Privacy Policy

Last Updated: June 18, 2026  |  Effective Date: June 18, 2026

At Apache Pizza, we are deeply committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at apchipizza.com, place an order, use our services, or otherwise interact with us. We encourage you to read this document carefully so that you understand your rights and our obligations under applicable Irish and European data protection law.

This Privacy Policy applies to all users of our website, mobile services, and any other digital or physical touchpoint through which we collect personal data. By using our website or services, you acknowledge that you have read and understood the practices described in this policy.

1. Who We Are

Apache Pizza is a food service business operating in Ireland. For the purposes of data protection law, Apache Pizza acts as the Data Controller in respect of personal data collected through our website and services.

Company Name Apache Pizza
Website apchipizza.com
Email Address [email protected]
Country of Operation Ireland

If you have any questions or concerns about this Privacy Policy or the way we handle your personal data, please contact us using the details above. We will make every effort to respond promptly and helpfully.

2. Legal Framework and Applicable Law

Apache Pizza is subject to Irish and European data protection legislation, including:

  • The General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679, which came into effect on 25 May 2018 and applies throughout the European Union, including Ireland.
  • The Data Protection Acts 1988–2018 – Irish domestic legislation that supplements and implements the GDPR in Ireland, including the Data Protection Act 2018.
  • The ePrivacy Regulations (SI No. 336 of 2011) – Irish regulations governing cookies, electronic communications, and related online privacy matters.
  • Any other applicable European Union directives and regulations relating to data privacy and electronic communications.

The supervisory authority responsible for data protection in Ireland is the Data Protection Commission (DPC), which can be contacted at www.dataprotection.ie. You have the right to lodge a complaint with the DPC at any time if you believe your data protection rights have been infringed (see Section 11 for more details).

3. What Personal Data We Collect

We collect different types of personal data depending on how you interact with us. Below we set out the categories of personal data we may collect and process:

3.1 Personal Identification Information

When you register an account, place an order, or contact us, we may collect:

  • Full name
  • Email address
  • Phone number or mobile number
  • Delivery address and billing address
  • Date of birth (where required for age verification purposes)
  • Username and password (securely hashed) for account creation

3.2 Order and Transaction Data

When you place an order through our website or app, we collect information including:

  • Details of the food items ordered, including quantities and customisations
  • Order history and preferences
  • Payment method type (e.g., credit card, debit card, or online payment processor) — note that we do not store full card numbers; these are handled securely by our payment processor
  • Transaction reference numbers
  • Delivery instructions and notes
  • Order date, time, and status

3.3 Usage and Behavioural Data

When you visit our website, we automatically collect certain technical and behavioural information, including:

  • IP address
  • Browser type and version
  • Operating system
  • Referring website or URL
  • Pages visited on our website and the time spent on each page
  • Click-through data and navigation patterns
  • Search queries entered on our website
  • Date and time of your visit

3.4 Device Information

We may collect information about the device you use to access our website or app, including:

  • Device type (mobile, tablet, desktop)
  • Device identifiers
  • Mobile network information
  • Screen resolution
  • Location data (only with your explicit consent, for delivery purposes)

3.5 Communications Data

If you contact us by email, telephone, or through a contact form, we will collect:

  • The content of your message or enquiry
  • Your contact details as provided
  • Records of correspondence
  • Feedback, complaints, or reviews you submit

3.6 Marketing Preferences

If you opt in to receive marketing communications from us, we will record:

  • Your marketing opt-in consent and the date it was given
  • Your communication preferences (e.g., email, SMS)
  • Your responses to promotional campaigns and offers

3.7 Cookie and Tracking Data

We use cookies and similar tracking technologies on our website. Please refer to Section 9 of this Privacy Policy and our separate Cookie Policy for full details of the cookies we use and how you can manage your preferences.

4. How We Use Your Personal Data

We use your personal data only for legitimate, specified purposes and in accordance with applicable data protection law. We rely on the following legal bases for processing your data:

4.1 Performance of a Contract

We process certain personal data because it is necessary for us to fulfil our contractual obligations to you — specifically, to process and deliver your food orders. This includes:

  • Processing and confirming your orders
  • Arranging delivery of your food to the correct address
  • Processing payments securely
  • Sending you order confirmations and delivery updates
  • Managing your account and membership

4.2 Legitimate Interests

We may process certain data on the basis of our legitimate business interests, provided those interests are not overridden by your rights and interests. This includes:

  • Improving and personalising our website and services
  • Analysing usage patterns and customer behaviour to enhance our offerings
  • Preventing and detecting fraud, abuse, or security incidents
  • Responding to customer service queries and complaints
  • Maintaining records for internal administration purposes
  • Conducting internal business analysis and reporting

4.3 Legal Obligation

We may be required to process your personal data to comply with our legal obligations under Irish and EU law. This includes:

  • Maintaining financial and transactional records for tax and accounting purposes
  • Responding to lawful requests from regulatory or law enforcement authorities
  • Complying with consumer protection legislation
  • Complying with food safety and public health regulations

4.4 Consent

Where we process your data based on consent, you will be asked to give your explicit consent at the point of collection. This applies to:

  • Sending you marketing emails, SMS messages, or promotional notifications
  • Non-essential cookies and tracking technologies
  • Location data collection for personalised delivery services

You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. To withdraw consent, please contact us at [email protected] or use the unsubscribe link in any marketing email.

5. Analytics and Marketing

5.1 Website Analytics

We use analytics tools — such as Google Analytics — to understand how visitors use our website. These tools may collect information such as how often users visit our website, what pages they visit, and what other websites they used prior to visiting ours. We use this data only to improve our website and services. Analytics data is aggregated and, where possible, anonymised.

5.2 Direct Marketing

With your prior consent, we may send you marketing communications about our products, special offers, promotions, and news. We will only contact you by electronic means (email or SMS) in accordance with the ePrivacy Regulations (SI No. 336 of 2011) and the GDPR.

You can opt out of receiving marketing communications at any time by:

  • Clicking the "unsubscribe" or "opt-out" link included in any marketing email
  • Contacting us directly at [email protected]
  • Updating your preferences in your online account settings

Please note that even if you opt out of marketing communications, we may still send you transactional messages (such as order confirmations and service notices) as these are necessary to fulfil your orders.

6. Sharing Your Personal Data with Third Parties

We do not sell, rent, or trade your personal data to third parties for their own commercial purposes. However, we may share your data with selected third parties in the following circumstances:

6.1 Service Providers and Data Processors

We work with trusted third-party service providers who process personal data on our behalf. These include:

  • Payment processors – to securely process card transactions and online payments (e.g., Stripe, PayPal, or similar PCI-DSS compliant providers)
  • Delivery and logistics partners – to coordinate the delivery of your food orders
  • IT and hosting providers – to host our website, store data securely, and maintain IT infrastructure
  • Email marketing and CRM platforms – to manage marketing communications and customer records
  • Analytics providers – to help us understand website usage and performance
  • Customer support platforms – to manage and respond to customer enquiries

All third-party processors are required to process your data only on our documented instructions, to maintain appropriate security measures, and to comply with GDPR requirements. We enter into Data Processing Agreements (DPAs) with all relevant processors.

6.2 Legal and Regulatory Disclosures

We may disclose your personal data to regulatory authorities, law enforcement agencies, or other third parties where we are required to do so by law, court order, or other legal process. We may also disclose data where we believe it is necessary to:

  • Protect the rights, property, or safety of Apache Pizza, our customers, or others
  • Detect, prevent, or address fraud, security, or technical issues
  • Comply with applicable laws and regulations

6.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of all or a portion of our business assets, your personal data may be transferred to the relevant acquiring party. We will notify you via email or a prominent notice on our website before your personal data is transferred and becomes subject to a different privacy policy.

7. Data Security

We take the security of your personal data very seriously and implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration, disclosure, or destruction. Our security measures include:

  • SSL/TLS encryption – our website uses Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology to encrypt data transmitted between your browser and our servers
  • Secure password hashing – user passwords are stored using industry-standard cryptographic hashing algorithms and are never stored in plain text
  • Access controls – access to personal data is restricted to authorised personnel only, on a need-to-know basis
  • Firewalls and intrusion detection – we use network security tools to monitor and protect our systems against unauthorised access
  • PCI-DSS compliance – payment processing is conducted in compliance with the Payment Card Industry Data Security Standard
  • Regular security reviews – we conduct periodic reviews of our data security practices and update them as necessary
  • Staff training – our team members who handle personal data receive appropriate data protection training

While we take every reasonable precaution to protect your data, no data transmission over the internet or storage system can be guaranteed as 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately at [email protected].

Data Breach Notification: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

8. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our general data retention periods are as follows:

Category of Data Retention Period Reason
Customer account data Duration of account + 3 years after closure Contract fulfilment and legitimate interests
Order and transaction records 7 years Tax and accounting obligations under Irish law (Taxes Consolidation Act 1997)
Marketing consent records 3 years from last interaction or opt-out Demonstrating compliance with GDPR consent requirements
Customer service communications 3 years from resolution Legitimate interests (dispute resolution, quality management)
Website usage and analytics data 26 months Analytics and service improvement (industry standard)
Cookie data As specified in our Cookie Policy See Cookie Policy for individual cookie durations
Fraud and security records Up to 5 years Legal obligation and legitimate interests

When personal data is no longer required, we will securely delete or anonymise it. In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this data indefinitely.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (such as web beacons and pixels) to provide you with a better browsing experience, to remember your preferences, and to analyse how our website is used.

9.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They allow the website to recognise your device and remember certain information about your visit. Cookies cannot be used to run programs or deliver viruses to your device.

9.2 Types of Cookies We Use

  • Strictly Necessary Cookies: These are essential for the operation of our website. They enable you to navigate the site and use its features, such as accessing secure areas or completing an order.
  • Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often. This helps us improve the performance of our website. All data collected is aggregated and anonymised where possible.
  • Functionality Cookies: These cookies allow our website to remember choices you have made (such as your preferred language or saved items) and provide enhanced, more personalised features.
  • Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They also limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns. We only place these cookies with your consent.

9.3 Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You can change your cookie preferences at any time by:

  • Using the cookie settings tool on our website
  • Adjusting the cookie or privacy settings in your web browser
  • Visiting our full Cookie Policy for detailed information

Please be aware that disabling certain cookies may affect the functionality of our website and your ability to use some of its features.

10. International Data Transfers

Apache Pizza is based in Ireland and primarily processes your personal data within the European Economic Area (EEA). However, some of the third-party service providers we use may process your data in countries outside the EEA, including the United States or other jurisdictions.

Where we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with the GDPR. These safeguards may include:

  • Standard Contractual Clauses (SCCs) – Approved by the European Commission under Article 46(2) of the GDPR, providing appropriate data protection guarantees for international transfers
  • Adequacy decisions – Where the European Commission has determined that the recipient country provides an adequate level of data protection
  • Binding Corporate Rules (BCRs) – Where applicable for multinational organisations
  • Other approved transfer mechanisms under Chapter V of the GDPR

If you would like more information about the specific safeguards in place for any international transfer of your data, please contact us at [email protected].

11. Your Data Protection Rights

Under the GDPR and the Data Protection Acts 1988–2018, you have a number of important rights in relation to your personal data. These rights are explained below. To exercise any of these rights, please contact us at [email protected].

Your Right What It Means
Right of Access You have the right to request a copy of the personal data we hold about you (known as a Subject Access Request or SAR). We will provide this information free of charge within one month of your request.
Right to Rectification You have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure ("Right to be Forgotten") In certain circumstances, you have the right to request that we delete your personal data. This right applies where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where data has been processed unlawfully.
Right to Restriction of Processing You have the right to ask us to restrict the processing of your personal data in certain circumstances, for example while we are verifying the accuracy of data you have contested.
Right to Data Portability Where we process your data by automated means on the basis of your consent or for the performance of a contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another data controller.
Right to Object You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis. You also have an absolute right to object to the use of your data for direct marketing purposes.
Rights Related to Automated Decision-Making You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal or similarly significant effects. We will inform you if we make any such decisions and you may request human review.
Right to Withdraw Consent Where we process your data on the basis of consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

We will respond to all legitimate requests within one month. In complex cases or where you have made multiple requests, we may extend this period by a further two months, in which case we will notify you within the initial one-month period and explain the reason for the delay. We will not charge a fee for exercising your rights unless requests are manifestly unfounded, excessive, or repetitive.

12. Children's Privacy

Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, process, or retain personal data from children under the age of 18 without verified parental or guardian consent.

If you are a parent or guardian and you believe that your child under the age of 18 has provided us with personal data without your consent, please contact us immediately at [email protected]. Upon receiving such a notification, we will take prompt steps to investigate and, where appropriate, delete the relevant personal data from our systems.

We do not knowingly target our marketing activities at minors. If we become aware that we have inadvertently collected personal data from a child under 18, we will take all reasonable steps to delete that information as soon as possible.

13. Links to Third-Party Websites

Our website may contain links to third-party websites, social media platforms (such as Facebook, Instagram, or Twitter), or other online services that are not operated or controlled by Apache Pizza. This Privacy Policy applies only to information collected by Apache Pizza and our website at apchipizza.com.

We are not responsible for the privacy practices or the content of third-party websites. We strongly encourage you to review the privacy policies of any third-party websites you visit. The inclusion of a link on our website does not imply our endorsement of the linked website or its privacy practices.

14. How to File a Complaint with the Data Protection Commission

If you are not satisfied with how we have handled your personal data or your data rights request, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority responsible for data protection in Ireland.

Data Protection Commission (DPC)

Website: www.dataprotection.ie

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Phone: +353 (0)1 765 0100

Email: [email protected]

Before lodging a complaint with the DPC, we would encourage you to contact us first at [email protected] so that we have an opportunity to address your concerns directly. However, you are always free to contact the DPC at any time without first contacting us.

If you are located in another EU member state, you may also have the right to lodge a complaint with your local supervisory authority.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing activities, changes in applicable law, or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by:

  • Posting the updated policy on our website at apchipizza.com with a revised "Last Updated" date
  • Sending you an email notification if the changes materially affect how we use your personal data (where we hold your email address)
  • Displaying a prominent notice on our website homepage

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our website or services after any changes to this policy are posted will constitute your acknowledgement of the revised policy.

The version of this Privacy Policy dated June 18, 2026 supersedes all previous versions.

16. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way Apache Pizza processes your personal data, please do not hesitate to get in touch with us. We are committed to resolving any queries promptly and transparently.

Apache Pizza — Data Privacy Enquiries

Company: Apache Pizza

Website: apchipizza.com

Email: [email protected]

When contacting us about a data protection matter, please include your full name, contact details, and a clear description of your request or concern. We will acknowledge your request within 5 business days and provide a full response within one month of receipt of your request, in accordance with our obligations under the GDPR.

This Privacy Policy was last reviewed and updated on June 18, 2026 and is compliant with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Acts 1988–2018 as applicable in Ireland.