Privacy and cookie policy

Privacy and cookie policy

Privacy and cookie policy

We are actively working to safeguard your privacy. On this page you will find an overview of how and why we collect and handle personal information and manage cookie settings.

Data Protection Officer

Stacc has established a separate Data Protection Officer for the Stacc Group. Our data protection officer is Lene Holmedal.

The role of the Data Protection Officer is to strengthen the company's ability to comply with regulations for the processing of personal data and increase the assurance that the company complies with the rules in practice. Key tasks are to provide advice in their own organisation and to monitor their own organisation's compliance with the personal regulations.

Questions about rights, typically access to one's own personal data processed by Stacc, can be directed to CCO/Data Protection Officer Lene Holmedal at

Stacc does not respond to inquiries about personal data that is processed on behalf of our customers, in the role of Data Processor. Such inquiries must be addressed directly to the data controller.

When does Stacc collect personal information?

The information we have received about you is mainly because:

  • You have used our website (see section 2)

  • You have sent us an email to (see section 4)

  • You subscribe to our newsletter (see section 5)

  • You have signed up for an event we host (see section 6)

  • You have filled in a form on our website (see section 6)

  • You are a customer (see section 7)

  • You have applied for a job at Stacc see section 8)

We also collect cookies when you visit Some cookies are absolutely necessary in order to visit the website at all. You also have the possibility to accept or decline optional cookies in the pop-up window. These cookies are used for statistical reasons and for optimizing your experience on our website. You can read more about our cookie policy under section 2.

1. Your Rights

Do you have questions or want to exercise your rights? Send us an email at You have the right to receive a reply without undue delay and the latest within one month. Visit the Norwegian Data Protection Authority (DPA) for more information about your rights.

You have, with certain restrictions, the following rights:

  • Right of Access: You can receive confirmation that your personal data is being processed, and if so, also receive a copy of your personal data. Identification can be required to ensure that access to personal data is only given to the correct person.

  • Right to rectification: You can ask us to correct or supplement personal information that is erroneous or misleading.

  • Right to erasure: You can request that we delete your personal data. Deleting personal data will not be possible in such situations (e.g. documentation and logging purposes)

  • Right to restriction of processing: In certain situations, you can request that processing of your personal data is restricted:

    • You find your personal data to be erroneous: processing can be restricted while the accuracy is verified

    • You have used your right to object: processing can be restricted pending the verification of whether the legitimate grounds of the controller override those of the data subject

    • If your personal data is being processed unlawfully and will be deleted, you can request that the processing is restricted instead of deleted.

    • Your personal data will be deleted as they are no longer necessary for the purpose they were collected, but you require the data in order to establish, exercise, or defend a legal claim

  • Right to data portability: If your personal data is being processed based on consent or a contract, you can request to have your personal data transferred to you or another data controller in a machine-readable format if technically possible.

  • Right to object: You can always object to the processing of your personal data when the purpose is direct marketing. You can also object to the processing of your data if it is being processed based on it being necessary for the performance of a task carried out in the public interest or our legitimate interests. Processing will be stopped unless we can demonstrate compelling legitimate grounds for the processing that override your interest, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

  • Withdrawing consent: If you have given consent to the processing of your personal data, you can withdraw your consent at any time. In our newsletter, you can reserve yourself from receiving future newsletters by using the link in the footer.

  • Right to file a complaint: If you believe we are not processing your personal data in accordance with GDPR, you can send us an email to with the reasons for non-compliance. You can also file a written complaint with the DPA to "Datatilsynet, Postboks 8177, 0034 Oslo, Norway". Read more about this process here.

2. Use of our website


Cookies are small text files that are placed on your computer when you visit a webpage. Cookies do not identify you personally but are used by us as a tool to improve your experience when you visit a website. You can choose to turn off cookies in your browser. See for the administration of cookies.

We divide our use of cookies into two parts: necessary and optional cookies. The necessary cookies are there to make the website work and are required when you visit

The basis of legal treatment is a legitimate interest under the Norwegian implementation of GDPR: article 6, number 1, letter f. The optional cookies have the purpose of optimizing your experience on our website, as well as statistical analysis.

The basis of legal treatment is consent by clicking Accept when the cookie pop-up appears. You also have the opportunity to edit cookie settings by clicking "Cookie Settings" in the footer menu.

Necessary cookies

Enables security and basic functionality.
Google Consent modes:
security_storage + functionality_storage

Provider: Cloudflare
Purpose: Security and performance
Duration: 30 minutes


Enables personalized content and settings.
Google Consent modes:

Provider: Framer
Purpose: Cookie consent preferences
Duration: 30 days

Provider: Framer
Purpose: Cookie banner dismissal
Duration: Session

Provider: HubSpot
Purpose: Cookie consent preferences
Duration: 30 days


Enables tracking of performance.
Google Consent modes:

Provider: Google Analytics
Purpose: User identification
Duration: 2 years

Provider: Google Analytics
Purpose: User identification
Duration: 2 years

Provider: Google Analytics
Purpose: User identification
Duration: 2 years

Provider: HubSpot
Purpose: Tracking and analytics
Duration: 2 years

Provider: HubSpot
Purpose: Tracking and analytics
Duration: 30 minutes

Provider: HubSpot
Purpose: Tracking and analytics
Duration: Session


Enables personalised ads and tracking.
Google Consent modes: ad_storage

Provider: HubSpot
Purpose: Marketing automation and analytics
Duration: 3 years

Provider: Google Ads
Purpose: Conversion tracking
Duration: 90 days

Provider: Microsoft Clarity
Purpose: Click tracking
Duration: 1 year

Provider: Microsoft Bing Ads
Purpose: Advertising tracking
Duration: 16 days

Provider: Microsoft Bing Ads
Purpose: Advertising tracking expiration
Duration: Permanent

Provider: Microsoft Bing
Purpose: Session ID
Duration: Session

Provider: Microsoft Bing
Purpose: Session ID expiration
Duration: Session

3. HubSpot as a CRM system

We use HubSpot as a CRM system and as a secure tool to coordinate marketing and sales initiatives. All information about newsletters, event registration, and website traffic can be gathered here which we use to optimize your digital experience of Stacc. You can read more about the specific measures we use HubSpot for under sections 2, 4, 5, and 6.

Stacc has a DPA agreement with HubSpot containing EU standard contractual clauses. Read more about Hubspot security and GDPR compliance.

4. Email Communications

You can send us an e-mail via the contact form on our website or by e-mail to We use TLS encryption to secure our e-mail communication. Most webmail services support this, and your e-mail communication with us will then be secure. However, we ask that you do not send sensitive personal information or information worthy of protection by e-mail, as we cannot guarantee that your e-mail provider supports TLS. Our webmail services scan all incoming and outgoing emails for viruses and malware.

Further processing of your inquiry means that we will store information that is necessary to be able to answer your inquiry. The basis for legal treatment, in this case, is defined as a legitimate interest. This means that we store your email address and our response. We use HubSpot to store your information that you sent through a website form, and Microsoft Outlook if you send us an email to Some of our employees have synced their HubSpot account to their Outlook account and will therefore store your information on both places if you contact one of us directly.

5. Newsletters

Stacc sends out newsletters by e-mail to anyone who explicitly wants it. The newsletter contains information about fintech, an invitation to events that Stacc hosts alone or with partners, as well as other relevant professional content and updates. In order for us to send you newsletters, you must actively approve it, either through our newsletter form or in other forms. The basis of legal treatment is therefore "consent" under Article 6 (1) (a) in the Norwegian GDPR. Your email address will then only be used to send out newsletters. It will then be stored in our data processing system, HubSpot, which manages and sends out the newsletters. HubSpot has its own privacy statement which you can read here.

You can unsubscribe from the newsletter at any time by clicking on the "Unsubscribe" link in the newsletter or by contacting us at

6. Forms on our website

Throughout our website, you have the possibility to fill out forms to either sign up for an event, to receive relevant information about our services and solutions, to sign up for newsletters, or to book a meeting. The purpose of storing the information you submit is to be able to process the data in relation to what you requested, to follow up with content and/or to schedule a meeting. The basis of legal treatment is therefore thus either legitimate interest or consent, depending on the nature of the form. See sections 4 and 5 for more specific information regarding this.

7. For Our Customers

Stacc delivers dynamic solutions to its customers. This means, among other things, that data processing varies in scope and complexity from customer to customer. The Data Processing Agreement between Stacc and the customer deals with the individual processing processes, but something is the same for everyone:

  1. General data processing

  2. Our duties towards our customers

General data processing

Stacc shall only process personal data in accordance with documented instructions from the Data Controller and follow the routines and instructions that the Data Controller applies. The Data Processing Agreement, the Main Agreement, as well as any instructions generated through e-mail or support inquiries constitute the Data Controller's instructions on what applies to the processing of personal data.

Our duties to our customers

  • Stacc shall follow the routines and instructions for the processing that the data controller has at any time decided shall apply in accordance with the main agreement or documented instructions.

  • Stacc shall not process any personal information made available unless it is necessary to fulfill the obligations under the main agreement.

  • Stacc shall not disclose personal information to third parties unless the data controller approves the disclosure.

  • Stacc shall ensure that all personnel who process personal data or have access to the personal data processed in accordance with the Data Processing Agreement, have signed a declaration of confidentiality or equivalent. The duty of confidentiality will continue to apply after termination of the Data Processing Agreement.

  • Stacc shall assist the Data Controller with appropriate technical and organizational

We have two external websites too
We use Teamtailor as a tool to announce new jobs and track applicants at
We use a Freshdesk supportsite to optimize our customer service and handle incoming tickets at