Privacy and cookie policy

We are actively working to safeguard your privacy. On this page you will find an overview of how and why we collect and handle personal information and manage cookie settings.

When does Stacc collect personal information?

The information we have received about you is mainly because:

  • You have used our website (see section 2)

  • You have sent us an email to hello@stacc.com (see section 4)

  • You subscribe to our newsletter (see section 5)

  • You have signed up for an event we host (see section 6)

  • You have filled in a form on our website (see section 6)

  • You are a customer (see section 7)

  • You have applied for a job at Stacc see section 8)

We also collect cookies when you visit stacc.com. Some cookies are absolutely necessary in order to visit the website at all. You also have the possibility to accept or decline optional cookies in the pop-up window. These cookies are used for statistical reasons and for optimizing your experience on our website. You can read more about our cookie policy under section 2.

1. Your Rights

Do you have questions or want to exercise your rights? Send us an email at hello@stacc.com. You have the right to receive a reply without undue delay and the latest within one month. Visit the Norwegian Data Protection Authority (DPA) for more information about your rights.

You have, with certain restrictions, the following rights:

  • Right of Access: You can receive confirmation that your personal data is being processed, and if so, also receive a copy of your personal data. Identification can be required to ensure that access to personal data is only given to the correct person.

  • Right to rectification: You can ask us to correct or supplement personal information that is erroneous or misleading.

  • Right to erasure: You can request that we delete your personal data. Deleting personal data will not be possible in such situations (e.g. documentation and logging purposes)

  • Right to restriction of processing: In certain situations, you can request that processing of your personal data is restricted:

    • You find your personal data to be erroneous: processing can be restricted while the accuracy is verified

    • You have used your right to object: processing can be restricted pending the verification of whether the legitimate grounds of the controller override those of the data subject

    • If your personal data is being processed unlawfully and will be deleted, you can request that the processing is restricted instead of deleted.

    • Your personal data will be deleted as they are no longer necessary for the purpose they were collected, but you require the data in order to establish, exercise, or defend a legal claim

  • Right to data portability: If your personal data is being processed based on consent or a contract, you can request to have your personal data transferred to you or another data controller in a machine-readable format if technically possible.

  • Right to object: You can always object to the processing of your personal data when the purpose is direct marketing. You can also object to the processing of your data if it is being processed based on it being necessary for the performance of a task carried out in the public interest or our legitimate interests. Processing will be stopped unless we can demonstrate compelling legitimate grounds for the processing that override your interest, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

  • Withdrawing consent: If you have given consent to the processing of your personal data, you can withdraw your consent at any time. In our newsletter, you can reserve yourself from receiving future newsletters by using the link in the footer.

  • Right to file a complaint: If you believe we are not processing your personal data in accordance with GDPR, you can send us an email to hello@stacc.com with the reasons for non-compliance. You can also file a written complaint with the DPA to "Datatilsynet, Postboks 8177, 0034 Oslo, Norway". Read more about this process here.

2. Use of our website

Cookies

Cookies are small text files that are placed on your computer when you visit a webpage. Cookies do not identify you personally but are used by us as a tool to improve your experience when you visit a website. You can choose to turn off cookies in your browser. See nettvett.no for the administration of cookies.

We divide our use of cookies into two parts: necessary and optional cookies. The necessary cookies are there to make the website work and are required when you visit stacc.com. The basis of legal treatment is a legitimate interest under the Norwegian implementation of GDPR: article 6, number 1, letter f. The optional cookies have the purpose of optimizing your experience on our website, as well as statistical analysis. The basis of legal treatment is consent by clicking Accept when the cookie pop-up appears. You also have the opportunity to Decline here, and you can still use our website.

CloudFlare

For security measures, we use the cookie "__cfduid" on stacc.com. It is a necessary cookie, used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. It has a duration for 1 month..

HubSpot

Used to collect statistics about visits and usage patterns on the website. This means: How you came to the page, which pages you visit, how many times you have been on the page, etc. This allows us to improve and customize your experience on our website.

With HubSpot’s cookies, you have the opportunity to approve or reject when you visit the site.

These are essential cookies that do not require consent.

__hs_opt_out

  • This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again.

  • This cookie is set when you give visitors the choice to opt out of cookies.

  • It contains the string "yes" or "no".

  • It expires in 6 months.

__hs_do_not_track

  • This cookie can be set to prevent the tracking code from sending any information to HubSpot.

  • It contains the string "yes".

  • It expires in 6 months.

__hs_initial_opt_in

  • This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode.

  • It contains the string "yes" or "no".

  • It expires in seven days.

__hs_cookie_cat_pref

  • This cookie is used to record the categories a visitor consented to.

  • It contains data on the consented categories.

  • It expires in 6 months.

hs_ab_test

  • This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.

  • It contains the id of the A/B test page and the id of the variation that was chosen for the visitor.

  • It expires at the end of the session.

<id>_key

  • When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again.

  • The cookie name is unique for each password-protected page.

  • It contains an encrypted version of the password so future visits to the page will not require the password again.

  • It expires in 14 days.

hs-messages-is-open

  • This cookie is used to determine and save whether the chat widget is open for future visits.

  • It is set in your visitor's browser when they start a new chat, and resets to re-close the widget after 30 minutes of inactivity.

  • If your visitor manually closes the chat widget, it will prevent the widget from re-opening on subsequent page loads in that browser session for 30 minutes.

  • It contains a boolean value of True if present.

  • It expires in 30 minutes.

hs-messages-hide-welcome-message

  • This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed.

  • It contains a boolean value of True or False.

  • It expires in one day.

hs-membership-csrf

  • This cookie is used to ensure that content membership logins (https://knowledge.hubspot.com/cms-pages-editor/control-audience-access-to-pages)cannot be forged.

  • It contains a random string of letters and numbers used to verify that a membership login is authentic.

  • It expires at the end of the session.

__cfruid

This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. It expires at the end of the session. Learn more about Cloudflare cookies.

__cf_bm

This cookie is set by HubSpot's CDN provider and is a necessary cookie for bot protection. It expires in 30 minutes. Learn more about Cloudflare cookies.

Analytics cookies

These are non-essential cookies controlled by the cookie banner. If you're a visitor to a site supported by HubSpot, you can opt out of these cookies by not giving consent.

__hstc

  • The main cookie for tracking visitors.

  • It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

  • It expires in 6 months.

hubspotutk

  • This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.

  • It contains an opaque GUID to represent the current visitor.

  • It expires in 6 months.

__hssc

  • This cookie keeps track of sessions.

  • This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.

  • It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.

  • It expires in 30 minutes.

__hssrc

  • Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.

  • If this cookie does not exist when HubSpot manages cookies, it is considered a new session.

  • It contains the value "1" when present.

  • It expires at the end of the session.

3. HubSpot as a CRM system

We use HubSpot as a CRM system and as a secure tool to coordinate marketing and sales initiatives. All information about newsletters, event registration, and website traffic can be gathered here which we use to optimize your digital experience of Stacc. You can read more about the specific measures we use HubSpot for under sections 2, 4, 5, and 6.

Stacc has a DPA agreement with HubSpot containing EU standard contractual clauses. Read more about Hubspot security and GDPR compliance.

4. Email Communications

You can send us an e-mail via the contact form on our website or by e-mail to hello@stacc.com. We use TLS encryption to secure our e-mail communication. Most webmail services support this, and your e-mail communication with us will then be secure. However, we ask that you do not send sensitive personal information or information worthy of protection by e-mail, as we cannot guarantee that your e-mail provider supports TLS. Our webmail services scan all incoming and outgoing emails for viruses and malware.

Further processing of your inquiry means that we will store information that is necessary to be able to answer your inquiry. The basis for legal treatment, in this case, is defined as a legitimate interest. This means that we store your email address and our response. We use HubSpot to store your information that you sent through a website form, and Microsoft Outlook if you send us an email to hello@stacc.com. Some of our employees have synced their HubSpot account to their Outlook account and will therefore store your information on both places if you contact one of us directly.

5. Newsletters

Stacc sends out newsletters by e-mail to anyone who explicitly wants it. The newsletter contains information about fintech, an invitation to events that Stacc hosts alone or with partners, as well as other relevant professional content and updates. In order for us to send you newsletters, you must actively approve it, either through our newsletter form or in other forms. The basis of legal treatment is therefore "consent" under Article 6 (1) (a) in the Norwegian GDPR. Your email address will then only be used to send out newsletters. It will then be stored in our data processing system, HubSpot, which manages and sends out the newsletters. HubSpot has its own privacy statement which you can read here.

You can unsubscribe from the newsletter at any time by clicking on the "Unsubscribe" link in the newsletter or by contacting us at hello@stacc.com.

6. Forms on our website

Throughout our website, you have the possibility to fill out forms to either sign up for an event, to receive relevant information about our services and solutions, to sign up for newsletters, or to book a meeting. The purpose of storing the information you submit is to be able to process the data in relation to what you requested, to follow up with content and/or to schedule a meeting. The basis of legal treatment is therefore thus either legitimate interest or consent, depending on the nature of the form. See sections 4 and 5 for more specific information regarding this.

7. For Our Customers

Stacc delivers dynamic solutions to its customers. This means, among other things, that data processing varies in scope and complexity from customer to customer. The Data Processing Agreement between Stacc and the customer deals with the individual processing processes, but something is the same for everyone:

  1. General data processing

  2. Our duties towards our customers

General data processing

Stacc shall only process personal data in accordance with documented instructions from the Data Controller and follow the routines and instructions that the Data Controller applies. The Data Processing Agreement, the Main Agreement, as well as any instructions generated through e-mail or support inquiries constitute the Data Controller's instructions on what applies to the processing of personal data.

Our duties to our customers

  • Stacc shall follow the routines and instructions for the processing that the data controller has at any time decided shall apply in accordance with the main agreement or documented instructions.

  • Stacc shall not process any personal information made available unless it is necessary to fulfill the obligations under the main agreement.

  • Stacc shall not disclose personal information to third parties unless the data controller approves the disclosure.

  • Stacc shall ensure that all personnel who process personal data or have access to the personal data processed in accordance with the Data Processing Agreement, have signed a declaration of confidentiality or equivalent. The duty of confidentiality will continue to apply after termination of the Data Processing Agreement.

  • Stacc shall assist the Data Controller with appropriate technical and organizational

We have two external websites too

jobs.stacc.com
We use Teamtailor as a tool to announce new jobs and track applicants at jobs.stacc.com.
https://jobs.stacc.com/data-privacy

support.stacc.com
We use a Freshdesk supportsite to optimize our customer service and handle incoming tickets at support.stacc.com