Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Category

RBI Ower

RBIberia Ower

Additional Features

Priority

Feature

Carlos

Paula

Privacy & T&C Consent

1

Feature Explanation

When migrated user logs in for 1st time and t&c and priv policy not accepted, check box of t&c and privacy policy. These needs to be considered to be reused in the future for when terms and conditions get updated

Doubts and Comments

Complexity 1

(low) 5(high)

Who are the migrated users?
If you change the T&C, does the user have to accept it again?
Currently check how and where T&C acceptances are saved.

Raphael Ferreira Gomes please send email to Paula asking for the examples of what they have in mind as inspiration.

There are fields in Dynamo DB - Silva, Carlos to help

4

Problem Statement

Users signs-up once and NO agreement control is done. Whenever a new version of privacy policy is updated according to the brand, user doesn’t read it. The terms that he/she accepted becomes out-of-date causing missing compliance.

Existing Behavior

No user agreements are stored. See tech details in /wiki/spaces/IN/pages/4044391349 . He/she only accepts it in sign-up process. After that, he/she uses the app normally.

Success Metrics

Increase compliance of users. Metrics should rely on the required acceptance document info that is stored in database for each user.

Potential Challenges

Existent customers. They have no stored user agreement. Some of them may be old, some of them are new. For all, app must check if it is consistent and apply privacy policy terms.

Solution

  • Sanity:

    • We should enhance sanity configuration to enable requiredAcceptance flag for each document (static page)

      • Marketing Content

        • Static Page

          • requiredAcceptance : bool ( default is false)

Repo: https://github.com/rbilabs/rbi-whitelabel-cms

https://dev-plk-menu.es.rbi.tools/desk/marketingContent;staticPages;0e0d12e4-d6cd-4b0e-bc9e-0cfbd590c922

Reason: That’s the place where it’s is used to configure this static page shown in the sign-up flow. Besides, there’s the possibility to retrieve the updateAt attribute, so that we can use it to take the decision to display new privacy policy to the customer or not.

  • Whitelabel:

    • Sign-up of users must enforce user acceptance of the latest politics of privacy (configuration).

    • Terms of loyalty and terms and conditions aren’t mandatory (configuration).

      • New user data must be saved into dynamodb

        • aws-rbi-<env>-brand. E.g.: aws-rbi-dev-plk

          • pk: user cognito pk

          • sk: v0_User

          • details

            • requiredAcceptanceDocumentInfo ( Id, updateAt)

    • Sign-in / Home

      • Home loading

        • Call service to check whether user has up-to-date

          • Get latest Sanity requiredAcceptanceDocumentInfo(s) (Id, UpdateAt) → Check first in cache

            • If applicable, store in cache.

          • Get dynamodb customer requiredAcceptanceDocumentInfo(s) (Id, UpdateAt) → Check first in cache

            • If applicable, store in cache.

          • For each sanity required acceptance document, verify if there’s a corresponding entry for the retrieved customer accepted documents → compare using id

            • If dynamodb customer document UpdatedAt >= Sanity document UpdatedAt

            • Enables home and user access

          • Otherwise

            • Blocks user access.

            • Renders new UI - Forces user to either:

            • - accept latest required document → We can retrieve this info via IStaticPage.Widgets

            • - signout.

            • - Optionally, propose user to accept receiving emails.

            • ----> impact when fetching user data to read promotionalEmails flag / call set-user-attributes.ts (mParticle) - To handle it in a separate User Story.

          • If user accepts latest required document, then it should call a service to update user requiredAcceptanceDocumentInfo(s) (Id, UpdateAt) ( function updateMe? ) and enable user access

Note: Another tool can send only emails to inform the user in such cases, but this is not in the scope of this epic. Maybe enhancing mParticle events should be considered for that.

Repo : https://github.com/rbilabs/intl-whitelabel-app

Test cases

Note: these are high level test cases that must pass testing before we can release the feature. They should also be used to drive design. Note that we do not specify user interface details in these steps - that is deliberate, so that we focus on the process and not on the UI, since the UI can change throughout design and development.

Scenario 1: guest accepts agreements during sign up

Steps

Expected results

Open the PLK ES page and choose to register

Registration page appears. There is a section to accept all agreements, with a link to each of the agreements (Terms and Conditions, Privacy Policy, Loyalty Policy)

Guest fills in their personal information and accepts the agreements

Account is created.

Scenario 2: guest does not accept agreements during sign up

Steps

Expected results

Open the PLK ES page and choose to register

Registration page appears. There is a section to accept all agreements, with a link to each of the agreements (Terms and Conditions, Privacy Policy, Loyalty Policy)

Fill in your personal information and don’t accept the agreements.

Error message appears requesting guest to accept the agreements. No account is created until the terms are accepted.

Scenario 3: update Privacy Policy while user is signed out

Note: only updates to the privacy policy requires users to agree in the app . Updates to terms and conditions or loyalty policy don’t need acceptance and can be emailed instead.

Steps

Expected results

Using Sanity, update the Privacy Policy and ensure that “Requires acceptance” is set to true

Sanity is updated accordingly.

Sign in to PLK ES

[RFG] Ideally it should not be only in sign-in, since user can be signed-in for a long time. Not sure, if it’s possible to intercept every user request in the app, but a good step to verify it would be when landing Home.

You are asked to review and agree to the new privacy policy. You only options are to accept or to sign out.

[RFG] Displayed policy privacy text can be obtained from the last updated static page privacy-policy (sanity API).

Click/tap on the privacy policy link

The updated privacy policy opens on a separate window.

Scenario 4: update privacy policy while user is signed in

Steps

Expected results

Sign in to PLK ES

Home page loads normally

Using Sanity, update the Privacy Policy and ensure that “Requires acceptance” is set to true

Sanity is updated accordingly

Return to the PLK ES app and browse to any page

Nothing happens

Wait for 1 hour. Return to the PLK ES app and browse to any page

You are asked to review and agree to the new terms and conditions. You only options are to accept or to sign out.

Scenario 5: update terms & conditions

Steps

Expected results

Using Sanity, update the Terms & Conditions and ensure that “Requires acceptance” is set to false

Sanity is updated accordingly

Sign in to PLK ES

Home page loads normally

Check your email address

You have received an email from PLK ES informing that their T&C has been updated

  • No labels