preloader
News
Contact Us

PRIVACY NOTICE FOR OBM LIMITED (BERMUDA)

This privacy policy sets out how OBM Limited (“OBM”) uses and protects your personal data. OBM is committed to protecting your privacy in compliance with the Personal Information Protection Act 2016 (“PIPA”).

PRIVACY OFFICER

Piers Kermode is the Privacy Officer and is responsible for communicating with the Privacy Commissioner for Bermuda. The Privacy Officer is also responsible for the implementation and maintenance of this policy and ensuring that it is compliant with PIPA.

If you have any questions about this privacy policy, including any requests to exercise your legal rights please contact Piers using the information set out below:

 

Piers Kermode

pkermode@obmibermuda.com

+1 441 278 3569

 

WHAT IS PERSONAL INFORMATION?

For the purposes of this Privacy Policy, personal information is any information which may be used to identify an individual, whether directly or when used in conjunction with other information. We regularly assess the information that we collect and monitor the use to which it is put, to whom it has been disclosed and for what purpose. Personal information does not include publicly available, anonymous or non-personal information (i.e., information that cannot be used to identify a specific individual).

WHAT PERSONAL INFORMATION DO WE COLLECT?

We collect and process personal information necessary to provide our services, including but not limited to:

  • Contact Information including name, address, email and phone number.
  • Payment Details including billing address and payment methods.
  • Transaction Data including details about payments to and from you and other details of products and services you have purchased from us.
  • Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.
  • Physical Data including architectural plans and deeds for properties related to the services we are providing.

HOW DO WE USE YOUR PERSONAL INFORMATION?

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

  • Performance of a Contract With You: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate Interests: We may use your personal data where it is necessary to perform a task in the public interest or exercise of official authority vested in the organization or in a third party to whom the personal information is disclosed.
  • Legal Obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
  • Consent: You have provided us with your consent, where that consent can be reasonably demonstrated.

Your personal information may be used for the following purposes:

  • To meet our regulatory, legal and professional obligations;
  • To establish and manage our relationship with you;
  • To provide architectural and other such services;
  • To monitor and manage the performance of our business operations;
  • To manage conflicts of interest;
  • To analyse performance, and generate internal reports;
  • To assess risks including legal and financial risks;
  • To invoice and process payments;
  • To process applications for employment;
  • To engage in business transactions;
  • To prevent fraud;
  • To undertake network and information security activities; and
  • For any other purposes for which we have your consent, save where OBM or its third parties have a legitimate interest.

DISCLOSURE OF YOUR PERSONAL DATA

We may share your personal data where necessary with the parties set out below for the purposes set out above.

  • External Third Parties being Companies who we may use to be able to provide the Services as detailed in the Letter of Engagement.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
  • Regulatory Authorities if we are required by law or to comply with legal obligations.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

PIPA allows disclosure of personal information without your consent in certain circumstances which include but are not limited to;

  • The prevention and detection of crime and compliance with international obligations regarding the detection, investigation and prevention of crime;
  • The apprehension or prosecution of offenders;
  • The assessment or collection of any tax or duty;
  • The prevention, investigation, detection and prosecution of breaches of ethics for regulated professionals;
  • The economic and financial interest of Bermuda, including monetary, budgetary and taxation matters, compliance with international tax treaties and any monitoring, inspection or regulatory function exercised by official authorities for monetary, budgetary and taxation purposes in Bermuda;
  • During emergency situations or where necessary to protect the safety of a person or group of persons;
  • Where the personal information is publicly available; or
  • With your consent where such consent is required by law.

HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

HOW LONG IS YOUR PERSONAL INFORMATION RETAINED?

Except as otherwise permitted or required by applicable law or regulatory requirements, OBM endeavours to retain your personal information only for as long as it believes is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). We may, instead of destroying or erasing your personal information, make it anonymous such that it cannot be associated with or tracked back to you.

YOUR RIGHTS UNDER PIPA

Under PIPA, you have certain rights, including, the right to:

  • Request Access to Your Personal Data which enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request Correction of Your Personal Data which enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request Erasure of Your Personal Data which enabled you to ask us to erase or destroy personal data where that personal data is no longer relevant for the purposes of its use. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons.
  • Withdraw Consent which enables you to revoke your consent for specific uses of your information.
  • Request the Transfer of Your Personal Data to a Third Party, noting that this right only applies to automated information for which you initially provided consent for us to use or where we used the information to perform a contract with you.

To exercise the rights set out herein, please contact the Privacy Officer on the contact details provided above.

TIME LIMIT

We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

02.03.2026 [Version 1.0]