Privacy Policy

1. Who we are

Bodhi Global Analysis Ltd ("Bodhi", "we", "us", "our") is an international development research consultancy registered in England and Wales (company number 10918256). Our registered address is 85 Great Portland Street, First Floor, London W1W 7LT, United Kingdom.

We are the data controller for the personal data described in this policy. We operate through five entities: Bodhi Global Analysis Ltd (UK), Bodhi Europe BV (Netherlands), Bodhi Kenya Ltd, Bodhi Global Analysis Asia Pte Ltd (Singapore), and Bodhi Global Analysis Ltd (Tanzania). This policy applies to all five entities.

If you have questions about how we handle your data, or wish to exercise your rights, please contact us atinfo@bodhiglobalanalysis.com. Our Data Protection Lead is the Chief Operating Officer.

2. What this policy covers

This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have. It applies to:

• visitors to our website (bodhiglobalanalysis.com)
• people who participate in our research and evaluation activities
• clients and their representatives
• suppliers, partners, and consultants
• job applicants
• anyone else whose personal data we process

3. The personal data we collect

The types of personal data we collect depend on your relationship with us.

Website visitors

Our website does not use cookies or analytics tracking. We do not collect any personal data from you simply by visiting our website. If you contact us via the website (for example by email), we will process the personal data you provide in order to respond to your enquiry.

Research and evaluation participants

When you take part in our research, we may collect your name and contact details (for scheduling interviews or focus groups), demographic information (such as age, gender, location, and disability status), your views, opinions, and experiences as shared during interviews, focus group discussions, or surveys, and audio or video recordings of interviews or discussions (with your consent).

We collect this data on the basis of your informed consent, which you may withdraw at any time. In some cases, we may also process data on the basis of legitimate interest or where it is necessary for reasons of substantial public interest (for example, research conducted in the public interest under UK GDPR Article 6(1)(e) or EU GDPR Article 6(1)(e)).

Clients and their representatives

We collect the names, job titles, email addresses, and phone numbers of individuals we work with at client organisations. We collect this data as necessary for the performance of our contract with the client, or on the basis of legitimate interest.

Suppliers, partners, and consultants

We collect names, contact details, bank account information (for payment), passport details (where required for travel or payment processing), tax identification numbers, and professional qualifications. We collect this data as necessary for the performance of our contract with you, or to comply with legal obligations.

Job applicants

We collect application forms, CVs, covering letters, references, qualifications, interview notes, and assessment results. We collect this data on the basis of your consent and as necessary for steps prior to entering into a contract. Unsuccessful applicant data is retained for 12 months and then securely deleted.

4. How we use your data

We use personal data for the following purposes:

• to carry out research and evaluation projects on behalf of our clients
• to manage our contractual relationships with clients, suppliers, and consultants
• to process payments
• to respond to enquiries
• to recruit staff
• to comply with legal and regulatory obligations
• to maintain the security of our systems and premises
• to improve our services

We will only use your data for the purposes for which we collected it, or for a closely related purpose. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis for doing so.

5. Research data: how we protect participants

We take the protection of research participants seriously. The following safeguards apply to all our research and evaluation work.

Informed consent.We obtain informed consent from all research participants before data collection begins. Participants are told the purpose of the study, who is funding it, how their data will be used, and that they may withdraw at any time.

Anonymity and confidentiality.Participants are not named in our outputs unless they have given explicit permission. In group settings, participants are assigned numbers rather than names.

De-identification.Once data collection is complete, we separate personally identifiable information from research responses. Quantitative data is de-identified before analysis. We do not report results at a level of detail that could allow individual participants to be identified. Where GPS coordinates are collected, we apply random displacement to protect respondent locations.

Qualitative data.All identifying information (such as attendance sheets) is disconnected from interview transcripts. During analysis, we identify and redact any unintentionally identifying information before publication.

Right to withdraw.Participants may terminate an interview or withdraw from a group activity at any time, and may skip any question they do not wish to answer.

6. How we store and protect your data

We store personal data using a combination of cloud-based systems (including Google Workspace and our Bodhi Dashboard) and, for research data, secure survey platforms hosted on Amazon AWS servers. All data is protected by access controls, encryption in transit, and password protection. Our information security practices are certified to ISO 27001.

Quantitative survey data is collected on password-protected devices. Completed surveys are encrypted during transmission and wiped from the device after upload. Access to survey data is restricted to authorised personnel only.

Hard copy documents containing personal data are stored securely and destroyed when no longer needed.

7. Who we share your data with

We do not sell personal data to anyone.

We may share personal data with our clients (where required under our contract, for example to deliver research findings in anonymised or aggregated form), our sub-contractors and national consultants (where necessary for project delivery), professional advisors (such as lawyers and accountants), regulatory authorities (where required by law), and technology providers who process data on our behalf (such as Google, KoboCollect, and our hosting providers).

Where we share data with third-party processors, we ensure appropriate contractual safeguards are in place.

8. International transfers

Bodhi operates across the United Kingdom, the Netherlands, Kenya, Tanzania, and Singapore. We also use technology providers based in the United States (including Amazon AWS, which hosts survey data collected via KoboCollect).

Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office (ICO), or transfers to countries that have been assessed as providing an adequate level of data protection.

Where we transfer personal data outside the European Economic Area (EEA) from our Dutch entity, we rely on safeguards permitted under the EU GDPR, including standard contractual clauses approved by the European Commission or transfers to countries covered by an EU adequacy decision. The UK is currently recognised by the European Commission as providing an adequate level of data protection for transfers from the EEA.

9. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected. The following retention periods apply:

When data reaches the end of its retention period, it is securely deleted or anonymised.

10. Your rights

Under UK and EU data protection law, you have the following rights:

Right of access.You can ask us for a copy of the personal data we hold about you.

Right to rectification.You can ask us to correct any inaccurate or incomplete data.

Right to erasure.You can ask us to delete your personal data in certain circumstances.

Right to restrict processing.You can ask us to limit how we use your data in certain circumstances.

Right to data portability.You can ask us to provide your data in a structured, machine-readable format in certain circumstances.

Right to object.You can object to our processing of your data where we are relying on legitimate interest as our lawful basis.

Right to withdraw consent.Where we process your data on the basis of consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us atinfo@bodhiglobalanalysis.com. We will respond within one month. There is no fee for making a request, though we may charge a reasonable fee for requests that are manifestly unfounded or excessive.

11. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the relevant supervisory authority. We would appreciate the opportunity to address your concerns first, so please do get in touch with us.

12. Changes to this policy

We may update this policy from time to time. Any significant changes will be communicated via our website. This policy was last updated in April 2026.