top of page

Privacy Policy

Privacy Policy and Statement
In accordance with Data Protection law

Hannah Marys XL Country Store is committed to the privacy of those that we engage with and this statement details our approach. While using this site or providing personal data to us during business, we will manage your data in accordance with this privacy statement.


  • Controller name; Hannah Marys XL Country Store

  • Controller contact; If you would like to contact us regarding this policy please email us at

Personal data processed by the Hannah Marys XL Country Store is done so in accordance with current Data Protection Regulation in Ireland and GDPR.
Hannah Marys XL Country Store as a data processor
The Hannah Marys XL Country Store service to deliver school meals requires us to process personal data provided to us by the School. The School is the controller of this information. We process this personal data on the instruction of the School. Queries relating to the personal data of pupils should be made to the School in the first instance
Personal Data and Collection
We may obtain personal data including name, address, phone numbers, e-mail address, other electronic identifiers, title, images, IP address, company details, and other information provided by you in accordance with this policy and with data protection law. We may also obtain similar information from other sources such as third parties, or from your use of Hannah Marys XL Country Store systems, or otherwise engage with the business.
Purpose of Use
We use personal data for the purposes for which it was provided to us as expressed at the point of collection or as is obvious in the context of collection. Typically, information is collected to:


  • Enter into an agreement to provide the Hannah Marys XL Country Store service

  • Communicate with you for marketing or informational purposes, and the analytics of such communications

  • Administration and delivery of the Hannah Marys XL Country Store service

  • Review and consideration of curriculum vitae.

  • Monitor for security and health & safety purposes (cctv)

  • For general administrative purposes that are in our legitimate business interest including communication in the course of a contract, issuing invoices, effecting payment including the use of or transfer to a third party to administer this process, and monitoring for spam.


Your data may also be used in the course of system maintenance; system logs, diagnosis of issues on company systems and the company web site, or for site optimisation procedures.
We do not obtain personal data for distribution or sale to third parties for consumer marketing purposes.
Disclosure to third parties & international transfer
We take all reasonable measures to protect your personal information while it is in our possession. Your personal information may be transferred to third party service providers who process information on our behalf, including providers of information technology, identity management, website hosting and management, data analysis, anti spam services, data back-up, security, and storage services.
We may also provide access to your personal information to law enforcement authorities, revenue commissioners, regulatory or other government agencies, or to other third parties should we receive a valid request compatible with applicable law or regulation.
Personal data submitted to the company may be transferred to third party service providers outside of the state, and outside of the European Economic Area (EEA).
Responsibility of Schools or other organisations that provide personal data to us
You warrant that personal information provided to us by you for the administration and delivery of goods and services being provided has been obtained fairly and lawfully. You also warrant that subjects are aware of the purpose for which their personal data is being used and that the privacy rights of subjects have been upheld.
Confidentiality & security
Hannah Marys XL Country Store have implemented generally accepted standards of technology and operational security to protect personal data from alteration, unauthorised disclosure or destruction, and from use for unauthorised purposes. Furthermore, we have taken measures to ensure that contracts with all third parties that provide technical and processing services include terms that specify appropriate technical and organisational security measures to prevent accidental, unauthorised or unlawful disclosure or processing of personal data.
Data Subject's Rights
Rights of the Data Subjects to:


  • Where information is collected directly from the subject; to be informed of the controller and representative (listed above), the purpose of processing, who will have access, the retention duration for the data, the consequences of not providing the data, and

  • Where data was not provided by you, we will identify the source of that data together with data categories.

  • Be informed if a failure to provide the personal data will have any direct and material personal consequences

  • Information on whether we have Personal Data relating to a subject, the categories of data and the purpose of processing

  • Access your personal data. Where the format is not reasonably understood, this shall be delivered in an intelligible format

  • Have inaccurate, incomplete or out-of-date personal data that we hold about you corrected, or deleted

  • Make a submission to any automated decisions making processes or profiling of you.

  • Transfer your data to another controller

  • Have your personal data excluded from certain categories of processing.

  • Lodge a complaint with the Data Protection Commissioner. Contact details for the DPC can be found at

You can contact us to exercise these rights by e-mail at We will ask for additional information to verify your identity prior to acting upon such requests. We may charge for an access request in accordance with law.
Removal from mailing lists
You may unsubscribe from our mailing lists at any time by using the ‘unsubscribe’ button on marketing communications, or by contacting us at
Reporting of Data Breaches
Where a data breach occurs that poses a risk to the subject it shall be reported to the Data Protection Commissioner DPC without delay or at least within 72 hours. Where such breach is likely to expose the subject to high risk it will be reported to the subject. In any event, all breached will be managed in accordance with Irish law and GDPR
Data Retention
We retain personal data that you submit to us only for as long as is necessary and for the purposes for which it was obtained, or as required by law.
We use cookies – small text files – which are placed on your hard drives to provide a more intuitive website experience. Cookies are a typical part of operating procedure for most websites and most browsers permit users to opt-out of receiving them if the user would prefer. This may reduce some of the functionality of the site.   Cookies can be deleted from your system at any time.

bottom of page