← Back to Privacy

DPIA Addendum - Direct Marketing

Last updated: 6 May 2026

DPIA Addendum: Direct Marketing & Lead Re-Engagement

Version: 1.0 Effective date: 7 May 2026 Parent document: DPIA - SENScribe Encrypted Student Support File Service v1.1 (17 April 2026) Assessed processing: Direct email outreach to teacher leads, waitlist members, IPPN template recipients, and existing teacher-account holders. Assessed service provider: SENScribe Limited Company number: 813862 Registered address: ARKINS & COMPANY LIMITED, BLOCK 15, Galway Technology Park, Parkmore, Galway, GALWAY, Ireland, H91 AY0Y Contact: hello@senscribe.ie

Operational status: active control document for SENScribe direct email outreach. Each campaign must follow the cohort rules, suppression checks, ETB-domain controls, and unsubscribe requirements in this addendum.

Status and Scope

This addendum extends the parent DPIA to cover processing that the parent document explicitly excludes: direct marketing, sales prospecting, and re-engagement of teacher leads. It does not replace or modify the parent DPIA's findings on encrypted student-support data.

This addendum addresses:

  • transactional reactivation of approved waitlist members who have not signed up
  • product activation and onboarding emails to existing teacher account holders who have not yet generated a Student Support Plan
  • service emails and similar-product offers to active teacher account holders
  • re-permission and product introduction emails to recipients of the free IPPN Log of Actions template
  • domain-restricted handling for users whose accounts are associated with Education and Training Board (ETB) email domains

This addendum does not cover:

  • school-procurement outreach to Principals or Boards of Management initiated through public-channel contact (treated separately)
  • recruitment, HR, or supplier prospecting
  • product analytics or cookie-based retargeting (covered by the cookie policy and ePrivacy regime separately)

1. Need for a DPIA Extension

A DPIA-level assessment is appropriate for this processing because:

  • it is novel for SENScribe and was not in scope when the encrypted-sync DPIA was written
  • it processes contact data of identifiable individuals collected under multiple, distinct consent contexts (waitlist, product signup, lead-magnet download)
  • it relies on lawful bases that vary per cohort, with at least one cohort where consent capture is incomplete (see Section 7)
  • it is regulated by both GDPR and the Irish ePrivacy Regulations 2011 (S.I. 336/2011), with the latter imposing additional consent requirements for unsolicited electronic communications

This aligns with Article 35 GDPR and Irish Data Protection Commission guidance that DPIA-style assessments are appropriate for systematic direct-marketing operations even where the processing might not strictly trigger Article 35(1) on its own.

2. Roles of the Parties

For direct marketing processing assessed in this addendum, SENScribe Limited is the data controller.

This is a different role allocation from the parent DPIA, where SENScribe is the processor for school-controlled student-support data. There is no school-controller relationship for marketing of SENScribe's own services to teacher leads.

Sub-processors used in this processing:

  • Microsoft Azure Communication Services - primary email delivery (EEA region)
  • Resend - fallback email delivery (United States; transfers protected under EU-US Data Privacy Framework or Standard Contractual Clauses as documented in the privacy policy)
  • Microsoft Azure Cosmos DB Table API - storage of contact records, send logs, and the suppression list (North Europe region)

3. Description of the Processing

3.1 Cohorts

Five cohorts are in scope. Counts and data shape are derived from ba_usage and ba_user tables in Azure Cosmos DB; cohort boundaries are defined operationally before each campaign.

CohortDefinitionData sourcesEstimated size
A. Approved waitlist - not signed upwaitlist partition rows where status = "approved" AND email not present in ba_userWaitlist form submissionsCalculated at export
B. Signed up - zero plans generatedba_user rows where lifetime usage count is 0 or absentProduct sign-up flowCalculated at export
C. Signed up - active usersba_user rows where lifetime usage count >= 1Product activityCalculated at export
D. IPPN lead-magnet recipientsippn_lead partition rowsIPPN landing-page download formCalculated at export
E. ETB-domain subsetSubset of A-C where email domain matches *etb.ie (incl. lwetb, ddletb, kwetb, msletb, lcetb, ckletb, kerryetb, gretb, mayoetb, donegaletb, dublincetb, slo, etc.)Cohort filterCalculated at export

3.2 Data flow summary

  1. Cohort emails are exported from Cosmos DB by an authenticated administrator using the existing /api/x9k2m/* endpoints, which are role-gated to admin or partner.
  2. Cohort lists are cross-referenced against the unsubscribed partition and removed.
  3. Cohort lists are cross-referenced against the ETB domain blocklist; ETB-domain emails are excluded from any cohort other than service email until per-ETB DPIA acceptance is recorded (see Section 11).
  4. Email sequences are sent via the existing lib/email.ts pipeline (Azure Communication Services primary, Resend fallback).
  5. Send events, opens, clicks, and unsubscribes are logged for compliance and frequency-cap purposes only. Open and click tracking is documented in the privacy policy and may be disabled per recipient via header preference.
  6. Unsubscribe events are recorded in a dedicated suppression partition and honoured globally across all cohorts and future processing.

3.3 Frequency and volume

  • A given recipient receives at most one campaign sequence at a time.
  • Maximum cadence within a sequence is one email every three calendar days.
  • Each cohort sequence has a maximum of three messages; recipients who do not engage by message three are dropped to "dormant" status and not contacted again without re-permission.
  • An annual privacy-policy or service notice (Article 13/14 GDPR information) is permitted outside the sequence cap.

4. Purposes of the Processing

The processing serves the following purposes:

  • enabling teachers who expressed interest in SENScribe to complete account creation or activation
  • helping signed-up teachers reach first value (first generated plan) on the platform they have already chosen to use
  • informing existing teacher users of similar SENScribe services, features, or material policy changes
  • offering recipients of the free IPPN Log of Actions template the option to opt in to product news, in line with the representations made on that landing page
  • ensuring that any processing of personal data of users whose accounts are associated with public-sector ETB schools occurs only after the relevant ETB Data Protection Officer has accepted SENScribe as a processor for school-related processing or has authorised teacher-individual marketing

5. Categories of Data Subjects

  • prospective teacher users (cohorts A and D)
  • existing teacher users of SENScribe (cohorts B and C)
  • public-sector ETB-employed teachers (cohort E, subset of A-C)

This addendum does not cover processing of student or parent personal data. No student or parent personal data is used in marketing.

6. Categories of Personal Data

For each cohort the data categories are:

FieldCohorts A, DCohorts B, CCohort E
Email addressYesYesYes
Name (where provided)OptionalYesYes
School name (where provided)OptionalOptionalYes
School type (primary / post-primary)OptionalInferredYes
Account creation timestampNoYesYes
Lifetime plan-generation countNoYesYes
Send / open / click / unsubscribe historyYesYesYes

No special-category data under Article 9 GDPR is processed in marketing. Special-category data remains exclusively in the encrypted-sync flow described in the parent DPIA.

7. Lawfulness, Necessity and Proportionality - per cohort

This is the load-bearing section. Because consent capture is uneven across cohorts, lawful basis must be analysed and documented per cohort before any send.

7.1 Cohort A - Approved waitlist, not signed up

Consent captured by the form: the waitlist hero form (frontend/src/components/landing/WaitlistForm.tsx) collects only an email address. Its only stated purpose at the point of collection is "we will email you when your access is approved." Neither the inline nor the dialog variant presents an explicit marketing-consent checkbox.

Lawful basis assessment:

  • Sending the single approval email ("your access is approved, here is your sign-up link") is supported by legitimate interest under Article 6(1)(f) and is consistent with the user's stated expectation when joining the waitlist. It is not direct marketing in the ePrivacy sense - it is the transactional fulfilment they signed up for.
  • Sending any further reactivation or marketing email beyond the original approval message exceeds the scope of consent originally captured. Reliance on Reg. 13 ePrivacy soft opt-in is not available because the recipient never became a customer of SENScribe (Reg. 13(11) requires existing customer or negotiation context).
  • Any further nurture for this cohort therefore requires either: (a) a re-permission email seeking explicit Article 6(1)(a) consent for product updates, or (b) the cohort being treated as suppressed for marketing purposes.

Decision: send at most one reactivation email framed strictly as completion of the original waitlist transaction ("your spot is approved, you have not yet signed up - here is your sign-up link"). No further messages without affirmative re-permission.

Operational control: existing waitlist records are treated as opted out of ongoing marketing. They may receive only the single access-completion email described above, plus any service messages strictly necessary to complete the access request they initiated. Future waitlist forms should capture a separate product-update preference so new contacts can be classified without ambiguity.

7.2 Cohort B - Signed up, zero plans generated

Consent captured by the form: account sign-up creates a contractual relationship and accepts the Terms of Service and Privacy Policy. The privacy policy lists "Product updates (with consent)" under "How We Use Your Data" and identifies "Marketing emails, product updates" under Consent (Art. 6(1)(a)) in Section 4. No separate marketing-consent checkbox exists at sign-up at the time of writing.

Lawful basis assessment:

  • Service emails directly necessary to perform the contract (e.g. account verification, plan limits, security notices, scheduled feature changes that affect the user's stored data) are supported by Article 6(1)(b) Contract.
  • Onboarding nudges directed at completing the user's stated goal of generating a Student Support Plan are best characterised as service emails under Article 6(1)(b) and Article 6(1)(f) where the user has signed up but not yet activated. These should be limited and clearly framed as activation help, not promotion of additional products.
  • Promotional content marketing similar SENScribe services (upgrades, new features outside the user's current plan, referral asks) requires soft opt-in under Reg. 13(11) ePrivacy. This is available because the user is an existing customer in negotiations for a similar service. Each such email must contain a clear unsubscribe and identify SENScribe.

Decision: up to three activation emails over a two-week window are permissible under Article 6(1)(b) and (f). Subsequent promotional emails are permissible under Reg. 13(11) soft opt-in with mandatory unsubscribe and frequency cap.

Operational control: activation emails must be limited to helping the user use the account they created. Promotional content must satisfy the Reg. 13(11) conditions, include an unsubscribe route, and respect the 12-month timing rule. Future sign-up forms should capture a separate product-update preference so SENScribe can rely on affirmative consent where available.

7.3 Cohort C - Signed up, active users

Lawful basis assessment:

  • As cohort B for service emails (Article 6(1)(b)).
  • Soft opt-in (Reg. 13(11)) is available for similar-product offers, retention, and referral asks, with mandatory unsubscribe.
  • Material privacy or terms changes are permitted under Article 6(1)(c) and (f) without further consent and are addressed by the policy's existing notice clause (Privacy Policy Section 13).

Decision: permitted subject to per-recipient frequency cap and global unsubscribe.

7.4 Cohort D - IPPN lead-magnet recipients

Consent captured by the form: the IPPN landing form (frontend/src/app/ippn/IPPNHero.tsx) collects an email address with the stated purpose "Download your FREE 2026 Log of Actions Excel Template." Microcopy reads "No spam. Unsubscribe anytime. GDPR compliant." This wording does not constitute clear, separate, affirmative consent for marketing under either Article 6(1)(a) GDPR or Reg. 13 ePrivacy. The recipient consented to the template delivery transaction.

Lawful basis assessment:

  • Sending the template requested by the recipient is supported by Article 6(1)(b).
  • Subsequent product marketing requires re-permission. The "unsubscribe anytime" wording is an opt-out signal at best and is not equivalent to the "specific, informed, freely given, unambiguous" consent required by Article 4(11) GDPR.

Decision: send a single re-permission email asking the recipient to opt in to future SENScribe product news. Recipients who opt in transition to a "marketable" status. Recipients who do not opt in remain on file solely for the suppression list and receive no further marketing.

Operational control: IPPN lead-magnet recipients are suppressed from product marketing unless they later opt in. A single re-permission email may be sent only where it is short, non-promotional, and limited to asking whether the recipient wants future product updates.

7.5 Cohort E - ETB-domain users (subset of A-C)

ETB-domain users present an additional layer of risk beyond GDPR and ePrivacy because:

  • Education and Training Boards are public bodies established under the Education and Training Boards Act 2013 and have their own designated Data Protection Officers
  • ETB-issued email addresses are operational tools of a public-sector employer and may carry policy restrictions on third-party processing imposed by the ETB
  • An individual teacher signing up to SENScribe with an ETB-issued address does not, by itself, authorise SENScribe to process that address for marketing purposes from the ETB's perspective

Decision: ETB-domain users are excluded from all cohort-A, B, C, and D marketing sequences until each affected ETB has either:

  • accepted SENScribe as a processor under a school-level Data Processing Agreement (in which case the ETB is the controller for student data and the marketing position is governed by the per-ETB engagement); or
  • confirmed in writing that individual-teacher marketing on ETB email addresses is acceptable.

Service emails directly supporting an active account remain permitted because they are necessary under Article 6(1)(b).

A list of ETBs and their processor-acceptance status is maintained internally and reviewed before each campaign.

8. Recipient Rights and Information

For every campaign in scope:

  • the sender identifies as SENScribe Limited with the registered Galway address
  • a one-click unsubscribe link is present in every email
  • unsubscribe requests are honoured within 7 calendar days (the Irish DPC's stated expectation, well inside the broader Reg. 13 obligation)
  • opens, clicks, and unsubscribes are recorded for compliance and frequency control only
  • recipients may at any time exercise the rights documented in Privacy Policy Section 9 by emailing hello@senscribe.ie
  • a List-Unsubscribe and List-Unsubscribe-Post header is set on every campaign email per RFC 8058 to enable mailbox-provider one-click unsubscribe

9. Suppression List

A dedicated unsubscribed partition in ba_usage records all unsubscribe events. Before any send the cohort list is filtered against this partition. The suppression list is global: an unsubscribe in any cohort suppresses the address in all cohorts and on all future campaigns regardless of source.

The suppression list contains only the email address, the timestamp of unsubscribe, and the originating cohort or campaign identifier. It is retained indefinitely for its operational purpose and is not used for any other processing.

10. Risk Assessment

RiskPotential impactMitigationsResidual position
Sending marketing to a cohort without lawful basisDPC complaint, fine under ePrivacy Reg. 13Per-cohort lawful basis matrix in Section 7; cohort A capped at single transactional messageReduced; depends on operational discipline
ETB DPO complaint about unauthorised processingLoss of ETB access; reputational damage in Irish public sectorETB-domain blocklist with positive-list approval workflowReduced
Suppression-list bypass (forgetting to filter)Repeat contact after unsubscribe; ePrivacy infringementSuppression filter applied as a non-optional pre-send step in codeReduced; needs CI verification
Re-permission email itself treated as marketingDPC complaint that re-permission ask is itself unsolicited marketingRe-permission email follows DPC guidance: short, transactional in tone, single ask, no product promotion contentMedium; keep re-permission emails rare, factual, and non-promotional
Stale waitlist data causing irrelevant outreachAnnoyance, increased unsubscribe rate, possible complaintHard cap on age of waitlist record (12 months) before suppressionReduced
Email provider region driftUndisclosed international transferSub-processor list maintained in privacy policy; Resend fallback only on ACS outage with SCC/DPF coverReduced
Logging of email-content body or PIIBreach of internal logging disciplineExisting PII blocklist in lib/logger.ts; no body content is loggedReduced
Open / click tracking treated as analytics processing requiring separate consentePrivacy challengeTracking limited to send compliance; recipient may opt out via header preference; documented in privacy policyMedium; disable tracking where it is not necessary for the campaign

11. Operational Decision and Controls

11.1 Decision

Direct email processing in scope of this addendum may proceed when the campaign owner completes the pre-send checklist in Section 11.2 and the campaign matches one of the approved cohort decisions in Section 7.

No campaign may be sent to:

  • a globally unsubscribed recipient
  • an ETB-domain recipient unless the email is a service email or the ETB approval condition in Section 7.5 is met
  • an IPPN lead-magnet recipient for product marketing unless that recipient has opted in
  • an existing waitlist contact for ongoing product marketing unless that recipient has opted in

11.2 Pre-send checklist

Before each send, record:

  • campaign name, owner, send date, and sender identity
  • cohort used and lawful basis decision from Section 7
  • export timestamp and recipient count
  • suppression-filter result, including unsubscribe removals and internal/test removals
  • ETB-domain removals or documented ETB approval basis
  • unsubscribe mechanism included in the email body
  • List-Unsubscribe and List-Unsubscribe-Post headers where supported by the sending provider
  • final ready-to-send recipient file path and checksum

11.3 Product controls to maintain

  • Maintain the global unsubscribed suppression partition in ba_usage.
  • Honour unsubscribe requests across all future campaigns, regardless of original source.
  • Keep activation emails short, account-related, and limited in cadence.
  • Keep re-permission emails factual and non-promotional.
  • Maintain the ETB approval log before sending non-service emails to ETB-domain recipients.
  • Add separate product-update consent capture to waitlist, sign-up, and lead-magnet forms when those forms are next updated.

11.4 Out of scope for this addendum

  • Direct postal mail or telephone outreach (not currently in use by SENScribe)
  • Cookie-based retargeting (covered by cookie policy)
  • Outreach to school addresses (info@school.ie type), which is regulated more lightly under Reg. 13 but is treated under a separate B2B engagement plan if introduced

12. Sources

Official sources:

  • General Data Protection Regulation (Regulation (EU) 2016/679), Articles 4(11), 5, 6, 13, 14, 21, 30, 35
  • Irish ePrivacy Regulations 2011 (S.I. No. 336/2011), Regulation 13
  • Irish Data Protection Commission, Guidance on Direct Marketing
  • Irish Data Protection Commission, Guide to Data Protection Impact Assessments
  • EDPB Guidelines 05/2020 on consent under Regulation 2016/679
  • Education and Training Boards Act 2013

Project sources:

  • frontend/src/app/privacy/page.tsx
  • frontend/content/legal/dpia-encrypted-sync.mdx
  • frontend/src/components/landing/WaitlistForm.tsx
  • frontend/src/app/ippn/IPPNHero.tsx
  • frontend/src/app/api/waitlist/route.ts
  • frontend/src/app/api/x9k2m/waitlist/route.ts
  • frontend/src/app/api/ippn-lead/route.ts
  • frontend/src/lib/cosmos.ts
  • frontend/src/lib/email.ts

13. Review and Versioning

VersionDateAuthorStatusNotes
1.07 May 2026EngineeringActiveOperational control document for direct email outreach

This addendum will be reviewed at minimum:

  • after any change to a form's consent-capture wording
  • after any change to the email service provider stack
  • after any material change in DPC guidance or ePrivacy requirements
  • annually, as part of the parent DPIA's review cycle
Tutorials