Privacy Policy

Last Updated: May 31, 2026  |  Effective Date: May 31, 2026

Apache Pizza ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you visit our website at apchepiza.com, place orders, use our services, or otherwise interact with us. Please read this policy carefully to understand our practices regarding your personal data.

We operate in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Data Protection Acts 1988–2018, and all other applicable Irish and European Union data protection legislation. The Data Protection Commission (DPC) is the supervisory authority in Ireland responsible for overseeing compliance with data protection law.

1. Who We Are

Apache Pizza is a food service business operating in Ireland. For the purposes of data protection law, Apache Pizza acts as the data controller in respect of the personal data we collect and process about you.

Company Name Apache Pizza
Website apchepiza.com
Email Address [email protected]
Country of Operation Ireland

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at the email address listed above. We are happy to assist with any queries or concerns.

2. Information We Collect

We collect various types of personal information depending on how you interact with us. Below is a detailed overview of the categories of data we may collect.

2.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

  • Full name
  • Email address
  • Phone number
  • Delivery address and billing address
  • Date of birth (where age verification is required)
  • Username and password (encrypted)
  • Account preferences and settings

2.2 Transaction and Order Data

When you place an order through our website or app, we collect:

  • Order history and details (items ordered, quantities, customisations)
  • Payment information (we do not store full card numbers — payment processing is handled by secure third-party payment processors)
  • Delivery instructions and preferences
  • Order timestamps and confirmation details
  • Promotional codes or vouchers used

2.3 Usage and Technical Data

When you visit our website at apchepiza.com, we automatically collect certain technical information, including:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited, time spent on pages, and navigation paths
  • Referring website or search terms used
  • Clickstream data and interaction logs
  • Error and crash reports

2.4 Location Data

With your permission, we may collect approximate or precise location data to assist with identifying your nearest Apache Pizza outlet, estimating delivery areas, and improving delivery accuracy.

2.5 Communication Data

If you contact us via email, telephone, online forms, or social media, we may retain a record of that correspondence, including:

  • The content of your messages or enquiries
  • Your contact details as provided
  • Our responses and any follow-up communications

2.6 Marketing Preferences

If you have opted in to receive marketing communications, we collect and maintain your preferences regarding:

  • Email newsletters and promotional offers
  • SMS marketing messages
  • Push notifications (where applicable)
  • Opt-out requests and unsubscribe records

2.7 Cookie and Tracking Data

We use cookies and similar tracking technologies on our website. Please refer to Section 8 of this policy for detailed information about our use of cookies, and see our separate Cookie Policy available on our website for full details.

3. How We Use Your Personal Data

We use your personal data only where we have a lawful basis to do so. The lawful bases we rely upon include: performance of a contract, compliance with a legal obligation, our legitimate interests, and your consent (where specifically requested).

3.1 Providing and Managing Our Services

  • Processing and fulfilling your food orders
  • Managing your online account and profile
  • Arranging and coordinating delivery services
  • Processing payments and issuing receipts or invoices
  • Responding to your enquiries, complaints, and feedback
  • Notifying you about the status of your order

Lawful basis: Performance of a contract (Article 6(1)(b) GDPR)

3.2 Improving Our Services and Website

  • Analysing website usage and traffic patterns
  • Conducting customer satisfaction research and surveys
  • Testing and developing new features and functionality
  • Monitoring the performance and security of our systems
  • Understanding customer ordering habits and preferences

Lawful basis: Legitimate interests (Article 6(1)(f) GDPR)

3.3 Marketing and Promotional Communications

  • Sending you promotional offers, deals, and news about Apache Pizza
  • Personalising marketing content based on your ordering history and preferences
  • Running loyalty programmes or reward schemes
  • Delivering targeted advertising through online platforms

Lawful basis: Consent (Article 6(1)(a) GDPR) for direct marketing communications. You may withdraw your consent at any time by contacting us at [email protected] or by clicking the unsubscribe link in any marketing email.

3.4 Legal and Compliance Obligations

  • Complying with applicable Irish and EU laws and regulations
  • Maintaining accurate financial and accounting records
  • Responding to lawful requests from public authorities or courts
  • Preventing fraud, money laundering, and other unlawful activities
  • Enforcing our Terms and Conditions and other legal agreements

Lawful basis: Legal obligation (Article 6(1)(c) GDPR) and legitimate interests (Article 6(1)(f) GDPR)

4. Sharing Your Personal Data with Third Parties

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. However, we may share your data with trusted third parties in the following circumstances:

4.1 Service Providers and Data Processors

We work with carefully selected third-party service providers who process personal data on our behalf and strictly under our instructions. These include:

  • Payment processors: To securely handle payment card transactions
  • Delivery partners: To facilitate food delivery services where applicable
  • IT and hosting providers: For website hosting, maintenance, and technical support
  • Email and communications platforms: For sending transactional and marketing emails
  • Analytics providers: Such as Google Analytics, to help us understand website usage
  • Customer support tools: To manage customer enquiries and complaints

All third-party service providers are required to implement appropriate technical and organisational security measures and are prohibited from using your data for any purpose other than providing the service to us.

4.2 Business Partners and Franchisees

Apache Pizza operates through a franchise model in Ireland. Relevant order and delivery data may be shared with individual Apache Pizza franchise locations in order to fulfil your order. These franchise partners are bound by data protection obligations consistent with this policy.

4.3 Legal Requirements

We may disclose your personal data if we are required to do so by law, or if such disclosure is necessary to:

  • Comply with a legal obligation under Irish or EU law
  • Respond to a valid request from a court, regulatory authority, or law enforcement agency
  • Protect the rights, property, or safety of Apache Pizza, our customers, or others
  • Investigate, prevent, or take action in connection with potential fraud or illegal activity

4.4 Business Transfers

In the event that Apache Pizza or any part of its business is acquired, merged with another organisation, or undergoes a significant corporate restructuring, your personal data may be transferred to the new business owner as part of that transaction. We will notify you in advance of any such change that affects how your data is processed.

5. Data Security

We take the security of your personal data extremely seriously and have implemented a range of technical and organisational measures designed to protect your data against unauthorised access, disclosure, alteration, or destruction.

5.1 Technical Security Measures

  • SSL/TLS encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) technology
  • Encrypted storage: Sensitive data, including account passwords, is stored in encrypted format
  • Secure payment processing: Payment card data is handled by PCI-DSS compliant payment processors
  • Firewalls and intrusion detection: Our systems are protected by firewalls and monitored for suspicious activity
  • Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis
  • Regular security testing: We conduct periodic security assessments and vulnerability testing

5.2 Organisational Security Measures

  • Staff training on data protection and information security obligations
  • Clear data handling policies and internal procedures
  • Data protection impact assessments for high-risk processing activities
  • Incident response procedures for data breaches

5.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) within 72 hours of becoming aware of the breach, as required under Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with Article 34 of the GDPR.

Important: While we implement robust security measures, no method of data transmission or storage is completely secure. We encourage you to use strong, unique passwords for your account and to contact us immediately at [email protected] if you believe your account has been compromised.

6. Your Rights Under GDPR and Irish Data Protection Law

Under the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988–2018, you have the following rights in relation to your personal data. We will respond to all verified requests within one calendar month, as required by law. In complex cases, we may extend this period by a further two months, but we will always inform you of any such extension.

6.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you, along with information about how we use it, who we share it with, and how long we retain it. This is known as a Subject Access Request (SAR).

6.2 Right to Rectification (Article 16 GDPR)

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You can update certain account information directly through your online profile, or contact us to request corrections.

6.3 Right to Erasure / "Right to Be Forgotten" (Article 17 GDPR)

In certain circumstances, you have the right to request that we delete your personal data. This right applies where:

  • The data is no longer necessary for the purpose for which it was collected
  • You withdraw your consent and there is no other lawful basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Please note that this right is not absolute, and we may be required to retain certain data to comply with legal obligations.

6.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while you contest the accuracy of your data or while we consider an objection to processing.

6.5 Right to Data Portability (Article 20 GDPR)

Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

6.6 Right to Object (Article 21 GDPR)

You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis. You also have an unconditional right to object to the processing of your data for direct marketing purposes at any time. If you object to direct marketing, we will stop processing your data for that purpose immediately.

6.7 Rights Related to Automated Decision-Making and Profiling (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces significant legal or similarly significant effects on you. We do not currently make any such automated decisions about our customers without human involvement.

6.8 How to Exercise Your Rights

To exercise any of the rights listed above, please contact us by:

We may need to verify your identity before processing your request. We will not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee.

7. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable Irish and EU law. The following retention periods apply as a general guide:

Category of Data Retention Period Reason
Account and profile information Duration of account + 2 years after account closure Service provision and legal compliance
Order and transaction records 7 years Irish taxation and accounting obligations
Payment transaction records 7 years Legal and regulatory requirements
Marketing preferences and records Until consent is withdrawn + 1 year Compliance and audit trail
Customer communications and enquiries 3 years Legitimate interests and dispute resolution
Website usage and analytics data 26 months Analytics and service improvement
Cookie data As set out in our Cookie Policy Varies by cookie type

When your personal data is no longer required, we will securely delete or anonymise it in accordance with our internal data retention and deletion procedures. Anonymised data (which can no longer identify you) may be retained for analytical or statistical purposes.

8. Cookies and Tracking Technologies

Our website, apchepiza.com, uses cookies and similar technologies such as web beacons and pixel tags to improve your browsing experience, analyse website traffic, and deliver relevant marketing content.

8.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, tablet, or smartphone) when you visit a website. They allow the website to recognise your device, remember your preferences, and provide a more personalised experience.

8.2 Types of Cookies We Use

  • Strictly necessary cookies: Essential for the website to function, including maintaining your session and shopping basket. These cannot be disabled.
  • Performance and analytics cookies: Help us understand how visitors use our website (e.g., Google Analytics). These collect anonymous statistical data.
  • Functional cookies: Remember your preferences (such as language or location) to improve your experience.
  • Targeting and advertising cookies: Used to deliver relevant advertising and track the effectiveness of marketing campaigns. These require your consent.

8.3 Your Cookie Choices

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or manage your cookie preferences. You can also manage or withdraw your cookie consent at any time through your browser settings or our cookie preference centre.

For full details about the cookies we use, including specific cookie names, their purposes, and retention periods, please refer to our Cookie Policy, available on our website at apchepiza.com.

9. Children's Privacy

Age Restriction: Our online ordering services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal data from children under the age of 18.

Apache Pizza's website and online ordering platform are not directed at children under the age of 18. By using our services, you confirm that you are at least 18 years of age. If you are a parent or guardian and believe that your child under 18 has provided us with personal data without your consent, please contact us immediately at [email protected] and we will take steps to delete such information promptly.

Where we become aware that personal data has been collected from a child under 18 without appropriate parental consent, we will take immediate action to delete that data from our records in accordance with our obligations under the GDPR and applicable Irish law.

10. International Data Transfers

Apache Pizza is based in Ireland and primarily processes your personal data within the European Economic Area (EEA). However, some of our third-party service providers (such as cloud hosting providers, analytics platforms, or communications tools) may transfer and process your data outside the EEA, including in countries such as the United States of America.

10.1 Safeguards for International Transfers

Where we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, in accordance with Chapter V of the GDPR. These safeguards may include:

  • Standard Contractual Clauses (SCCs): Contractual terms approved by the European Commission that impose data protection obligations on the recipient
  • Adequacy decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection
  • Binding Corporate Rules (BCRs): Where applicable, for transfers within multinational corporate groups
  • Approved certification mechanisms: Such as participation in recognised data protection frameworks

You may request further information about the specific safeguards we have in place for international data transfers by contacting us at [email protected].

11. Legal Basis Summary

The following table summarises the lawful bases under Article 6 of the GDPR that we rely upon to process your personal data:

Processing Purpose Lawful Basis
Processing and fulfilling orders Performance of a contract (Art. 6(1)(b))
Managing your account Performance of a contract (Art. 6(1)(b))
Processing payments Performance of a contract (Art. 6(1)(b))
Sending transactional communications Performance of a contract (Art. 6(1)(b))
Email/SMS marketing (opt-in) Consent (Art. 6(1)(a))
Website analytics and improvement Legitimate interests (Art. 6(1)(f))
Fraud prevention and security Legitimate interests (Art. 6(1)(f))
Compliance with taxation and accounting rules Legal obligation (Art. 6(1)(c))
Responding to legal requests Legal obligation (Art. 6(1)(c))

12. How to Make a Complaint

We take your privacy rights seriously and are committed to handling any complaints swiftly and fairly. If you have a concern about how we are handling your personal data, we encourage you to contact us in the first instance so that we can try to resolve the matter.

12.1 Contact Us Directly

Please contact us with the details of your complaint:

We will acknowledge your complaint promptly and aim to provide a full response within 30 days.

12.2 Complaint to the Data Protection Commission (DPC)

If you are not satisfied with our response, or if you believe that we are processing your personal data in a manner that is not compliant with applicable data protection law, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority for data protection in Ireland.

Data Protection Commission (DPC)

Website: www.dataprotection.ie

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Phone: +353 (0)1 765 0100

Email: [email protected]

You may also have the right to seek a judicial remedy or to contact the data protection supervisory authority in the EU Member State in which you habitually reside or work, if different from Ireland.

13. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, or online services that are not operated by Apache Pizza. This Privacy Policy applies only to our website at apchepiza.com and our services. We have no control over, and are not responsible for, the privacy practices or content of any third-party websites. We encourage you to read the privacy policies of any third-party websites you visit.

14. Social Media and Online Advertising

Apache Pizza may maintain pages or profiles on social media platforms including Facebook, Instagram, and other platforms. When you interact with us on these platforms, the respective platform's own privacy policy and terms of service apply. We may also use social media and online advertising tools (such as Facebook Pixel or Google Ads) to deliver targeted advertising. These tools may involve the use of cookies or similar tracking technologies. Your cookie preferences on our website will determine whether such tracking is permitted.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, applicable law, or technological developments. We will indicate the date of the most recent update at the top of this page. Where changes are significant, we will take reasonable steps to inform you — for example, by posting a prominent notice on our website or by sending you an email notification where we hold your contact details.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our website and services after any changes are posted constitutes your acknowledgement of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please do not hesitate to contact us:

Company Name Apache Pizza
Email Address [email protected]
Website apchepiza.com
Jurisdiction Ireland
Supervisory Authority Data Protection Commission (DPC), Ireland — www.dataprotection.ie
We are here to help. Data privacy is important to us, and we are committed to being transparent about how we handle your information. Please reach out to us at any time at [email protected] if you have any questions about this policy.

This Privacy Policy was last reviewed and updated on May 31, 2026. It is governed by the laws of Ireland and the European Union, including the General Data Protection Regulation (EU) 2016/679 and the Data Protection Acts 1988–2018.