Table of contents
Definition
Status | IN DESIGN |
RBIberia Owner | Paula |
RBI Owner | Carlos |
Priority | 1 (this is needed for the PLK ES go-live) |
Complexity (1-5) | 4 |
Open questions
We need to constantly make this section become empty.
Who are the migrated users?
If you change the T&C, does the user have to accept it again?
Currently check how and where T&C acceptances are saved.
Raphael Ferreira Gomes please send email to Paula asking for the examples of what they have in mind as inspiration.
There are fields in Dynamo DB - Silva, Carlos to help
Requirements
Problem statement
By law, every customer must comply with the privacy policy established by the company so it's possible to collect and use their personal information. For this reason, we need that, with each update of the privacy policy, the customer is notified and that he must accept it so that he can continue accessing the Popeyes login area on the Web and APP.
Acceptance criteria
Privacy policy and terms of use contents are updated via CMS with version control.
Customers who have not accepted the most up-to-date version of the privacy policy will not be able to enter the Popeyes login area on the Web and APP.
For customers who have not accepted the latest version of the privacy policy:
After logging in, they will be informed that they need to accept it and will have access to the most up-to-date information (link). A link to the terms of use will also be shown temporarily.
Check if they have already accepted to receive commercial communications from RBI, if not, the option to accept will be presented too.
Access to the logged area is released immediately after accepting the new version.
Metrics - tags will be applied that will allow us to answer the following questions:
How many customers were impacted by this modal?
How many of these customers did not accept the new version?
How many customers were we able to activate commercial communications using this modal?
Store date, time and the last version of the privacy policy that each customer accepted.
If the customer accepts commercial communications from RBI, this information will be stored in mParticle and Salesforce
For user registration (sign up), acceptance of the privacy policy for the latest available version will be stored.
Import information from customers who have already accepted the latest version of the privacy policy in the current application (web/app)
For the launch of this functionality, it is not foreseen to update the privacy policy and the terms of use. This means that the modal should only be presented to customers who have not yet accepted the privacy policy in the current App/Web.
Success metrics
99% of customers accept the privacy policy
50% increase in commercial communication activation
Solution
Scenarios
Note: these are high level scenarios that must pass testing before we can release the feature. They should also be used to drive design. Note that we do not specify user interface details in these steps - that is deliberate, so that we focus on the process and not on the UI, since the UI can change throughout design and development.
Scenario 1: guest accepts agreements during sign up
Steps | Expected results |
---|---|
Open the PLK ES page and choose to register | Registration page appears. There is a section to accept all agreements, with a link to each of the agreements (Terms and Conditions, Privacy Policy, Loyalty Policy) |
Guest fills in their personal information and accepts the agreements | Account is created. |
Scenario 2: guest does not accept agreements during sign up
Steps | Expected results |
---|---|
Open the PLK ES page and choose to register | Registration page appears. There is a section to accept all agreements, with a link to each of the agreements (Terms and Conditions, Privacy Policy, Loyalty Policy) |
Fill in your personal information and don’t accept the agreements. | Error message appears requesting guest to accept the agreements. No account is created until the terms are accepted. |
Scenario 3: update Privacy Policy while user is signed out
Note: only updates to the privacy policy requires users to agree in the app . Updates to terms and conditions or loyalty policy don’t need acceptance and can be emailed instead.
Steps | Expected results |
---|---|
Using Sanity, update the Privacy Policy and ensure that “Requires acceptance” is set to true | Sanity is updated accordingly. |
Sign in to PLK ES [RFG] Ideally it should not be only in sign-in, since user can be signed-in for a long time. Not sure, if it’s possible to intercept every user request in the app, but a good step to verify it would be when landing Home. | You are asked to review and agree to the new privacy policy. You only options are to accept or to sign out. [RFG] Displayed policy privacy text can be obtained from the last updated static page privacy-policy (sanity API). |
Click/tap on the privacy policy link | The updated privacy policy opens on a separate window. |
Scenario 4: update privacy policy while user is signed in
Steps | Expected results |
---|---|
Sign in to PLK ES | Home page loads normally |
Using Sanity, update the Privacy Policy and ensure that “Requires acceptance” is set to true | Sanity is updated accordingly |
Return to the PLK ES app and browse to any page | Nothing happens |
Wait for 1 hour. Return to the PLK ES app and browse to any page | You are asked to review and agree to the new terms and conditions. You only options are to accept or to sign out. |
Scenario 5: update terms & conditions
Steps | Expected results |
---|---|
Using Sanity, update the Terms & Conditions and ensure that “Requires acceptance” is set to false | Sanity is updated accordingly |
Sign in to PLK ES | Home page loads normally |
Check your email address | You have received an email from PLK ES informing that their T&C has been updated |
Design
Figma design here: [insert link]
Development
Existing Behavior
No user agreements are stored. See tech details in /wiki/spaces/IN/pages/4044391349 . He/she only accepts it in sign-up process. After that, he/she uses the app normally.
Success Metrics
Increase compliance of users. Metrics should rely on the required acceptance document info that is stored in database for each user.
Potential Challenges
Existent customers. They have no stored user agreement. Some of them may be old, some of them are new. For all, app must check if it is consistent and apply privacy policy terms.
Solution
Sanity:
We should enhance sanity configuration to enable requiredAcceptance flag for each document (static page)
Marketing Content
Static Page
requiredAcceptance : bool ( default is false)
Repo: https://github.com/rbilabs/rbi-whitelabel-cms
Reason: That’s the place where it’s is used to configure this static page shown in the sign-up flow. Besides, there’s the possibility to retrieve the updateAt attribute, so that we can use it to take the decision to display new privacy policy to the customer or not.
Whitelabel:
Sign-up of users must enforce user acceptance of the latest politics of privacy (configuration).
Terms of loyalty and terms and conditions aren’t mandatory (configuration).
New user data must be saved into dynamodb
aws-rbi-<env>-brand. E.g.: aws-rbi-dev-plk
pk: user cognito pk
sk: v0_User
details
requiredAcceptanceDocumentInfo ( Id, updateAt)
Sign-in / Home
Home loading
Call service to check whether user has up-to-date
Get latest Sanity requiredAcceptanceDocumentInfo(s) (Id, UpdateAt) → Check first in cache
If applicable, store in cache.
Get dynamodb customer requiredAcceptanceDocumentInfo(s) (Id, UpdateAt) → Check first in cache
If applicable, store in cache.
For each sanity required acceptance document, verify if there’s a corresponding entry for the retrieved customer accepted documents → compare using id
If dynamodb customer document UpdatedAt >= Sanity document UpdatedAt
Enables home and user access
Otherwise
Blocks user access.
Renders new UI - Forces user to either:
- accept latest required document → We can retrieve this info via
IStaticPage
.Widgets- signout.
- Optionally, propose user to accept receiving emails.
----> impact when fetching user data to read promotionalEmails flag / call set-user-attributes.ts (mParticle) - To handle it in a separate User Story.
If user accepts latest required document, then it should call a service to update user requiredAcceptanceDocumentInfo(s) (Id, UpdateAt) ( function updateMe? ) and enable user access
Note: Another tool can send only emails to inform the user in such cases, but this is not in the scope of this epic. Maybe enhancing mParticle events should be considered for that.
Repo : https://github.com/rbilabs/intl-whitelabel-app
Reference Materials & Links
Reference material is in the page attachments
Sequence diagrams:
0 Comments