3Quotes Trading Pty Ltd
ABN 80 628 997 633
GPO Box 2520
Adelaide SA 5001
Australia
1. Definitions
“GDPR” means Regulation (EU) 2016/679.
“UK GDPR” means the retained GDPR as incorporated into UK law.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Data Subject” means the individual homeowner submitting an enquiry.
“Lead” means a Data Subject located in the EEA or UK who has submitted a request for solar, battery, or energy services via a 3Quotes website and consented to contact by service providers.
“Supervisory Authority” means any EU Data Protection Authority or the UK Information Commissioner’s Office (ICO).
2. Roles of the Parties
2.1 The Parties acknowledge that:
• 3Quotes determines the method of data collection and advertising targeting;
• the Client determines how and when to contact the consumer.
2.2 Accordingly, the Parties act as Independent Data Controllers and, for initial marketing contact, Joint Controllers under Article 26 GDPR.
2.3 This Agreement constitutes the Article 26 Joint Controller Arrangement.
3. Lawful Basis for Processing
3.1 3Quotes warrants each Lead was collected using:
• freely given, specific, informed and unambiguous consent;
• disclosure that multiple providers may contact the individual.
3.2 Consent includes permission for:
• telephone calls
• SMS
• email contact
3.3 3Quotes retains proof of consent including:
timestamp, IP address, form version, and consent wording.
4. Transparency to the Consumer
3Quotes shall provide a privacy notice disclosing:
• identity of 3Quotes
• categories of installers
• purpose of data sharing
• international transfer to Australia
• right to withdraw consent
5. Data Sharing
5.1 3Quotes shares Leads with up to three (3) installers.
5.2 The Client may use Personal Data only to respond to the enquiry and offer relevant energy services.
5.3 The Client must not:
• resell the Lead
• add to cold-marketing databases
• use for unrelated marketing.
6. International Data Transfers
6.1 Personal Data is transferred outside the UK/EEA to Australia.
6.2 The Parties incorporate the EU Standard Contractual Clauses (SCCs) and UK International Data Transfer Addendum.
6.3 The Client agrees the transfer is necessary to provide requested quotations.
7. Direct Marketing Obligations
The Client must:
• identify itself in first contact
• provide opt-out in all emails/SMS
• stop contact immediately upon objection
• comply with PECR (UK) and national marketing laws.
8. Data Subject Rights
3Quotes handles:
• access requests
• consent withdrawal
The Client handles:
• service enquiries
• deletion requests after transfer
Each Party must notify the other within 48 hours of a request.
9. Data Security
Each Party shall implement appropriate technical and organisational measures including:
• access controls
• encryption where feasible
• restricted staff access
• breach response procedures
10. Data Breach Notification
10.1 A Party discovering a breach must notify the other within 24 hours.
10.2 Where required, notification to a Supervisory Authority must occur within 72 hours.
11. Indemnities
The Client indemnifies 3Quotes for unlawful marketing or misuse of Personal Data.
3Quotes indemnifies the Client for failure to obtain valid GDPR consent.
12. Limitation of Liability
3Quotes liability limited to fees paid for affected Leads.
No liability for conversion, profitability, or business performance.
13. Governing Law
Commercial payment matters: South Australia, Australia.
Data protection compliance: applicable EU Member State or UK law.
14. Termination
Immediate termination permitted for:
• GDPR breach
• unlawful marketing
• regulatory investigation
15. General
Electronic acceptance valid.
Independent contractor relationship.