Section A: General information
1. Data origin and categories
Huddlestock Fintech AS (further – Huddlestock) receives personal data from clients and other business partners in the course of initiating and fulfilling contracts. This policy applies to all Huddlestock’s subsidiaries. In the course of administrative activities, we also receive data from the custodian banks selected by you. Furthermore, we process personal data from publicly accessible sources, e.g. telephone directories and the internet.
The data processing controller for this website is:
Huddlestock Fintech AS, Kanalsletta 2, 4033 Stavanger, Norway
Possible categories of data
- Names/contact details
- Identity card data
- Bank details
- Creditworthiness data
- Asset data
- Order data
- Invoice data
- Payment data
- Tax data
- Curriculum vitae
- Qualification data
- Insurance data
- Marital status and situation
- Interests/preferences/special circumstances
- Plans and goals for the personal
and professional future
- Company contact data
2. Processing purposes
We process your personal data in accordance with the EU-GDPR for a specific purpose and limit this to what is necessary.
Conceivable processing purposes
- Contract initiation and conclusion
- Contract performance in general
- Master data maintenance
- Creation of an investment strategy
- Preparation of a suitability concept
- Order processing
- Payment transactions on behalf of customers
- Order processing
- Telephone recording
- Completion of electronic communication
- Strengthening customer loyalty
- Sending a newsletter
- Prevention of criminal offences
- Compliance with higher-level legal provisions, in particular those for securities institutions (e.g. WpIG, WpHG, various EU regulations and directives)
- Preservation of legal rights
3. Legal basis of the processing
By using our website, you hereby consent to our privacy notice and agree to its terms. If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) (a) GDPR. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. If your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6 (1) (c) GDPR. The data may be carried out on the basis of our legitimate interest according to Art. 6 (1) (f) GDPR.
The consent can be revoked at any time.
Due to the conditions of the EU-GDPR, the processing of personal data by Huddlestock is lawful.
Accepted legal bases
- Contract initiation
- Contract, quasi-contractual relationship of trust
- Legal obligation, overriding legal provisions, public interest
- Weighing up interests
4. Recipients of data
The employees of Huddlestock process the relevant personal data to fulfil contractual and legal obligations. This happens within the employment relationship – the data does not leave our catchment area. In addition, bodies outside Huddlestock (third parties) receive personal data on the basis of a defined legal basis. These bodies only receive the data they need for the respective task.
Possible data receivers
- Public authorities
- Crime investigation authorities,
- Custodian bank/account-holding institution, securities institution, comparable institutions and processors
- External accounting
- Shipping service provider
- Further, contractually bound vicarious agents
- Other places for which you have given us your consent to the transfer of data
5. Transfer to third countries
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary to execute your orders (e.g. payment or securities orders), if it is required by law (e.g. tax reporting obligations), in the case of the use of Google Analytics or if you have given us your consent. If service providers are used in a third country, in addition to written instructions provided in data processing agreements, they are obliged to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses.
6. Deletion deadlines
We process (and store) your personal data to fulfil our contractual and legal obligations or for the purpose for which you provide us with the data (Art. 5 (1) (b) (c) GDPR). As soon as the purpose of processing ceases to apply, this data is regularly deleted, unless further processing for a limited period is necessary for the following purposes (Art. 17 (1) (a)-(f) GDPR).
- Compliance with retention periods for storage or documentation is established in internal policies of Huddlestock and are five to ten years.
7. Your rights under the EU General Data Protection Regulation
|You are reading these at this moment.
|Upon request, we will provide you with a summary of the personal data we hold about you.
|You have a right to expect us to correct incorrectly recorded data without delay.
|We delete your data as soon as its processing is no longer necessary. However, there are exceptions to this, see the following section.
|Your data will no longer be used by us if the purpose of processing ceases to apply but we are not yet allowed to delete it due to overriding legal provisions.
|Upon request, you will receive your data in a suitable form to transfer it to a third party.
|If you have given us consent to process your personal data for certain processing purposes, you may withdraw this consent at any time without giving reasons.Provided that the data processing is in the public interest or has been justified on the basis of a balancing of interests (“overriding legitimate interest”), you can object to the processing of your personal data for contractual purposes.
|If you believe that the processing of your personal data by Huddlestock is unlawful, you have the right to complain to the supervisory authority of your place of residence.
8. Are there obligations to provide and process data?
In particular, we are obliged under money laundering regulations to identify you before the establishment of the business relationship, for example on the basis of your identity card, and to collect and record your name, place of birth, date of birth, nationality and residential address. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes that occur in the course of the business relationship. As a securities institution subject to the supervision of the Federal Financial Supervisory Authority, we are legally obliged to process certain data when providing securities services (e.g. financial portfolio management, investment advice, investment and acquisition brokerage).
Within the scope of our business relationship, you must therefore provide those personal data that are necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it. Should you not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you
9. Is there any automated decision making (including profiling)?
For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law.
10. Consequences of revocation of consent and objection
If you revoke a necessary and already granted consent, we will no longer process your personal data. If you object to data processing in the public interest or on the basis of a balance of interests, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
11. DATA SECURITY
We take personal data security very seriously and do our best to protect your data from unintentional or unlawful destruction, loss or alteration, unauthorised disclosure or unauthorised access.
Huddlestock maintains technical, physical and administrative safeguards to help protect the privacy of clients’ data. For example, we update and test our security technology on an ongoing basis and use data encryption or pseudonymisation measures where possible. We process only that data that are adequate and relevant for our purposes, restrict access to your personal data to those employees and partners who need to know such information.
Section B: Website-relevant information
1. Collection of general information when visiting our website
When you view our website, general information is automatically collected by means of a cookie. This information (log files or server log files) describes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and the like. This data is collected by the Internet service that hosts our website. They are technically necessary in order to display the contents of the website correctly and are generally collected whenever you move around the internet. In particular, they are processed for the following purposes:
- Ensuring a problem-free connection of the website.
- Ensuring a smooth use of our website.
- Evaluation of system security and stability.
According to the internet host, the data of the log files are anonymised after 7 days and stored for a maximum of 8 weeks. Anonymous information of this kind can also be statistically evaluated by us in order to optimise our internet presence and the technology behind it.
This processing of your personal data is permitted due to our legitimate interest. We do not use your data to draw conclusions about your person. The only recipients of the data is Huddlestock as the responsible body and the Internet host.
2. Use of website analytics services
The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) sentence 1 letter f EU-GDPR. With the tracking measure used, we want to ensure a needs-based design and the ongoing optimisation of our website. On the other hand, we use the tracking measure to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
For the purpose of demand-oriented design and continuous optimisation of our pages, we use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised usage profiles are created and cookies are used (see under point 4). The information generated by the cookie about your use of this website, such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help Center.
Other analytics tools
3. Device width detection
This website is programmed in HTML5 and offers you the advantage of a responsive design. With the help of the computer language used, we have created several pages with the same content, allowing you to view our offer on different devices (desktop computer, tablet, smartphone). No cookies are used for device width detection! Your device only transmits technical data and browser information, from which the programming derives a percentage for the display. This information is not linked to personal information and stored, but is queried anew with each visit. Your device is not recognised – so there is no need to worry about data protection.
4. SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS. In this way, we also protect the data described in point 1 of this section.
5. Electronic communication
If you submit inquires to us via our contact form, contact us by email, telephone or fax, the information provided, as well as any contact information (name, surname) provided, will be stored by us in order to handle your inquiry/process your request. We will not share this information without your consent.
The processing of the above-mentioned data is based on Art. 6 (1) (b) GDPR if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest (Art. 6 (1) (f) GDPR) or on your agreement (Art. 6 (1) (a) GDPR) if this has been requested. The consent may be revoked at any time. The information you have entered into the contact form/provided via telephone, e-mail or fax shall remain with Huddlestock until you ask to delete the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists.
6. Use of MyFonts
We use MyFonts for the visual design of our website. MyFonts is a service of MyFonts Inc, Woburn MA, USA (Monotype Group). The fonts are installed on our website. Therefore, no personal data (e.g. IP address) is passed on to the provider in the USA.
7. Embedded YouTube videos
We embed YouTube videos on our websites. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.
8. Validity of this privacy notice
Our data protection declaration should always comply with the current legal requirements and reflect changes to our services, e.g. when new services are introduced. Therefore, the latest data protection declaration applies to your next visit.
9. Questions about data protection
If you have questions about data protection that concern Huddlestock, our data protection coordinator can help you.
Company: Huddlestock Fintech AS