1 Safeguards for International Transfers

The safeguards we rely upon for international data transfers may include:

Adequacy decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection
Standard Contractual Clauses (SCCs): Approved by the European Commission, these contractual obligations require the recipient to protect your data to EEA standards
Binding Corporate Rules (BCRs): Where applicable for multinational corporate groups
EU-US Data Privacy Framework: For transfers to certified US organisations where applicable

You may request further information about the specific safeguards we have in place for international data transfers by contacting us at [email protected].

11. Social Media and Third-Party Links

Our website may contain links to third-party websites, social media platforms (such as Facebook, Instagram, and Twitter/X), or embedded content from other providers. Please be aware that this Privacy Policy applies solely to data collected by Apache Pizza through apacpizza.com and our own services. We are not responsible for the privacy practices of any third-party websites or platforms, and we encourage you to review their privacy policies before providing any personal information.

When you interact with our social media pages or click on social media sharing buttons on our website, data may be collected and processed by those social media platforms in accordance with their own privacy policies.

12. Legal Basis Summary

For transparency, the following table summarises the key processing activities and the corresponding lawful bases under Article 6 of the GDPR:

Processing Activity	Lawful Basis
Processing and fulfilling your food order	Performance of a contract (Article 6(1)(b))
Creating and managing your account	Performance of a contract (Article 6(1)(b))
Sending transactional emails (order confirmations, receipts)	Performance of a contract (Article 6(1)(b))
Sending marketing emails and promotional offers	Consent (Article 6(1)(a))
Website analytics and performance monitoring	Legitimate interests (Article 6(1)(f))
Fraud detection and prevention	Legitimate interests (Article 6(1)(f))
Maintaining financial and accounting records	Legal obligation (Article 6(1)(c))
Responding to regulatory or law enforcement requests	Legal obligation (Article 6(1)(c))
Improving our products and services	Legitimate interests (Article 6(1)(f))

13. Complaints to the Data Protection Commission

We hope to resolve any privacy-related concerns you may have directly. However, if you are not satisfied with our response, or if you believe we have not handled your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority for data protection in Ireland.

Data Protection Commission — Contact Details

Address: 21–25 Canal Road, Dublin, D06 F468, Ireland

Phone: +353 (0)57 868 4800 or +353 (0)761 104 800

Email: [email protected]

Website: www.dataprotection.ie

You may file a complaint with the DPC online through their website at forms.dataprotection.ie/contact. You also have the right to an effective judicial remedy against decisions of the DPC, or if the DPC does not handle a complaint within three months.

If you are located in another EU member state, you may alternatively contact the supervisory authority in your country of residence or habitual place of work.

14. Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our data processing activities, applicable law, or best practices. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Post a prominent notice on our website, apacpizza.com
Where appropriate, notify registered customers by email

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our website and services after any changes to this policy constitutes your acknowledgement of the updated terms.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or how we process your information, please contact us using the details below. We will do our best to respond promptly and resolve any concerns you may have.

Apache Pizza — Data Privacy Contact

Website: apacpizza.com

Email: [email protected]

When contacting us about a data protection matter, please include your full name, the email address associated with your account, and a clear description of your request or concern so that we can assist you as efficiently as possible.

This Privacy Policy was last reviewed and updated on June 15, 2026. It is governed by the laws of Ireland and the applicable regulations of the European Union, including the General Data Protection Regulation (EU) 2016/679 and the Data Protection Acts 1988–2018. Any disputes arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Ireland.