+353 (0)74 95 21022 onlinesales@thecope.ie
Get 10% off your first order! Click Here
Follow Us:

Data Protection Policy

1. Introduction

Templecrone Co-operative Agricultural Society Ltd. ("the Company") is committed to protecting the privacy and security of personal data. This policy outlines the Company’s obligations regarding data protection and the rights of employees, customers, business contacts, and other data subjects under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (Ireland).

This Privacy Policy ensures that personal data is processed lawfully, fairly, and transparently, in line with GDPR principles, respecting the privacy and trust of all individuals with whom the Company interacts.

2. Data Protection Principles

In accordance with GDPR, the Company ensures that all personal data is:

  • Processed lawfully, fairly, and transparently.

  • Collected for specified, explicit, and legitimate purposes.

  • Adequate, relevant, and limited to what is necessary.

  • Accurate and, where necessary, kept up to date.

  • Retained only as long as necessary for the intended purpose.

  • Processed securely to maintain confidentiality and integrity.

3. Legal Basis for Processing Personal Data

Personal data will be processed only when at least one of the following conditions applies:

  • The data subject has given explicit consent.

  • Processing is necessary for the performance of a contract.

  • Processing is required for compliance with a legal obligation.

  • Processing is necessary to protect vital interests.

  • Processing is carried out in the public interest or in the exercise of official authority.

  • Processing is necessary for the legitimate interests of the Company, provided it does not override the rights and freedoms of the data subject.

4. Collection and Use of Personal Data

The Company collects and processes personal data for specific purposes, including but not limited to:

  • Employee records and payroll processing.

  • Customer transactions and account management.

  • Business contact records.

  • Legal and regulatory compliance.

  • Marketing activities (with consent).

Data subjects are informed about the purpose of data collection at the time of collection or within one month if obtained from a third party.

5. Data Accuracy and Retention

  • The Company ensures that personal data is accurate and updated regularly.

  • Data is retained only for as long as necessary for the stated purposes or as required by law.

  • Once data is no longer needed, it is securely deleted or anonymized.

6. Security Measures

The Company implements appropriate technical and organizational security measures, including:

  • Encryption of personal data where applicable.

  • Secure storage and restricted access to personal data.

  • Regular security assessments and audits.

  • Strict access controls for employees handling sensitive data.

7. Data Subject Rights

Under GDPR, individuals have the following rights:

  • Right to be informed – about the collection and use of their personal data.

  • Right of access – to request copies of personal data held by the Company.

  • Right to rectification – to correct inaccurate or incomplete data.

  • Right to erasure (‘right to be forgotten’) – to request deletion of personal data.

  • Right to restrict processing – to limit data processing under certain circumstances.

  • Right to data portability – to obtain and reuse personal data across different services.

  • Right to object – to data processing, particularly for marketing purposes.

  • Rights regarding automated decision-making and profiling.

To exercise any of these rights, data subjects should contact the Company’s Data Protection Team (contact details below).

8. Data Transfers Outside the EEA

The Company may transfer data outside the European Economic Area (EEA) only if:

  • The destination country ensures an adequate level of data protection (as determined by the European Commission).

  • Standard contractual clauses approved by the European Commission are in place.

  • The transfer is based on explicit consent from the data subject.

9. Data Breach Notification

  • All data breaches must be reported immediately to the Data Protection Officer (DPO).

  • If the breach poses a risk to data subjects' rights, it will be reported to the Data Protection Commission (DPC) within 72 hours.

  • If the breach carries a high risk, affected data subjects will be informed without undue delay.

10. Organisational Responsibilities

  • Employees and contractors handling personal data must comply with this policy.

  • Training is provided to ensure data protection awareness.

  • Regular audits and compliance checks are conducted.

  • Third-party data processors must comply with GDPR and sign appropriate agreements.

11. Contact Information

For any questions, requests, or complaints regarding data protection, please contact:

Data Protection Team:

  • Mark Sharkey, Chief Executive

  • Jag Sangha, Head of Finance

  • Emma McGarvey, Human Resource Officer

  • John Broadbent, IT Manager

Email: info@thecope.ie
Phone: +353 74 952 1022
Postal Address: 35-57 Main St, Dunglow, Dungloe, Co. Donegal, F94 EK0N

12. Updates to This Policy

This policy is reviewed regularly and updated as needed to reflect changes in legislation or business practices. The most recent version will always be available on our website.

Effective Date: 10/02/25

What are you looking for?

Your cart