Skip to navigation Skip to main content
Privacy Policy | Tapaidh Staff

Legal & Compliance

Privacy & Data Policy

Tapaidh Staff Ltd Effective: 1 January 2026 Version 1.0 Jurisdiction: Republic of Ireland / GDPR
Section 01

Who We Are

Tapaidh Staff Limited (“Tapaidh Staff”, “we”, “us”, or “our”) is a specialist education staffing company incorporated in the Republic of Ireland. We connect qualified substitute teachers with secondary schools across Ireland through our digital matching platform.

Data Controller

Tapaidh Staff Limited
Registered in Ireland
Email: privacy@tapaidhstaff.com
Website: www.tapaidhstaff.com
Dublin, Republic of Ireland

As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that processing is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Protection Acts 1988–2018, and all other applicable Irish and EU data protection legislation.

Section 02

Scope of This Policy

This Privacy Policy applies to personal data processed by Tapaidh Staff in connection with:

  • Your use of the Tapaidh Staff website at www.tapaidhstaff.com
  • Your registration and use of our teacher matching platform
  • School onboarding, service agreements, and partnership arrangements
  • Home tutoring enquiries and bookings
  • Communications by email, telephone, or any other channel
  • Marketing and newsletter communications where you have given consent
  • Any other interaction with Tapaidh Staff in the course of our business

This Policy does not apply to third-party websites, platforms, or services that we may link to. Those third parties are responsible for their own privacy practices.

Section 03

Data We Collect

The categories of personal data we collect depend on who you are and how you interact with us.

Category Examples Who It Applies To
Identity Data Full name, date of birth, gender, PPS number (where required for vetting) Teachers, school contacts
Contact Data Email address, phone number, home address, emergency contacts All users
Professional Data Teaching Council registration number, subject specialisms, qualifications, employment history, CV, certifications Teachers
Vetting & Compliance Data Garda vetting reference numbers and disclosure status, Teaching Council compliance status, references Teachers
Organisational Data School name, roll number, DEIS status, ETB, contact person details, service agreements Schools & institutions
Transaction Data Placement records, session logs, invoices, payment records, timesheet data Teachers, schools
Technical Data IP address, browser type, device identifiers, cookie identifiers, platform usage logs All website visitors
Communications Data Messages sent via our platform, email correspondence, call logs (where recorded) All users
Marketing Preferences Consent records, opt-in/opt-out status, communication preferences All users
Performance Data Placement feedback, school ratings, CPD completion records (via Shonazz Eduverse) Teachers

Important Note

We do not intentionally collect special categories of personal data (such as health information, racial or ethnic origin, religious beliefs, or biometric data) unless strictly necessary and with an explicit legal basis. See Section 13 for more detail.

Section 04

How We Collect Your Data

We collect personal data through the following means:

Directly from you — when you register on our platform, complete a teacher application, submit an enquiry form, contact us by email or phone, or enter into a service agreement with us.

Automatically — when you use our website or platform, through cookies, log files, and similar tracking technologies. See Section 11 (Cookies) for full details.

From third parties, including:

  • The Teaching Council of Ireland — to verify teacher registration status
  • The National Vetting Bureau — for Garda vetting disclosures
  • References — professional references provided by teachers
  • Schools — feedback on teacher placements
  • Shonazz Eduverse — CPD completion and training records (where you are enrolled on their platform under our partnership)
  • Publicly available sources — such as the Teaching Council public register
Section 05

Legal Bases for Processing

Under GDPR, we must have a valid legal basis for each processing activity. We rely on the following:

Legal Basis Article When We Use It
Contract performance Art. 6(1)(b) Processing necessary to place teachers, manage school agreements, and operate the platform
Legal obligation Art. 6(1)(c) Garda vetting under the National Vetting Bureau Acts 2012–2016, tax compliance, employment law obligations
Legitimate interests Art. 6(1)(f) Platform security, fraud prevention, improving our services, internal record-keeping, business communications
Consent Art. 6(1)(a) Marketing emails and newsletters, non-essential cookies, any processing going beyond service delivery
Vital interests Art. 6(1)(d) Emergency situations affecting the safety of children or staff in schools
Public interest Art. 6(1)(e) Supporting the safeguarding of children in an educational setting

Withdrawing Consent

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. You can withdraw consent by emailing privacy@tapaidhstaff.com or using the unsubscribe link in any marketing communication.

Section 06

How We Use Your Data

We use personal data for the following purposes:

For teachers:

  • Registering and verifying you on our platform
  • Conducting Garda vetting and Teaching Council compliance checks
  • Matching you with appropriate school placements
  • Managing your professional profile, availability, and placement history
  • Enrolling you on the Shonazz Eduverse CPD programme
  • Processing payments and issuing payslips or invoices
  • Communicating placement opportunities and confirmations
  • Providing feedback from schools and managing performance concerns
  • Maintaining compliance records as required by law

For schools and institutions:

  • Establishing and managing service agreements
  • Processing cover requests and confirming placements
  • Sharing vetted teacher profiles (with teacher consent)
  • Invoicing and managing payment records
  • Communicating about placements, platform updates, and training programmes

For all users:

  • Responding to enquiries and providing customer support
  • Improving and developing our platform and services
  • Ensuring the security and integrity of our systems
  • Complying with legal obligations and regulatory requirements
  • Sending marketing communications (where you have opted in)
  • Conducting analytics to understand how our platform is used
Section 07

Data Sharing & Disclosure

We do not sell your personal data. We may share personal data with the following categories of recipient:

Recipient Purpose Basis
Partner schools & ETBs Sharing vetted teacher profiles for placement purposes Contract performance
National Vetting Bureau Submitting Garda vetting applications as required by law Legal obligation
Teaching Council of Ireland Verifying teacher registration status Legal obligation / legitimate interests
Shonazz Eduverse Ltd CPD enrolment, training delivery, performance data Contract / legitimate interests
Payment processors Processing teacher payments and school invoices Contract performance
IT & cloud service providers Hosting, email, database, and platform infrastructure Legitimate interests (data processing agreements in place)
Legal & professional advisors Legal advice, tax compliance, auditing Legal obligation / legitimate interests
Regulatory authorities Compliance with legal obligations, investigations Legal obligation

Where we share data with third-party processors, we have appropriate Data Processing Agreements (DPAs) in place to ensure they process your data only on our instructions and in compliance with GDPR.

Section 08

International Data Transfers

Tapaidh Staff processes data primarily within the European Economic Area (EEA). However, some of our third-party service providers may process data outside the EEA, including in the United States or other countries.

Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR
  • Adequacy decisions issued by the European Commission under Article 45 GDPR
  • Binding Corporate Rules (BCRs) where applicable
  • Any other approved transfer mechanism recognised under applicable data protection law

You may request details of the safeguards applicable to any specific international transfer by contacting us at privacy@tapaidhstaff.com.

Section 09

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Data Category Retention Period Reason
Teacher profile & registration data Duration of active profile + 3 years Service delivery; potential re-engagement
Garda vetting records As required by the National Vetting Bureau Acts 2012–2016 Legal obligation
Placement & assignment records 7 years from last placement Employment law, tax compliance, dispute resolution
Financial & invoice records 7 years Tax and accounting obligations under Irish law
School service agreements Duration of agreement + 7 years Legal and contractual obligation
Marketing consent records Until withdrawn, then 3 years as evidence of consent Accountability / legal obligation
Website technical data & logs Up to 12 months Security and performance monitoring
Inactive accounts (no engagement) 3 years from last activity, then securely deleted Data minimisation principle

At the end of applicable retention periods, personal data is securely deleted or anonymised in a manner that prevents recovery or re-identification.

Section 10

Your Rights

Under GDPR and Irish data protection law, you have the following rights in relation to your personal data. These rights are not absolute — some may be subject to limitations or exemptions.

Right of Access

Request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one month.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data where there is no compelling reason to continue processing it (“right to be forgotten”).

Right to Restriction

Request that we restrict how we use your data in certain circumstances, such as while we investigate an accuracy concern.

Right to Portability

Receive your personal data in a structured, commonly used, machine-readable format and transfer it to another controller.

Right to Object

Object to processing based on legitimate interests, or to direct marketing at any time.

Automated Decisions

Not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

Withdraw Consent

Withdraw consent for any processing based on consent, at any time, without affecting prior lawful processing.

How to Exercise Your Rights

To exercise any of the above rights, please contact us at privacy@tapaidhstaff.com with the subject line “Data Rights Request”. We will acknowledge your request within 72 hours and respond fully within one calendar month. We do not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive.

Section 11

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to improve your experience and help us understand how visitors use our platform. We comply with the EU ePrivacy Directive (EU Cookie Law) and require your consent for all non-essential cookies.

A cookie is a small text file placed on your device. It cannot access your device or any other information on it beyond what was originally stored.

Essential

Strictly Necessary Cookies

Required for the website and platform to function. These cannot be disabled. They include session management, authentication tokens, and security cookies. No consent is required for these.

Analytics

Analytics & Performance Cookies

Help us understand how visitors interact with our website (e.g. page views, traffic sources, time on site). We use anonymised data only. Requires your consent.

Functional

Functionality Cookies

Remember your preferences such as language settings, saved filters, or log-in status. Requires your consent for non-essential preferences.

You can manage your cookie preferences at any time by clicking “Cookie Settings” at the bottom of any page on our website, or by adjusting your browser settings. Please note that disabling cookies may affect the functionality of certain features.

We do not currently use advertising or targeting cookies. If this changes, this Policy will be updated and fresh consent sought.

Section 12

Children’s Privacy

Tapaidh Staff is a B2B and B2T (business-to-teacher) platform. Our services are directed exclusively at adults — specifically qualified teachers and school administrators. We do not knowingly collect personal data from children under the age of 18.

While our platform facilitates teacher placements in schools — environments where children are present — we do not directly collect, store, or process any personal data relating to school students. Any interaction involving students is governed by the relevant school’s own data protection policies and is the school’s responsibility as data controller for student data.

If you believe that we have inadvertently collected personal data relating to a child, please contact us immediately at privacy@tapaidhstaff.com and we will take prompt action to delete that data.

All teachers placed by Tapaidh Staff are subject to mandatory Garda vetting under the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012–2016 prior to any placement in a school environment.

Section 13

Special Categories of Personal Data

GDPR Article 9 defines special categories of personal data as information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sexual orientation, or sex life.

We do not seek to collect special category data as part of our standard operations. However, in limited circumstances, such data may be provided to us or arise in the context of our work:

  • Health data — may be relevant where a teacher requires a reasonable accommodation or where an absence is due to illness (handled under Art. 9(2)(b) — employment law obligations)
  • Criminal record data — Garda vetting disclosures are processed under the strict framework of the National Vetting Bureau Acts 2012–2016 and constitute a legal obligation (Art. 9(2)(g) and Art. 10 GDPR)

Where special category data is processed, we ensure that:

  • An explicit lawful basis under Article 9(2) GDPR is identified
  • Access is strictly limited to authorised personnel on a need-to-know basis
  • Enhanced security and confidentiality measures are applied
  • Retention is minimised to the shortest period necessary
Section 14

Security of Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or disclosure. These include:

  • Encryption — data in transit is encrypted using TLS (HTTPS); sensitive data at rest is encrypted
  • Access controls — strict role-based access, multi-factor authentication for platform access
  • Regular audits — periodic security assessments and vulnerability testing
  • Staff training — all staff who handle personal data receive data protection training
  • Data minimisation — we collect only what is strictly necessary for each purpose
  • Incident response — a documented data breach response procedure is in place

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) within 72 hours of becoming aware of the breach, and affected individuals without undue delay, as required by Articles 33 and 34 GDPR.

Whilst we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use strong, unique passwords and to notify us immediately if you suspect any unauthorised access to your account.

Section 15

Third-Party Websites & Links

Our website and platform may contain links to third-party websites, including the Teaching Council of Ireland, the Department of Education, and our partner Shonazz Eduverse. Once you navigate to a third-party site, this Privacy Policy no longer applies.

We encourage you to read the privacy policies of every website you visit. We are not responsible for the content, privacy practices, or cookies of any third-party sites.

Section 16

Changes to This Policy

We review this Privacy Policy periodically and may update it to reflect changes in our services, legal obligations, or data protection guidance from the Data Protection Commission or European Data Protection Board.

The date at the top of this Policy indicates when it was last revised. Where changes are material, we will:

  • Display a prominent notice on our website
  • Send an email notification to registered users (if we hold your email address)
  • Request fresh consent where the change affects consent-based processing

Your continued use of our platform after the effective date of any revised Policy constitutes your acknowledgement of the changes. You should check this page periodically for updates.

Version History

Version 1.0 — 1 January 2026 — Initial publication

Section 17

Contact & How to Complain

We welcome questions, comments, and requests about this Privacy Policy and our data practices. Please contact us using the details below.

Data Protection Contact — Tapaidh Staff

📧 Email: privacy@tapaidhstaff.com

🌐 Website: www.tapaidhstaff.com

📍 Address: Tapaidh Staff Limited, Dublin, Republic of Ireland

For Subject Access Requests, please include your full name, email address, and a description of your request. We will respond within one month.

If you are unhappy with how we have handled your personal data, or if you believe we have not responded adequately to a request, you have the right to lodge a complaint with the Data Protection Commission (DPC), the supervisory authority for data protection in Ireland.

Data Protection Commission (DPC)

Website: www.dataprotection.ie
Phone: +353 57 868 4800 / +353 761 104 800
Email: info@dataprotection.ie
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

You also have the right to seek a judicial remedy through the courts if you believe your rights have been infringed.

We would, however, always appreciate the opportunity to address your concerns directly before you contact the DPC. Please reach out to us first and we will do our best to resolve any issues promptly and fairly.