Privacy Policy

1. Introduction

Welcome to Pizza Cornerca ("we", "our", "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our mobile application, place orders, or interact with our services.

Pizza Cornerca UK Limited is the data controller responsible for your personal data. We are registered with the Information Commissioner's Office (ICO) under registration number ZA123456.

This policy applies to all information collected through our website (www.pizzacornerca.com), mobile application, online ordering system, and any related services, sales, marketing, or events.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access our services.

2. Data We Collect

We collect personal information that you voluntarily provide to us when you register on our website, place an order, subscribe to our newsletter, participate in promotions, or otherwise contact us.

2.1 Personal Information

The personal information we collect may include:

• Identity Data: First name, last name, username or similar identifier
• Contact Data: Billing address, delivery address, email address, telephone numbers
• Financial Data: Payment card details (processed securely through our payment providers)
• Transaction Data: Details about payments and orders you have placed with us
• Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system and platform
• Profile Data: Your username and password, purchases or orders made, preferences, feedback, and survey responses
• Usage Data: Information about how you use our website and services
• Marketing Data: Your preferences in receiving marketing and communication preferences

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device, including:

• Device type and operating system
• Browser type and version
• IP address and approximate location
• Pages visited and time spent on pages
• Referring website or application
• Click patterns and navigation paths

2.3 Information from Third Parties

We may receive personal data about you from various third parties, including:

• Analytics providers such as Google Analytics
• Advertising networks
• Payment service providers
• Delivery partners

3. How We Use Your Data

We use your personal information for the following purposes:

4. Legal Basis for Processing

Under UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

4.1 Contract

Processing is necessary to fulfil our contract with you (e.g., processing your order, delivering food to you).

4.2 Consent

Where you have given us explicit consent to process your data for specific purposes (e.g., marketing communications). You can withdraw consent at any time.

4.3 Legitimate Interests

Processing is necessary for our legitimate interests, provided these are not overridden by your rights. This includes improving our services, fraud prevention, and business administration.

4.4 Legal Obligation

Processing is necessary to comply with a legal obligation (e.g., tax records, food safety regulations).

5. Data Sharing

We may share your personal information with the following categories of recipients:

5.1 Service Providers

• Payment processors: Stripe, PayPal for secure payment processing
• Delivery partners: To fulfil delivery orders
• IT and cloud service providers: For hosting and technical support
• Marketing platforms: For email and SMS communications
• Analytics providers: To help us understand website usage

5.2 Legal Requirements

We may disclose your information when required by law, court order, or governmental authority, or to protect our legal rights.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

• Account data: Retained while your account is active, plus 7 years after closure
• Order data: 7 years for tax and accounting purposes
• Marketing preferences: Until you withdraw consent
• Website analytics: 26 months
• Customer support records: 3 years from last contact

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data we hold
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your data in certain circumstances
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or direct marketing
• Rights related to automated decision-making: Not be subject to solely automated decisions
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Our website uses cookies and similar tracking technologies to enhance your experience, analyse usage, and assist in our marketing efforts.

For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

You can control cookies through your browser settings and our cookie preference centre.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

Our security measures include:

• SSL/TLS encryption for all data transmission
• PCI-DSS compliant payment processing
• Regular security assessments and audits
• Access controls and authentication
• Staff training on data protection
• Secure data centres with physical security controls

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

If you believe we have collected information from a child, please contact us immediately at [email protected].

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending you an email notification (if you have provided your email)
• Displaying a prominent notice on our website

We encourage you to review this policy periodically to stay informed about how we protect your data.

12. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us: