Skip to main content

Collection Point

Manage Data Collection Points with JIT Notices

The Collection Point Module in Open Source SAHAJ enables organizations to define, configure, and manage all points of personal data collection.

A Collection Point refers to any place where personal data is collected from Data Principals, such as:

  • Registration or signup pages.
  • Loan or application forms.
  • Contact Us pages.
  • Careers or recruitment pages.
  • In-store kiosks, connected TV apps, or point-of-sale terminals.

This module helps you deploy Just-In-Time (JIT) Notices at the moment of data collection to ensure DPDPA compliance and user transparency.

Problem Statement

Organizations often have multiple data collection points across their customer journey. Challenges include:

  • Inconsistent Notices: Different pages or apps show different or outdated notices.
  • Compliance Gaps: Users may not be informed about purpose or rights at the time of data collection.
  • Fragmented Management: Hard to track which consent purposes and data elements are associated with each collection point.
  • Multi-Channel Complexity: Web, mobile, connected devices, and offline touchpoints require consistent, compliant notices.

Without centralized control, Data Fiduciaries risk violating DPDPA’s transparency and informed consent requirements.

How the Module Helps

FeatureBenefit
Centralized Collection Point RegistryMaintain a single inventory of all PII collection points across web, mobile, in-store, and connected devices.
JIT Notices (Just-In-Time)Show contextual privacy notices right when personal data is collected, improving transparency and trust.
Multi-Channel DeploymentDeploy notices on websites, mobile apps, connected TVs, kiosks, or point-of-sale systems.
Consent Purpose LinkingAssociate each collection point with data elements and consent purposes for compliance and auditing.
BRD-CMS ComplianceFully aligned with SAHAJ’s consent lifecycle and audit requirements.

Key Functionalities in Detail

1. Define Collection Points

  • Add each collection point (page, form, screen, kiosk) via dashboard or API.
  • Capture attributes such as:
    • Collection Point Name.
    • Channel/Device Type (Web, Mobile, Connected TV, POS).
    • Linked Data Elements.
    • Linked Consent Purposes.
    • Notice Language and Content.

2. Configure JIT Notices

  • Create customized Just-In-Time notices displayed at the exact moment PII is collected.
  • Include:
    • Purpose of data collection.
    • Data elements collected.
    • User rights under DPDPA.
    • Retention and withdrawal policies.
  • Support dynamic rendering (pop-ups, banners, modals, tooltips) tailored to device type.

3. Multi-Channel Support

  • Seamlessly deploy notices across:
    • Web pages and portals.
    • Mobile apps (iOS and Android).
    • Connected TVs or OTT apps.
    • Point-of-sale or in-store kiosks.
  • Provide a consistent user experience regardless of channel.
  • Link each collection point to:
    • Specific consent purposes from the Purpose Management Module.
    • Relevant data elements from the Data Element Module.
  • Ensure each data capture aligns with approved purposes and consent flows.

5. Audit & Reporting

  • Track:
    • When and where notices were shown.
    • Which purposes were linked to each collection point.
    • User interactions and consent outcomes.
  • Generate reports for compliance, internal review, or regulatory audits.

Implementation Flow

  1. Identify Collection Points:

    • Map all current and planned data collection points across your customer journey.

  2. Configure in Module:

    • Add each collection point via dashboard or API.
    • Assign linked data elements and consent purposes.

  3. Create JIT Notices:

    • Draft clear, concise notices for each collection point.
    • Translate notices into required languages for inclusivity.

  4. Deploy Notices Across Channels:

    • Use SAHAJ’s SDK, APIs, or integration scripts to render JIT notices on web, mobile, or connected devices.

  5. Monitor and Audit:

    • View dashboards showing active collection points, notices, and consent outcomes.
    • Export audit logs when needed.

Privacy & Compliance Features

  • Contextual Transparency: Ensure users know what data is collected and why — right at the point of interaction.
  • Granular Consent: Collect consent separately for each purpose associated with a collection point.
  • Multi-Language Support: Provide notices in languages listed in the Eighth Schedule of the Indian Constitution.
  • Immutable Logs: Record notice presentation and consent interactions for audit readiness.
  • Role-Based Access Control: Allow privacy teams and DPOs to manage notices without developer intervention.

Best Practices for Using the Module

  • Map your entire customer journey and identify all PII collection points.
  • Use JIT notices instead of blanket notices to improve user comprehension and consent quality.
  • Always link collection points to approved consent purposes and data elements.
  • Review and update notices regularly to keep them aligned with changes in processing purposes or legal requirements.
  • Test notices on all channels and devices to ensure consistency and accessibility.