Privacy notice

Section A: General information

1. Data origin and categories

Huddlestock Fintech AS (further – Huddlestock) receives personal data from clients and other business partners in the course of initiating and fulfilling contracts. This policy applies to all Huddlestock’s subsidiaries. In the course of administrative activities, we also receive data from the custodian banks selected by you. Furthermore, we process personal data from publicly accessible sources, e.g. telephone directories and the internet.

The data processing controller for this website is:

Huddlestock Fintech AS, Kanalsletta 2, 4033 Stavanger, Norway


Possible categories of data

  1. Names/contact details
  2. Identity card data
  3. Bank details
  4. Creditworthiness data
  5. Asset data
  6. Order data
  7. Invoice data
  8. Payment data
  9. Tax data
  10. Curriculum vitae
  11. Qualification data
  12. Insurance data
  13. Marital status and situation
  14. Interests/preferences/special circumstances
  15. Plans and goals for the personal 
    and professional future
  16. Company contact data

2. Processing purposes

We process your personal data in accordance with the EU-GDPR for a specific purpose and limit this to what is necessary.

Conceivable processing purposes

  1. Contract initiation and conclusion
  2. Contract performance in general
  3. Master data maintenance
  4. Creation of an investment strategy
  5. Preparation of a suitability concept
  6. Order processing
  7. Payment transactions on behalf of customers
  8. Order processing
  9. Telephone recording
  10. Completion of electronic communication
  11. Strengthening customer loyalty
  12. Sending a newsletter
  13. Accounting/Collection
  14. Prevention of criminal offences
  15. Compliance with higher-level legal provisions, in particular those for securities institutions (e.g. WpIG, WpHG, various EU regulations and directives)
  16. Preservation of legal rights

3. Legal basis of the processing

By using our website, you hereby consent to our privacy notice and agree to its terms and conditions. 

We only process your data if this is permitted by an applicable legal provision. We process your data in particular on the basis of Art. 6 and Art. 9 GDPR and on the basis of consent in accordance with Art. 7 GDPR. We will base the processing of your data in particular on the following legal bases.

Please note that this is not a complete or exhaustive list of the legal bases, but merely examples intended to make the legal bases more transparent.

  • Consent (Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR or Art. 9 para. 2 lit. a) GDPR): We process certain data only on the basis of your previously given express and voluntary consent. You have the right to withdraw your consent at any time with effect for the future.
  • In the event of express consent to the transfer of personal data to third countries, data processing is carried out on the basis of Art. 49 (1) (a) GDPR.
  • Contract fulfilment / pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b) GDPR): We require certain data to establish or fulfil a contract with us.
  • Fulfilment of a legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR): We are subject to a number of legal obligations. In order to fulfil these, we must process certain data.
  • Protection of legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR): We process certain data to protect our interests or the interests of third parties. However, this is only the case if your legitimate interests are not overridden in individual cases.

Accepted legal bases

  1. Consent
  2. Contract initiation
  3. Contract, quasi-contractual relationship of trust
  4. Legal obligation, overriding legal provisions, public interest
  5. Weighing up  interests

4. Recipients of data

The employees of Huddlestock process the relevant personal data to fulfil contractual and legal obligations. This happens within the employment relationship – the data does not leave our catchment area. In addition, bodies outside Huddlestock (third parties) receive personal data on the basis of a defined legal basis. These bodies only receive the data they need for the respective task.

Possible data receivers

  1. Public authorities 
  2. Crime investigation authorities, 
  3. Custodian bank/account-holding institution, securities institution, comparable institutions and processors
  4. External accounting
  5. Shipping service provider
  6. Further, contractually bound vicarious agents
  7. Other places for which you have given us your consent to the transfer of data

5. Marketing communications / advertising communications

We may send you marketing communications via various platforms such as email, telephone, SMS, direct mail and online. Our marketing communications will include instructions on how to unsubscribe from further communications.

Where this is required by law, we will obtain the relevant consents.  

If you have given your consent to further use of your personal data, your personal data may be used in accordance with the scope described in the consent. Details can be found in the respective declaration of consent, which you can revoke at any time. If you have given the relevant consent for advertising communication, we collect and process Contact information, such as name, address, e-mail, telephone number.

6. Transfer to third countries

Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary to execute your orders (e.g. payment or securities orders), if it is required by law (e.g. tax reporting obligations), in the case of the use of Google Analytics or if you have given us your consent. If service providers are used in a third country, in addition to written instructions provided in data processing agreements, they are obliged to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses.

7. Deletion deadlines

We process (and store) your personal data to fulfil our contractual and legal obligations or for the purpose for which you provide us with the data (Art. 5 (1) (b)  (c) GDPR). As soon as the purpose of processing ceases to apply, this data is regularly deleted, unless further processing for a limited period is necessary for the following purposes (Art. 17 (1) (a)-(f) GDPR).

  • Compliance with retention periods for storage or documentation is established in internal policies of Huddlestock and are five to ten years.

8. Your rights under the EU General Data Protection Regulation

(Preliminary) InformationYou are reading these at this moment.
InformationUpon request, we will provide you with a summary of the personal data we hold about you.
CorrectionYou have a right to expect us to correct incorrectly recorded data without delay.
DeletionWe delete your data as soon as its processing is no longer necessary. However, there are exceptions to this, see the following section.
Restriction of 
Your data will no longer be used by us if the purpose of processing ceases to apply but we are not yet allowed to delete it due to overriding legal provisions.
Data portabilityUpon request, you will receive your data in a suitable form to transfer it to a third party.
Revocation  OppositionIf you have given us consent to process your personal data for certain processing purposes, you may withdraw this consent at any time without giving reasons.Provided that the data processing is in the public interest or has been justified on the basis of a balancing of interests (“overriding legitimate interest”), you can object to the processing of your personal data for contractual purposes.
ComplaintIf you believe that the processing of your personal data by Huddlestock is unlawful, you have the right to complain to the supervisory authority of your place of residence.

9. Are there obligations to provide and process data?

In particular, we are obliged under money laundering regulations to identify you before the establishment of the business relationship, for example on the basis of your identity card, and to collect and record your name, place of birth, date of birth, nationality and residential address. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes that occur in the course of the business relationship. As a securities institution subject to the supervision of the Federal Financial Supervisory Authority, we are legally obliged to process certain data when providing securities services (e.g. financial portfolio management, investment advice, investment and acquisition brokerage). 

Within the scope of our business relationship, you must therefore provide those personal data that are necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it. Should you not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you

10. Is there any automated decision making (including profiling)?

For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law.

11. Consequences of revocation of consent and objection

If you revoke a necessary and already granted consent, we will no longer process your personal data. If you object to data processing in the public interest or on the basis of a balance of interests, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.


We take personal data security very seriously and do our best to protect your data from unintentional or unlawful destruction, loss or alteration, unauthorised disclosure or unauthorised access.

Huddlestock maintains technical, physical and administrative safeguards to help protect the privacy of clients’ data. For example, we update and test our security technology on an ongoing basis and use data encryption or pseudonymisation measures where possible. We process only that data that are adequate and relevant for our purposes, restrict access to your personal data to those employees and partners who need to know such information. 

Section B: Website-relevant information

1. Collection of general information when visiting our website

When you view our website, general information is automatically collected by means of a cookie. This information (log files or server log files) describes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and the like. This data is collected by the Internet service that hosts our website. They are technically necessary in order to display the contents of the website correctly and are generally collected whenever you move around the internet. In particular, they are processed for the following purposes:

  1. Ensuring a problem-free connection of the website.
  2. Ensuring a smooth use of our website.
  3. Evaluation of system security and stability.

According to the internet host, the data of the log files are anonymised after 7 days and stored for a maximum of 8 weeks. Anonymous information of this kind can also be statistically evaluated by us in order to optimise our internet presence and the technology behind it.

This processing of your personal data is permitted due to our legitimate interest. We do not use your data to draw conclusions about your person. The only recipients of the data is Huddlestock as the responsible body and the Internet host.

2. Contact form

What personal data is collected and to what extent is it processed?

The data entered by you in our contact forms, which you have entered in the input mask of the contact form.

Legal basis for the processing of personal data

Art. 6 para. 1 lit. a GDPR (consent by unambiguous affirmative action or behaviour)

Purpose of data processing

The data collected via our contact form or our contact forms will only be used to process the specific contact enquiry received via the contact form. Please note that we may also send you emails to the address you have provided in order to process your contact enquiry. This is to ensure that you receive confirmation from us that your enquiry has been forwarded to us correctly. However, sending this confirmation e-mail is not mandatory for us and is for your information only.

Duration of storage

After your enquiry has been processed, the data collected will be deleted immediately, provided there are no statutory retention periods.

Cancellation and deletion option

The cancellation and deletion options are based on the general regulations on the right of cancellation and deletion under data protection law, which are described in this data protection information.

Necessity of providing personal data

The use of the contact form is voluntary and is neither contractually nor legally required. You are not obliged to contact us via the contact form, but can also use the other contact options provided on our website. If you wish to use our contact form, you must complete the fields marked as mandatory. If you do not fill in the mandatory fields of the contact form, you will either not be able to send your enquiry or we will unfortunately not be able to process your enquiry.

3. Use of website analytics services

The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) sentence 1 letter f EU-GDPR. With the tracking measure used, we want to ensure a needs-based design and the ongoing optimisation of our website. On the other hand, we use the tracking measure to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

To get the latest status of analytics tools used, please have a look at the current valid Cookie Policy.

Google Analytics

For the purpose of demand-oriented design and continuous optimisation of our pages, we use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised usage profiles are created and cookies are used (see under point 4). The information generated by the cookie about your use of this website, such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking). You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the Google Analytics Opt-out Browser Add-on.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help Center.


LinkedIn sets a cookie to register statistical data on users’ behaviour on our website for internal analytics. This data can be transmitted to servers in the USA. For more information related to GDPR, please visit the LinkedIn Privacy Policy

Other analytics tools

Please have a look at the current valid Cookie Policy.

4. Device width detection

This website is programmed in HTML5 and offers you the advantage of a responsive design. With the help of the computer language used, we have created several pages with the same content, allowing you to view our offer on different devices (desktop computer, tablet, smartphone). No cookies are used for device width detection! Your device only transmits technical data and browser information, from which the programming derives a percentage for the display. This information is not linked to personal information and stored, but is queried anew with each visit. Your device is not recognised – so there is no need to worry about data protection.

5. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS. In this way, we also protect the data described in point 1 of this section.

6. Electronic communication

If you submit inquires to us via our contact form, contact us by email, telephone or fax, the information provided, as well as any contact information (name, surname) provided, will be stored by us in order to handle your inquiry/process your request. We will not share this information without your consent. 

The processing of the above-mentioned data is based on Art. 6 (1) (b) GDPR if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest (Art. 6 (1) (f) GDPR) or on your agreement (Art. 6 (1) (a) GDPR) if this has been requested. The consent may be revoked at any time. The information you have entered into the contact form/provided via telephone, e-mail or fax shall remain with Huddlestock until you ask to delete the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists. 

7. Use of MyFonts 

We use MyFonts for the visual design of our website. MyFonts is a service of MyFonts Inc, Woburn MA, USA (Monotype Group). The fonts are installed on our website. Therefore, no personal data (e.g. IP address) is passed on to the provider in the USA.

8. Embedded YouTube videos

We embed YouTube videos on our websites. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is started, the provider uses cookies that collect information about user behaviour. If you wish to prevent this, you must block the storage of cookies in your browser.

Further information on data protection at “YouTube” can be found in the provider’s privacy policy at

9. Validity of this privacy notice

Our data protection declaration should always comply with the current legal requirements and reflect changes to our services, e.g. when new services are introduced. Therefore, the latest data protection declaration applies to your next visit.

10. Questions about data protection

If you have questions about data protection that concern Huddlestock, our data protection coordinator can help you.


Company: Huddlestock Fintech AS


Huddlestock 2024 © All rights Reserved. Cookie settings