Privacy Policy

Data Protection

Privacy Policy

In full compliance with the EU General Data Protection Regulation (GDPR) 2016/679 and Cyprus Law 125(I)/2018, this notice explains how we collect, use, and protect your personal data when you use our website and food delivery services.

1. Introduction & Data Controller Identity

This comprehensive Privacy Policy delineates the exact methodologies by which we collect, use, process, store, and protect your personal data when you interact with our website, utilize our digital e-commerce platform, or execute financial transactions for food delivery. We are uncompromisingly committed to ensuring that your privacy is safeguarded in strict accordance with the GDPR 2016/679 and the harmonized Cyprus national legislation, Law 125(I)/2018.

For the legal purposes established by the GDPR, the "Data Controller" the entity responsible for determining how and why your data is processed is the corporate entity operating this website and the associated BBQ Project brand, based in Larnaca, Republic of Cyprus.

2. Personal Data We Collect

To facilitate a seamless commercial experience and fulfill our operational duties, we collect and process the following specific categories of personal data:

Identity & Contact Data

Your first and last name, precise geographical delivery address, billing address, active email address, and mobile telephone number necessary for courier coordination.

Financial & Transaction Data

Chronological records regarding payments made to and from you, order histories, and specific culinary variants purchased. We never store raw credit card numbers, CVV codes, or bank routing details. All transactions are tokenized through fully PCI-DSS compliant payment gateways using SSL encryption.

Technical & Digital Usage Data

When you navigate our platform, we automatically capture your IP address, browser type, geographical time zone, operating system, and analytics regarding how you interact with our digital interfaces.

Profile & Marketing Data

Your unique account credentials, dietary preferences stored in your profile, customer service feedback, and your explicitly stated preferences regarding receiving marketing communications.

3. Lawful Basis for Data Processing

We rigorously adhere to the principle of lawful processing under Article 6 of the GDPR. We will only utilize your personal data when the legal framework explicitly permits us to do so:

Article 6(1)(b)

Contractual Necessity

Processing your Identity, Contact, and Financial Data to register you as a customer, process payment, execute your delivery, and communicate critical status updates.

Article 6(1)(f)

Legitimate Business Interests

Processing Technical and Usage Data to operate our digital enterprise securely, troubleshoot errors, analyze behavior to optimize our menu, and detect fraudulent transactions.

Article 6(1)(c)

Legal Obligation

Retaining Financial and Transaction Data to comply with Cyprus taxation authorities, corporate accounting standards, and financial reporting mandates (up to 6 years).

Article 6(1)(a)

Consent

Dispatching promotional email materials, newsletters, SMS discount codes, or deploying non-essential tracking cookies only with explicit, affirmative opt-in consent.

4. Data Sharing & Third-Party Disclosures

We fundamentally respect your data sovereignty. We categorically do not sell, rent, or trade your personal data to external data brokers or unrelated entities for their independent marketing purposes. We may share specific data subsets with trusted third parties strictly when it is operationally necessary:

  • Logistics & Courier Partners: Independent delivery couriers who require your name, address, and phone number to physically execute the delivery.

  • Digital Technology Partners: Secure payment processors, cloud infrastructure hosts, and IT entities. These partners operate under strict data processing agreements primarily within the EEA.

  • Legal & Regulatory Authorities: Government bodies, tax regulators, or law enforcement agencies if we are compelled by binding law, judicial court order, or to defend our legal rights.

5. Data Retention Schedules

We operate under the principle of data minimization and will only retain your personal data for as long as legally necessary to fulfill the exact purposes for which we collected it. By statutory mandate in Cyprus, we are required to securely retain basic financial and transactional information for a period of up to six (6) years after the last active purchase for tax auditing purposes.

Data collected via general customer service inquiries or uncompleted carts is routinely purged and is generally retained for no longer than one (1) year following the last communication.

6. Security Measures

We have implemented robust technical, cryptographic, and organizational security measures designed specifically to prevent your personal data from being accidentally lost, compromised, or accessed in an unauthorized manner. All data traffic between your device and our servers is secured using industry-standard SSL encryption. Internal access to your personal data is strictly limited by role-based access controls to those specific employees and contractors who possess a verified business need.

7. Your Rights as a Data Subject

Under the GDPR, you possess an extensive suite of specific and enforceable legal rights regarding your personal data:

📋

Right of Access

Request a comprehensive copy of the personal data we hold about you.

✏️

Right of Rectification

Demand immediate correction of any inaccurate or incomplete data we hold.

🗑️

Right to Erasure

Request permanent deletion of your data when there is no longer a legal reason for its continued processing.

⏸️

Right to Restrict Processing

Ask us to temporarily suspend processing of your data during specific disputes.

📤

Right to Data Portability

Request your data be transferred to you or a third party in a machine-readable format.

🚫

Right to Object

Object to processing based on our legitimate interests, and unconditionally object to direct marketing processing.

8. Cookies & Tracking Technologies

Our e-commerce platform utilizes cookies (small text files placed on your local device) and similar tracking technologies to maintain the state of your digital shopping cart, provide a seamless browsing experience, and collect anonymized statistical data regarding site performance. You may configure your browser to refuse all or some cookies. If you disable essential cookies, critical components of the checkout flow may become inaccessible or fail to function properly.

9. Supervisory Authority & Complaints

We are dedicated to resolving any privacy concerns swiftly and amicably. However, if you feel our resolution is inadequate, you possess the unassailable statutory right to lodge a formal complaint with the Cypriot Supervisory Authority:

Office of the Commissioner for Personal Data Protection

Address 15 Kypranoros Street, 1061 Nicosia, Cyprus
P.O. Box 23378, 1682 Nicosia, Cyprus
Email commissioner@dataprotection.gov.cy
Website www.dataprotection.gov.cy

10. Policy Updates

The digital regulatory landscape is dynamic. We keep our privacy notice under constant review to ensure ongoing compliance with evolving jurisprudence. Any structural changes or modifications to this policy will be posted prominently on this page, and where materially appropriate, actively notified to registered users via email. This policy was last updated in March 2025 in accordance with the prevailing European Union legal framework.

This privacy policy is governed by EU GDPR 2016/679 and Cyprus Law 125(I)/2018. Last reviewed: March 2025.

Barbeque Project Map & Contact

Find The Smoke

Call Us

+357 24252082

Email Us

lambrisbbqproject@gmail.com

Location

Faneromenis 212
Larnaca 6037

Opening Hours

  • Monday 12:00 PM – 10:00 PM
  • Tuesday 12:00 PM – 10:00 PM
  • Wednesday 12:00 PM – 10:00 PM
  • Thursday 12:00 PM – 10:00 PM
  • Friday 12:00 PM – 10:00 PM
  • Saturday 12:00 PM – 10:00 PM
  • Sunday 12:00 PM – 10:00 PM

Copyright 2026. Barbeque Project . All Rights Reserved.