Change guest email address
Purpose of this document
To comply with GDRP regulations, we need to allow our guests to delete or update their data when they request to do so. Currently, guests can delete their data directly via the app, and they can update some of their data, but not their email address. This document explains how to deal with requests to update a guest’s email address.
Scenarios
The process below covers the following scenarios:
Guest would like to update the email address associated with their account
Guest has two accounts and would like to keep just one
In both scenarios, the process consists of transferring loyalty points to the new/desired account and deleting the old account.
Process
Explain the process to the guest, which consists of:
In scenario 1) creating a new account, transferring loyalty points over and deleting the old one
In scenario 2) transferring loyalty points over and deleting the old one
Ask the guest to confirm, in writing via email (to an email address that the Support Agent can access), that they would like to change their email address. The request must come from their old email address and indicate the desired email address
If guests do not have access to their old email address, we need to inform them that we cannot complete their request to change an email address. This is to avoid a fraud scenario where someone who does not own the old email address transfers that person’s loyalty points to their own account.
3. If scenario 1), ask the guest to create a new account with their desired email address
4. Once the steps above is done, transfer loyalty points (if any) by deducting from the old account and issuing on the new one:
5. Using One Trust, delete the guest’s old account. This will result in an email being sent to the guest, where they need to confirm they wish to go ahead with account deletion.
Using One Trust means the guest account is deleted in Dynamo, mParticle, Braze, Amplitude. Note that the account does not get deleted immediately after the guest confirms. The amount of time taken to delete the user account depends on the One Trust configuration settings for each provider (AWS, mParticle, Braze and Amplitude).