Privacy policy

Cookie policy

Privacy policy

Last Updated On 12-May-2025
Effective Date 12-May-2025

Stacc respects your privacy and is committed to protecting it through our compliance with this privacy policy. Stacc processes personal data as part of our operations as a data processor and controller.

Here, we provide an overview of the types of personal data we collect, how we process it and what rights you have under data protection regulations.

1. Contact Us

You can exercise your rights (or ask questions about this statement) by emailing privacy@stacc.com.

If you have questions related to this privacy policy or our responsibilities as a data controller, you are entitled to a response without undue delay and no later than within one month.

2. When do we collect personal data about you?

We process personal data about you in the following cases:

  • You have visited our website

  • You have sent us an inquiry (ex., by email or via a form)

  • You have signed up for an event or activity with us

  • You subscribe to our newsletter

  • You have applied for a job with us

  • A job applicant has listed you as a reference

  • You are a customer

  • When our services are used by our customers to process personal data

3. Services used by our customers

Through our solutions, we process personal data on behalf of our customers, in our role as a data processor. This processing is carried out in accordance with the customer's instructions and the data processing agreements we have entered into. Our customers define the purpose and means of processing, and the nature and scope of the personal data processed may vary depending on which and how our solutions are used.

4. Visits to our website

4.1 Use of cookies

Cookies are small text files placed on your computer when you load a website.

We have gathered information about Stacc's use of cookies and statistics at www.stacc.com in a separate cookie policy.

The legal basis for using strictly necessary cookies is Article 6(1)(f) of the General Data Protection Regulation (GDPR). This provision allows us to process data required to safeguard a legitimate interest in improving and securing our website. We obtain consent for other types of cookies that are not strictly necessary by Article 6(1)(a) of the GDPR. In Norway, the Electronic Communications Act (Ekomloven) § 3-15 also regulates the use of cookies.

4.2 Various inquiries to Stacc

4.2.1 Email and form submission

When you email us or submit a form on our website, we process the personal data you provide to respond to your inquiry.

Personal data may include your name, email address, phone number and any other information you choose to share. Sensitive or confidential information should not be sent via email or through a form, as we cannot guarantee complete security for such communication.

Our legal basis for processing is Article 6(1)(f) of the GDPR, which allows us to process data necessary to pursue a legitimate interest. Our legitimate interests are to manage and respond to inquiries.

In some cases, processing may also be based on article 6(1)(b) (necessary for the performance of the contract) if your requests relate to a service or customer relationship.

Personal data collected via email or forms is retained only as long as necessary to process the inquiry and any follow-up. The necessity of retaining the data is regularly assessed, and it is deleted when no longer needed.

4.3 Subscribe to the newsletter

Stacc may send newsletters via email to subscribers. The purpose of the newsletters is to provide up-to-date information about our products and other relevant topics.

To receive newsletters by email, you must register an email address and consent to subscribing. The email address is used solely for sending newsletters. It is stored in a dedicated database managed by the data processor HubSpot. The email address is not shared with others and will be deleted when you unsubscribe from the newsletter.

Our legal basis for processing these email addresses is Article 6(1)(a) of the General Data Protection Regulation (GDPR) and your consent. You can withdraw your consent at any time by unsubscribing from the newsletter. Withdrawing your consent will not affect the lawfulness of any processing before the withdrawal.

4.4 Registration for events and activities

If you register for an event or other type of activity organized by Stacc, we may ask for information such as your name, contact details, and workplace.

This processing is to facilitate the event's practical organization. Stacc will delete your information afterwards.

Our legal basis for processing is Article 6(1)(f) of the GDPR, which allows us to process data necessary to pursue a legitimate interest. Our legitimate interests are to ensure the smooth execution of events and other activities.

4.5 Job Application and references

When you apply for a job at Stacc, we process personal data that you provide us, such as your CV, application, and references, to assess your qualifications for the position.

The processing is necessary to complete the recruitment process and evaluate your application.

Our legal basis for processing personal data is under Article 6 (1) (b) of the GDPR, which allows processing to take measures at your request before entering into a contract, such as evaluating your application and conducting interviews.

Sometimes, we may conduct our own investigations, such as contacting individuals you have worked with but have not been listed as references. In such cases, the processing is based on our legitimate interest under Article 6 (1) (f) of the GDPR to verify the information you have provided.

If you are hired, we will store your personal data in accordance with the requirements of the Norwegian Working Environment Act and Tax Act. Personal data will be stored in our systems as required by law for up to five years after the end of your employment. After this period, the information will be deleted or anonymized following our internal procedures.

If you give us consent to store your personal data for future recruitment opportunities, we will process this data based on your consent in accordance with Article 6 (1) (a) of the GDPR. You may withdraw your consent at any time, and we will stop processing your data for that purpose.

5. Security

We are committed to protecting the security of your information and apply appropriate technical and organizational measures in line with applicable data protection laws and the requirements of the GDPR (Article 32). These measures are designed to ensure a level of security appropriate to the risk, and to help safeguard data against unauthorized access, alteration, or loss.

When acting as a data processor, we process personal data on behalf of and in accordance with the instructions of the data controller—our customer. Our responsibilities in this role are governed by data processing agreements, and the customer retains overall responsibility for the processing, including determining the purpose and legal basis.

6. Your Rights When We Process Your Personal Data

You have the right to request access to the personal data we hold about you and to request correction or deletion of your data. Additionally, you can request restricted processing, object to the processing, and exercise your right to data portability.

You can read more about the scope of these rights on the website of the relevant Data Protection Authority in your country, or on the official EU GDPR website.

You may request access to the personal data we have registered about you, a description of the types of data we process, and further details on how we process them.

If you wish to exercise your rights, please email your request to privacy@stacc.com.
We will respond as soon as possible, but no later than 30 days.

Before we process your request, we may ask you to verify your identity or provide additional information. This is to ensure that we only grant access to your personal data to you and not to anyone falsely claiming to be you.

If you have any questions, requests, or wish to exercise your rights under data protection legislation in relation to personal data processed by us on behalf of a customer, we kindly ask that you contact the relevant data controller directly.

Any inquiries we receive in such cases will, in accordance with our role as data processor, be forwarded to the appropriate customer.