Privacy Policy

Last Updated: April 23, 2026  |  Effective Date: April 23, 2026

At Apache Pizza, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website apachi-ie.com, place an order with us, use our mobile application, or interact with us in any other way. Please read this policy carefully to understand our practices regarding your personal data.

This Privacy Policy is governed by the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Acts 1988–2018 of Ireland. Apache Pizza acts as the Data Controller in respect of the personal data we collect and process. By using our website and services, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Apache Pizza is a food business operating in Ireland, providing pizza delivery and takeaway services to customers across the country. Our contact details for all privacy-related matters are as follows:

Company Name Apache Pizza
Address Ireland
Phone Available via our website apachi-ie.com
Email [email protected]
Website apachi-ie.com

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us using the details above. We will endeavour to respond to all privacy-related enquiries within 30 days of receipt.

2. What Personal Data We Collect

We collect various types of personal data depending on how you interact with us. The categories of personal data we may collect include the following:

2.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

  • Full name
  • Home or delivery address
  • Email address
  • Phone number (mobile and/or landline)
  • Date of birth (where age verification is required)
  • Username and password (for registered accounts)

2.2 Order and Transaction Information

When you place an order with us, we collect:

  • Details of the items you have ordered
  • Order history and preferences
  • Payment information (note: full card details are processed by our secure third-party payment processor and are not stored by Apache Pizza)
  • Billing address
  • Delivery instructions and preferences
  • Special dietary requirements or preferences that you choose to share with us

2.3 Usage Data and Technical Information

When you access and use our website or mobile application, we automatically collect certain technical data, including:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited on our website and the order in which they were visited
  • Time and date of your visit
  • Time spent on each page
  • Links clicked within our website
  • Referring website or source
  • Crash reports and error logs

2.4 Location Data

We may collect and process location data in order to facilitate delivery services. This may include:

  • Your delivery address as provided by you
  • GPS or geolocation data from your device (only if you grant permission)
  • Approximate location data derived from your IP address

2.5 Cookie and Tracking Data

We use cookies and similar tracking technologies to enhance your experience on our website. These technologies collect data about your browsing behaviour and preferences. For full details, please refer to Section 9 of this policy and our separate Cookie Policy available on our website.

2.6 Communications Data

If you contact us by email, phone, post, or via our website contact form, we will collect and retain:

  • The content of your message or enquiry
  • Your contact details as provided
  • Records of our correspondence with you

2.7 Marketing Preferences

Where you have opted in to receive marketing communications, we retain records of your marketing preferences, including the type of communications you have agreed to receive and your subscription or unsubscription history.

3. How We Use Your Personal Data

We process your personal data for specific, explicit, and legitimate purposes. The following explains the purposes for which we use your information and the legal basis we rely upon under GDPR:

3.1 Providing Our Services (Contractual Necessity)

The primary reason we process your personal data is to fulfil your orders and provide our food delivery and takeaway services. This includes:

  • Processing and managing your food orders
  • Arranging delivery to your specified address
  • Processing payments and issuing receipts or invoices
  • Managing your customer account
  • Communicating with you about your orders, including confirmations, updates, and issues
  • Providing customer support and handling complaints

3.2 Legitimate Business Interests

We process certain data based on our legitimate interests as a business, provided these interests are not overridden by your rights and freedoms. This includes:

  • Improving and developing our products, services, and website
  • Analysing customer behaviour and order trends to optimise our menu and services
  • Detecting and preventing fraud, abuse, and security incidents
  • Ensuring the technical functionality and security of our website and systems
  • Conducting internal business analytics and reporting
  • Maintaining accurate business records

3.3 Marketing and Promotional Communications (Consent)

Where you have given us your explicit consent, we may use your personal data to:

  • Send you promotional offers, discount codes, and special deals via email or SMS
  • Inform you about new menu items, seasonal promotions, and events
  • Provide personalised recommendations based on your order history
  • Conduct customer surveys and request feedback

You may withdraw your consent to marketing communications at any time by clicking the "unsubscribe" link in any marketing email, by contacting us at [email protected], or by updating your preferences in your account settings.

3.4 Legal Compliance (Legal Obligation)

We may process your personal data where necessary to comply with our legal obligations under Irish and European Union law, including:

  • Compliance with tax and accounting obligations
  • Responding to lawful requests from regulatory authorities or law enforcement agencies
  • Complying with food safety and allergen disclosure requirements
  • Fulfilling our obligations under consumer protection legislation

4. Sharing Your Personal Data with Third Parties

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. However, we may share your information with carefully selected third parties in the following circumstances:

4.1 Service Providers and Data Processors

We engage trusted third-party companies and individuals to perform functions on our behalf. These service providers are bound by data processing agreements and are only permitted to use your data as instructed by us. Such providers may include:

  • Payment Processors: Secure third-party payment gateway providers who process your payment card transactions on our behalf
  • Delivery Partners: Where applicable, third-party delivery drivers or logistics companies used to fulfil your order
  • IT and Hosting Providers: Companies that host and maintain our website, servers, and databases
  • Email and SMS Marketing Platforms: Third-party platforms used to send marketing and transactional communications
  • Analytics Providers: Services such as Google Analytics that help us understand how our website is used
  • Customer Support Tools: Platforms used to manage customer enquiries and support tickets

4.2 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business assets, your personal data may be transferred to the acquiring entity. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements and Law Enforcement

We may disclose your personal data to competent authorities, law enforcement bodies, or regulatory agencies where we are required to do so by applicable law, court order, or governmental regulation. This includes disclosures required by Irish law, EU law, or any other applicable legislation.

4.4 Protection of Rights

We may disclose personal data where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Apache Pizza, our customers, employees, or the public.

5. Data Security

We take the security of your personal data extremely seriously. Apache Pizza has implemented appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Our security measures include:

5.1 Technical Security Measures

  • SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) technology
  • Secure Payment Processing: Payment card data is processed by PCI-DSS compliant payment processors. We do not store full card numbers on our systems
  • Firewalls and Intrusion Detection: We employ firewalls and security monitoring systems to protect our infrastructure
  • Access Controls: Access to personal data is restricted to authorised personnel only, on a need-to-know basis
  • Password Protection: User accounts are protected by password authentication, and we encourage the use of strong, unique passwords
  • Regular Security Updates: Our systems and software are regularly updated and patched to address known security vulnerabilities

5.2 Organisational Security Measures

  • Staff training on data protection and privacy obligations
  • Internal data protection policies and procedures
  • Data minimisation practices — we only collect data that is necessary for our stated purposes
  • Regular review and audit of our data processing activities
  • Incident response procedures in the event of a data breach

5.3 Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) of Ireland within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with Article 34 of the GDPR.

Important: While we take every reasonable precaution to protect your personal data, no method of data transmission over the internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your data transmitted to our website.

6. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988–2018, you have a number of important rights in relation to your personal data. These rights are explained below. To exercise any of these rights, please contact us at [email protected].

6.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will provide you with a copy of your data free of charge within one month of receiving your verified request. In complex cases or where we receive a large number of requests, we may extend this period by a further two months, but we will inform you of any such extension.

6.2 Right to Rectification (Article 16 GDPR)

If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will respond to such requests without undue delay and within one month at the latest.

6.3 Right to Erasure / Right to Be Forgotten (Article 17 GDPR)

In certain circumstances, you have the right to request the deletion of your personal data. This right applies where:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent and there is no other legal basis for processing
  • You object to the processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Please note that this right is not absolute and may not apply in all circumstances, particularly where processing is necessary for compliance with a legal obligation.

6.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing, pending the outcome of that objection.

6.5 Right to Data Portability (Article 20 GDPR)

Where we process your personal data on the basis of your consent or for the performance of a contract, and the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another data controller where technically feasible.

6.6 Right to Object (Article 21 GDPR)

You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis for processing. You also have an absolute right to object to the processing of your personal data for direct marketing purposes at any time.

6.7 Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing your personal data (for example, for marketing communications), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

6.8 Rights in Relation to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you, unless such processing is necessary for the performance of a contract, authorised by law, or based on your explicit consent.

How to Exercise Your Rights: To exercise any of the rights listed above, please send a written request to [email protected] with the subject line "Data Subject Rights Request." We may need to verify your identity before processing your request to ensure the security of your personal data.

7. Data Retention

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention periods we apply are as follows:

Category of Data Retention Period Reason
Customer account information Duration of account + 3 years after last activity Contractual necessity and legitimate interests
Order and transaction records 7 years Legal obligation (tax and accounting requirements under Irish law)
Payment records 7 years Compliance with Revenue Commissioners requirements
Marketing consent records Until consent is withdrawn + 1 year Compliance with ePrivacy regulations
Customer communications and support records 3 years from last communication Legitimate interests (dispute resolution)
Website usage and analytics data 26 months Analytics and service improvement
Cookie data As specified in our Cookie Policy Website functionality and analytics
CCTV footage (if applicable at premises) 30 days Security and safety purposes

Upon expiry of the applicable retention period, we will securely delete or anonymise your personal data in accordance with our data retention and disposal procedures. In some cases, where immediate deletion is not possible due to technical reasons, we will ensure that your data is isolated and protected from further processing until deletion is feasible.

8. International Data Transfers

Apache Pizza is based in Ireland and primarily processes your personal data within the European Economic Area (EEA). However, some of our third-party service providers (such as cloud hosting providers, analytics platforms, or marketing tools) may be located outside the EEA, including in countries such as the United States.

Where we transfer personal data to countries outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements. These safeguards may include:

  • Adequacy Decisions: Transfers to countries that the European Commission has determined offer an adequate level of data protection
  • Standard Contractual Clauses (SCCs): Legally binding contractual terms approved by the European Commission, requiring the recipient to protect the data to EEA standards
  • Binding Corporate Rules (BCRs): Internal data protection policies adopted by multinational companies for international transfers within the same corporate group
  • EU-US Data Privacy Framework: Where applicable, transfers to US-based companies that are certified under the EU-US Data Privacy Framework

You may request further information about the specific safeguards we have put in place for international data transfers by contacting us at [email protected].

9. Cookie Policy Summary

Our website apachi-ie.com uses cookies and similar tracking technologies to improve your browsing experience, analyse site traffic, and assist in our marketing efforts. A cookie is a small text file that is placed on your device when you visit our website.

9.1 Types of Cookies We Use

Cookie Type Purpose Legal Basis
Strictly Necessary Cookies Essential for the website to function properly (e.g., shopping cart, login session) Legitimate interests
Functional Cookies Remember your preferences and settings (e.g., preferred store, language) Consent
Analytics Cookies Collect anonymous data about how visitors use our website to help us improve it Consent
Marketing/Advertising Cookies Track your browsing behaviour to display relevant advertisements Consent

When you first visit our website, you will be presented with a cookie consent banner where you can choose which categories of cookies you wish to accept. You can manage or withdraw your cookie preferences at any time by accessing the cookie settings on our website.

For full details about the specific cookies we use, their duration, and how to manage them, please refer to our full Cookie Policy available at apachi-ie.com.

You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website and your ability to place orders.

10. Children's Privacy

Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal data from children under the age of 18 without the consent of a parent or legal guardian.

If you are under 18 years of age, please do not submit any personal data to us through our website or any other means. If you are a parent or guardian and you become aware that your child has provided us with personal data without your consent, please contact us immediately at [email protected].

Upon receiving notification that we have collected personal data from a child under the age of 18 without appropriate parental consent, we will take immediate steps to delete that information from our systems.

Notice to Parents and Guardians: If you believe that a child under the age of 18 has provided personal data to Apache Pizza without your consent, please contact us immediately at [email protected] so that we can take prompt action to delete the information.

11. Third-Party Websites and Links

Our website may contain links to third-party websites, applications, or services that are not operated by Apache Pizza. These may include social media platforms, payment gateways, or partner websites. This Privacy Policy applies solely to data collected by Apache Pizza through apachi-ie.com and our associated services.

We have no control over and accept no responsibility for the content, privacy policies, or practices of any third-party websites or services. We strongly encourage you to read the privacy policies of any third-party websites you visit, particularly before submitting any personal data to those sites.

The inclusion of any link on our website does not constitute an endorsement by Apache Pizza of that website or its operators.

12. Social Media and User-Generated Content

Apache Pizza maintains a presence on various social media platforms. If you choose to interact with us via social media (including but not limited to Facebook, Instagram, Twitter/X, or TikTok), please be aware that those platforms have their own privacy policies and data practices, which are outside our control.

If you submit reviews, comments, photos, or other content through our website or social media channels, please be aware that such content may be visible to other users. We ask that you do not include sensitive personal data in any publicly visible posts or communications.

13. Legal Basis for Processing — Summary

Under the GDPR, we are required to have a valid legal basis for each processing activity. The following table summarises the legal bases we rely upon:

Processing Activity Legal Basis (GDPR Article 6)
Processing and fulfilling your food orders Article 6(1)(b) — Performance of a contract
Managing your customer account Article 6(1)(b) — Performance of a contract
Sending marketing communications Article 6(1)(a) — Consent
Analytics and service improvement Article 6(1)(f) — Legitimate interests
Fraud prevention and security Article 6(1)(f) — Legitimate interests
Tax, accounting, and record-keeping Article 6(1)(c) — Legal obligation
Responding to legal or regulatory requests Article 6(1)(c) — Legal obligation
Processing cookies (non-essential) Article 6(1)(a) — Consent

14. How to Lodge a Complaint with the Data Protection Commission

We take your privacy rights seriously and aim to handle all privacy concerns promptly and professionally. However, if you are not satisfied with how we have handled your personal data or responded to your privacy request, you have the right to lodge a complaint with the Irish supervisory authority for data protection.

The supervisory authority in Ireland is the Data Protection Commission (DPC):

Data Protection Commission (DPC)

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone: +353 (0)1 765 0100 / Lo Call: 1800 437 737
Email: [email protected]
Website: www.dataprotection.ie

Before contacting the DPC, we encourage you to first raise any concerns directly with us at [email protected]. We will make every effort to resolve your concern swiftly and to your satisfaction. You also have the right to seek judicial remedy under Article 79 of the GDPR.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or for other operational reasons. When we make significant changes, we will notify you by:

  • Posting a prominent notice on our website apachi-ie.com
  • Sending an email notification to registered account holders where appropriate
  • Updating the "Last Updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information. Your continued use of our website or services after any changes to this policy have been posted will constitute your acknowledgement of the updated terms.

Where any changes to this Privacy Policy require your consent (for example, where we wish to use your data for a new purpose), we will seek your consent before implementing those changes.

16. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way Apache Pizza handles your personal data, please do not hesitate to contact us. We are committed to addressing all privacy-related enquiries promptly and transparently.

Apache Pizza — Data Privacy Contact

Company: Apache Pizza
Location: Ireland
Email: [email protected]
Website: apachi-ie.com

We aim to respond to all data protection and privacy enquiries within 30 days. In complex cases, we may require up to an additional two months, but we will inform you of this extension and the reasons for it within the initial 30-day period.

When contacting us, please provide sufficient information to enable us to identify you and locate any relevant data we hold about you. This will assist us in processing your request as efficiently as possible. We may request proof of identity to protect the security of your personal data.

Apache Pizza Privacy Policy

Version: 1.0 | Effective Date: April 23, 2026

This policy is governed by the laws of Ireland and the European Union, including the General Data Protection Regulation (EU) 2016/679 and the Data Protection Acts 1988–2018.