EstimateOne
Last amended: May 2026

Please read the following Privacy Policy carefully. By using EstimateOne’s services, you acknowledge that you have read the terms set out below.

About the plain-English summaries in this document

Under each numbered section below, you’ll find a short “In plain English” box that summarises the section. These summaries are provided to help you and our customer support team understand what each section is generally about. They are not a substitute for legal advice and they are not part of the agreement. The summaries simplify legal language, and in doing so some nuance and detail will inevitably be lost. The legally operative wording is in the numbered sections themselves. If you have any concerns or questions about how these terms apply to you, please seek independent legal advice.

1. YOUR PRIVACY IS IMPORTANT

In plain English

  • Who we are.
    EstimateOne, together with our UK group companies (currently trading as C-Link and Prosper). The same privacy practices apply across the group.
  • This policy can change.
    We’ll update it as laws or our practices evolve, and the current version always lives on our website. Continuing to use the Platform after a change means you accept the updated version.
  • Subprocessors are listed in our Trust Centre.
    We keep an up-to-date list at trust.estimateone.com. Subscribe there if you want notifications when it changes — otherwise check back from time to time.

EstimateOne Pty Ltd ACN 130 242 554, together with its subsidiaries and affiliates operating as part of the E1 group, including its UK platform operations (currently known as C-Link and Prosper), (collectively “EstimateOne”, “E1”, “we”, “us”) operates the EstimateOne platform and related services and applications (together, the “Platform”).

This Privacy Policy explains how we collect, use and manage Personal Data (defined below) in connection with your use of the Platform.

EstimateOne respects your privacy and is committed to protecting your Personal Data. We adhere to applicable laws when processing your data. This Privacy Policy sets out how we look after your Personal Data when you use the Platform and tells you about your privacy rights and what to do if you have any concerns about your Personal Data.

EstimateOne may, from time to time, review and update this Privacy Policy to account for new laws and technology, changes to its operations and practices, and to ensure it remains appropriate for our business and online environment. Any changes to our policy will be published on our website (https://estimateone.com/privacy/).

In addition, EstimateOne publishes an up-to-date list of its subprocessors in our Trust Centre (https://trust.estimateone.com). You must subscribe via the Trust Centre if you wish to receive notification of any additions or changes to the subprocessor list. If you do not subscribe, you should monitor the Trust Centre for updates.

Your continued use of the Platform or interactions with us will constitute your acceptance of the updated policy and changes to the Trust Centre. If you disagree with any changes to this Privacy Policy or changes published in the Trust Centre, you must not access or use the Platform or interact with any other aspect of our business.

This Privacy Policy will be updated to reflect any future changes to applicable UK, EU, and Australian data protection laws.

2. WHAT KINDS OF PERSONAL DATA DOES ESTIMATEONE COLLECT AND HOW DOES ESTIMATEONE COLLECT IT?

In plain English

  • What “Personal Data” means here.
    Information that can identify you, alone or combined with other information — name, contact details, IP address, device IDs, location, and similar.
  • Pure company information isn’t personal data.
    A company name, ABN, services offered or registration details on their own aren’t covered by this policy, even though we collect them.

EstimateOne primarily collects and holds Personal Data about users of the Platform.

Personal Data” refers to any information or data relating to an individual who is either identified or can be reasonably identified, directly or indirectly. This includes any data that, either alone or in combination with other information, could be used to identify, contact, or locate an individual. Personal Data includes various forms of data, such as names, contact details, identification numbers, online identifiers (e.g., IP addresses, device identifiers), and other details like gender, age, or location that, when combined, could lead to the identification of an individual.

Generally, Personal Data does not include company information that relates solely to a company, such as the company name, services offered, company contact details, company phone number, workforce size, contract size, regions served, company registration and tax IDs, and other similar details.

3. COLLECTING YOUR PERSONAL DATA

In plain English

  • We collect it when you use the Platform.
    Registering, building a profile, sending tenders, messaging others, answering surveys, or contacting us — all generate Personal Data.
  • We try to get it from you directly.
    Collecting via third parties is the exception, not the rule.
  • Sometimes we’re the controller, sometimes the processor.
    Most of the time we decide how your data is used. Where a customer uploads data to the Platform on their own behalf, we may handle it as their processor under a separate Data Processing Addendum.

If you are an EstimateOne user, EstimateOne may collect your Personal Data in its capacity as a controller when you:

  1. complete the registration process for the Platform;
  2. populate your user profile or other electronic forms on the Platform;
  3. produce, send, or manage tender information via the Platform or when you use or otherwise interact with the Platform;
  4. answer user or research surveys in relation to the Platform;
  5. enter into a business relationship with us;
  6. use platform messaging functionality to communicate with others;
  7. correspond with us (via email, phone, through the platform, through our chatbots, or otherwise); and
  8. submit a job application to us, in which case our supplementary EstimateOne Candidate Privacy Policy shall apply, available at https://estimateone.com/candidateprivacy;
  9. for other purposes related to the provision of the Platform.

Where EstimateOne acts in its capacity as a controller, EstimateOne will only collect Personal Data about an individual directly from that individual, unless it is unreasonable or impracticable to do so.

EstimateOne generally acts as a data controller. In certain circumstances, such as where customers upload or provide Personal Data via the Platform, EstimateOne acts as a data processor on behalf of those customers. In such cases, the customer remains the controller and our Data Processing Addendum applies.

4. WHAT PERSONAL DATA DOES ESTIMATEONE COLLECT?

In plain English

  • The everyday stuff.
    Name, email, phone, login and activity data, and (for paying customers) billing details.
  • Sole-trader and small-business profile data.
    Trades, licences, insurance, tickets and accreditations, project history — the things that help builders find you and assess you.
  • Content you generate.
    Messages, comments, notes and tags, photos, project details, costs and timelines, quotes and invoices.
  • Technical and usage data.
    IP address, device, browser, where you came from, and how you move through the Platform.
  • Accreditation imports.
    Where you’ve authorised it, accreditation or pre-qualification data from bodies like CHAS (UK) may flow in and display across our group platforms.

In the circumstances set out above, where such information can otherwise directly or indirectly identify an individual, the kinds of Personal Data that EstimateOne may collect and hold include:

  1. names, addresses, email addresses, telephone numbers and other contact details;
  2. login and activity details;
  3. if you register for a paid service, financial information, including your bank account details and/or credit/debit card and billing information;
  4. if you are a sole trader, small business owner, sole director or sole employee representative:
    • information related to your business profile, including a business name, email address, personal phone number, services offered, workforce size, contract size, regions served, preferred project types, project history, client history, business registration and tax IDs, information needed to verify your identity or integrate with our service providers; and
    • your professional details such as your primary and secondary trades, job, titles, tickets, skills certification, health and safety training certification, trade licences, trade qualifications or other accreditation, access levels at your employer, qualifications, career & educational documents;
    • insurance information, such as public liability or workers’ compensation insurance;
  5. information and content submitted, shared, or created by a user of the Platform including profile pictures, messages, comments, notes and tags made against user or company profiles, searches, photos, project details, project costs, project timelines, change orders, and invoices;
  6. marketing and communication data — this includes your preferences in receiving marketing from us and our third parties and your communication preferences;
  7. technical data, usage and website analytics information, which may include IP addresses, the types of devices used to access the Platform, device attributes, browser type, language and operating system, access times, referring website address, your general geographic area based on your IP address and location data;
  8. data about how you use the Platform, for example adding projects to watchlists on the Platform, and/or the devices and networks you use to access the Platform;
  9. usage data – information about how and when you use the Platform, which pages you access and information about your tastes and preferences; and
  10. when you use platform messaging functionality to communicate with others, or correspond with us (via email, phone, through the platform, through our chatbots, or otherwise) we may record, monitor, collect, and use details about you and your communications.
  11. accreditation or pre-qualification information received from CHAS (UK) or other accreditation bodies, including verification status, expiry dates and associated identifiers, where users have consented to such data being shared and displayed across the EstimateOne, C-Link and Prosper platforms.

5. SENSITIVE INFORMATION

In plain English

  • We try to avoid collecting it.
    Sensitive information (the kind treated as “special category” under data-protection law) only comes in where you’ve entered it yourself or where the law specifically authorises us.
  • If you don’t want it on your profile, don’t enter it.
    The simplest way to control sensitive information is not to share it with us in the first place.
  • This isn’t a service for children.
    The Platform is built for business use and isn’t intended for anyone below the age of digital consent in the UK or EEA.

EstimateOne will only collect Personal Data which is defined as ‘sensitive information’ or ‘special categories of Personal Data’ under applicable data protection laws:

  1. where you consent and the collection is reasonably necessary for EstimateOne’s functions or activities (for example, where you enter such details into the Platform); or
  2. where the collection is authorised by law.

If you do not want sensitive information to be associated with your profile, you should not provide it to us.

Our services are designed for businesses and are not intended for use by children, including those under the age of digital consent in the UK and EEA.

6. INFORMATION FROM THIRD PARTIES

In plain English

  • Public sources.
    For licensed professionals and suppliers, we may pull and verify details from public registers, industry associations and accreditation records.
  • From other users.
    If a builder syncs an address book of subcontractors or invites you to tender, your details may reach us through them.
  • Within our group.
    Data may move between EstimateOne, C-Link and Prosper, including between the UK and Australia, under appropriate transfer safeguards (SCCs, the UK IDTA or Addendum, and Transfer Risk Assessments).
  • Pre-qualification providers.
    We may receive your business profile from pre-qualification services to populate or update your directory listing and make you discoverable to builders looking for prequalified subcontractors.
  • If you upload someone else’s details.
    You need their consent (or another lawful basis) to share their data with us. That responsibility sits with you, not with us.

In addition, EstimateOne may obtain Personal Data about you from third parties. Specifically, we may collect:

  1. publicly available Personal Data — if you are a licensed professional or supplier we may collect and verify Personal Data about you from publicly available sources and where permitted by applicable law or, with your permission, make it available as part of your profile. For example, industry associations to which you belong or the details of any licence or accreditation you have using publicly available records;
  2. your Personal Data provided by other App users (e.g. where you are a subcontractor, contact or business partner of a user, and the user syncs or uploads their ‘address book’ of subcontractors to the App, syncs their calendar or associates their contacts with member profiles);
  3. Personal Data shared within the EstimateOne Group (including EstimateOne Pty Ltd, C-Link and the Prosper platform) where necessary for the operation of the integrated E1, C-Link and Prosper services. This may involve transfers of Personal Data between the UK and Australia and vice versa, conducted in accordance with applicable transfer laws (including SCCs, the UK IDTA or Addendum, and required Transfer Risk Assessments).
  4. your Personal Data (related to your business profile) from pre-qualification service providers in order to:
    • create profiles in EstimateOne’s directory services where they do not already exist; and
    • display pre-qualification and other accreditation statuses in the EstimateOne directory services;
    or in order to assist you in promoting your business and winning new work, by allowing builder users (or other users with permissions to do so) to search for prequalified subcontractors to engage on their projects.

If we receive Personal Data about you from another user, for example if you are a subcontractor of another user and they communicate with, or invite you to bid on a project via the Platform, we will protect it as set out in this Privacy Policy. In these cases, we process your data where this is reasonably necessary for the third-party user to effectively use the Platform or EstimateOne’s legitimate commercial interests, and on the basis that such use is necessary and that such use will not infringe on your other rights and freedoms. If you then form a direct commercial relationship with us, we may determine the purposes and means of processing your Personal Data, including making decisions about how it is used and disclosed in accordance with our Privacy Policy.

If you are providing Personal Data about somebody else, you represent and warrant that you have such person’s consent or other appropriate legal basis to provide the Personal Data to us.

7. DEALING WITH US ANONYMOUSLY

In plain English

You can ask to deal with us anonymously or under a pseudonym. In practice, anonymous interaction works for general enquiries but not for actually using the Platform — we need to know who you are to deliver most of the service. If we ask for Personal Data and you choose not to provide it, that may simply mean we can’t help in that particular case.

You have the right to deal with us anonymously or using a pseudonym. However, in almost every circumstance it will not be practicable for us to deal with you or provide you with any services – except for responding to the most general enquiries – unless you identify yourself. Where we need to collect your Personal Data, failure to provide it may mean that we are not able to provide you with the services.

8. ANONYMISING PERSONAL DATA

In plain English

We may strip identifiers from your data and combine it with other anonymised information to produce aggregated insights — for example, what percentage of users responded to a survey. Once data is properly anonymised, data-protection law generally no longer applies to it, and the rights described below stop being relevant to that data.

We may anonymise the Personal Data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users responded to a specific survey). Data protection law generally does not apply to data that has been irreversibly anonymised, and the rights described below do not apply to such data.

9. OUR USE OF AND LEGAL GROUNDS FOR PROCESSING YOUR PERSONAL DATA

In plain English

  • We need a legal basis for each use.
    For users in the EEA and UK, the four bases we most often rely on are: performing our contract with you, complying with the law, our legitimate business interests, and your consent.
  • The table below maps each use to its basis.
    Subscriptions, billing and providing the Platform itself sit under “Contract”. Compliance and record-keeping sit under “Legal Obligation”. Running, improving and securing the service sits under “Legitimate Interests”. Publishing your profile into directories and sending marketing is “Consent”.
  • If we want to use your data for something new.
    We’ll update this policy first. If a secondary use is reasonably expected (or you’ve consented), we may use information that way too.

We will only process your Personal Data where we have a legal basis for doing so, and this will be determined by the purpose for which your Personal Data is processed.

The table below sets out:

  1. how we use your Personal Data;
  2. the purpose for using it in each case; and
  3. for individuals in the European Economic Area (EEA) and UK, the ‘lawful basis’ we rely on when we use your Personal Data. We collect and process information about you only where we have legal basis for doing so under applicable EU laws. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your Personal Data to:
    • Fulfil our contract with you;
    • Comply with legal obligations that we have;
    • Pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy); or
    • Do something for which you have given your consent.

If we intend to use your Personal Data for a new reason that is not listed in the table, we will update our privacy policy. Where permitted by applicable law, we may use information for secondary purposes that are related (or, in the case of certain sensitive information, directly related) to the primary purpose and reasonably expected or to which you have consented.

Lawful basis Purposes for using your Personal Data
Contract In order to: administer or perform our contract with you; to allow you to use the Platform and maintain an account with us, and to allow users you administer to maintain their accounts with us and set project access for those users; process your payment information in connection with any contract we have with you; deliver our services to you to enable the production, sending and management of tender information for projects, manage quotes, manage your team, manage your address book and expand your network, review subcontractors and increase quote coverage for your business, manage documentation, packages and letting schedules; provide directory services (“Directory Services”) via the Platform including facilitating the use and display of your profile in the subcontractor directory tool (“Subcontractor Directory”) or builder directory tool (“Builder Directory”), including: where subcontractor users include Personal Data in their profile, publishing that into the Subcontractor Directory and allowing builders to access, use and retain that Personal Data, and allowing builders to invite you to tender via the platform and contact you either on or off the Platform; and where Builders users include Personal Data in their profile, publishing that into the Builder Directory and allowing subcontractors and suppliers to access, use and retain that Personal Data to find who is working on projects relevant to them; proactively suggest connections and contact between subcontractors and suppliers based on relevant factors including the nature of the services and products of subcontractors and suppliers (“Connection Services”), including: where subcontractor users include Personal Data in their profile, publishing that via the Connection Services to supplier users; where supplier users include Personal Data in their profile, publishing that via the Connection Services to subcontractor users; prepare statistical analysis, insights and reporting; and send you updates about services you have bought (e.g. confirmation of order, tax invoices).
Legal Obligation If processing of your Personal Data is necessary to: record your preferences (e.g. marketing) to ensure that we comply with applicable data protection laws; send you information to comply with legal obligations (e.g. where we send you information about your legal rights); retain information to enable us to bring or defend legal claims; and assist government agencies, Courts, law enforcement agencies or regulators where we are required by law to do so.
Legitimate Interests Where using your information is necessary to pursue our legitimate business interests to: administer and perform our contract with your business or employer, including registering and maintaining your user account (and any users whose accounts you administer) and to verify your identity; ensure the proper functioning of, improve and optimise our Platform and other services; contact you, for example, to respond to your queries or complaints, or if we need to tell you something important; provide customer support and train our staff members to ensure that you receive the best possible customer service; perform accounting, billing and other administrative and operational functions; protect our business, our users and the public and to protect our/their rights and property; defend ourselves against legal claims; detect, prevent or address fraud or security issues and promote brand safety; optimise future marketing campaigns and marketing strategy; to directly market additional EstimateOne products, integrations or services that you do not currently receive; conduct internal administrative transfers within the EstimateOne Group to support integrated E1, C-Link and Prosper services; monitor and enforce compliance with our Terms and Conditions, including dispute resolution; and comply with internal risk controls, the terms of our access to payment processing, financial or banking services such as credit card disputes, fraud, billing errors, or any applicable law. Where we use your information for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms. Where we use de-identified or aggregated data to develop, test, train or improve our systems (including AI Systems), we rely on our legitimate interests in improving and enhancing our services, provided those interests are not overridden by your rights and freedoms. In doing so, we use aggregated or de-identified data where practicable and implement appropriate safeguards designed to minimise the use of identifiable Personal Data.
Consent Where you have provided your consent for us to receive your information or for allowing us to use or share your information: where we have made settings available to publish Personal Data which becomes accessible for use by other users, including: where subcontractor users publish their profile (including any Personal Data, contact details and project history) to the Subcontractor Directory — to allow builders to access, use and retain that Personal Data, add that information to their address book, and contact you either on or off the Platform; where builders publish Personal Data including contact details into the Builder Directory listing — to allow subcontractors and suppliers to access, use and retain that Personal Data and contact you either on or off the Platform; where subcontractor users or supplier users publish Personal Data including contact details and project history into their Subcontractor Directory listing or Supplier Profile respectively — to allow each other to use and retain that Personal Data via the Connection Services and contact the other either via, or outside of, the Platform; where subcontractor or supplier users submit tender or project information to a builder — to allow builders to access, use and retain that Personal Data and contact you via, or outside of, the Platform; and other publication functionality made available from time to time; to send you marketing materials. This includes making personalised suggestions and recommendations to you about services that may be of interest to you based on your Personal Data. This could be via email, or notifications & messages to your mobile device; and to ask you to submit a review across our review Platform and to produce testimonials for publication by us featuring your name and related corporate information and logos.

10. AUTOMATED DECISIONS THAT MAY AFFECT YOU

In plain English

  • We use algorithms, but humans stay in the loop for significant decisions.
    We don’t make solely automated decisions with legal or similarly significant effects without human review.
  • Where automation does run.
    Checking whether you meet a builder’s tender criteria, ordering directory search results, and detecting fraud, scraping or other misuse.
  • If an automated decision affects you, you can challenge it.
    Email privacy@estimateone.com to request human review, share your perspective, or contest the outcome.

EstimateOne does not make solely automated decisions that have legal or similarly significant effects without human review. However, we do use automated processes to improve efficiency, reduce fraud, and help connect subcontractors, suppliers, and builders.

The following are the types of automated processes used by EstimateOne:

  1. Tender invitations and eligibility. Algorithms check whether a subcontractor’s profile, licences, and prior engagement meet the criteria a builder has set. This can determine whether you appear as eligible to be invited to tender.
  2. Directory visibility and ranking. The order in which subcontractors, suppliers, or builders appear in searches may be automatically determined by relevance factors (e.g., location, trade type, accreditation, activity level).
  3. Fraud, misuse, and security detection. Automated checks may restrict, suspend, or block accounts that display suspicious or prohibited behaviours (e.g., scraping, spam, repeated failed log-ins, or fraudulent submissions).

The following are the types of data used in those automated processes:

  1. Profile and business data (e.g., trade, region, licences, insurance, workforce size).
  2. Usage data (e.g., tender activity, responsiveness, quoting history).
  3. Technical data (e.g., IP address, device/browser, login metadata).

Where a decision of this kind is made solely by automated means and could reasonably be expected to significantly affect you, you have the right to obtain human review, to express your point of view, and to contest the decision. You may exercise these rights by contacting us at privacy@estimateone.com.

The lawful basis for automated processes is either the performance of our contract with you (for example, to determine tender eligibility) or our legitimate interests (for example, fraud detection and directory ranking). EstimateOne does not make solely automated decisions with legal or similarly significant effects without human review.

11. CHOICES ABOUT PUBLISHING DATA

In plain English

  • You control what you put out there.
    Take a moment to understand which fields will be shared before pasting in personal, confidential or third-party details — once a value reaches the directory or connection services, it’s harder to pull back.
  • We’ll honour your visibility settings.
    Where we offer a setting controlling who sees what, your choice stands.

You are responsible for familiarising yourself with the operations of the services, including directory services, connection services and network services, including which information fields will be shared, before entering any personal, confidential or sensitive information belonging to yourself or a third-party into such fields.

Where we have made settings available, we will honour the choices you make about who can see such information.

12. INFORMATION ON THE DIRECTORY SERVICES AND OPTING OUT

In plain English

  • You can leave the Subcontractor Directory.
    Switch off the listing in the Platform and your details will no longer appear in directory searches.
  • We can’t pull your details out of other users’ systems.
    Anything a builder has already exported into their own address book, CRM or notes is outside our control — that’s a real limitation of any directory service, and worth being aware of when deciding what to publish.

You may choose to opt-out of the Subcontractor Directory listing through the Platform, in which case your information will no longer be visible, but Estimate One cannot remove or control your information already held by other users in their platform address books, or separately outside the platform.

Please note: EstimateOne does not control, and is not responsible for, use and handling of your Personal Data by other users. We do not have control over any data that other users have saved outside the Platform.

13. INFORMATION ON THE CONNECTION SERVICES AND OPTING OUT

In plain English

  • What Connection Services do.
    They proactively suggest matches between subcontractors and suppliers based on what each side offers.
  • You can opt out.
    Turn it off in the Platform and we’ll stop using your details to generate these suggestions.
  • Opting out of Connection Services doesn’t remove you from the Directory.
    Those are separate settings — you may want to review both.
  • We try not to mix cohorts.
    Supplier information shouldn’t be suggested to other suppliers, and the same for subcontractors — but we can’t guarantee perfect separation.

You acknowledge that the connection services operate to proactively suggest connections and contact between subcontractors and suppliers based on relevant factors including the nature of the services and products of subcontractors and suppliers, where the Licensee has not otherwise opted out of this functionality.

You may choose to opt-out of the Connection Services (receiving suggestions to connect with subcontractors and suppliers) through the Platform, in which EstimateOne will not use or disclose your information as part of this functionality.

Please note: opting out of Connection Services functionality will not limit your appearance on the Directory Services. Your information will continue to be presented via the EstimateOne Directory Services unless you opt out from that separately.

While EstimateOne takes steps to limit the sharing of your information with only prospective suppliers if you are a subcontractor, and with only prospective subcontractors if you are a supplier (and not within the same cohort, i.e., so that supplier information isn’t shared with suppliers), EstimateOne cannot guarantee that such sharing will not or does not occur.

Internet Cookies

Cookies are small text files that we store on your browser, or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer’s hard drive.

Our website and platform uses our own cookies, as well as (a) third party cookies of external partners we use to help us manage our Website such as session management, onboarding and bug identification and (b) third party cookies of other providers, including advertising platforms, with whom we have no relationship and over whom we have no control.

The following cookies are used on our Website:

  1. Necessary cookies. These are cookies that are required for the operation of our website and platform. These essential cookies are always enabled because our website and platform won’t work properly without them. They include, for example, cookies that enable session functionality, the secure storage of customer credentials and other security functions;
  2. Preference cookies. These enable us to recognise you when you return to our website and platform, to personalise our content for you and remember your preferences (for example, your choice of language or region);
  3. Statistics cookies. These help us to understand how visitors interact with our website and platform. They include cookies that tell us why and when users experience bugs, how long people spend on our Website and the number of times they visit; and
  4. Marketing cookies. These are used to record your visit to the website and platform, to make our website and platform more relevant to your interests. We may also share this information with third parties for this purpose so that they can serve you with relevant advertising on their websites, where you have consented to this.

For further details about the cookies used on our Website, please see EstimateOne’s Cookie Policy.

For users in the UK and EEA, non-essential cookies (such as preference, statistics, and marketing cookies) will only be used with your explicit prior consent, in accordance with the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive. You may withdraw consent at any time through our cookie banner or consent management platform.

14. DIRECT MARKETING

In plain English

  • We market to you when you’ve opted in.
    For electronic marketing (email, SMS, push), we rely on your consent. We may also send relevant communications under legitimate interests where the law allows.
  • Every marketing message has an opt-out.
    You can also ask us to stop at any time — just get in touch.
  • We don’t sell your details for someone else’s marketing.
    Sharing for third-party direct marketing only happens with your explicit consent.

EstimateOne may use your Personal Data in order to conduct direct marketing of EstimateOne services where:

  1. you have provided that information; and
  2. you have consented to direct marketing from us.

EstimateOne may use your Personal Data for directly marketing to you any additional EstimateOne products, integrations or services which you do not currently receive:

  1. where you have consented to such marketing communications, particularly for electronic communications; or
  2. where such marketing is consistent with our legitimate interests, provided that these interests are not overridden by your rights and freedoms;

in accordance with applicable law. These products and services may be offered by EstimateOne, its related companies, its business partners, or its service providers. However, we will not share your Personal Data with third parties for their direct marketing purposes without your explicit consent.

In each direct marketing communication, you will be given the option to opt out. You can also opt out at any time by contacting us.

15. WHO WE MAY DISCLOSE YOUR PERSONAL DATA TO AND WHY

In plain English

  • Who sees your data.
    Account administrators within your own business, other EstimateOne Group companies (E1, C-Link, Prosper), our suppliers and service providers, professional advisers, fraud-prevention providers, and law enforcement where we’re lawfully required.
  • Directory listings reach the other side of the marketplace.
    If you’re a subcontractor or supplier in the Directory, builders (and via Connection Services, the corresponding cohort) may access, retain and contact you on or off the Platform.
  • If we’re sold or restructured, your data goes with the business.
    Any buyer would inherit obligations equivalent to those in this policy.

If you are a user of the Platform, EstimateOne may disclose your Personal Data in accordance with the lawful bases and purposes set out above to:

  1. the EstimateOne user who administers your account with us, for the purpose of assisting that administrator user with their support queries but only to the extent that your Personal Data is related to the provision of the Platform;
  2. E1 Group entities, including EstimateOne Pty Ltd, Construction Link Limited and Prosper (as a trading name of C-Link), for purposes connected to the operation of the integrated E1–C-Link–Prosper Platform, including cross-border data transfers between the UK and Australia conducted under appropriate safeguards;
  3. professional and legal advisors;
  4. third parties engaged in fraud prevention and detection;
  5. law enforcement, Courts or other government organisations (e.g. to report a fraud or in response to a lawful request);
  6. If you are a subcontractor of an EstimateOne user and are included in the Subcontractor Directory, to EstimateOne users and to third party service providers as noted in ‘Our Use of and Legal Grounds for Processing Your Personal Data’ above;
  7. If you are a subcontractor of an EstimateOne user and are included in the subcontractor-supplier Connection Services, to suppliers and to third party service providers as noted in ‘Our Use of and Legal Grounds for Processing Your Personal Data’ above;
  8. EstimateOne’s suppliers and service providers (e.g. companies that provide research and payment processing services as well as recipients who provide analytics or hosting services to EstimateOne), who may be based in the United States, Australia, United Kingdom, European Union, or other jurisdictions. We ensure these organisations only have access to the information required to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations;
  9. a potential buyer, in the event that EstimateOne sells any of its business assets or as part of a sale, merger or change in control, or in preparation for any of these events, in which case EstimateOne will make reasonable attempts to ensure the buyer will be bound by the terms of this Privacy Policy; and
  10. third parties where we have your consent or are otherwise legally permitted to do so.

16. DATA SHARING VIA API AND INTEGRATIONS

In plain English

  • Customers can pull data out via our API.
    Once exported, it lives in their CRM or other internal systems — they’re responsible for handling it lawfully from that point on.
  • Third-party integrators may access on a customer’s behalf.
    We don’t control what those tools do once data leaves the Platform, although we do impose contractual restrictions on misuse, onward sharing and unauthorised use.
  • No AI training without our permission.
    Customers can’t use Personal Data obtained from the Platform to train, fine-tune or develop AI or machine-learning models unless we’ve expressly authorised it.

Where functionality is made available, certain information within the Platform may be accessed by customers using automated or programmatic means, including via application programming interfaces (APIs).

Where a customer uses the API or integrates the Platform with its internal systems (such as CRM or workflow tools), relevant data may be transferred to those systems on the customer’s behalf. This may include business-related information such as builder names, consultant names and websites, subcontractor names, and project-related information, to the extent that such information is already available to that customer within the Platform.

Customers may also authorise third-party service providers (such as integration partners or CRM providers) to access the API on their behalf.

We do not control how customers or their authorised service providers use, store, or process data once it has been exported to their systems. Customers are responsible for ensuring that their use of such data complies with applicable data protection laws.

We make API access available subject to contractual restrictions and controls designed to limit misuse, including restrictions on onward sharing, resale, and unauthorised use of data.

Customers must not use Personal Data obtained via the Platform, whether through the API, integrations or otherwise, to train, fine-tune, validate or develop any artificial intelligence or machine learning models, or to create datasets for such purposes, except where expressly authorised by EstimateOne.

17. MANAGEMENT AND SECURITY OF PERSONAL DATA

In plain English

  • We take reasonable, layered security measures.
    Access controls and multi-factor authentication, encryption in transit and at rest, regular scans and penetration testing, secure databases, business continuity and recovery processes, and internal information-security policies for staff.
  • If there’s an incident.
    Where we’re the controller for the affected data, we’ll notify the regulator and you where the law requires. Where we’re acting as processor, we notify the controller and support their investigation.
  • Spotted something suspicious?
    Please get in touch via our contact page — we’d rather hear from you early.

EstimateOne takes such steps as are reasonable in the circumstances to protect the Personal Data it holds from misuse, interference, loss, unauthorised access, modification or disclosure, including implementing appropriate technical and organisational measures as required by applicable privacy laws. Such measures include:

  1. restricting access to Personal Data where practicable;
  2. single user logins and keys;
  3. access controls and user authentication (including multi-factor authentication);
  4. internal IT and network security;
  5. the use of firewalls;
  6. the pseudonymisation and encryption of Personal Data;
  7. ensuring all payments are encrypted as per PCI-DSS requirements;
  8. using industry-standard encryption to protect data in transit and at rest;
  9. the use of secure databases;
  10. conducting regular scans and penetration tests of our applications and networks to identify (and address) any potential vulnerabilities;
  11. regular review of our security measures;
  12. requiring all employees to comply with internal information security policies and keep information secure;
  13. business continuity and disaster recovery processes;
  14. the restriction of physical access to our offices.

If there is an incident which has affected your Personal Data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor for the affected Personal Data, we notify the controller and support them with investigating and responding to the incident.

If you notice any unusual activity on our website or platform, please contact us via https://estimateone.com/contact/.

18. YOUR RIGHTS

In plain English

  • Rights you have.
    Access a copy of your data, correct it, ask us to delete or restrict it, object to processing, and (in the UK/EEA) request portability to another organisation.
  • Exceptions exist.
    Some requests can be refused or limited where the law allows — for example, where a third party’s privacy, legal privilege, or proprietary business information would be compromised. We may also decline requests that are unfounded or excessive (and explain why).
  • How to exercise rights.
    Email our Privacy Officer at privacy@estimateone.com. Access and correction are free; significant retrieval work may attract a reasonable cost, which we’ll quote in advance.

You have specific legal rights in relation to your Personal Data, to be as follows:

  • Access: You must be told if your Personal Data is being used and you can ask for a copy of your Personal Data as well as information about how we are using it to make sure we are abiding by the law.
  • Correction: You can ask us to correct your Personal Data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes. We will take reasonable steps to appropriately correct or update the information to ensure that, having regard to the purpose for which we hold it, the information is accurate, up-to-date, complete, relevant and not misleading. We will respond to correction requests as soon as reasonably possible.
  • Deletion: You can ask us to delete or remove your Personal Data if there is no good reason for us continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
  • Restriction: If you’re a resident in the UK or EEA, You can ask us to restrict how we use your Personal Data and temporarily limit the way we use it.
  • Objection: You can object to us using your Personal Data if you want us to stop using it. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.
  • Portability: If you’re a resident in the UK or EEA, you can ask us to send you or another organisation an electronic copy of your Personal Data. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, as permitted by law (we will explain why and how to complain).

Please note that certain types of Personal Data access and correction requests may be exempt under applicable laws or where the information in question is legally privileged, would compromise the privacy or other legitimate rights of other persons, or where the information requested comprises proprietary business information. We can decide not to take any action in relation to a request where we have been unable to confirm your identity or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens we will always inform you in writing in advance.

To make any requests regarding your Personal Data, or if you have any questions or concerns regarding your Personal Data, please contact the Privacy Officer at privacy@estimateone.com. You are also entitled to contact the UK Information Commissioner’s Office.

EstimateOne may require you to verify your identity and specify what information you require. There is no charge for requesting access or correcting your Personal Data, but EstimateOne may require you to meet its reasonable costs in providing you with access (such as costs for time and materials spent on retrieving and copying). If the information sought is extensive, EstimateOne will advise the cost in advance.

EstimateOne will respond to your requests in a reasonable time and will take all reasonable steps to ensure that the Personal Data it holds about you remains accurate, up to date, complete, relevant, and not misleading.

19. HOW LONG WE KEEP YOUR INFORMATION: RETENTION PERIOD

In plain English

  • While your account’s open, we keep your data.
    Even if you only check in every few years, your profile and history remain so the service still works when you come back.
  • After you close your account.
    Your data is deleted from our active database within 6 months, and from monthly backups within a further 6 months.
  • Some things linger.
    Messages and tender data you shared with others may remain visible to them. We may also retain records longer where the law or legitimate business reasons require — for instance, to defend legal claims or to enforce our Terms after a breach.
  • Dormant accounts may be cleaned up.
    Accounts inactive for more than three years are reviewed and may have their data deleted or anonymised.

EstimateOne will keep your Personal Data for as long as it needs for the purposes set out under ‘Purposes for using your Personal Data’ above, and in line with our Terms of Use and applicable law. Our retention is subject to you exercising your lawful data subject rights, and further subject to any requirement for us to hold data for such period as may be required to establish, exercise or defend legal rights or ongoing legitimate business interests.

To decide how long to keep Personal Data, we consider the volume, nature, and sensitivity of the Personal Data, the potential risk of harm to you if an incident were to happen, whether we require the Personal Data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records).

In practice, EstimateOne will retain your Personal Data within the Platform indefinitely as you keep your account open or as needed to provide you services, and your account has not been otherwise suspended. Even if you only use our services when looking at tender information every few years, we will retain your Personal Data and keep your profile open unless you close your account. The exact retention period will vary depending on the nature of your interactions with EstimateOne and may vary by market in accordance with local laws.

In some cases, we choose to retain certain information (e.g., insights about services use) in a depersonalized or aggregated form.

After you close your account, your data will be automatically deleted from our active database within 6 months and from our monthly backups within 6 months after that.

Data you have shared with others (for example, via tender submissions, messages or other exchanges you have made with other users on the platform) may still be visible even after you close your account or remove it from your profile.

Sometimes, we may retain your personal data for longer periods as permitted or required by law, for example maintain records of exchanges you have made with other users on the platform, adhere to relevant regulatory requirements, resolve disputes, ensure the security of our platform, prevent fraud and misuse (for instance, if your account was restricted due to breaches of our policies), enforce our Terms of Use, or comply with your request to “unsubscribe” from further communications from us.

We will periodically review dormant accounts (for example, those inactive for more than 3 years) and may delete or anonymise data that is no longer necessary. Retention periods may differ depending on the type of data (e.g. financial records, contracts, recruitment records).

We will update our retention practices as required to comply with future developments under UK, EU, and Australian data protection law, including any retention-related obligations emerging under the EU Data Act or subsequent UK reforms.

20. WHERE WE STORE YOUR PERSONAL DATA

In plain English

  • Your data may live in multiple countries.
    Primary storage is with EstimateOne in Australia, with recipients also in the UK (C-Link), Ireland, the United States and elsewhere depending on the service.
  • Group transfers between the UK and Australia.
    We use safeguards including the EU Standard Contractual Clauses, the UK IDTA or Addendum, Transfer Risk / Impact Assessments, and (where applicable) the EU–US Data Privacy Framework.
  • Want to see the safeguards in detail?
    You can request a copy — we’ll explain the basis on which your data has been transferred and the protections we’ve put in place.

We process Personal Data in multiple countries. Where we transfer Personal Data internationally, we will do so only where permitted under applicable data protection laws and with appropriate safeguards in place. If Personal Data is transferred, we will comply with applicable laws in doing so.

For residents in Australia, the UK or EEA, your Personal Data is transferred directly to EstimateOne Pty Ltd in Australia. We store most information about you in computer systems and databases operated by either EstimateOne or its external service providers. Some information about you may be recorded in paper files that we store securely.

Recipients of your Personal Data are likely to be located in Australia, the United Kingdom (including Construction Link Limited (C-Link)), Ireland, United States of America per our Trust Centre, and other countries or jurisdictions depending on the nature of the services provided to the EstimateOne Group (including the Prosper platform).

Personal Data may also be transferred between members of the EstimateOne Group (including E1 Australia, C-Link in the UK, and the Prosper platform) where this is necessary for the operation of the integrated E1, C-Link and Prosper services.

Where applicable, Personal Data relating to accreditation or pre-qualification status may be transferred from CHAS (UK) to EstimateOne Pty Ltd in Australia following user authentication and consent, solely for the purposes described in this Privacy Policy.

You may contact EstimateOne for an explanation of the basis on which it has transferred your Personal Data and, where relevant, to request a copy of the legal safeguards which EstimateOne has put in place.

If EstimateOne engages a third party to process Personal Data on its behalf, EstimateOne contractually requires them to handle your Personal Data appropriately.

For transfers from the UK and EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA) or Addendum, and, where applicable, the EU–US Data Privacy Framework. We also conduct Transfer Risk Assessments (TRAs) or Transfer Impact Assessments (TIAs) to ensure adequate protection. Copies of these safeguards can be requested.

We will update our international transfer mechanisms as required to comply with future developments under UK, EU and Australian data protection law, including any changes arising from the UK DPDI Bill or the EU Data Act.

21. ENQUIRIES AND PRIVACY COMPLAINTS

In plain English

  • How to reach our Privacy Officer.
    The contact details for our Privacy Officer (across Australia, New Zealand and the UK) are in the section below. That’s the channel for any privacy enquiry or complaint.
  • If you’re not satisfied with our response.
    You can escalate to the Office of the Australian Information Commissioner, the UK Information Commissioner’s Office, or your local Data Protection Authority in the EEA.
  • VeraSafe is our Article 27 representative for the EEA and UK.
    EEA and UK users can contact VeraSafe directly for data-protection matters, in addition to our Privacy Officer.

If you would like further information about the way EstimateOne manages the Personal Data it holds, or if you have any concerns or complaints, or if you think there has been a breach of privacy, please contact the Privacy Officer at privacy@estimateone.com, or call 1300 705 035 (Australia), 0800 705 035 (New Zealand) or +44 808 189 2260 (United Kingdom).

If you are not satisfied with our response, you can refer your complaint to, as applicable, to the Office of the Australian Information Commissioner (www.oaic.gov.au), or the UK Information Commissioner’s Office.

Pursuant to Article 27 of the EU General Data protection Regulation (GDPR) and Article 27 of the UK General Data Protection Regulation (UK GDPR), Verasafe has been appointed as our representative in the European Union and the United Kingdom for data protection matters. If you are in the EEA or the UK, VeraSafe can be contacted in addition to the Privacy Officer, only on matters related to the processing of Personal Data. To make an enquiry, please contact VeraSafe using this form: https://verasafe.com/public-resources/contact-data-protection-representative

Alternatively, you can contact Verasafe at:

EEA
Address:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
Telephone: +420 228 881 031

United Kingdom
Address:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
Telephone: +44 (20) 4532 2003

If you are based in the EEA, you may also contact your local Data Protection Authority in addition to VeraSafe.

If you are based in the UK, you may also contact the Information Commissioner’s Office (ICO) directly, in addition to VeraSafe. Further details are available at www.ico.org.uk.

This Privacy Policy was last amended in May 2026. If you have queries about the changes please contact us via https://estimateone.com/contact/.