Privacy Policy

Last Updated: November 2025
Effective Date: November 2025

1. Introduction

Pizza 73 ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website pizza73-a.org and use our food delivery services in Québec, Canada.

This Privacy Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Act Respecting the Protection of Personal Information in the Private Sector (Québec), as well as other applicable Canadian privacy laws.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Contact Information:
  • Full name (first and last name)
  • Email address (for order confirmations and communications)
  • Phone number (mobile and/or landline for delivery coordination)
  • Delivery address (street address, apartment/unit number, city, postal code, province)
  • Billing address (if different from delivery address)
  • Alternate contact information (for delivery instructions)
• Payment Information:
  • Credit card number, expiration date, CVV (processed securely through PCI DSS compliant third-party payment processors)
  • Debit card information
  • Billing address and postal code
  • Payment method preferences
  • Transaction history and receipts
  • Note: We do not store full credit card numbers on our servers. All payment processing is handled by secure third-party providers.
• Order History and Preferences:
  • Past order details (items ordered, quantities, prices, dates)
  • Favorite menu items and frequently ordered products
  • Dietary restrictions and allergies (e.g., gluten-free, vegetarian, vegan, nut allergies)
  • Special instructions for food preparation
  • Delivery preferences (time preferences, special delivery instructions)
  • Order frequency and spending patterns
• Account Information:
  • Username or account ID
  • Password (encrypted using industry-standard hashing algorithms)
  • Account creation date and last login information
  • Account preferences and settings
  • Loyalty program information (if applicable)
  • Communication preferences (email, SMS, push notifications)
• Customer Service Information:
  • Customer service inquiries and support tickets
  • Complaints and feedback
  • Recordings of customer service calls (with your consent)
  • Chat transcripts from online support

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information:

• Device Information:
  • IP address (Internet Protocol address) - may be used to determine approximate geographic location
  • Browser type and version (Chrome, Firefox, Safari, Edge, etc.)
  • Device type (desktop, mobile, tablet)
  • Operating system (Windows, macOS, iOS, Android, Linux)
  • Screen resolution and display settings
  • Device identifiers (device ID, advertising ID)
  • Language preferences
  • Time zone
• Usage Data and Analytics:
  • Pages visited and navigation paths
  • Time spent on each page
  • Click patterns and mouse movements
  • Search queries within our website
  • Items viewed, added to cart, and purchased
  • Form interactions and completion rates
  • Error messages and technical issues encountered
  • Referral sources (how you arrived at our website)
  • Session duration and frequency of visits
• Location Data:
  • General location information derived from IP address (city, province level)
  • Precise location data (with explicit consent) for delivery purposes
  • GPS coordinates (if location services are enabled on mobile devices)
  • Delivery area verification
  • Note: Precise location data is only collected with your explicit permission and is used solely for delivery services.
• Cookies and Tracking Technologies:
  • Session cookies for website functionality
  • Persistent cookies for preferences and analytics
  • Third-party cookies from service providers (Google Analytics, payment processors)
  • Web beacons and pixel tags for tracking
  • Local storage data (shopping cart contents, preferences)
  • See our Cookie Policy for comprehensive details

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Order Processing and Fulfillment

• Process and confirm your food orders
• Coordinate with kitchen staff for food preparation
• Arrange delivery with courier services
• Track order status and delivery progress
• Handle special dietary requirements and food allergies
• Manage order modifications, cancellations, and refunds
• Generate order receipts and invoices
• Maintain order history for your account

3.2 Communication

• Send order confirmations via email and SMS
• Provide delivery updates and estimated arrival times
• Notify you of order status changes (preparing, out for delivery, delivered)
• Respond to customer service inquiries and support requests
• Send important service updates and policy changes
• Contact you regarding order issues or quality concerns
• Follow up on customer feedback and reviews

3.3 Payment Processing and Fraud Prevention

• Process credit card and debit card transactions securely
• Verify payment information and prevent fraudulent transactions
• Detect and prevent unauthorized access to accounts
• Comply with PCI DSS (Payment Card Industry Data Security Standard) requirements
• Handle payment disputes and chargebacks
• Maintain financial records for accounting and tax purposes

3.4 Service Improvement

• Analyze website usage patterns to improve user experience
• Identify popular menu items and optimize inventory
• Enhance website functionality and performance
• Develop new features based on user behavior
• Conduct market research and customer satisfaction surveys
• Test and optimize website design and layout
• Improve delivery routes and efficiency

3.5 Marketing and Promotions (With Your Consent)

• Send promotional emails about special offers, discounts, and new menu items
• Deliver targeted advertisements based on your preferences and order history
• Notify you about loyalty program benefits and rewards
• Invite you to participate in customer surveys and feedback programs
• Share information about upcoming events and seasonal promotions
• You can opt-out of marketing communications at any time by clicking the unsubscribe link in emails or contacting us directly.

3.6 Legal Compliance and Safety

• Comply with applicable laws and regulations in Canada and Québec
• Respond to legal requests, court orders, and government inquiries
• Protect our legal rights and interests
• Prevent fraud, abuse, and illegal activities
• Ensure food safety and public health compliance
• Maintain records as required by tax and business regulations
• Protect the safety and security of our customers, employees, and business

3.7 Analytics and Business Intelligence

• Generate business reports and analytics
• Track sales trends and revenue patterns
• Analyze customer demographics and preferences
• Measure marketing campaign effectiveness
• Forecast demand and optimize inventory management
• Identify opportunities for business growth

4. Legal Basis for Processing (PIPEDA Compliance)

Under Canadian privacy law, we process your personal information based on:

• Consent: You have provided explicit consent for specific purposes
• Contractual Necessity: Processing is necessary to fulfill our contract with you (delivery services)
• Legal Obligation: We must comply with applicable laws and regulations
• Legitimate Interests: Processing is necessary for our legitimate business interests, balanced against your privacy rights

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who assist us in operating our business. These providers are contractually obligated to protect your information and use it only for specified purposes. Categories of service providers include:

• Payment Processors:
  • Stripe, PayPal, or other PCI DSS compliant payment processors
  • Used for: Secure payment processing, fraud prevention, transaction management
  • Data shared: Payment card information (tokenized), billing address, transaction amounts
• Delivery Partners:
  • Third-party courier services and delivery drivers
  • Used for: Order delivery, delivery tracking, customer communication
  • Data shared: Delivery address, phone number, order details, delivery instructions
• IT and Hosting Services:
  • Cloud hosting providers (e.g., AWS, Google Cloud, Microsoft Azure)
  • Used for: Website hosting, data storage, backup services, content delivery
  • Data shared: All website data, user accounts, order information
• Analytics and Marketing:
  • Google Analytics, Facebook Pixel, marketing automation platforms
  • Used for: Website analytics, marketing campaign tracking, customer insights
  • Data shared: Usage data, device information, anonymized behavioral data
• Customer Service:
  • Customer support platforms, chat services, email service providers
  • Used for: Customer communications, support ticket management
  • Data shared: Contact information, order history, support inquiries
• Email and Communications:
  • Email service providers (e.g., SendGrid, Mailchimp)
  • Used for: Order confirmations, marketing emails, transactional communications
  • Data shared: Email addresses, names, order information

All service providers are required to:

• Maintain appropriate security measures to protect your information
• Use your information only for the purposes specified in our agreements
• Comply with applicable privacy laws and regulations
• Notify us of any security breaches involving your information
• Return or securely delete your information upon termination of services

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, including:

• Responding to legal process or government requests
• Enforcing our Terms of Service
• Protecting our rights, property, or safety
• Preventing fraud or security threats

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

6.1 Technical Security Measures

• Encryption:
  • SSL/TLS 1.3 encryption (HTTPS) for all data transmission between your browser and our servers
  • AES-256 encryption for sensitive data at rest
  • Encrypted password storage using bcrypt hashing algorithms
  • Encrypted database connections
  • Secure API communications
• Network Security:
  • Firewall protection and intrusion detection systems
  • DDoS (Distributed Denial of Service) protection
  • Regular security patches and updates
  • Network segmentation and access controls
  • Secure VPN access for employees
• Server Security:
  • Secure hosting infrastructure with reputable providers
  • Regular security audits and vulnerability assessments
  • Automated security monitoring and alerting
  • Backup and disaster recovery procedures
  • Secure data centers with physical access controls
• Payment Security:
  • PCI DSS Level 1 compliant payment processing
  • Tokenization of payment card data
  • No storage of full credit card numbers on our servers
  • Secure payment gateway integration
  • Fraud detection and prevention systems

6.2 Organizational Security Measures

• Access Controls:
  • Role-based access controls (RBAC) limiting employee access to personal information
  • Multi-factor authentication (MFA) for administrative accounts
  • Regular access reviews and revocation of unnecessary access
  • Unique user accounts and strong password requirements
  • Session timeout and automatic logout
• Employee Training:
  • Regular privacy and security training for all employees
  • Data handling policies and procedures
  • Incident response training
  • Confidentiality agreements
  • Background checks for employees with access to sensitive data
• Data Protection Policies:
  • Data minimization (collecting only necessary information)
  • Data retention policies and secure deletion procedures
  • Regular security assessments and penetration testing
  • Incident response and breach notification procedures
  • Third-party vendor security assessments

6.3 Security Limitations

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You should also take steps to protect your information, such as:

• Using strong, unique passwords for your account
• Not sharing your account credentials with others
• Logging out of your account when using shared devices
• Keeping your device software and browsers updated
• Being cautious when using public Wi-Fi networks

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on legal requirements, business needs, and the nature of the information:

7.1 Retention Periods by Data Type

• Order Information:
  • Retained for 7 years from the date of the last transaction (as required by Canadian tax law)
  • Includes: Order details, receipts, payment records, delivery information
  • Purpose: Tax compliance, accounting, financial reporting, dispute resolution
• Account Information:
  • Active accounts: Retained while account is active
  • Inactive accounts: Retained for 3 years after last login or activity
  • Closed accounts: Retained for 1 year after account closure, then anonymized or deleted
  • Includes: Username, email, preferences, order history
• Payment Information:
  • Payment card tokens: Retained until account closure or card expiration
  • Transaction records: Retained for 7 years (tax and accounting requirements)
  • Billing addresses: Retained for 7 years
  • Note: Full credit card numbers are never stored on our servers
• Marketing Data:
  • Retained until you withdraw consent or opt-out
  • Email marketing lists: Updated immediately upon opt-out
  • Marketing preferences: Retained until account closure
• Customer Service Records:
  • Support tickets and inquiries: Retained for 3 years
  • Complaints and feedback: Retained for 5 years
  • Call recordings (with consent): Retained for 1 year
• Website Analytics Data:
  • Aggregated and anonymized data: Retained indefinitely for business intelligence
  • Individual user analytics: Retained for 26 months (Google Analytics default)
  • Cookies: Retained according to cookie expiration dates (see Cookie Policy)
• Legal and Compliance Records:
  • Retained as required by applicable laws and regulations
  • May include: Legal disputes, regulatory investigations, tax records
  • Retention period varies by legal requirement (typically 5-7 years)

7.2 Data Deletion

When retention periods expire, we securely delete or anonymize your personal information using industry-standard methods. Anonymized data (data that cannot identify you) may be retained for statistical and analytical purposes. Deletion may be delayed if:

• There is an ongoing legal dispute or investigation
• We are required to retain data by law or court order
• Data is necessary for legitimate business purposes (e.g., fraud prevention)
• Technical limitations prevent immediate deletion (data will be deleted as soon as technically feasible)

8. Your Rights (Canadian Privacy Rights)

Under Canadian privacy laws, including PIPEDA and Québec's privacy legislation, you have the following rights regarding your personal information:

8.1 Right to Access

You have the right to:

• Request access to your personal information we hold
• Receive a copy of your personal information in a readable format
• Know what personal information we have collected, used, and disclosed
• Understand how your information is being used

How to exercise: Submit a written request to privacy@pizza73-a.org or contact us using the information below. We will respond within 30 days (may be extended to 60 days with notice).

8.2 Right to Correction

You have the right to:

• Request correction of inaccurate, incomplete, or outdated personal information
• Have corrections made promptly
• Have corrected information sent to third parties who received the incorrect information (where applicable)

How to exercise: Contact us to update your information. You can also update some information directly through your account settings on our website.

8.3 Right to Withdraw Consent

You have the right to:

• Withdraw your consent for processing personal information at any time
• Opt-out of marketing communications
• Disable cookies (see Cookie Policy for instructions)

Limitations: Withdrawal of consent may affect our ability to provide services. We cannot process orders without necessary information (e.g., delivery address, payment information). Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

How to exercise:

• Marketing emails: Click "unsubscribe" link in any marketing email
• Account settings: Update preferences in your account settings
• Contact us: Email privacy@pizza73-a.org

8.4 Right to Deletion

You have the right to:

• Request deletion of your personal information
• Have your account closed and data deleted (subject to legal retention requirements)

Limitations: We may be required to retain certain information for:

• Legal compliance (e.g., tax records for 7 years)
• Ongoing legal disputes or investigations
• Legitimate business interests (e.g., fraud prevention)
• Public health and safety requirements

How to exercise: Submit a deletion request to privacy@pizza73-a.org. We will confirm deletion or explain any legal basis for retention.

8.5 Right to Data Portability

You have the right to:

• Receive a copy of your personal information in a structured, commonly used, and machine-readable format
• Transfer your data to another service provider (where technically feasible)

How to exercise: Request a data export through your account settings or contact us. We will provide your data in JSON or CSV format within 30 days.

8.6 Right to Object

You have the right to:

• Object to processing based on legitimate interests
• Object to direct marketing
• Object to automated decision-making (if applicable)

8.7 Right to File a Complaint

If you believe we have violated your privacy rights, you have the right to file a complaint with:

• Office of the Privacy Commissioner of Canada:
  • Website: www.priv.gc.ca
  • Phone: 1-800-282-1376
  • Address: 30 Victoria Street, Gatineau, QC K1A 1H3
• Commission d'accès à l'information du Québec:
  • Website: www.cai.gouv.qc.ca
  • Phone: 1-888-528-7741
  • Address: 575, rue Saint-Amable, Bureau 1.10, Québec, QC G1R 2G4

We encourage you to contact us first to resolve any concerns. We are committed to addressing privacy complaints promptly and fairly.

8.8 Exercising Your Rights

To exercise any of these rights, please contact us:

• Email: privacy@pizza73-a.org
• Phone: (289) 240-7830
• Mail: Pizza 73 - Privacy Officer, 3333 Rue du Carrefour, Québec, QC G1C 5R9

We may require verification of your identity before processing requests to protect your privacy. We will respond to your request within 30 days (or 60 days with notice if more time is needed).

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

10. International Data Transfers

Your information is primarily stored and processed in Canada. If we transfer your information outside of Canada, we ensure appropriate safeguards are in place to protect your information in accordance with Canadian privacy laws.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. For detailed information about our use of cookies, please see our Cookie Policy.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification (if you have provided an email address)
• Displaying a prominent notice on our website

Your continued use of our services after such changes constitutes acceptance of the updated policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

15. Complaints

If you have concerns about how we handle your personal information, you may file a complaint with:

• Office of the Privacy Commissioner of Canada: www.priv.gc.ca
• Commission d'accès à l'information du Québec: www.cai.gouv.qc.ca