To the main content

Privacy and Cookie Policy

We are actively working to safeguard your privacy. On this page you will find an overview of how and why we collect and handle personal information about you in accordance with Norwegian law.

Stacc Quesnay as a Data Controller and Data Processor

Stacc Quesnay is the data controller for all processing of personal data where Stacc Quesnay determines the purpose for the processing and the tools used. Stacc Quesnay also processes personal data on behalf of their clients as a data processor (see section 7).

Please do not hesitate to contact us at if you have any questions regarding our initiatives to protect your privacy.

When does Stacc Quesnay collect personal information?

  • The information we have received about you is mainly because:
  • You have used our website (see section 2)
  • You have sent us an email to (see section 4)
  • You subscribe to our newsletter (see section 5)
  • You have signed up for an event we host (see section 6)
  • You have filled in a form on our website to receive content or watch a demo (see section 6)
  • You are a customer (see section 7)
  • You have applied for a job at Stacc Quesnay (see section 8)

We also collect cookies when you visit Some cookies are absolutely necessary in order to visit the website at all. You also have the possibility to accept or decline optional cookies in the pop-up window. These cookies are used for statistical reasons and for optimizing your experience on our website. You can read more about our cookie policy under section 2.

Other indirect reasons why we may have your personal details:

  • An employee has listed you as the next of kin
  • A job seeker has listed you as a reference

1. Your Rights

Do you have questions or want to exercise your rights? Send us an email at You have the right to receive a reply without undue delay and the latest within one month. Visit the Norwegian Data Protection Authority (DPA) for more information about your rights.

You have, with certain restrictions, the following rights:

  • Right of Access: You can receive confirmation that your personal data is being processed, and if so, also receive a copy of your personal data. Identification can be required to ensure that access to personal data is only given to the correct person.
  • Right to rectification: You can ask us to correct or supplement personal information that is erroneous or misleading.
  • Right to erasure: You can request that we delete your personal data. Deleting personal data will not be possible in such situations (e.g. documentation and logging purposes)
  • Right to restriction of processing: In certain situations, you can request that processing of your personal data is restricted:
    • You find your personal data to be erroneous: processing can be restricted while the accuracy is verified
    • You have used your right to object: processing can be restricted pending the verification of whether the legitimate grounds of the controller override those of the data subject
    • If your personal data is being processed unlawfully and will be deleted, you can request that the processing is restricted instead of deleted.
    • Your personal data will be deleted as they are no longer necessary for the purpose they were collected, but you require the data in order to establish, exercise, or defend a legal claim
  • Right to data portability: If your personal data is being processed based on consent or a contract, you can request to have your personal data transferred to you or another data controller in a machine-readable format if technically possible.
  • Right to object: You can always object to the processing of your personal data when the purpose is direct marketing. You can also object to the processing of your data if it is being processed based on it being necessary for the performance of a task carried out in the public interest or our legitimate interests. Processing will be stopped unless we can demonstrate compelling legitimate grounds for the processing that override your interest, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
  • Withdrawing consent: If you have given consent to the processing of your personal data, you can withdraw your consent at any time. In our newsletter, you can reserve yourself from receiving future newsletters by using the link in the footer.
  • Right to file a complaint: If you believe we are not processing your personal data in accordance with GDPR, you can send us an email to with the reasons for non-compliance. You can also file a written complaint with the DPA to "Datatilsynet, Postboks 8177, 0034 Oslo, Norway". Read more about this process here.

2. Use of our website


Cookies are small text files that are placed on your computer when you visit a webpage. Cookies do not identify you personally but are used by us as a tool to improve your experience when you visit a website. You can choose to turn off cookies in your browser. See for the administration of cookies.

We divide our use of cookies into two parts: necessary and optional cookies. The necessary cookies are there to make the website work and are required when you visit The basis of legal treatment is a legitimate interest under the Norwegian implementation of GDPR: article 6, number 1, letter f. The optional cookies have the purpose of optimizing your experience on our website, as well as statistical analysis. The basis of legal treatment is consent by clicking Accept when the cookie pop-up appears. You also have the opportunity to Decline here, and you can still use our website.

Our cookies:

  • EPiServer – Used mainly to record information such as which login method you use (for logged-in users) and which pages you visit.
  • Facebook and LinkedIn – Used to measure traffic between Facebook, LinkedIn, and our website.
  • Google Analytics and HubSpot – Used to collect statistics about visits and usage patterns on the website. This means: How you came to the page, which pages you visit, how many times you have been on the page, etc. This allows us to improve and customize your experience on our website.
    • With HubSpot’s cookies, you have the opportunity to approve or reject when you visit the site.
    • If you do not want your visitor data to be recorded with Google Analytics, you can install Google Analytics' browser extension. This will also apply to all websites that use Google Analytics, and not just

3. HubSpot as a CRM system

We use HubSpot as a CRM system and as a secure tool to coordinate marketing and sales initiatives. All information about newsletters, event registration, and website traffic can be gathered here which we use to optimize your digital experience of Stacc Quesnay. You can read more about the specific measures we use HubSpot for under sections 2, 4, 5, and 6. As HubSpot is a global software company, data can be transmitted outside the EU borders. Stacc Quesnay has a DPA agreement with HubSpot containing EU standard contractual clauses. You can read more about their security here.

4. Email Communications

You can send us an e-mail via the contact form on our website or by e-mail to We use TLS encryption to secure our e-mail communication. Most webmail services support this, and your e-mail communication with us will then be secure. However, we ask that you do not send sensitive personal information or information worthy of protection by e-mail, as we cannot guarantee that your e-mail provider supports TLS. Our webmail services scan all incoming and outgoing emails for viruses and malware.

Further processing of your inquiry means that we will store information that is necessary to be able to answer your inquiry. The basis for legal treatment, in this case, is defined as a legitimate interest. This means that we store your email address and our response. We use HubSpot to store your information that you sent through a website form, and Microsoft Outlook if you send us an email to Some of our employees have synced their HubSpot account to their Outlook account and will therefore store your information on both places if you contact one of us directly.

5. The Newsletter

Stacc Quesnay sends out newsletters by e-mail to anyone who explicitly wants it. The newsletter contains information about an invitation to events that Stacc Quesnay hosts alone or with partners, as well as other relevant professional content and updates. In order for us to send you the newsletter, you must actively approve it, either through our newsletter form or in other forms. The basis of legal treatment is therefore "consent" under Article 6 (1) (a) in the Norwegian GDPR. Your email address will then only be used to send out newsletters. It will then be stored in our data processing system, HubSpot, which manages and sends out the newsletters. HubSpot has its own privacy statement which you can read here.

You can unsubscribe from the newsletter at any time by clicking on the "Unsubscribe" link in the newsletter or by contacting us at

6. Forms on our website

Throughout our website, you have the possibility to fill out forms to either sign up for an event, to receive relevant information about our solution, to sign up for our newsletter, or to book a demo. The purpose of storing the information you submit is to be able to process the data in relation to what you requested, to follow up with content and/or to schedule a demo meeting. The basis of legal treatment is therefore thus either legitimate interest or consent, depending on the nature of the form. See sections 4 and 5 for more specific information regarding this.

7. For Our Customers

Stacc Quesnay delivers dynamic solutions to its customers. This means, among other things, that data processing varies in scope and complexity from customer to customer. The Data Processing Agreement between Quesnay and the customer deals with the individual processing processes, but something is the same for everyone:

  1. General data processing
  2. Our duties towards our customers

General data processing

Stacc Quesnay shall only process personal data in accordance with documented instructions from the Data Controller and follow the routines and instructions that the Data Controller applies. The Data Processing Agreement, the Main Agreement, as well as any instructions generated through e-mail or support inquiries constitute the Data Controller's instructions on what applies to the processing of personal data.

Our duties to our customers

  • Stacc Quesnay shall follow the routines and instructions for the processing that the data controller has at any time decided shall apply in accordance with the main agreement or documented instructions.
  • Stacc Quesnay shall not process any personal information made available unless it is necessary to fulfill the obligations under the main agreement.
  • Stacc Quesnay shall not disclose personal information to third parties unless the data controller approves the disclosure.
  • Stacc Quesnay shall ensure that all personnel who process personal data or have access to the personal data processed in accordance with the Data Processing Agreement, have signed a declaration of confidentiality or equivalent. The duty of confidentiality will continue to apply after termination of the Data Processing Agreement.
  • Stacc Quesnay shall assist the Data Controller with appropriate technical and organizational measures to fulfill the Data Controllers' duty to respond to requests from the data subjects to the extent possible with regard to the nature of the processing. This according to Chap. 3 of the GDPR.
  • Stacc Quesnay shall provide the Processor with all information necessary to document compliance with the Data Processing Agreement.
  • Stacc Quesnay shall assist the Data Controller in ensuring compliance with the obligations in accordance with Art. 32-36 of the GDPR.

If you want more information about our data processing of you as a customer, or if you need a copy of the Data Processing Agreement, contact us at

8. If you apply for a job at Stacc Quesnay

If you are applying for a job at Stacc Quesnay, we process the information about you to assess your application. This is done so we have information available to be able to enter into a possible employment agreement with you. The basis for legal treatment, in this case, is your consent.

We use BambooHR as a data processor in these processes where data is stored on their servers in Ireland. All job applications are stored for one year before they are deleted. They can also be deleted earlier upon request.

Check out if we have any available positions here.

Do you have more questions regarding privacy?
Call us: +47 22 98 98 80
Or send an email to

Sign up for our newsletter

Receive invites to our webinars, conferences and our annual summer party. Only 1-2 times per month. No spam!