Privacy Policy

Last Updated: May 8, 2026  |  Effective Date: May 8, 2026

At Apache Pizza, we are deeply committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at apachispizza.com, place orders online, interact with our services, or otherwise engage with us. We encourage you to read this document carefully to understand our practices.

This Privacy Policy applies to all users of our website and services, including customers who place orders, visitors who browse our website, and individuals who contact us for any purpose. By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

Apache Pizza operates in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Data Protection Acts 1988–2018, and all applicable Irish and European Union data protection legislation. We are committed to handling your personal data lawfully, fairly, and transparently.

1. Who We Are (Data Controller)

For the purposes of applicable data protection law, the data controller responsible for your personal information is:

Company Name Apache Pizza
Website apachispizza.com
Email Address [email protected]
Country of Operation Ireland

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us at the email address provided above. We take all privacy inquiries seriously and will respond promptly.

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal data we may collect include the following:

2.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

  • Full name
  • Email address
  • Telephone or mobile number
  • Delivery address (street address, city, county, Eircode)
  • Billing address (if different from delivery address)
  • Date of birth (where required for age verification purposes)
  • Username and password (for registered accounts)

2.2 Order and Transaction Information

When you place an order through our website or app, we collect:

  • Details of the items ordered and any special instructions
  • Order history and purchase records
  • Payment method type (e.g., credit card, debit card, cash on delivery)
  • Transaction identifiers and payment confirmation details
  • Delivery preferences and instructions

Please note that full payment card details (such as card numbers and CVV codes) are processed directly by our secure payment processors and are not stored on our systems.

2.3 Usage and Technical Data

When you visit our website, we automatically collect certain technical information, including:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited and time spent on each page
  • Referring website or source
  • Date and time of your visit
  • Clickstream data and navigation patterns
  • Search queries made on our website

2.4 Location Data

With your permission, we may collect precise or approximate location data from your mobile device or browser to help us identify the nearest Apache Pizza location, calculate delivery areas, and provide you with relevant service options. You can disable location sharing at any time through your device settings.

2.5 Communications Data

If you contact us via email, phone, or online forms, we may retain a record of that correspondence, including:

  • The content of messages you send us
  • Feedback, complaints, or reviews you submit
  • Records of customer service interactions

2.6 Marketing and Preference Data

If you opt in to receive marketing communications, we collect your preferences regarding:

  • Email newsletter subscription status
  • SMS marketing consent
  • Preferred communication channels
  • Promotional preferences and interests

2.7 Cookie and Tracking Data

We use cookies and similar tracking technologies to collect information about how you interact with our website. Please refer to Section 9 of this Privacy Policy and our dedicated Cookie Policy for full details.

3. How We Use Your Personal Data

We use your personal data only where we have a lawful basis for doing so under the GDPR and the Data Protection Acts 1988–2018. The lawful bases we rely on include: (a) the performance of a contract with you, (b) compliance with a legal obligation, (c) our legitimate interests where these are not overridden by your rights, and (d) your consent.

3.1 Providing and Managing Our Services

We process your personal data primarily to fulfil orders and provide our food delivery and collection services. This includes:

  • Processing and confirming your orders
  • Arranging delivery or notifying you of collection readiness
  • Managing your online account
  • Processing payments and issuing refunds or credits where applicable
  • Providing customer support and responding to your enquiries
  • Sending order confirmations, receipts, and delivery updates

3.2 Website and Service Improvement

We use technical and usage data to improve and optimise our website and services, including:

  • Analysing website traffic and user behaviour patterns
  • Identifying and fixing technical issues or bugs
  • Testing new features and functionality
  • Improving the overall user experience and interface
  • Monitoring system performance and security

3.3 Marketing and Promotional Communications

Where you have provided your consent, or where we have a legitimate interest in doing so (subject to your right to opt out), we may use your contact details to:

  • Send you promotional emails, special offers, and discount codes
  • Notify you of new menu items, seasonal specials, or limited-time deals
  • Send SMS marketing messages (with your explicit consent)
  • Display targeted advertising on third-party platforms based on your interests
  • Conduct customer satisfaction surveys and feedback requests

You can withdraw your consent to marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us directly at [email protected].

3.4 Legal and Regulatory Compliance

We may process your personal data where necessary to comply with our legal obligations, including:

  • Maintaining accurate financial and tax records
  • Responding to lawful requests from regulatory authorities or law enforcement
  • Preventing and detecting fraud or other criminal activity
  • Enforcing our Terms and Conditions and other legal rights

3.5 Personalisation

We may use your order history and preferences to personalise your experience, including recommending menu items based on your previous orders and displaying content or promotions that are relevant to you.

4. Sharing Your Personal Data with Third Parties

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. However, we may share your information in the following limited circumstances:

4.1 Service Providers and Data Processors

We engage trusted third-party companies and individuals to perform functions and provide services to us, including:

  • Payment processors: Secure processing of card and online payments
  • Delivery and logistics partners: Facilitating the delivery of your orders
  • IT and hosting providers: Website hosting, cloud storage, and technical infrastructure
  • Email service providers: Sending transactional and marketing emails
  • Analytics providers: Understanding how visitors use our website (e.g., Google Analytics)
  • Customer service platforms: Managing customer support enquiries
  • SMS service providers: Sending order updates and promotional messages

All third-party service providers who process data on our behalf are required to handle your personal data in accordance with GDPR and are bound by appropriate data processing agreements. They are authorised to use your personal data only to the extent necessary to perform their services for us.

4.2 Legal and Regulatory Disclosure

We may disclose your personal data to regulatory bodies, law enforcement agencies, courts, or other third parties where we are required or permitted to do so by law, including:

  • Complying with legal obligations or court orders
  • Protecting the rights, property, or safety of Apache Pizza, our customers, or others
  • Investigating or preventing fraud, security breaches, or other illegal activities

4.3 Business Transfers

In the event that Apache Pizza undergoes a merger, acquisition, restructuring, or sale of all or part of its assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and ensure appropriate protections remain in place.

4.4 Franchise and Partner Locations

Apache Pizza operates through a network of franchise locations across Ireland. Your order information may be shared with the specific franchise location responsible for preparing and delivering your order. These franchise partners are required to handle your data in compliance with applicable data protection laws.

5. Data Security

We take the security of your personal data very seriously and implement a range of technical and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our website
  • Access controls: Access to personal data is restricted to authorised personnel who have a legitimate need to access it for business purposes
  • Secure payment processing: All payment transactions are processed through PCI DSS-compliant payment gateways. We do not store full card details on our servers
  • Regular security assessments: We conduct periodic reviews of our security practices and systems
  • Staff training: Our employees receive data protection training to ensure they understand their responsibilities when handling personal data
  • Incident response procedures: We maintain procedures for detecting, reporting, and investigating personal data breaches

Despite our best efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Data Protection Commission (DPC) as required by law.

6. Your Data Protection Rights

Under the GDPR and the Data Protection Acts 1988–2018, you have the following rights in relation to your personal data. We are committed to upholding these rights and will respond to all valid requests within one month of receipt, as required by law.

6.1 Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we use it. This is commonly known as a Subject Access Request (SAR). There is generally no charge for making such a request.

6.2 Right to Rectification

If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. You can also update certain information directly through your online account.

6.3 Right to Erasure ("Right to Be Forgotten")

You have the right to request the deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, where you withdraw your consent (and there is no other legal basis for processing), or where you object to processing and there are no overriding legitimate grounds.

6.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while a dispute about the accuracy of your data is being resolved.

6.5 Right to Data Portability

Where processing is based on your consent or the performance of a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

6.6 Right to Object

You have the right to object to our processing of your personal data where it is based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing your data for that purpose immediately.

6.7 Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently make such automated decisions; however, if this changes, we will update this policy accordingly.

6.8 How to Exercise Your Rights

To exercise any of the rights listed above, please contact us at:

Email: [email protected]
Website: apachispizza.com

We may need to verify your identity before processing your request. We will respond within one calendar month, though complex requests may take up to three months. We will always inform you if an extension is necessary.

7. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. The following general retention periods apply:

Category of Data Retention Period Reason
Customer account information Duration of account + 3 years after last activity Service provision and customer relationship management
Order and transaction records 7 years Legal and tax obligations under Irish Revenue requirements
Marketing consent records Until consent is withdrawn + 1 year Demonstrating compliance with consent requirements
Customer service communications 3 years Dispute resolution and service improvement
Website usage and analytics data 26 months Performance analysis and service optimisation
Security and fraud prevention data Up to 5 years Prevention and investigation of fraud or illegal activity
Cookie and tracking data As specified in our Cookie Policy Website functionality and analytics

Once data is no longer required for its original purpose or any compatible purpose, we will securely delete or anonymise it in accordance with our data retention procedures.

8. Children's Privacy

Our website and online ordering services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, process, or store personal data from children under the age of 18 without the consent of a parent or legal guardian.

If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at [email protected]. We will take prompt action to investigate and, where confirmed, to delete any such information from our records.

Under Irish law and the GDPR, the processing of personal data of children requires special safeguards. We do not intentionally target our marketing or data collection activities at individuals under the age of 18. If we become aware that we have collected personal data from a person under 18 without appropriate consent, we will delete that data without undue delay.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (such as web beacons, pixels, and local storage) to enhance your browsing experience, analyse website usage, and deliver relevant content and advertising.

9.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They allow the website to recognise your device on subsequent visits and remember certain information about your preferences or actions.

9.2 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the operation of our website, including enabling you to log in, add items to your cart, and complete your order. These cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).
  • Functional Cookies: Allow our website to remember your preferences (such as your saved address or preferred location) to provide a more personalised experience.
  • Targeting and Advertising Cookies: Used to deliver advertisements that are relevant to your interests and to track the effectiveness of our marketing campaigns.

9.3 Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept, reject, or customise your cookie preferences. You can update your preferences at any time through the cookie settings link on our website.

You may also configure your browser to refuse all or some cookies, or to alert you when cookies are being sent. Please note that disabling certain cookies may affect the functionality of our website.

For full details about the cookies we use, their purposes, and how to manage them, please read our dedicated Cookie Policy.

10. International Data Transfers

Apache Pizza is based in Ireland and primarily processes personal data within the European Economic Area (EEA). However, some of our third-party service providers and partners may be located outside the EEA, including in the United States and other countries.

Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with the GDPR. These safeguards may include:

  • Standard Contractual Clauses (SCCs): European Commission-approved contractual terms that impose GDPR-equivalent obligations on data importers outside the EEA
  • Adequacy Decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection
  • Binding Corporate Rules: Where applicable, internal data protection policies that have been approved by a data protection supervisory authority

You may request further information about international data transfers and the safeguards in place by contacting us at [email protected].

11. Legal Basis for Processing

In accordance with the GDPR, we are required to identify and document the legal basis upon which we process your personal data. The following table summarises the primary legal bases we rely on:

Processing Activity Legal Basis (GDPR Article 6)
Processing and fulfilling your orders Performance of a contract (Art. 6(1)(b))
Managing your customer account Performance of a contract (Art. 6(1)(b))
Sending order confirmations and service updates Performance of a contract (Art. 6(1)(b))
Sending marketing emails and SMS (opted in) Consent (Art. 6(1)(a))
Website analytics and service improvement Legitimate interests (Art. 6(1)(f))
Fraud detection and prevention Legitimate interests (Art. 6(1)(f)) / Legal obligation (Art. 6(1)(c))
Tax and financial record keeping Legal obligation (Art. 6(1)(c))
Responding to legal requests Legal obligation (Art. 6(1)(c))
Personalisation of your experience Legitimate interests (Art. 6(1)(f)) / Consent

12. Third-Party Links

Our website may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party sites. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly encourage you to review the privacy policy of every site you visit.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational needs. When we make changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Post the revised policy on our website at apachispizza.com
  • Where the changes are material, notify you by email or by a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our website or services after any changes constitutes your acceptance of the updated Privacy Policy.

14. How to File a Complaint with the Data Protection Commission

If you are not satisfied with how we have handled your personal data or responded to a request you have made, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority for data protection in Ireland.

Data Protection Commission — Contact Details
Name Data Protection Commission (DPC)
Address 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website www.dataprotection.ie
Phone +353 (0)1 765 0100
Email [email protected]

While you have the right to contact the DPC directly at any time, we would appreciate the opportunity to address your concerns before you do so. Please contact us first at [email protected] and we will do our best to resolve any issues promptly and to your satisfaction.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to get in touch with us:

Apache Pizza — Privacy Enquiries
Company Apache Pizza
Email [email protected]
Website apachispizza.com
Country Ireland
Our Commitment: We are dedicated to handling your personal data with the highest standards of privacy and security. We will always aim to respond to your data protection enquiries within one calendar month of receipt, in accordance with our obligations under the GDPR and the Data Protection Acts 1988–2018.

This Privacy Policy was last reviewed and updated on May 8, 2026. It is governed by and construed in accordance with the laws of Ireland, including the General Data Protection Regulation (EU) 2016/679 and the Data Protection Acts 1988–2018.