PANCHAM Privacy Policy

About PANCHAM

PANCHAM, Panchayat Assistance and Messaging Chatbot have been developed by the Ministry of Panchayati Raj (MoPR) in collaboration with UNICEF. Its purpose is simple and citizen-focused:

Share verified government information quickly and clearly with rural communities.
Empower citizens and Panchayat functionaries by improving access to schemes, policies, and updates.
Promote transparency and participation in local governance.
Supporting national priorities such as Sustainable Development Goals (SDGs) and decentralized governance.

The platform is intended for field functionaries and citizens to access verified information and provide feedback or queries related to Panchayati Raj initiatives.

PANCHAM uses secure and trusted messaging channels to ensure information reaches you safely while protecting your privacy.

1. Introduction

This Privacy Policy (“Policy”) explains how PANCHAM (“Platform”, “MoPR”, “UNICEF”) collects, uses, and safeguards your personal data when you interact with our services.

We are committed to safeguarding your privacy and ensuring that your personal data is processed lawfully, fairly, and transparently in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA).

By using PANCHAM, you agree to the terms of this policy and consent to the lawful collection and processing of your personal data as described herein.

2. Definitions

For the purpose of this Privacy Policy, the following terms shall have the meanings assigned below:

Anonymization: It is the process of irreversibly transforming personal data in such a way that the individual to whom the data relates cannot be identified, directly or indirectly, by any means reasonably likely to be used.
Child: An individual who has not completed the age of eighteen years.
Consent: A clear, informed, specific, and voluntary indication by the Data Principal to allow processing of their personal data for a defined purpose.
Data: means a representation of information, facts, concepts, opinions or instructions in a manner suitable for communication, interpretation or processing by human beings or by automated means.
Data Breach: Any unauthorized processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction, or loss of access to personal data that compromises its confidentiality, integrity, or availability.
Data Principal: The individual to whom the personal data relates and where such individual is: (i) a child, includes the parents or lawful guardian of such a child; (ii) a person with disability, includes their lawful guardian acting on their behalf.
Data Processor: Any person or organization that processes personal data on behalf of a Data Fiduciary.
Grievance Officer: An officer appointed by the Data Fiduciary to redress grievances of Data Principals in relation to the processing of their personal data.
Personal Data: Any data about an individual who is identifiable by or in relation to such data. This includes name, mobile number, or any information shared with the chatbot.
Processing: Any operation performed on personal data, wholly or partly automated, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure, or destruction.
Personal Data: Any data about an individual who is identifiable by or in relation to such data. This includes your name, mobile number, or any information shared with the chatbot.
Data Fiduciary: Any person or entity that alone or in conjunction with others determines the purpose and means of processing personal data.
Data Protection Officer: An individual appointed by the Data Fiduciary who is responsible for overseeing compliance with applicable data protection laws, addressing grievances of Data Principals, and acting as the primary point of contact for data protection related matters.

Note: Except for the term “Anonymization”, all other definitions in this policy are adapted from the DPDP Act 2023

For the purposes of the Digital Personal Data Protection Act, 2023, the Ministry of Panchayati Raj (MoPR), Government of India, is the Data Fiduciary responsible for determining the purpose and means of processing of personal data under the PANCHAM platform. UNICEF and other authorized technology and service partners engaged for platform development, hosting, messaging, analytics, or system integration act as Data Processors, processing personal data solely on behalf of and under the instructions of the Data Fiduciary, in accordance with applicable laws and contractual obligations.

3. Scope

This Privacy Policy applies to personal data collected directly from individuals through the PANCHAM chatbot and its official communication channels. It explains how we collect, use, and process personal data when you interact with the platform for accessing information, submitting queries, or participating in awareness campaigns.

4. Information We Collect

We collect only the personal data that is necessary to provide services and enable communication through the PANCHAM chatbot. The type of data collected depends on who you are:

Field Functionaries

Categories of Personal Data	Data Elements
Identification Information	Name, Gender
Contact Information	Mobile Number, Email Address
Organizational Information	State, Zila Parishad (ZP) Name, Block Panchayat (BP), Gram Panchayat (GP), Name, ZP code, BP Code, GP code, Organization, Designation
Communication Metadata	Message timestamps, Delivery/read, Location
Preferences	Language preferences

Citizens

Categories of Personal Data	Data Elements
Contact Information	Mobile Number
Interaction Data	Messages, responses, and feedback shared during chatbot engagement
Communication Metadata	Message timestamps, Delivery/read, Location
Preferences	Language preferences

Note: PANCHAM does not access your phone’s contacts lists, media files, or stored documents.

5. Source of Personal Data

PANCHAM collects personal data only from authorized and trusted sources to ensure accuracy and security:

Field Functionary Data: Details provided by the Ministry of Panchayati Raj (MoPR) for onboarding on the PANCHAM chatbot.
Government System Integrations: Updates received through authorized APIs such as eGramSwaraj for maintaining accurate contact information of Field Functionary
Chatbot Interactions: Information you voluntarily share during conversations, such as queries, responses, and feedback.
Citizen Access Points: Citizens reach PANCHAM through official links or QR codes shared by the Ministry. These links only direct you to the platform, they do not collect any personal data themselves.

These sources enable PANCHAM to function effectively and support its communication and engagement objectives.

6. Purpose of Processing

Personal data collected through the PANCHAM is processed only for legitimate and limited purposes, including:

Purpose of Processing	Data Elements Processed	Explanation / Why Needed
Information Dissemination (Awareness messages, program updates, guidance from MoPR)	Name, Mobile Number, Language Preference, State, ZP/BP details, State, Zila Parishad (ZP), Gram Panchayat (GP), GP code, Organization, Designation (for field functionaries)	To deliver relevant informational messages and updates, including verified awareness content, program announcements, and actionable guidance from the Ministry of Panchayati Raj to Field Functionaries and Citizens in rural areas.
Service Support & Delivery (Facilitating digital communication and access to government programs)	Name, Mobile Number, Interaction Data (queries, messages)	To Facilitate digital communication, assistance, and access to government programs so you can make informed decisions and avail services.
Engagement & Feedback Collection (Two-way communication for governance improvement)	Messages/Responses, Feedback, Language Preference, Location Metadata	To enabling two-way communication by collecting queries, suggestions and feedback from you to improve Panchayati initiatives and governance practices.
Transparency & Empowerment (Promoting openness and enabling citizen participation)	Interaction Data, Basic Identification Data (Name, Mobile Number)	To promote transparent governance, encourage participation, and empower users with accurate information to engage effectively in local decision-making.
Performance Monitoring & Improvement (Campaign reach, analytics, engagement evaluation)	Message timestamps, Delivery/Read receipts, Location Metadata, Non-sensitive identifiers (Name, Gender, Location)	To measure engagement, track participation trends, and analyse service usage for improving communication quality and strengthening program delivery.

We do not use personal data for advertising, marketing, or commercial purposes. All insights, analytics, and metrics are generated only in aggregated and anonymized form to protect your privacy.

7. Lawful Basis of Processing

PANCHAM processes personal data in accordance with the lawful bases established under the Digital Personal Data Protection Act, 2023, including:

Consent: You give consent when you start interacting with the PANCHAM chatbot after being informed about its purpose and data practices.
Public Interest: In certain cases, processing may be carried out for public interest purposes aligned with the Ministry of Panchayati Raj’s mandate for citizen outreach, awareness, and governance improvement.

You may withdraw consent at any time by sending “STOP” or “UNSUBSCRIBE” to the chatbot. Upon withdrawal, personal data will be deleted or anonymized unless retention is required by law for audit, reporting, or compliance purposes.

9. Data Retention

PANCHAM retains personal data only for the period necessary to fulfil the purposes for which it is collected and in compliance with the storage limitation principle under the Digital Personal Data Protection Act, 2023.

Chatbot interaction data is retained for the duration of the relevant campaign, programme, or operational requirement, and thereafter securely deleted or anonymized.
Feedback and analytics data is anonymized prior to analysis and deleted after completion of reporting and evaluation activities.
Legal or compliance-related data is retained only for such period as may be required under applicable laws or directions of competent authorities.

Upon expiry of the applicable retention period, personal data is securely erased or anonymized.

All retention and deletion activities follow the storage limitation principle of the Digital Personal Data Protection Act, 2023

10. Security of Personal Data

PANCHAM uses strong security measures to protect your personal data, in line with the Digital Personal Data Protection Act, 2023 and industry best practices. These include but not limited to:

Data Encryption: Personal data is encrypted during storage and transmission using strong protocols to ensure confidentiality and integrity.
Secure Hosting: Data is hosted on a secure, government-approved cloud infrastructure within India to ensure compliance with local regulations.
Access Controls: Role-based access controls restrict data access to authorized personnel only.
Multi-Factor Authentication (MFA): Enabled for all administrative and privileged accounts.
Continuous Monitoring: Threat detection and logging tools are implemented to identify and mitigate risks
Regular Audits: Scheduled security reviews and compliance checks

Note: These measures follow MoPR and UNICEF security standards. While we take all reasonable precautions, please remember that no digital system is completely risk-free

11. Data Breach Management

In the event of a personal data breach, PANCHAM will act promptly and responsibly to protect the rights of data principals:

Assessment & Reporting
- Any suspected or confirmed personal data breach will be immediately assessed to determine its nature, scope, and potential impact.
- Initial Notification: PANCHAM will notify the Data Protection Board of India (DPB) without undue delay upon becoming aware of the breach
- Detailed Notification: A subsequent notification with full details of the breach, including affected data and mitigation measures, will also be provided to the Data Protection Board of India (DPB) within 72 hours.
Notifications to Data Principals
If the breach is likely to cause harm to your personal data, privacy or rights, PANCHAM will notify you without undue delay, providing details of the breach and steps you may take to protect yourself.
Mitigation Measures:
PANCHAM will take immediate corrective and preventive actions to mitigate the impact, limit exposure, and prevent recurrence.

12. User Rights

As a Data Principal, you have the following rights under the Digital Personal Data Protection Act, 2023:

Right to Access: You can confirm if your personal data is being processed and get a summary, including details of any sharing.
Right to Correction & Erasure: You can ask us to correct inaccurate data or delete it when it is no longer needed or if you withdraw consent.
Right to Grievance Redressal: You can file a complaint if you believe your data is misused or processed without authorization.
Right to Nominate: You can appoint someone to exercise your rights in case of death or incapacity.

You can email your request to pancham.mopr@nic.in. We will respond within the timelines prescribed under the Digital Personal Data Protection Act, 2023.

13. Children’s Data

PANCHAM is intended exclusively for individuals who are 18 years of age or older. The platform does not knowingly solicit or process personal data of children.

Users are deemed to have self-declared that they meet the minimum age requirement while accessing or interacting with the platform. In the event that personal data of a child is inadvertently collected, such data shall be promptly deleted upon identification, and no further processing shall be undertaken.

14. Cross-Border Data Transfers

All personal data collected through the PANCHAM is stored, processed and managed within India on secure, government-approved infrastructure.

Where cross-border transfer of personal data becomes necessary for technical or operational reasons, such transfer shall be undertaken only to countries or territories notified by the Central Government under Section 16 of the Digital Personal Data Protection Act, 2023, and subject to appropriate contractual and technical safeguards.

15. Grievance Redressal

If you have any concerns, questions, or complaints about how your personal data is being used, you can contact our Grievance Officer:

Name: [To be finalized with MoPR]
Email: pancham.mopr@nic.in
Response Time: Within 90 calendar days from receipt of the grievance.

If you are not satisfied with the resolution provided by the grievance officer, you have the right to appeal to the Data Protection Board of India, in accordance with DPDP Act 2023.

16. Policy Updates

PANCHAM may update or revise this Privacy Policy to reflect changes in law, operational practices, or security measures.

Whenever updates are made:

We will inform you through the PANCHAM chatbot.
You are encouraged to review this policy periodically to stay aware of how your data is protected.

Our goal is to keep you always informed and maintain transparency.

17. Acknowledgment

By using the PANCHAM chatbot, you confirm that you have read and understood this Privacy Policy and agree to the lawful collection, use, and processing of your personal data as described here, in compliance with the Digital Personal Data Protection Act, 2023.