Disclaimer: The summaries and explanations provided alongside the Privacy Policy (such as "What?" and "Why?" sections or TLDR) are intended for informational purposes only, to help clarify key points. These explanations do not replace or alter the full legal Privacy Policy and should not be considered legal advice. We recommend consulting a legal professional if you have any specific questions or concerns about your rights and obligations under this Privacy Policy.

Please read the following Privacy Policy carefully. By using EstimateOne’s services, you acknowledge that you have read the terms set out below.

This privacy policy was last amended on 6 October 2024.

Your privacy is important

EstimateOne Pty Ltd ACN 130 242 554 whose registered business address is G4/29 Stewart St, Richmond Victoria 3121 Australia, together with its subsidiaries and corporate affiliates (collectively “EstimateOne”, “E1”, “we” or “our”, “us”) operates the EstimateOne website, platform and related services and applications (collectively “Platform”). This statement outlines EstimateOne’s policy on how it uses and manages Personal Data (defined below) provided to or collected by it in operating the Platform.

EstimateOne respects your privacy and is committed to protecting your Personal Data. We adhere to applicable laws when processing your data. This Privacy Policy sets out how we look after your Personal Data when you use the Platform and tells you about your privacy rights and what to do if you have any concerns about your Personal Data.

EstimateOne may, from time to time, review and update this Privacy Policy to account for new laws and technology, changes to its operations and practices, and to ensure it remains appropriate for our business and online environment. Any changes to our policy will be published on our website (https://estimateone.com/privacy/). Your continued use of the Platform or interactions with us will constitute your acceptance of the updated policy. If you disagree with any changes to this Privacy Policy, you must not access or use the Platform or interact with any other aspect of our business.

TLDR:

  • We are committed to protecting your personal data and comply with all relevant privacy laws.
  • Our Privacy Policy explains how we handle your personal data, your rights, and how to address any concerns.
  • We may update our Privacy Policy as needed; changes will be posted on our website. Continuing to use our Platform means you accept these updates.

What kinds of Personal Data does EstimateOne collect and how does EstimateOne collect it?

EstimateOne primarily collects and holds Personal Data about users of the Platform.

“Personal Information” or “Personal Data” refers to any information or data relating to an individual who is either identified or can be reasonably identified, directly or indirectly. This includes any data that, either alone or in combination with other information, could be used to identify, contact, or locate an individual. Personal information includes various forms of data, such as names, contact details, identification numbers, online identifiers (e.g., IP addresses, device identifiers), and other details like gender, age, or location that, when combined, could lead to the identification of an individual.

TLDR:

  • We collect personal data that can directly or indirectly identify you, such as your name, contact details, and online identifiers.
  • Why: This is necessary to provide and improve our services while complying with privacy laws like GDPR, offering better clarity and protection for your personal information.

Generally, Personal Data does not include company information that relates solely to a company, such as the company name, services offered, company contact details, company phone number, workforce size, contract size, regions served, company registration and tax IDs, and other similar details.

TLDR:

  • Information solely about your company is not considered personal data under privacy laws.
  • Why: Company information doesn't identify you personally, so it's not subject to personal data regulations.

Collecting Your Personal Data

If you are an EstimateOne user, EstimateOne may collect your Personal Data in its capacity as a controller when you:

  • complete the registration process for the Platform;
    • Why: To create and manage your user account, verify your identity, and comply with legal obligations.
  • populate your user profile or other electronic forms on the Platform;
    • What: We collect additional information you provide in your profile, such as your job title or preferences.
    • Why: To personalize your experience and offer services tailored to your needs.
  • produce, send, or manage tender information via the Platform or when you use or otherwise interact with the Platform;
    • What: We collect data related to your activities, such as tender submissions or project interactions.
    • Why: To facilitate the services you use and enhance platform functionality.
  • answer user or research surveys in relation to the Platform;
    • Why: To understand user satisfaction and make improvements to our services.
  • enter into a business relationship with us;
    • What: We collect information necessary for contracts and transactions.
    • Why: To fulfill our contractual obligations and maintain our business relationship.
  • use platform messaging functionality to communicate with others;
    • Why: To enable communication between users and ensure platform security.
  • correspond with us (via email, phone, through the platform, through our chatbots, or otherwise); and
    • What: We collect resumes, contact details, and other application information.
    • Why: To process your application and evaluate your suitability for employment.
  • submit a job application to us, in which case our supplementary EstimateOne Candidate Privacy Policy shall apply, available at https://estimateone.com/candidateprivacy;
    • What: We collect additional information you provide in your profile, such as your job title or preferences.
    • Why: To personalize your experience and offer services tailored to your needs.
  • for other purposes related to the provision of the Platform.

Where EstimateOne acts in its capacity as a controller, EstimateOne will only collect Personal Data about an individual directly from that individual, unless it is unreasonable or impracticable to do so.

TLDR:

  • We collect your personal data directly from you when you interact with our services.
  • Why: Collecting data directly from you ensures accuracy and transparency, giving you control over your information and aligning with privacy laws like GDPR.
  • What is a "Controller"?

    • In this context, when we mention that we act in our capacity as a controller, it means that EstimateOne is responsible for deciding how and why your personal data is processed. As a controller:
    • What: We determine the purposes (the "why") and means (the "how") of processing your personal data.
    • Why: This role comes with legal obligations under privacy laws like GDPR to protect your data rights, ensure transparency, and handle your information responsibly.

What Personal Data does EstimateOne collect?

In the circumstances set out above, where such information can otherwise directly or indirectly identify an individual, the kinds of Personal Data that EstimateOne may collect and hold include:

  • names, addresses, email addresses, telephone numbers and other contact details;
    • What: Basic contact details that allow us to communicate with you.
    • Why: These details are necessary for account setup, user communication, and providing services through the Platform.
  • login and activity details;
    • What: Information related to your login credentials and how you use the Platform.
    • Why: This data helps secure your account and provides insights into how you interact with our services to enhance user experience.
  • if you register for a paid service, financial information, including your bank account details and/or credit/debit card and billing information;
    • What: Payment information for processing transactions on the Platform.
    • Why: To facilitate billing, manage payments, and meet legal obligations for financial transactions.
  • if you are a sole trader, small business owner, sole director or sole employee representative:
    • information related to your business profile, including a business name, email address, personal phone number, services offered, workforce size, contract size, regions served, preferred project types, project history, client history, business registration and tax IDs, information needed to verify your identity or integrate with our service providers; and
      • What: Business profile information, including personal contact details, services offered, workforce size, contract size, and other
      • Why: This helps us provide relevant services to small business owners and sole traders, verify your identity, and integrate your business with our service providers.
    • your professional details such as your primary and secondary trades, job titles, tickets, skills certification, health and safety training certification, trade licences, trade qualifications or other accreditation, access levels at your employer, qualifications, career & educational documents;
      • What: Information about your qualifications and professional certifications.
      • Why: To provide an accurate professional profile for yourself or your business on the Platform and ensure compliance with industry standards.
    • insurance information, such as public liability or workers' compensation insurance;
      • Why: To ensure that your business meets necessary legal and regulatory requirements, and to provide the appropriate insurance information for projects or work assignments.
  • information and content submitted, shared, or created by a user of the Platform including profile pictures, messages, comments, notes and tags made against user or company profiles, searches, photos, project details, project costs, project timelines, change orders, and invoices;
    • What: Any information you contribute or generate while using the Platform.
    • Why: To facilitate collaboration, project management, and documentation of work-related activities on the Platform.
  • marketing and communication data - this includes your preferences in receiving marketing from us and our third parties and your communication preferences;
    • What: Data regarding your preferences for marketing communications.
    • Why: To ensure you only receive communications that are relevant to you, and to respect your preferences about how you would like to be contacted.
  • technical data, usage and website analytics information, which may include IP addresses, the types of devices used to access the Platform, device attributes, browser type, language and operating system, access times, referring website address, your general geographic area based on your IP address and location data;
    • What: Information about the devices you use and your activity on the Platform.
    • Why: To enhance performance, troubleshoot issues, and optimize the Platform for different devices and users.
  • data about how you use the Platform, for example adding projects to watchlists on the Platform, and/or the devices and networks you use to access the Platform;
    • What: Usage data that includes your activity and how you interact with the Platform’s features.
    • Why: To personalize your experience and improve platform features based on user behavior.
  • usage data – information about how and when you use the Platform, which pages you access and information about your tastes and preferences; and
    • What: Data about your preferences and which sections of the Platform you engage with.
    • Why: To customize your experience and deliver relevant content, products, and services.
  • when you use platform messaging functionality to communicate with others, or correspond with us (via email, phone, through the platform, through our chatbots, or otherwise) we may record, monitor, collect, and use details about you and your communications.
    • What: Records of your communications with other users or with EstimateOne via the Platform, email, or other communication channels.
    • Why: To improve customer service, ensure platform security, and provide users with an effective communication system.

Sensitive Information

EstimateOne will only collect Personal Data which is defined as ‘sensitive information’ or ‘special categories of Personal Data’ under applicable data protection laws:

  • where you consent and the collection is reasonably necessary for EstimateOne’s functions or activities (for example, where you enter such details into the Platform); or
  • where the collection is authorised by law.

If you do not want sensitive information to be associated with your profile, you should not provide it to us.

TLDR:

  • EstimateOne only collects sensitive information (like financial data or other highly personal details) if it’s necessary for our services and you give explicit consent, or if the law requires us to collect it.
  • Why this matters: Sensitive information is treated with extra care under data protection laws because it can reveal more about you. For example, you might enter this type of data into the Platform yourself (like uploading certain documents or certifications).
  • What you can do: If you don’t want this type of sensitive information tied to your profile, you don’t have to provide it, and you can always contact us for help managing your data.

Information from third parties

In addition, EstimateOne may obtain Personal Data about you from third parties. Specifically, we may collect:

  • publicly available Personal Data - if you are a licensed professional or supplier we may collect and verify Personal Data about you from publicly available sources and where permitted by applicable law or, with your permission, make it available as part of your profile. For example, industry associations to which you belong or the details of any licence or accreditation you have using publicly available records;
    • What: We may collect data about you from public sources, like verifying your professional licenses or memberships.
    • Why: To ensure your profile information is accurate and complies with industry standards, which helps others find you through the platform.
  • your Personal Data provided by other App users (e.g. where you are a subcontractor, contact or business partner of a user, and the user syncs or uploads their ‘address book’ of subcontractors to the App, syncs their calendar or associates their contacts with member profiles);
    • What: Other users may provide your personal data, such as when they upload their contact lists or calendar details.
    • Why: This data helps create more complete profiles and connections between users to streamline communication and collaboration.
  • your Personal Data (related to your business profile) from pre-qualification service providers in order to:
    • create profiles in EstimateOne’s directory services where they do not already exist; and
      • What: We may use external pre-qualification services to create profiles for you in our directory if one doesn’t exist.
      • Why: This helps populate our directory services with verified subcontractors, making it easier for builders and users to find qualified partners.
    • display pre-qualification and other accreditation statuses in the EstimateOne directory services;
      • What: We may show your pre-qualification or accreditation statuses in the directory.
      • Why: To help users identify certified professionals for their projects, promoting transparency and trust.
  • In order to assist you in promoting your business and winning new work, by allowing builder users (or other users with permissions to do so) to search for prequalified subcontractors to engage on their projects.

    • What: Your profile may be promoted to potential clients who can search for prequalified subcontractors.
    • Why: To increase your visibility and help you win new work by showing your qualifications to users searching for subcontractors.

If we receive Personal Data about you from another user, for example if you are a subcontractor of another user and they communicate with, or invite you to bid on a project via the Platform, we will protect it as set out in this Privacy Policy. In these cases, we process your data where this is reasonably necessary for the third-party user to effectively use the Platform or EstimateOne’s legitimate commercial interests, and on the basis that such use is necessary and that such use will not infringe on your other rights and freedoms.

If you then form a direct commercial relationship with us, we may determine the purposes and means of processing your Personal Data, including making decisions about how it is used and disclosed in accordance with our Privacy Policy.

If you are providing Personal Data about somebody else, you represent and warrant that you have such person’s consent or other appropriate legal basis to provide the Personal Data to us.

TLDR:

  • If another user shares your data with us (e.g., by inviting you to a project), we handle it in line with our Privacy Policy.
    • Why: To ensure any data shared by third parties is treated with the same protections and privacy commitments we offer for directly collected data.
  • We process your data when it’s needed to support another user’s effective use of the Platform or to serve legitimate business needs.
    • Why: This ensures that the platform operates smoothly while balancing your rights to privacy, preventing any misuse of your data.
  • If you start doing business directly with us, we take over managing your data according to our Privacy Policy.
    • Why: To maintain consistency in how your data is handled, ensuring that it is processed appropriately as your relationship with EstimateOne changes.
  • If you share someone else’s data with us, you need to have their consent or a legal reason to do so.
    • Why: This protects third parties' rights and ensures that any data shared complies with data protection laws.

Dealing with us anonymously

You have the right to deal with us anonymously or using a pseudonym. However, in almost every circumstance it will not be practicable for us to deal with you or provide you with any services – except for responding to the most general enquiries – unless you identify yourself. Where we need to collect your Personal Data, failure to provide it may mean that we are not able to provide you with the services.

TLDR:

  • You can choose to interact with us anonymously or with a pseudonym, but in most cases, we won’t be able to provide services without your personal information. If we can’t collect the necessary data, we may not be able to offer our services beyond responding to general inquiries.

Anonymising Personal Data

We may anonymise the Personal Data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users responded to a specific survey). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.

Our Use of and Legal Grounds for Processing Your Personal Data

We will only process your Personal Data where we have a legal basis for doing so, and this will be determined by the purpose for which your Personal Data is processed.

The table below sets out:

  • how we use your Personal Data;
  • the purpose for using it in each case; and
  • for individuals in the European Economic Area (EEA) and UK, the ‘lawful basis’ we rely on when we use your Personal Data. We collect and process information about you only where we have legal basis for doing so under applicable EU laws. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your Personal Data to:
    • Fulfil our contract with you;
    • Comply with legal obligations that we have;
    • Pursue our legitimate interests (our justifiable business aims) but only if those
      interests are not outweighed by your other rights and freedoms (e.g. your right to
      privacy); or
    • Do something for which you have given your consent.

If we intend to use your Personal Data for a new reason that is not listed in the table, we will update our privacy policy. Where permitted by applicable law, we may use information for secondary purposes that are related (or, in the case of certain sensitive information, directly related) to the primary purpose and reasonably expected or to which you have consented.

Lawful basis Purposes for using your Personal Data
Contract

In order to:

  • administer or perform our contract with you;
  • allow you to use the Platform and maintain an account with us, and to allow users you administer to maintain their accounts with us and set project access for those users;
  • process your payment information in connection with any contract we have with you;
  • deliver our services to you to enable the production, sending and management of tender information for projects, manage quotes, manage your team, manage your address book and expand your network, review subcontractors and increase quote coverage for your business, manage documentation, packages and letting schedules;
  • provide directory services (“Directory Services”) via the Platform including facilitating the use and display of your profile in the subcontractor directory tool (“Subcontractor Directory”) or builder directory tool (“Builder Directory”), including:
    • where subcontractor users include Personal Data in their profile, publishing that into the Subcontractor Directory and allowing builders to access, use and retain that Personal Data, and allowing builders to invite you to tender via the platform and contact you either on or off the Platform; and
    • where Builders users include Personal Data in their profile, publishing that into the Builder Directory and allowing subcontractors and suppliers to access, use and retain that Personal Data to find who is working on projects relevant to them;
  • proactively suggest connections and contact between subcontractors and suppliers based on relevant factors including the nature of the services and products of subcontractors and suppliers ("Connection Services"), including:
    • where subcontractor users include Personal Data in their profile, publishing that via the Connection Services to supplier users;
    • where supplier users include Personal Data in their profile, publishing that via the Connection Services to subcontractor users;
  • prepare statistical analysis, insights and reporting; and
  • send you updates about services you have bought (e.g. confirmation of order, tax invoices).
Legal Obligation If processing of your Personal Data is necessary to:

  • record your preferences (e.g. marketing) to ensure that we comply with applicable data protection laws;
  • send you information to comply with legal obligations (e.g. where we send you information about your legal rights);
  • retain information to enable us to bring or defend legal claims; and
  • assist government agencies, Courts, law enforcement agencies or regulators where we are required by law to do so.
Legitimate Interests Where using your information is necessary to pursue our legitimate business interests to:

  • administer and perform our contract with your business or employer, including registering and maintaining your user account (and any users whose accounts you administer) and to verify your identity;
  • ensure the proper functioning of, improve and optimise our Platform and other services;
  • contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;
  • provide customer support and train our staff members to ensure that you receive the best possible customer service;
  • perform accounting, billing and other administrative and operational functions;
  • protect our business, our users and the public and to protect our/their rights and property;
  • defend ourselves against legal claims;
  • detect, prevent or address fraud or security issues and promote brand safety;
  • optimise future marketing campaigns and marketing strategy;
  • to directly market additional EstimateOne products, integrations or services that you do not currently receive;
  • monitor and enforce compliance with our Terms and Conditions, including dispute resolution; and
  • comply with internal risk controls, the terms of our access to payment processing, financial or banking services such as credit card disputes, fraud, billing errors, or any applicable law.

Where we use your information for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms.

Consent Where you have provided your consent for us to receive your information or for allowing us to use or share your information:

  • where we have made settings available to publish Personal Data which becomes accessible for use by other users, including:
    • where subcontractor users publish their profile (including any Personal Data, contact details and project history) to the Subcontractor Directory - to allow builders to access, use and retain that Personal Data, add that information to their address book, and contact you either on or off the Platform;
    • where builders publish Personal Data including contact details into the Builder Directory listing - to allow subcontractors and suppliers to access, use and retain that Personal Data and contact you either on or off the Platform;
    • where subcontractor users or supplier users publish Personal Data including contact details and project history into their Subcontractor Directory listing or Supplier Profile respectively - to allow each other to use and retain that Personal Data via the Connection Services and contact the other either via, or outside of, the Platform;
    • where subcontractor or supplier users submit tender or project information to a builder - to allow builders to access, use and retain that Personal Data and contact you via, or outside of, the Platform; and
    • other publication functionality made available from time to time;
  • to send you marketing materials. This includes making personalised suggestions and recommendations to you about services that may be of interest to you based on your Personal Data. This could be via email, or notifications & messages to your mobile device; and
  • to ask you to submit a review across our review Platform and to produce testimonials for publication by us featuring your name and related corporate information and logos.

Choices about publishing data

You are responsible for familiarising yourself with the operations of the services, including directory services, connection services and network services, including which information fields will be shared, before entering any personal, confidential or sensitive information belonging to yourself or a third-party into such fields.

Where we have made settings available, we will honour the choices you make about who can see such information.

Information on the Directory Services and Opting Out

You may choose to opt-out of the Subcontractor Directory listing through the Platform, in which case your information will no longer be visible, but Estimate One cannot remove or control your information already held by other users in their platform address books, or separately outside the platform.

Please note: EstimateOne does not control, and is not responsible for, use and handling of your Personal Data by other users. We do not have control over any data that other users have saved outside the Platform.

TLDR:

  • The connection services suggest potential contacts between subcontractors and suppliers, but you can opt out of these suggestions through the platform. However, opting out of the connection services doesn’t remove you from the Directory Services—you’ll need to opt out of that separately if desired.

Information on the Connection Services and Opting Out

You acknowledge that the connection services operate to proactively suggest connections and contact between subcontractors and suppliers based on relevant factors including the nature of the services and products of subcontractors and suppliers, where the Licensee has not otherwise opted out of this functionality.

You may choose to opt-out of the Connection Services (receiving suggestions to connect with subcontractors and suppliers) through the Platform, in which EstimateOne will not use or disclose your information as part of this functionality.

Please note: opting out of Connection Services functionality will not limit your appearance on the Directory Services. Your information will continue to be presented via the EstimateOne Directory Services unless you opt out from that separately.

While EstimateOne takes steps to limit the sharing of your information with only prospective suppliers if you are a subcontractor, and with only prospective subcontractors if you are a supplier (and not within the same cohort, i.e., so that supplier information isn’t shared with suppliers), EstimateOne cannot guarantee that such sharing will not or does not occur.

Internet Cookies

Cookies are small text files that we store on your browser, or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer's hard drive.

Our website and platform uses our own cookies, as well as (a) third party cookies of external partners we use to help us manage our Website such as session management, onboarding and bug identification and (b) third party cookies of other providers, including advertising platforms, with whom we have no relationship and over whom we have no control.

The following cookies are used on our Website:

  • Necessary cookies. These are cookies that are required for the operation of our website and platform. These essential cookies are always enabled because our website and platform won’t work properly without them. They include, for example, cookies that enable session functionality, the secure storage of customer credentials and other security functions;
  • Preference cookies. These enable us to recognise you when you return to our website and platform, to personalise our content for you and remember your preferences (for example, your choice of language or region);
  • Statistics cookies. These help us to understand how visitors interact with our website and platform. They include cookies that tell us why and when users experience bugs, how long people spend on our Website and the number of times they visit; and
  • Marketing cookies. These are used to record your visit to the website and platform, to make our website and platform more relevant to your interests. We may also share this information with third parties for this purpose so that they can serve you with relevant advertising on their websites, where you have consented to this.

For further details about the cookies used on our Website, please see EstimateOne’s Cookie Policy.

TLDR:

  • We use cookies to manage essential website functions, remember your preferences, understand user behavior, and provide relevant advertising. Some cookies are from third-party providers we work with, while others come from external platforms we don’t control. You can find more details in our Cookie Policy.

Direct Marketing

EstimateOne may use your Personal Data in order to conduct direct marketing of EstimateOne services where:

  • you have provided that information; and
  • you have consented to direct marketing from us.

EstimateOne may use your Personal Data for directly marketing to you any additional EstimateOne products, integrations or services which you do not currently receive:

  • where you have consented to such marketing communications, particularly for electronic communications; or
  • where such marketing is consistent with our legitimate interests, provided that these interests are not overridden by your rights and freedoms;

in accordance with applicable law. These products and services may be offered by EstimateOne, its related companies, its business partners, or its service providers. However, we will not share your Personal Data with third parties for their direct marketing purposes without your explicit consent.

In each direct marketing communication, you will be given the option to opt out. You can also opt out at any time by contacting us.

TLDR:

  • We may send you direct marketing communications about EstimateOne products and services if you’ve consented or if it’s in our legitimate interests and doesn't infringe on your rights. You can opt out at any time, and we will never share your data with third parties for their own marketing purposes without your explicit consent.
  • Consent for Marketing: We will only send you marketing communications if you’ve provided your personal data and consented to receive them.
  • Additional Services and Products: We may inform you about new EstimateOne products, integrations, or services that you don’t currently use.
  • Legitimate Interests: If marketing is in our legitimate business interests, we’ll ensure it doesn’t override your rights and freedoms.
  • Third-Party Marketing: We will never share your personal data with third parties for their own direct marketing unless you give explicit consent.
  • Opt-Out: Every marketing message will include an option to opt out, and you can also opt out by contacting us at any time.

Who we may disclose your Personal Data to and why

If you are a user of the Platform, EstimateOne may disclose your Personal Data in accordance with the lawful bases and purposes set out above to:

  • the EstimateOne user who administers your account with us, for the purpose of assisting that administrator user with their support queries but only to the extent that your Personal Data is related to the provision of the Platform;
  • professional and legal advisors;
  • third parties engaged in fraud prevention and detection;
  • law enforcement, Courts or other government organisations (e.g. to report a fraud or in response to a lawful request);
  • If you are a subcontractor of an EstimateOne user and are included in the Subcontractor Directory, to EstimateOne users and to third party service providers as noted in ‘Our Use of and Legal Grounds for Processing Your Personal Data’ above;
  • If you are a subcontractor of an EstimateOne user and are included in the subcontractor-supplier Connection Services, to suppliers and to third party service providers as noted in ‘Our Use of and Legal Grounds for Processing Your Personal Data’ above;
  • EstimateOne’s suppliers and service providers (e.g. companies that provide research and payment processing services as well as recipients who provide analytics or hosting services to EstimateOne), who may be based in the United States, Australia, United Kingdom, European Union, or other jurisdictions. We ensure these organisations only have access to the information required to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations;
  • a potential buyer, in the event that EstimateOne sells any of its business assets or as part of a sale, merger or change in control, or in preparation for any of these events, in which case EstimateOne will make reasonable attempts to ensure the buyer will be bound by the terms of this Privacy Policy; and
  • third parties where we have your consent or are otherwise legally permitted to do so.

TLDR:

  • We may share your data with third parties such as legal advisors, fraud prevention services, law enforcement, or service providers like payment processors. In the event of a sale or merger, your data may also be shared with a potential buyer. All disclosures are made in line with legal requirements and data protection measures.

Management and security of Personal Data

EstimateOne has in place steps to protect the Personal Data it holds from misuse, interference, loss, unauthorised access, modification or disclosure by use of various methods including:

  • restricting access to Personal Data where practicable;
  • single user logins and keys;
  • access controls and user authentication (including multi-factor authentication);
  • internal IT and network security;
  • the use of firewalls;
  • the pseudonymisation and encryption of Personal Data;
  • ensuring all payments are encrypted as per PCI-DSS requirements;
  • using industry-standard encryption to protect data in transit and at rest;
  • the use of secure databases;
  • conducting regular scans and penetration tests of our applications and networks to identify (and address) any potential vulnerabilities;
  • regular review of our security measures;
  • requiring all employees to comply with internal information security policies and keep information secure;
  • business continuity and disaster recovery processes;
  • the restriction of physical access to our offices.

If there is an incident which has affected your Personal Data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor for the affected Personal Data, we notify the controller and support them with investigating and responding to the incident.

If you notice any unusual activity on our website or platform, please contact us at support@estimateone.com.

TLDR:

  • We use a variety of security measures to protect your personal data, including encryption, access controls, and regular security reviews. If there’s a breach, we’ll notify you and the relevant authorities when required by law.

Your rights

You have specific legal rights in relation to your Personal Data, to be as follows:

  • Access: You must be told if your Personal Data is being used and you can ask for a copy of your Personal Data as well as information about how we are using it to make sure we are abiding by the law.
  • Correction: You can ask us to correct your Personal Data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes. We will take reasonable steps to appropriately correct or update the information to ensure that, having regard to the purpose for which we hold it, the information is accurate, up-to-date, complete, relevant and not misleading. We will respond to correction requests as soon as reasonably possible.
  • Deletion: You can ask us to delete or remove your Personal Data if there is no good reason for us continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
  • Restriction: If you’re a resident in the UK or EEA, you can ask us to restrict how we use your Personal Data and temporarily limit the way we use it.
  • Objection: You can object to us using your Personal Data if you want us to stop using it. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.
  • Portability: If you’re a resident in the UK or EEA, you can ask us to send you or another organisation an electronic copy of your Personal Data. Each request will incur reasonable fee commensurate with the time and materials required to undertake the relevant activity.

Please note that certain types of Personal Data access and correction requests may be exempt under applicable laws or where the information in question is legally privileged, would compromise the privacy or other legitimate rights of other persons, or where the information requested comprises proprietary business information. We can decide not to take any action in relation to a request where we have been unable to confirm your identity or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens we will always inform you in writing in advance.

To make any requests regarding your Personal Data, or if you have any questions or concerns regarding your Personal Data, please contact the Privacy Officer at privacy@estimateone.com. You are also entitled to contact the UK Information Commissioner’s Office.

EstimateOne may require you to verify your identity and specify what information you require. There is no charge for requesting access or correcting your Personal Data, but EstimateOne may require you to meet its reasonable costs in providing you with access (such as costs for time and materials spent on retrieving and copying). If the information sought is extensive, EstimateOne will advise the cost in advance.

EstimateOne will respond to your requests in a reasonable time and will take all reasonable steps to ensure that the Personal Data it holds about you remains accurate, up to date, complete, relevant, and not misleading.

TLDR:

  • You have rights over your personal data, including the ability to access, correct, delete, restrict, or transfer it. Some requests may be denied or incur fees if they are excessive or unfounded, but we’ll always explain our decisions and any costs upfront.

How long we keep your information: Retention Period

EstimateOne will keep your Personal Data for as long as it needs for the purposes set out under ‘Purposes for using your Personal Data’ above, and in line with our Terms of Use and applicable law. Our retention is subject to you exercising your lawful data subject rights, and further subject to any requirement for us to hold data for such period as may be required to establish, exercise or defend legal rights or ongoing legitimate business interests.

To decide how long to keep Personal Data, we consider the volume, nature, and sensitivity of the Personal Data, the potential risk of harm to you if an incident were to happen, whether we require the Personal Data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records).

In practice, EstimateOne will retain your Personal Data within the Platform indefinitely as you keep your account open or as needed to provide you services, and your account has not been otherwise suspended. Even if you only use our services when looking at tender information every few years, we will retain your Personal Data and keep your profile open unless you close your account. The exact retention period will vary depending on the nature of your interactions with EstimateOne and may vary by market in accordance with local laws.

In some cases, we choose to retain certain information (e.g., insights about services use) in a depersonalized or aggregated form.

After you close your account, your data will be automatically deleted from our active database within 6 months and from our monthly backups within 6 months after that.

Data you have shared with others (for example, via tender submissions, messages or other exchanges you have made with other users on the platform) may still be visible even after you close your account or remove it from your profile.

Sometimes, we may retain your personal data for longer periods as permitted or required by law, for example maintain records of exchanges you have made with other users on the platform, adhere to relevant regulatory requirements, resolve disputes, ensure the security of our platform, prevent fraud and misuse (for instance, if your account was restricted due to breaches of our policies), enforce our Terms of Use, or comply with your request to "unsubscribe" from further communications from us.

TLDR:

  • We keep your data as long as necessary for providing services, following legal requirements, and protecting our business interests. When you close your account, your data will be deleted from our active system within 6 months, and from backups within another 6 months. Some data, like messages or submissions you've shared with others, may still remain visible.

Where we store your Personal Data

We process Personal Data in multiple countries. By providing us with Personal Data, you consent to the disclosure of your Personal Data to third parties who reside outside the country where you reside. If Personal Data is so transferred, we will comply with applicable laws in doing so.

For residents in Australia, the UK or EEA, your Personal Data is transferred directly to EstimateOne Pty Ltd in Australia. We store most information about you in computer systems and databases operated by either EstimateOne or its external service providers. Some information about you may be recorded in paper files that it stores securely.

Recipients of your Personal Data are likely to be located in Australia, the United Kingdom, Ireland, United States of America per our record of processing activities, and other countries or jurisdictions depending on the nature of the services those recipients provide to us.

You may contact EstimateOne for an explanation of the basis on which it has transferred your Personal Data and, where relevant, to request a copy of the legal safeguards which EstimateOne has put in place.

If EstimateOne engages a third party to process Personal Data on its behalf, EstimateOne contractually requires them to handle your Personal Data appropriately.

TLDR:

  • Your data may be stored or processed in different countries, including Australia, the UK, Ireland, the USA, and others. We follow legal requirements when transferring data internationally and work with trusted third parties to handle it securely. You can request details on how your data is protected during these transfers.

Enquiries and privacy complaints

If you would like further information about the way EstimateOne manages the Personal Data it holds, or if you have any concerns or complaints, or if you think there has been a breach of privacy, please contact the Privacy Officer at privacy@estimateone.com, or call 1300 705 035 (Australia), 0800 705 035 (New Zealand) or +44 808 189 2260 (United Kingdom).

If you are not satisfied with our response, you can refer your complaint to, as applicable, to the Office of the Australian Information Commissioner (www.oaic.gov.au), or the UK Information Commissioner’s Office.

Pursuant to Article 27 of the EU General Data Protection Regulation (GDPR) and Article 27 of the UK General Data Protection Regulation (UK GDPR), VeraSafe has been appointed as our representative in the European Union and the United Kingdom for data protection matters. If you are in the EEA or the UK, VeraSafe can be contacted in addition to the Privacy Officer, only on matters related to the processing of Personal Data. To make an enquiry, please contact VeraSafe using this form: https://verasafe.com/public-resources/contact-data-protection-representative

Alternatively, you can contact VeraSafe at:

EEA

Address: VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park

New Mallow Road
Cork T23AT2P
Ireland
Telephone: +420 228 881 031

United Kingdom
Address: VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

Telephone: +44 (20) 4532 2003

This Privacy Policy was last amended on 6 October 2024. If you have queries about the changes please contact EstimateOne on 1300 705 035 (Australia), 0800 705 035 (New Zealand) or +44 808 189 2260 (United Kingdom) or email support@estimateone.com.