Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Optibase is a personalisation and A/B testing platform in the same category as Monetate or Optimizely. It uses a JavaScript snippet and first party cookies to assign variants, target audiences and measure experiment results.
Optibase is treated by Flowconsent under the personalisation category alongside vendors such as Monetate and Optimizely. It is a JavaScript based optimisation tool used to run A/B tests, deliver targeted experiences and measure their impact on key metrics. The script is embedded in the host site, evaluates targeting rules in the browser and reports exposure and conversion events to the vendor''s servers.
Optibase typically writes a first party cookie containing a visitor identifier and the variant assignment so the same experience is shown on subsequent visits. It also collects IP address, page URLs, referrer, device and browser metadata and the events that compose the conversion funnel. Because precise vendor details are not always public for this Optibase, controllers should audit the actual cookies and network calls before going live.
Personalisation cookies are not strictly necessary, so Article 5(3) of the ePrivacy Directive requires prior consent before they are placed. Choosing which content to show based on visitor attributes is profiling under Article 4(4) of the GDPR, and the appropriate legal basis is consent (Article 6(1)(a)). Transparency obligations under Articles 12 to 14 apply, and Article 7 sets the bar for valid consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Where Optibase hosts is not always documented, but most personalisation vendors process data outside the EEA. Treat any deployment as a third country transfer until you can verify otherwise. Rely on the EU-US Data Privacy Framework if the importer is certified, or on Standard Contractual Clauses with a transfer impact assessment and supplementary measures under Articles 44 and following.
Block the Optibase snippet by default in your consent management platform and load it only after a visitor opts in to personalisation. Sign a data processing agreement, request the vendor''s sub processor list and hosting locations, list the cookies in your cookie policy, document the transfer mechanism and provide a simple way for users to change or withdraw consent.
Websites using Optibase must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Optibase is used to personalise experiences at scale, target identifiable users or combine experiment data with CRM or customer profiles. Document the targeting variables, retention of experiment exposure data, the transfer mechanism for non EEA hosting and the consent gate controlling the script.
Sample consent text
We use Optibase to personalise content, run experiments and measure how visitors interact with different variants. It sets first party cookies and may share data with the vendor outside the EU. You can accept, refuse or change your choice at any time.
Third-party domains contacted
cdn.optibase.comapi.optibase.comoptibase.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| optibase_visitor | first_party | 1 year | Persistent visitor identifier used to recognise the same user across visits so the assigned experiment variant remains consistent. |
| optibase_variant | first_party | 6 months | Stores the A/B or personalisation variant assigned to the visitor for each running experiment so the same variant is shown consistently. |
| optibase_session | first_party | 30 minutes | Short lived session identifier used to group events within a single visit for experiment exposure and conversion measurement. |
Optibase collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Optibase typically writes one or more first party cookies that hold a visitor identifier and the variant assigned to that visitor for each running experiment. The exact names depend on your configuration. Inspect the network requests and document storage in the browser developer tools after installing the snippet to record the real cookie inventory.
Yes. Personalisation and A/B testing cookies are not strictly necessary, so Article 5(3) of the ePrivacy Directive requires prior consent before they are placed. Choosing what to show based on visitor attributes is profiling under Article 4(4) of the GDPR, which strengthens the case for consent under Article 6(1)(a).
Consent under Article 6(1)(a) is the right basis. Legitimate interests would struggle to pass a balancing test because experiment exposure data and personalisation rules let the controller shape the user experience in ways that are not necessary to deliver the requested content.
Hosting information for this Optibase vendor is not always public, so treat any deployment as a non EEA transfer until you can verify the actual region. If data goes to the United States, rely on the EU-US Data Privacy Framework when available or on Standard Contractual Clauses with a transfer impact assessment and supplementary measures.
A DPIA is recommended when Optibase is used at scale, combined with user identifiers from a CRM, or used to personalise sensitive content. Document the categories of data, the targeting logic, the retention period for experiment exposure data, the transfer mechanism and the consent gate that controls the script.
Treat the Optibase snippet as a non essential tag. Block it by default in your consent management platform and load it only after the visitor accepts personalisation cookies. Document the vendor's sub processors, sign a data processing agreement, declare the cookies in your cookie policy and offer an easy way to change the choice later.
In the same personalisation and experimentation category you will find vendors such as Monetate, Optimizely, AB Tasty, VWO, Kameleoon, Adobe Target and Dynamic Yield. From a privacy standpoint they all share similar risks: first party cookies, profiling and frequent non EEA hosting. The compliant choice depends on configuration, not on the brand.
List Optibase as a personalisation and A/B testing vendor. Describe the purpose, the categories of data processed, the cookies and their retention periods, the country where data is processed and the transfer mechanism in use. Add a link to the vendor's privacy policy and explain how visitors can withdraw consent.