Privacy Policy

Last updated: 30 May 2026

This privacy policy describes how Pizzanet collects, uses and protects personal data in accordance with the EU General Data Protection Regulation (GDPR). We process personal data only to the extent necessary to provide the service.

1. Data Controller

Pizzanet is a service maintained by Nordweb Oy. The data controller is responsible for processing personal data as described in this policy. For data protection matters, please use the contact details below.

Nordweb Oy
info@pizzanet.fi

2. Personal Data Collected

We collect and process the following categories of personal data:

  • From restaurants: restaurant name, address, contact details and menu information, and for online payment activation: business details (business ID, VAT status), bank details (IBAN, BIC) and the responsible person's name.
  • From customers: name, email, phone number, delivery address and order details. Payment details (such as card numbers) are processed directly by Stripe. Pizzanet does not store payment information.
  • Technical data: IP address (stored in hashed, i.e. pseudonymised form in analytics), browser and device information, your language, and information about your use of the site (such as pages viewed). This is collected as log data and, based on consent, by analytics tools.

3. Purposes and Legal Bases for Processing

We process personal data for the following purposes and on the following legal bases under the GDPR:

  • Providing the service, managing user accounts and login. Legal basis: performance of a contract and legitimate interest in operating the service.
  • Receiving orders, forwarding them to the restaurant and processing payments. Legal basis: performance of a contract.
  • Complying with legal obligations such as accounting and tax requirements. Legal basis: the controller's legal obligation.
  • Developing the service and compiling visitor statistics. Legal basis: consent (analytics cookies) or legitimate interest in improving the service.
  • Targeting and measuring advertising (Meta Pixel and Google Ads). Legal basis: consent.

4. Sources of Data

Personal data is primarily obtained from the data subject when you use the service, place an order, register a restaurant or contact us. Technical data is collected automatically as you use the site.

5. Data Sharing and Recipients

We do not sell personal data. We share data only to the extent necessary to operate the service, with the following recipients:

  • Restaurants: the information needed to fulfil an order (name, delivery address, phone number and order contents) is forwarded to the restaurant receiving the order.
  • Payment provider: online payments are processed by Stripe, to which the information needed to complete the payment is transmitted.
  • Data processors: we use trusted service providers such as server infrastructure (hosting), email delivery, analytics (Google Analytics) and marketing (Meta). Processors handle data only on our instructions and under a data processing agreement.

6. Transfers Outside the EU or EEA

Some of the service providers we use (such as Google and Meta) may process data outside the EU or EEA, for example in the United States. Such transfers are based on appropriate safeguards, such as the Standard Contractual Clauses (SCC) approved by the European Commission or the EU-US Data Privacy Framework.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy. Order and payment data is retained for the period required by accounting law (generally 6 years from the end of the financial year). User account data is retained for the duration of the account. Analytics and marketing data is retained for a limited period, after which it is deleted or anonymised.

8. Cookies and Tracking

We use essential session cookies to ensure the service functions. With your consent, we also use analytics cookies (Google Analytics) to compile visitor statistics and marketing cookies (Meta Pixel) to measure and target advertising. In analytics, the IP address is processed in hashed form. You can give, refuse or change your consent at any time from the cookie banner.

9. Payments and Payment Data

Online payments are processed through Stripe. Pizzanet does not store or process payment instrument details (e.g. card numbers). For more information about Stripe's privacy practices, visit stripe.com/privacy.

10. Data Security

We protect personal data with appropriate technical and organisational measures. Connections are encrypted (HTTPS/TLS), passwords are stored in hashed form, and access to personal data is restricted to those who need it to perform their tasks.

11. Your Rights as a Data Subject

You have the following rights regarding your personal data under the GDPR:

  • The right to access your data and check what data is stored about you.
  • The right to rectify inaccurate or incomplete data.
  • The right to erasure ("right to be forgotten") when there is no longer a basis for processing.
  • The right to restrict processing in certain situations.
  • The right to data portability, i.e. to transfer the data you have provided in a machine-readable format.
  • The right to object to processing based on legitimate interest, and to direct marketing.
  • The right to withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before it.

You can exercise your rights by contacting info@pizzanet.fi. You can also request deletion of your data via the data deletion request page. We may ask you to verify your identity before processing the request.

12. Right to Lodge a Complaint

If you consider that the processing of your personal data infringes data protection law, you have the right to lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (tietosuoja.fi).

13. Automated Decision-Making

We do not make decisions based on automated decision-making or profiling that would have legal or similarly significant effects on you.

14. Changes to This Privacy Policy

We may update this privacy policy as the service or legislation changes. We will publish the updated version on this page and indicate the date of the latest update at the top of the policy.

More information about privacy: Nordweb Oy Privacy Policy.