Privacy Policy

Creta Restaurant ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, place orders, or make reservations with us.

Our website and ordering system is provided by Ape Vibe Ltd (trading as ApeTables™), who acts as our technology partner and data processor. They handle the technical aspects of data storage and processing on our behalf, under our instructions and in accordance with this policy.

By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when you:

• Place an order: Name, email address, phone number, delivery address, payment information
• Make a reservation: Name, email address, phone number, party size, special requirements
• Contact us: Name, email address, phone number, message content
• Create an account: Username, email address, password, preferences

Information Automatically Collected

When you visit our website, we automatically collect:

• Technical information: IP address, browser type, device information, operating system
• Usage information: Pages visited, time spent on pages, clicks, interactions
• Location information: Postcode for delivery calculations (when provided)
• Cookies and tracking data: As described in our cookie policy

Payment Information

Payment information is processed securely by our payment processors (Stripe). We do not store complete payment card details on our servers.

2. How We Use Your Information

We use your information for the following purposes:

Service Delivery

• Processing and fulfilling your orders and reservations
• Calculating delivery fees and availability
• Communicating with you about your orders
• Providing customer support
• Managing your account and preferences

Business Operations

• Improving our website and services
• Analyzing usage patterns and preferences
• Preventing fraud and ensuring security
• Complying with legal obligations

Enhanced Customer Experience

• Building customer loyalty programs and rewards
• Offering personalized discounts and promotions
• Remembering your preferences and order history
• Providing tailored recommendations based on your past orders
• Creating a more personalized dining and ordering experience

Marketing (with your consent)

• Sending promotional emails about offers and new menu items
• Personalizing your experience on our website
• Showing relevant advertisements on third-party platforms

Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract: To fulfill orders and reservations
• Legitimate interests: To improve our services, enhance customer experience, prevent fraud, and build customer loyalty
• Consent: For marketing communications and optional cookies
• Legal obligation: For tax, accounting, and regulatory compliance

3. Cookies and Tracking Technologies

Essential Cookies

We use essential cookies that are necessary for our website to function:

• Shopping cart: Remembers items you've added to your cart
• Location: Stores your postcode for delivery calculations
• Preferences: Remembers your delivery/collection choice
• Authentication: Keeps you logged in to your account

Optional Cookies (require consent)

• Analytics cookies: Google Analytics to understand website usage
• Marketing cookies: Facebook Pixel for targeted advertising

Managing Cookies

You can manage your cookie preferences through:

• Our cookie consent banner when you first visit
• The "Cookie Settings" link in our website footer
• Your browser settings (though this may affect website functionality)

4. Information Sharing

Our Technology Partner

Ape Vibe Ltd (trading as ApeTables™) acts as our data processor and technology partner. They:

• Provide and maintain our website and ordering system
• Store and process your data securely on our behalf
• Operate under strict data processing agreements with us
• Only process your data according to our instructions
• Implement appropriate technical and organizational security measures

Service Providers

We may also share your information with:

• Payment processors: Stripe for secure payment processing
• Email services: For sending order confirmations and communications
• Analytics services: Google Analytics (if you consent)
• Security services: Cloudflare for website security and performance

Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Comply with tax and accounting obligations

Business Transfers

In the event of a merger, acquisition, or sale of our business, your information may be transferred to the new owners.

5. Data Security

We and our technology partner, Ape Vibe Ltd (ApeTables™), implement comprehensive security measures to protect your personal information:

Technical Security Measures

• Encryption: All data transmissions are encrypted using SSL/TLS technology
• Secure hosting: Data is stored on secure cloud servers with enterprise-grade security
• Access controls: Strict authentication and authorization protocols
• Regular backups: Automated secure backups to prevent data loss
• Security monitoring: 24/7 monitoring for suspicious activities

Operational Security Measures

• Payment security: PCI DSS compliance for payment processing
• Staff training: Regular training on data protection best practices
• System updates: Regular security patches and system updates
• Data processing agreements: Contractual security obligations with all service providers

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information using industry-standard security measures, we cannot guarantee absolute security.

6. Your Rights

Under data protection laws (including GDPR), you have the following rights:

To exercise these rights, please contact us using the details in the "Contact Us" section below.

7. Data Retention

We retain your personal information for the following periods, with data securely stored by our technology partner, Ape Vibe Ltd (ApeTables™):

• Order data: 7 years (for tax, accounting, and legal compliance)
• Reservation data: 3 years (for customer service, loyalty programs, and business analytics)
• Customer loyalty data: Until you withdraw consent or 5 years of account inactivity
• Marketing data: Until you withdraw consent or 3 years of inactivity
• Website analytics: 26 months (Google Analytics default retention period)
• Account data: Until you request deletion or 3 years of inactivity

After these periods, we will securely delete or anonymize your data. You can request earlier deletion of your data by contacting us, subject to our legal and regulatory obligations.

8. Third-Party Services

Our website uses the following third-party services:

These services may collect information about you according to their own privacy policies.

9. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

We will respond to your request within one month of receipt.