info@khadimenampally.org +91 7416621522
Khadim E Nampally Logo Khadim E Nampally

Privacy Policy

Effective Date: 12-02-2026

PRIVACY POLICY

Effective Date: 12-02-2026

Last Updated: 12-02-2026

Operated By: Khadim E Nampally Foundation (Hereinafter referred to as the “NGO”, “We”, “Us”, or “Our”)

Registration Details: Khadim E Nampally Foundation is a registered society under the Telangana Societies Registration Act, 2001. Society Registration Number: 67 OF 2026 NGO DARPAN ID: TS/2026/1023363 MSME Registration Number: UDYAM-TS-02-0325483 GST Number: 36AAQAK2662K1Z4

Registered Office Address: 10-5-200/A 1st Lancer , Ahmed Nagar , nampally hyderabad telangana india

Platform Scope: Governs the website www.khadimenampally.org and the “Citizen Grievance Support” Mobile Application (available on Google Play Store and Apple App Store) and official WhatsApp Business API conversational channels.

PREAMBLE & NON-GOVERNMENTAL DISCLAIMER

Khadim E Nampally Foundation is a registered non-governmental, non-profit, public-benefit organization operating in Telangana, India. We are NOT a government body, public department, or state authority. Our platforms and applications function strictly as an independent citizen support mechanism to facilitate, coordinate, and route public grievances to respective municipal, state, and central departments on behalf of citizens. All personal data collected through our platforms is processed strictly with user consent in accordance with the Digital Personal Data Protection (DPDP) Act, 2023, the Information Technology (IT) Act, 2000, and other applicable Indian laws.

1. Ground for Processing: Explicit, Informed Consent (DPDP Act 2023, Sections 5 & 6)

In terms of Section 6 of the Digital Personal Data Protection (DPDP) Act, 2023, we process your personal data strictly on the grounds of explicit, free, specific, informed, unconditional, and unambiguous consent granted by you through a clear, affirmative action.

  • Before we collect or process any personal data, you will be presented with a clear notice detailing the categories of data collected and the specific purpose of processing.
  • Your consent can be withdrawn at any time. The process of withdrawing consent is as simple as granting it and can be initiated directly through your in-app account settings or by emailing our designated Grievance Officer.

2. Personal Data We Collect

To facilitate the processing and resolution of citizen grievances, we collect the following categories of personal data:

A. Active Personal Information Provided by You:

  • Contact Information: Legal name, mobile phone number, email address, and residential/postal address.
  • Authentication Data: Mobile number verification via One-Time Password (OTP) and system-generated authentication tokens.
  • Grievance Description & Evidence: The detailed description of the grievance or local issue you wish to report, including geographic location details, municipal ward number, and any associated media uploads (such as photos, videos, or voice recordings of the civic issue).
  • Donor Information (if applicable): If you make voluntary donations to support our operations, we collect transaction reference numbers, PAN card numbers (required under the Income Tax Act for issuing Form 58G/80G certificates), and billing details. We do not store raw credit/debit card numbers or bank credentials; all transactions are routed through PCI-DSS secure third-party payment gateways.

B. Device and Technical Information Collected Automatically (Mobile & Web):

  • Geographic Location: Precise GPS coordinates (latitude and longitude) accessed only with your active runtime permission. This is necessary to pinpoint the exact location of civic grievances (e.g., open potholes, broken streetlights) for routing to municipal corporations.
  • Device Identifiers: Device Model, Operating System version, Unique Device IDs (IP Address, Hardware UUID), and application performance diagnostics (crash logs).
  • Usage Information: In-app page navigation logs, button clicks, search terms, and submission timestamps.

3. Strict Data Prohibitions

To ensure the highest standard of citizen data safety, we enforce the following restrictions:

  • No Aadhaar Storage: We do not collect or store your raw Aadhaar number unless explicitly mandated by a government welfare scheme routing process. In such rare instances, the Aadhaar details will be strictly masked (hiding the first 8 digits) and stored in an isolated, encrypted partition.
  • No Sensitive SPDI in Conversational Chats: You are strictly prohibited from sharing highly sensitive personal data—such as passwords, credit card numbers, CVVs, bank account PINs, or raw biometric data—over our WhatsApp API channel or public chat forums.

4. Purpose of Processing your Personal Data

We process your personal data strictly for the following lawful and specified purposes:

  • Grievance Registration and Verification: To authenticate your identity and officially register your civic grievance.
  • Public Authority Routing: To bundle, organize, and submit your registered civic grievance (including name, issue description, and precise location) to the respective municipal bodies, government departments, or public utilities in Telangana (such as GHMC, HMWS&SB, TSSPDCL, etc.) for administrative resolution.
  • Communication & Updates: To send you real-time updates, status notifications, and verification messages regarding your grievance through SMS, push notifications, emails, and official WhatsApp Business API threads.
  • Volunteer Coordination: To allow authorized NGO volunteers in your local area/ward to contact you and verify the grievance status.
  • Audit and Legal Compliance: To comply with statutory tax laws (for 80G receipts), maintain transparent non-profit transaction histories, and produce reports for NITI Aayog’s NGO Darpan.

5. Data Sharing and Third-Party Transfers

Your data privacy is paramount. We do not sell, trade, or rent citizen personal data to commercial third parties. We share your data only under the following restricted conditions:

  • With Government & Municipal Authorities: We share your grievance details, name, and contact details with relevant public authorities strictly to facilitate the resolution of the grievance you have filed.
  • With Secure Cloud Providers & Processors: We utilize secure, ISO 27001-certified Indian cloud servers (e.g., AWS Mumbai / Microsoft Azure India regions) to host databases and execute APIs under strict data processing agreements.
  • With Payment Gateways: For processing donation transactions, billing info is shared with RBI-authorized payment processors (e.g., Razorpay, Cashfree).
  • Legal Mandates: We may disclose data if legally required to do so under a court order, a warrant, or by law enforcement agencies acting under statutory provisions of the IT Act, 2000.

6. Localized Data Hosting (India Jurisdiction)

In compliance with the directives of the Ministry of Electronics and Information Technology (MeitY) and the DPDP Act 2023, all digital personal data of Indian citizens collected through our platforms is hosted and processed strictly on servers located within the geographical boundaries of India. No personal data is transferred or mirrored to foreign jurisdictions.

7. Data Security & Cybersecurity Directives (IT Act Section 43A)

We implement robust technical and organizational security controls designed to safeguard your personal data from unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Enforced Transport Layer Security (`HTTPS`/TLS 1.3) for all web and API traffic. Databases are encrypted at rest using AES-256 standards.
  • Access Controls: Role-Based Access Control (RBAC) restricts citizen grievance data strictly to authorized NGO grievance administrators and localized ward volunteers.
  • CERT-In 180-Day Log Retention: In strict compliance with the cybersecurity directions under Section 70B of the IT Act, 2000, we maintain complete system, network, database, and API access logs for a rolling historical window of 180 days.
  • Vulnerability Management: We undergo routine vulnerability scanning and patch management to maintain the integrity of our software platforms.

8. Data Deletion and Right to Erasure (DPDP Act Section 12)

You have complete control over the lifecycle of your personal data:

  • Right to Erasure (In-App Deletion): You can request the deletion of your account and personal data directly through the “Delete Account” option in the settings menu of our iOS/Android application, or by submitting an email request to our Grievance Officer.
  • Erasure Process: Upon receiving your deletion request, we will erase all personal data from our active databases within [X] business days.
  • Retention Exceptions: We will retain data only if required to comply with statutory legal mandates (such as auditing laws requiring us to keep domestic/foreign donation records for a specified period, or active criminal investigations).
  • Log Retention: Deleted user records will be scrubbed from active storage, but system transaction histories will persist within encrypted backup archives strictly until the expiration of the 180-day log mandate.

9. Children’s Personal Data (DPDP Act Section 9)

Our Grievance Support platform is intended for citizens who are legally capable of contracting in India.

  • We do not knowingly collect, process, track, or monitor the personal data of children under the age of 18.
  • If a minor wishes to file a civic grievance, it must be submitted under the active supervision and verifiable consent of a parent or legal guardian.
  • If we discover that a child’s data has been collected without verifiable parental consent, we will take immediate steps to permanently delete the data.

10. WhatsApp Business API Consent and Communications

To ensure seamless updates on your reported grievances, we utilize the official WhatsApp Business Platform.

  • Explicit Opt-in: We will send you WhatsApp messages only if you have actively checked the opt-in box on our registration forms: *”I agree to receive grievance updates and community announcements from [NGO Name] on WhatsApp.”*
  • Opt-out Control (“STOP”): You can opt-out of WhatsApp communications at any time. Simply reply with the word STOP to our official WhatsApp Business account. Our system will immediately unsubscribe your number and cease automated messaging.
  • No Commercial Ads: We will never send you unsolicited commercial advertisements, marketing materials, or spam via WhatsApp.

11. Your Rights as a Data Principal

Under Section 11, 12, and 13 of the DPDP Act 2023, you hold the following statutory rights:

  • Right to Access: Obtain a summary of the personal data being processed and the details of processing activities.
  • Right to Correction, Completion, and Amendment: Request updates or corrections to any inaccurate or incomplete personal details.
  • Right to Erasure: Request the permanent deletion of your personal data.
  • Right to Withdraw Consent: Cease future processing of your data by withdrawing your consent.
  • Right to Nominate: Nominate another individual to exercise your rights in the event of death or incapacity.
  • Right to Grievance Redressal: Access our internal grievance mechanism to resolve complaints before escalating to public boards.

12. Multi-Lingual Options & Notice Availability

In accordance with Section 5(3) of the DPDP Act, 2023, you have the right to access this Privacy Policy, our consent requests, and our notices in English as well as in other official regional languages of India. This document is officially translated and available on our platform in:

  • English
  • Telugu (తెలుగు)
  • Hindi (हिन्दी)

13. Contact Details of our Grievance Officer

If you have any questions about this Privacy Policy, wish to exercise your rights under the DPDP Act, or have a complaint regarding data handling, please contact our designated Grievance Officer immediately:

  • Name of Grievance Officer: Grievance Officer
  • Designation: Data Grievance Officer, Khadim E Nampally Foundation
  • Office Address: 10-5-200/A 1st Lancer , Ahmed Nagar , nampally hyderabad telangana india
  • Official Email Address: info@khadimenampally.org
  • Official Phone Number: +91 7416621522

Resolution Timeline: In compliance with the law, our Grievance Officer will acknowledge your grievance within 48 hours and resolve the matter within 30 days of receipt.