Skip to main content

Privacy Policy

Last updated: 1 May 2026

This Privacy Policy explains how Bidwork (the "Platform") processes your personal data when you use our marketplace. The Platform is operated by the legal entity identified in Section 1 below, which is the data controller for the personal data described in this Policy.

1. Who we are and how to contact us

The data controller for personal data processed through Bidwork is: Name: [Bidwork Operator — Legal entity name] Registered address: [Registered business address] General contact: [[email protected]] Privacy contact: [[email protected]] [VAT / tax number, if applicable] If you have any questions about how we handle your personal data, or if you wish to exercise your data rights, you may contact us at the privacy contact email above. Registered users may also reach us through Help & Support in their account dashboard. Note: The bracketed details above will be replaced with the operator's verified legal details before this Policy is published publicly.

2. Personal data we collect

We collect and process the following categories of personal data: • Identity and contact data — your name, email address, and phone number where you provide it. • Profile content — your bio, profile photo, and (for professionals) portfolio images and a description of the services you offer. • Location data — job addresses provided by customers and, for professionals, any geographic service coverage areas you configure. • Transaction and payment data — payment identifiers and transaction records associated with jobs, offers, platform-held payments, fund releases, and refunds, processed via our payment provider. • Communications — messages you send and receive via the Platform's built-in chat, and the content of any support or dispute tickets you submit. • Verification documents — for professionals, identity or qualification documents submitted during the verification process (stored securely; document contents are reviewed only by authorised staff). • Usage and technical data — IP address, device type, browser type, and activity logs generated while using the Platform. • Preference data — your chosen display language and notification preferences. • Review and rating data — ratings and written reviews you leave or receive after completed jobs. • Notification history — in-app notifications generated by Platform events. What is visible to other users: Some of your data is visible to other Platform users as part of normal service operation. Customers can see a professional's public profile (name, bio, portfolio photos, service areas, ratings, and published reviews), and offer details for offers submitted on their jobs. Professionals can see job listing details submitted by customers, including job descriptions, category-specific fields, job location (which may be a home or property address), and any photos attached to the job. Once chat access is enabled (after an offer is submitted), both parties can see the messages exchanged in that conversation. Job location data, including property addresses and photos, may be visible to any professional whose service area covers that location.

3. How and why we use your data

The table below summarises the purposes for which we process personal data, the data involved, and the lawful basis we rely on under GDPR: Account creation and login Data: name, email, password (stored as a hash), phone number Legal basis: Contract performance Job listings and offer management Data: job descriptions, category fields, job location/address, job photos, offer text and price Legal basis: Contract performance In-platform chat Data: messages, media attachments Legal basis: Contract performance Platform payments and payouts Data: Stripe payment identifiers, transaction amounts, payment status, payout records Legal basis: Contract performance; Legal obligation (financial record-keeping) Dispute resolution Data: chat history, job records, photos, support ticket content Legal basis: Contract performance; Legitimate interests (operating a safe marketplace) Platform safety and fraud prevention Data: IP address, device type, browser type, activity logs Legal basis: Legitimate interests (keeping the Platform secure and free from abuse) Professional verification Data: identity and qualification documents Legal basis: Contract performance; Legal obligation (where verification is required by law) Notifications and preference management Data: email address, notification preferences, language preference Legal basis: Contract performance Marketing communications Data: email address, marketing preferences Legal basis: Consent — you must opt in; you may withdraw at any time via account settings Legal and accounting compliance Data: transaction records, relevant correspondence Legal basis: Legal obligation Where we rely on legitimate interests, we have assessed that those interests do not override your rights and freedoms. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

4. Sharing with third parties

We share your data only with service providers that help us operate the Platform. These include: • Payment processing — we share transaction data with our payment provider (Stripe) to process platform-held payments, fund releases, and payouts to professionals. Stripe's own Privacy Policy applies to data it controls. • Cloud infrastructure — we use hosting and storage providers to run Platform servers and store uploaded files. Your verification documents are stored on secure cloud storage. • Email delivery — an email service provider sends transactional and notification emails on our behalf. • Support tooling — our support and help-desk infrastructure may process the content of support tickets you raise. All processors act only on our documented instructions. We do not sell your personal data.

5. International transfers

Some of our service providers process data in countries outside the European Economic Area. Where such transfers occur, we require that appropriate safeguards are in place — such as the European Commission's Standard Contractual Clauses — to ensure your data receives equivalent protection.

6. How long we keep your data

We retain your personal data for as long as necessary to provide the service and meet our legal obligations: • Active account data — retained while your account remains open. • Transaction and financial records — retained for the period required by applicable accounting and tax law (typically at least 5 years after the transaction). • Activity and audit logs — retained for up to 12 months, then automatically deleted. • Verification documents — retained for the period required by applicable regulatory obligations; not longer than necessary. • Chat messages and support tickets — retained while your account is open and for a reasonable period afterwards to resolve any pending disputes. • Inactive accounts — accounts that have been closed or inactive for an extended period may be purged in line with our data minimisation practices. When data is no longer needed, we delete or anonymise it.

7. Your rights

Depending on applicable law (including the GDPR where it applies), you have the following rights in relation to your personal data: • Right of access — request a copy of the personal data we hold about you (you can also use the "Download my data" feature in your account settings). • Right to rectification — ask us to correct inaccurate or incomplete data. • Right to erasure — request deletion of your data in certain circumstances (you can also delete your account via account settings). • Right to restriction — ask us to limit how we process your data. • Right to object — object to processing based on legitimate interests. • Right to data portability — receive your data in a structured, machine-readable format. • Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing. To exercise any of these rights: • Registered users: use the relevant options in your account settings, or contact us via Help & Support in your dashboard. • All users (including those without an active account): email [[email protected]]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority in your country (in Greece: the Hellenic Data Protection Authority — www.dpa.gr).

8. Children

Bidwork is not directed at children. If you are below the minimum digital consent age applicable in your jurisdiction, please do not register or submit personal data to the Platform.

9. Updates to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted here with a revised date. For material changes that affect how we process your data, we will notify you in advance through your account.

10. Security

We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures are reviewed and updated as necessary. We do not publicly disclose the specific technical details of our security controls. In the event of a personal data breach that is likely to result in risk to your rights, we will notify affected users and the relevant supervisory authority as required by applicable law.

See also: Terms of Service · Cookie Policy.