Privacy Policy

Obi respects your right to the privacy and confidentiality of your personal information. This policy sets out the obligations of Obi as a data controller regarding data protection and the rights of data subjects when you visit this website or interact with Obi online dealing with personal information, in order to ensure that Obi complies with the requirements of the General Data Protection Regulation (the “GDPR”) and the Data Protection Acts 1988 to 2018, (the “Acts”). It also outlines your rights as a data subject with respect to personal data Obi may process if we provide our services to you.

This privacy statement will give you a better understanding of:

  • What information we collect;
  • How we use that information;
  • Your rights under the General Data Protection Regulation;
  • How we protect your Data;
  • How this information is shared.

We will not collect any personal information about you on this website without your consent. Any personal information which you volunteer to us will be treated with the highest standards of data security and confidentiality. By visiting our website, you are accepting the terms of this website privacy policy.
This website contains external links to other websites, Obi is not held responsible for the privacy policies of other websites.

Who are we?

Obi is a provider of software to the construction industry, which is focused on helping companies manage and optimise their construction projects.

Where Obi offers software products to a client, Obi will act as a data processor for the personal data it may process on behalf of its clients. The data controller of personal data collected through our software products is the Obi client who has purchased our software.

What type of information do we collect and how do we use it?

To allow us to provide our services as data controller, we collect and process various categories of personal information as set out in the table below. We will use your information (personal or otherwise) for the purpose for which you have provided it and to respond to you if required. Some of the data we collect is used in aggregate form (and therefore anonymously) to monitor the use of our website and to research our user’s behaviour, demographics and interests.


Purpose of Processing Categories of personal data Legal Basis
Facilitate efficient communication (e.g. web forms, system demo requests etc.) Name, contact details such as email, phone, and other information as provided by you GDPR Article 6 (1) (a): consent
Maintain and improve the website Cookies, IP addresses, browser details, Operating System GDPR Article 6 (1) (a): consent
Fraud prevention Cookies GDPR Article 6 (1) (a): consent
Facilitate job applications Name, Contact details (email, phone number), CV, cover letter GDPR Article 6 (1) (a): consent
Services and SAAS
Contractual agreement for services Name, contact details, business details GDPR Article 6 (1) (b): contract
Provide access to our software products Name, email, telephone, project role, professional qualifications, company name GDPR Article 6 (1) (b): contract
Manage and deliver the software products to our users Audit trail of a user’s system usage (access, files downloaded, areas accessed), geo location GDPR Article 6 (1) (b): contract
Issue approvals, certifications and process approvals Name, signature, project role, company GDPR Article 6 (1) (b): contract
Compliance with legal and regulatory obligations Contract details, certifications, communications relating to projects GDPR Article 6 (1) (b): contract

GDPR Article 6 (1) (c): legal obligations

Health and Safety on sites (if used) Name, contact info, company, role, health issue, summary of data GDPR Article 9 (2) (a): consent

How do you keep my data secure?

Obi is fully committed to ensuring that your information is secure with us and with the third parties who act on our behalf. We have a number of security precautions in place to prevent the loss, misuse or alteration of your information. All employees working for Obi have a legal duty to keep information about you confidential and staff are trained in information security and confidentiality. Obi has information security policies and procedures in place to ensure that information about you is safe, whether it is held in paper or electronic format.

As the security of communications via the internet is not completely secure, we cannot guarantee the security of any information that you disclose using your internet connection. You accept the inherent security implications of using the internet. We will not accept liability for any direct, consequential, incidental, indirect, or punitive losses or damages arising from your use of online communications.

How long do we hold onto your personal data?

Obi will retain your information for as long as necessary to provide you with services, and to comply with our legal and regulatory obligations. We are committed to protecting your personal data to the very best of our ability and take the appropriate steps to do in collecting, storing and destroying your data.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow it) that lets the sites or service providers’ systems to recognise your browser and capture and remember certain information. You can control which cookies are set through our cookie consent tool when you visit our website for the first time

This website uses the following cookies:

Google Analytics

Storing user preferences

If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly.

Consent to the use of cookies.

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: referred to as CookieFirst.

When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Server log files

Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:

  • Your consent status or the withdrawal of consent
  • Your anonymised IP address
  • Information about your Browser
  • Information about your Device
  • The date and time you have visited our website
  • The webpage url where you saved or updated your consent preferences
  • The approximate location of the user that saved their consent preference
  • A universally unique identifier (UUID) of the website visitor that clicked the cookie banner


Do we disclose any information to outside parties?

We only disclose personal data provided by you to external third parties in connection with specific purposes and compliance. Specifically for this website we may share your data with third parties who provide technical support on this website. It is not used in any other way, other than described in this policy or as required by law, unless you agree. We do not sell, trade, or otherwise transfer your personal data to outside parties. We do not send your data outside of the European Economic Area except for projects in which we are processing data outside of the EEA specifically at the request of the client.

We reserve the right to share your personal information if we are legally obliged to.
Non-personally identifiable visitor information may be provided to other parties for reporting and statistical purposes. For example, we may disclose the total number of visits to our website.

Users 16 years and under

If you are aged 16 or under, you MUST obtain your parent/guardian’s permission beforehand whenever you provide personal information to our website. Users without this consent are not allowed to provide us with personal information.

What are your rights under GDPR as a data subject?

Under the General Data Protection Regulation, you, as a data subject have a number of rights which are detailed below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.

  • Access to personal data: you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
  • Correction of personal data:  you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
  • Right to withdraw consent:  Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent.
  • Right of erasure: you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
  • Right to data portability:  you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.
  • Right to restrict processing of personal data: you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
  • Right to object to processing of personal data: You have the right to object to our use of your personal data which is processed on the basis of our legitimate interests. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claims.

Some of these rights only apply in certain circumstances; they are not guaranteed or an absolute right. Please contact our team if you have any questions or concerns about your rights. If you make a request, we have one month to respond to you.

If you have any cause for complaint about our use of your personal information, please contact us and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with Ireland’s supervisory authority, the Data Protection Commission:

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.

Changes to our privacy policy

We reserve the right to make changes to our privacy policy at any time without prior consultation; these changes will be posted on this page together with the privacy policy revision date.

Contacting us.
If there are any questions regarding this Privacy Policy, you may contact us using the information below.