Privacy Policy

Last updated: June 2026

1. Data Controller

Pizzarotto, Rotterdam, Netherlands. Contact: order@pizzarotto.nl

2. Data We Collect

• Name, email, phone number, delivery address
• Order history and preferences
• Account credentials (passwords stored hashed with bcrypt)

3. Purpose & Legal Basis

We process your data to fulfill orders (contract), comply with Dutch tax law (legal obligation), and with your explicit consent at registration (GDPR Art. 6).

4. Retention

Order records are retained for 7 years per Dutch tax law. Personal data is deleted or anonymized upon account deletion request.

5. Your Rights

You have the right to access, rectify, erase, restrict processing, and data portability. Contact order@pizzarotto.nl to exercise these rights.

6. Hosting

Data is hosted in the EU (Vercel Frankfurt region, MongoDB Atlas EU).

7. Cookies

See our Cookie Policy.