Effective Date: 24th October 2025

1. Introduction

Welcome to OffBIM, a web-based tool for converting IFC (Industry Foundation Classes) files to manufacturing-ready formats. This service is operated by Rita Baltasar, trading as OffBIM. This Privacy Policy explains how your data is collected, used, and protected when you use this service. By using OffBIM, you agree to the terms of this Privacy Policy.

2. Data Controller

The data controller for this service is:

• Name: Rita Baltasar
• Trading as: OffBIM
• Email: [email protected]
• Location: United Kingdom

3. Data We Collect

We collect the following types of data:

• Account Information: When you create an account, we collect your username and password (encrypted). No email address is required for basic accounts.
• Uploaded Files: The IFC files you upload are processed on our server to perform analysis and conversion. These files are stored temporarily in a secure folder and are automatically deleted after processing or after 30 days, whichever comes first.
• Usage Data: We automatically collect anonymous technical information including IP addresses, browser types, timestamps, file processing statistics (file size, element counts, export formats chosen, processing duration), and error logs. This data is used for monitoring server performance, ensuring security, and improving the service.
• Cookies: We use essential cookies to maintain your login session and improve user experience. You can control cookie settings through your browser.

4. How We Use Your Data

The data we collect is used for the following purposes:

• To provide and improve the functionality of the OffBIM tool.
• To process your IFC files and generate the requested output formats (STEP, STL, OBJ).
• To maintain the security and performance of the service.
• To communicate with users regarding technical support when requested.
• To analyze usage patterns (in anonymized/aggregated form only) to improve the service.
• Until 3rd November 2025: Anonymized technical usage data (such as processing times, file types, element counts, export formats, and error rates) may be analyzed and included in aggregated form in academic research. No personal information, file contents, or identifiable data is used for research purposes. All research data is fully anonymized before analysis.

Legal Basis: We process your data based on (1) contract performance (providing the service you requested), (2) legitimate interests (improving and securing our service), (3) public interest (academic research using anonymized data only, until 3rd November 2025), and (4) your consent where applicable.

5. Data Sharing and Academic Use

General Data Sharing: We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data only in the following limited circumstances:

• Service Providers: We use trusted third-party services for hosting (DigitalOcean) and infrastructure. These providers are GDPR-compliant and process data only as instructed by us.
• Legal Requirements: We may disclose information if required by law, court order, or to protect our legal rights.

Academic Research Use (Until 3rd November 2025 Only):

• Anonymized and aggregated technical usage data (e.g., "85% of users export to STEP format" or "average processing time is 12 seconds") may be included in PhD research, publications, or academic presentations.
• What is NOT shared: Personal information, usernames, IP addresses, uploaded file contents, file names, or any identifiable information.
• What MAY be shared (anonymized only): Statistical patterns such as file types processed, element counts, export format preferences, processing performance metrics, and error rates.
• After 3rd November 2025: The research period will be complete.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encrypted password storage
• Secure HTTPS connections
• Regular security updates
• Restricted access to servers
• Automatic deletion of uploaded files
• Anonymization of any data used for research purposes

However, no data transmission over the internet is entirely secure, and we cannot guarantee absolute security.

7. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Correct any inaccuracies in your personal data.
• Right to Erasure: Request deletion of your personal data (includes deletion of your account and all associated files).
• Right to Restrict Processing: Request limitation of how we process your data.
• Right to Data Portability: Receive your data in a machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for research purposes.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Right to Object to Research Use: If you do not wish your anonymized usage data to be included in academic research (until 3rd November 2025), please contact us and we will exclude your data from any research analysis.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: www.ico.org.uk

8. Data Retention

We retain data for the following periods:

• Account Data: Until you request account deletion.
• Uploaded IFC Files: Automatically deleted after 2 hours.
• Exported Files (STEP, STL, OBJ): Automatically deleted after 2 hours.
• Server Logs: Maximum 90 days for security purposes.
• Anonymized Research Data: Aggregated statistics (no personal information) may be retained as part of academic research records in accordance with university research data retention policies. Individual usage cannot be identified from this aggregated data.

You can request immediate deletion of your identifiable data at any time by contacting us.

9. Children's Privacy

OffBIM is intended for professional and commercial use. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have collected data from a child under 16, we will delete it immediately.

10. International Data Transfers

Our servers are located in the United Kingdom. If you access OffBIM from outside the UK, your data will be transferred to and processed in the UK, which maintains GDPR-equivalent data protection standards.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify users of significant changes by posting a notice on the platform. The "Effective Date" at the top of this policy indicates when it was last updated.

Note: This policy will be updated if there are any changes to how we collect or use data.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: [email protected]

← Back to Main Page