Skip to main content
Tarbh Tech

Privacy Policy

Last updated: 24 February 2026

Who we are

Tarbh Tech Limited is a managed IT and security services provider based in Limerick, Ireland. We operate the website tarbh.tech and deliver managed services under the COSAINT brand.

If you have questions about this policy or your personal data, you can reach us at [email protected].

What data we collect

We collect only the data necessary to provide our services and operate this website. Specifically:

  • Contact form submissions: name, email address, company name, and your message.
  • Booking requests: name and email address when scheduling a consultation.
  • Payment information: processed by Stripe on their hosted checkout page – we do not store card details.
  • Website analytics: aggregated, anonymous usage data (page views, referrers) – no personal data, no cookies.

How we use your data

We use the data we collect to:

  • Respond to your enquiries and provide the services you request.
  • Process service agreements and billing for COSAINT tiers.
  • Schedule consultations and onboarding calls.
  • Improve our website based on aggregated, anonymous usage patterns.
  • Comply with our legal obligations.

Legal basis for processing

Under the General Data Protection Regulation (GDPR), Article 6, we process your data based on:

  • Contractual necessity (Art. 6(1)(b)): to deliver services you have requested or contracted.
  • Legitimate interests (Art. 6(1)(f)): to operate and improve our website, respond to enquiries, and ensure security.
  • Legal obligation (Art. 6(1)(c)): to comply with applicable laws including the European Accessibility Act.

Data processors

We use the following third-party services to operate our website and deliver our services. Each is named here with a description of what data they handle:

Plausible Analytics

Privacy-respecting web analytics. Plausible collects no personal data, uses no cookies, and is hosted in the EU. We use it to understand aggregate traffic patterns (page views, referral sources, device types). No individual visitor can be identified. Plausible data policy.

Cloudflare

Website hosting, content delivery network (CDN), and DDoS protection. Cloudflare processes IP addresses for routing and security purposes. Data is processed in accordance with Cloudflare's privacy policy.

Stripe

Payment processing for service invoicing. All payment data (card numbers, billing details) is processed on Stripe's hosted platform – it never touches our servers. Stripe is PCI DSS Level 1 certified. Stripe privacy policy.

Microsoft Dynamics 365

Customer relationship management (CRM). Contact information you submit via our forms (name, email, company, message) is stored in Dynamics 365 to manage our client relationships. Data is hosted in Microsoft's EU data centres. Microsoft privacy statement.

Cal.com (EU)

Appointment scheduling. When you book a consultation, Cal.com processes your name and email address to create the calendar event and send confirmation and reminder emails. Data is hosted in the EU via cal.eu. Cal.com privacy policy.

Freshdesk (Freshworks)

Service desk and ticket management. Processes contact details, ticket descriptions, and resolution data for support delivery. Data hosted in EU (Frankfurt) data centre. Freshworks privacy policy.

International data transfers

Some of our data processors operate infrastructure outside the European Economic Area. Where personal data is transferred outside the EEA, we rely on the following safeguards:

  • European Commission adequacy decisions (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Processor certifications and binding corporate rules where available

Cloudflare, Stripe, and Freshworks each maintain Standard Contractual Clauses for EU-to-US data transfers. Cal.com processes data exclusively within the EU.

Data retention

We retain your data only as long as necessary for the purposes described above:

  • Contact form data: retained for the duration of our business relationship, then deleted within 12 months of last contact.
  • Payment records: retained as required by Irish tax law (6 years).
  • Analytics data: Plausible retains aggregated data only – no personal data to delete.

Your rights under GDPR

Under GDPR Articles 15-22, you have the right to:

  • Access (Art. 15): request a copy of the personal data we hold about you.
  • Rectification (Art. 16): correct inaccurate or incomplete data.
  • Erasure (Art. 17): request deletion of your data ("right to be forgotten").
  • Restriction (Art. 18): restrict processing while a concern is resolved.
  • Portability (Art. 20): receive your data in a structured, machine-readable format.
  • Objection (Art. 21): object to processing based on legitimate interests.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours of becoming aware (GDPR Article 33) and will notify affected individuals without undue delay where the breach poses a high risk (GDPR Article 34).

How to contact us

For questions about this privacy policy or to exercise your data rights:

Tarbh Tech Limited

Limerick, Ireland

Email: [email protected]

Data Protection Officer

Given the nature and scale of our data processing activities, the appointment of a Data Protection Officer is not mandatory under GDPR Article 37. Data protection enquiries should be directed to [email protected].

Supervisory authority

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Irish Data Protection Commission:

Data Protection Commission

Canal House, Station Road

Portarlington, Co. Laois, R32 AP23

Website: www.dataprotection.ie

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated "last updated" date. We encourage you to review this page periodically.