Privacybeleid
Privacy Policy – Papa Johns Netherlands
Last updated: 24 October 2025
This Privacy Policy describes how Papa Holdings NL B.V. (“Papa John’s Netherlands”, “we”, “us”, “our”) collects, uses, discloses, and protects your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Dutch Telecommunications Act (“Telecommunicatiewet”).
Papa Holdings NL B.V., registered with the Dutch Chamber of Commerce (KvK) under number 59581883, having its registered office at Strijkviertel 31, 3454 PJ Utrecht, the Netherlands, acts as the Data Controller for the processing of personal data described in this policy.
For any privacy-related inquiries, you can contact us at papa@papajohns.co.nl.
1. Collection of Personal Data
We collect and process personal data when you interact with our services, including when you:
– Place an order via our website, mobile app or in-store.
– Create an account or join the Papa Club loyalty program.
– Subscribe to our newsletter or marketing communications.
– Contact our customer service team.
– Visit our website or use our mobile application.
2. Legal Basis for Processing
We process personal data only where a valid legal basis under the GDPR applies:
– **Consent:** For example, when you subscribe to our newsletter or agree to receive marketing messages.
– **Performance of a contract:** To process and deliver your order.
– **Legal obligation:** To comply with tax, accounting, or regulatory requirements.
– **Legitimate interest:** For marketing to existing customers who have previously placed an order, provided that an opt-out option is always available.
3. Use of Personal Data
We use your personal data for purposes including:
– Managing your account and orders.
– Providing delivery and payment services.
– Sending service-related communications (e.g., order confirmations, delivery status).
– Providing marketing communications, special offers, and promotions – only with your consent (for new customers) or based on legitimate interest (for existing customers).
– Improving our services, website, and user experience.
– Preventing fraud and enforcing our legal rights.
4. Cookies and Tracking Technologies
Our website uses cookies and similar technologies. Analytical, functional, and marketing cookies are only placed after obtaining your consent, in compliance with the Dutch Telecommunications Act (Article 11.7a TW).
For more details about the types of cookies we use and your options, please refer to our Cookie Statement available on our website.
5. Data Sharing and Transfers
We may share personal data with trusted service providers that help us operate our business, including:
– Amazingfood, FoodTrac (delivery systems)
– Inforu (CRM platform)
– POVIS (cash register system)
– Google Analytics
– Meta Ads (advertising services)
– Mailchimp (email campaigns)
These processors act under data processing agreements ensuring compliance with GDPR. Data transfers outside the EEA occur only where adequate safeguards exist (e.g., EU Standard Contractual Clauses or adequacy decisions, including the EU–US Data Privacy Framework for U.S. entities).
6. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
– Account and customer relationship: while active and up to 2 years after closure.
– Orders and delivery: up to 2 years after fulfillment.
– Marketing and personalization: up to 2 years after last interaction.
– Legal compliance: as long as required by applicable legislation.
7. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or disclosure. Our website is secured under the SOC2 standard. Access to data is restricted to authorized personnel on a need-to-know basis.
8. Your GDPR Rights
You have the right to:
– Access, correct, or delete your personal data.
– Object to processing, including direct marketing.
– Withdraw consent at any time.
– Receive a copy of your data (data portability).
You can exercise these rights by contacting us at papa@papajohns.co.nl. We will respond within one month of receiving your request.
If you are not satisfied with our response, you may file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
9. Children’s Privacy
Our services are not directed to individuals under 16 years old. We do not knowingly collect personal data from minors. If you believe that a child has provided us with personal data without parental consent, please contact us so we can delete it promptly.
10. Updates to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on our website with an updated “Last Updated” date. In case of significant changes, we will notify you by email or through a notice on our website.