Privacy policy

Cookie policy

Privacy policy

Last Updated On 30-Mar-2025
Effective Date 31-Mar-2025

Stacc respects your privacy and is committed to protecting it through our compliance with this privacy policy. Stacc processes personal data as part of our operations as a data processor and controller.

This statement applies only to processing where we are the data controller. Here, we provide an overview of the types of personal data we collect, how we process them and what rights you have under data protection regulations.

1. Contact Us

You can exercise your rights (or ask questions about this statement) by emailing privacy@stacc.com.

If you have questions related to this privacy policy or our responsibilities as a data controller, you are entitled to a response without undue delay and no later than within one month.

2. When do we collect personal data about you?

We process personal data about you in the following cases:

  • You have visited our website

  • You have sent us an inquiry (ex., by email or via a form)

  • You have signed up for an event or activity with us

  • You subscribe to our newsletter

  • You have applied for a job with us

  • A job applicant has listed you as a reference

  • You are a customer

3. Visits to our website

3.1 Use of cookies

Cookies are small text files placed on your computer when you load a website.

We have gathered information about Stacc's use of cookies and statistics at www.stacc.com in a separate cookie policy.

The legal basis for using strictly necessary cookies is Article 6(1)(f) of the General Data Protection Regulation (GDPR). This provision allows us to process data required to safeguard a legitimate interest in improving and securing our website. We obtain consent for other types of cookies that are not strictly necessary by Article 6(1)(a) of the GDPR. In Norway, the Electronic Communications Act (Ekomloven) § 3-15 also regulates the use of cookies.

3.2 Various inquiries to Stacc

3.2.1 Email and form submission

When you email us or submit a form on our website, we process the personal data you provide to respond to your inquiry.

Personal data may include your name, email address, phone number and any other information you choose to share. Sensitive or confidential information should not be sent via email or through a form, as we cannot guarantee complete security for such communication.

Our legal basis for processing is Article 6(1)(f) of the GDPR, which allows us to process data necessary to pursue a legitimate interest. Our legitimate interests are to manage and respond to inquiries.

In some cases, processing may also be based on article 6(1)(b) (necessary for the performance of the contract) if your requests relate to a service or customer relationship.

Personal data collected via email or forms is retained only as long as necessary to process the inquiry and any follow-up. The necessity of retaining the data is regularly assessed, and it is deleted when no longer needed.

3.3 Subscribe to the newsletter

Stacc may send newsletters via email to subscribers. The purpose of the newsletters is to provide up-to-date information about our products and other relevant topics.

To receive newsletters by email, you must register an email address and consent to subscribing. The email address is used solely for sending newsletters. It is stored in a dedicated database managed by the data processor HubSpot. The email address is not shared with others and will be deleted when you unsubscribe from the newsletter.

Our legal basis for processing these email addresses is Article 6(1)(a) of the General Data Protection Regulation (GDPR) and your consent. You can withdraw your consent at any time by unsubscribing from the newsletter. Withdrawing your consent will not affect the lawfulness of any processing before the withdrawal.

3.4 Registration for events and activities

If you register for an event or other type of activity organized by Stacc, we may ask for information such as your name, contact details, and workplace.

This processing is to facilitate the event's practical organization. Stacc will delete your information afterwards.

Our legal basis for processing is Article 6(1)(f) of the GDPR, which allows us to process data necessary to pursue a legitimate interest. Our legitimate interests are to ensure the smooth execution of events and other activities.

3.5 Job Application and references

When you apply for a job at Stacc, we process personal data that you provide us, such as your CV, application, and references, to assess your qualifications for the position.

The processing is necessary to complete the recruitment process and evaluate your application.

Our legal basis for processing personal data is under Article 6 (1) (b) of the GDPR, which allows processing to take measures at your request before entering into a contract, such as evaluating your application and conducting interviews.

Sometimes, we may conduct our own investigations, such as contacting individuals you have worked with but have not been listed as references. In such cases, the processing is based on our legitimate interest under Article 6 (1) (f) of the GDPR to verify the information you have provided.

If you are hired, we will store your personal data in accordance with the requirements of the Norwegian Working Environment Act and Tax Act. Personal data will be stored in our systems as required by law for up to five years after the end of your employment. After this period, the information will be deleted or anonymized following our internal procedures.

If you give us consent to store your personal data for future recruitment opportunities, we will process this data based on your consent in accordance with Article 6 (1) (a) of the GDPR. You may withdraw your consent at any time, and we will stop processing your data for that purpose.

4. Security

We value the security of your information and will use reasonable security measures to prevent the loss, misuse, or unauthorized alteration of your information under our control.

However, given the inherent risks, we cannot guarantee absolute security. Consequently, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk.

5. Your Rights When We Process Your Personal Data

You have the right to request access to the personal data we hold about you and to request correction or deletion of your data. Additionally, you can request restricted processing, object to the processing, and exercise your right to data portability.

You can read more about the scope of these rights on the website of the Norwegian Data Protection Authority (sett inn lenke) Personvernerklæring | Datatilsynet. (evt henvisning: da lenken ikke kan hete personvernerklæring/Datatilsynet)

You may request access to the personal data we have registered about you, a description of the types of data we process, and further details on how we process them.

If you wish to exercise your rights, please email your request to privacy@stacc.com.
We will respond as soon as possible, but no later than 30 days.

Before we process your request, we may ask you to verify your identity or provide additional information. This is to ensure that we only grant access to your personal data to you and not to anyone falsely claiming to be you.