Privacy notice

Section A: General information

1. Data origin and categories

Huddlestock Fintech AS (further – Huddlestock) receives personal data from clients and other business partners in the course of initiating and fulfilling contracts. This policy applies to all Huddlestock’s subsidiaries. In the course of administrative activities, we also receive data from the custodian banks selected by you. Furthermore, we process personal data from publicly accessible sources, e.g. telephone directories and the internet.

The data processing controller for this website is:

Huddlestock Fintech AS, Kanalsletta 2, 4033 Stavanger, Norway


Possible categories of data

  1. Names/contact details
  2. Identity card data
  3. Bank details
  4. Creditworthiness data
  5. Asset data
  6. Order data
  7. Invoice data
  8. Payment data
  9. Tax data
  10. Curriculum vitae
  11. Qualification data
  12. Insurance data
  13. Marital status and situation
  14. Interests/preferences/special circumstances
  15. Plans and goals for the personal 
    and professional future
  16. Company contact data

2. Processing purposes

We process your personal data in accordance with the EU-GDPR for a specific purpose and limit this to what is necessary.

Conceivable processing purposes

  1. Contract initiation and conclusion
  2. Contract performance in general
  3. Master data maintenance
  4. Creation of an investment strategy
  5. Preparation of a suitability concept
  6. Order processing
  7. Payment transactions on behalf of customers
  8. Order processing
  9. Telephone recording
  10. Completion of electronic communication
  11. Strengthening customer loyalty
  12. Sending a newsletter
  13. Accounting/Collection
  14. Prevention of criminal offences
  15. Compliance with higher-level legal provisions, in particular those for securities institutions (e.g. WpIG, WpHG, various EU regulations and directives)
  16. Preservation of legal rights

3. Legal basis of the processing

By using our website, you hereby consent to our privacy notice and agree to its terms. If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) (a) GDPR. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. If your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6 (1) (c) GDPR. The data may be carried out on the basis of our legitimate interest according to Art. 6 (1) (f) GDPR. 

The consent can be revoked at any time. 

Due to the conditions of the EU-GDPR, the processing of personal data by Huddlestock is lawful.

Accepted legal bases

  1. Consent
  2. Contract initiation
  3. Contract, quasi-contractual relationship of trust
  4. Legal obligation, overriding legal provisions, public interest
  5. Weighing up interests

4. Recipients of data

The employees of Huddlestock process the relevant personal data to fulfil contractual and legal obligations. This happens within the employment relationship – the data does not leave our catchment area. In addition, bodies outside Huddlestock (third parties) receive personal data on the basis of a defined legal basis. These bodies only receive the data they need for the respective task.

Possible data receivers

  1. Public authorities 
  2. Crime investigation authorities, 
  3. Custodian bank/account-holding institution, securities institution, comparable institutions and processors
  4. External accounting
  5. Shipping service provider
  6. Further, contractually bound vicarious agents
  7. Other places for which you have given us your consent to the transfer of data

5. Transfer to third countries

Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary to execute your orders (e.g. payment or securities orders), if it is required by law (e.g. tax reporting obligations), in the case of the use of Google Analytics or if you have given us your consent. If service providers are used in a third country, in addition to written instructions provided in data processing agreements, they are obliged to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses.

6. Deletion deadlines

We process (and store) your personal data to fulfil our contractual and legal obligations or for the purpose for which you provide us with the data (Art. 5 (1) (b)  (c) GDPR). As soon as the purpose of processing ceases to apply, this data is regularly deleted, unless further processing for a limited period is necessary for the following purposes (Art. 17 (1) (a)-(f) GDPR).

  • Compliance with retention periods for storage or documentation is established in internal policies of Huddlestock and are five to ten years.

7. Your rights under the EU General Data Protection Regulation

(Preliminary) InformationYou are reading these at this moment.
InformationUpon request, we will provide you with a summary of the personal data we hold about you.
CorrectionYou have a right to expect us to correct incorrectly recorded data without delay.
DeletionWe delete your data as soon as its processing is no longer necessary. However, there are exceptions to this, see the following section.
Restriction of 
Your data will no longer be used by us if the purpose of processing ceases to apply but we are not yet allowed to delete it due to overriding legal provisions.
Data portabilityUpon request, you will receive your data in a suitable form to transfer it to a third party.
Revocation  OppositionIf you have given us consent to process your personal data for certain processing purposes, you may withdraw this consent at any time without giving reasons.Provided that the data processing is in the public interest or has been justified on the basis of a balancing of interests (“overriding legitimate interest”), you can object to the processing of your personal data for contractual purposes.
ComplaintIf you believe that the processing of your personal data by Huddlestock is unlawful, you have the right to complain to the supervisory authority of your place of residence.

8. Are there obligations to provide and process data?

In particular, we are obliged under money laundering regulations to identify you before the establishment of the business relationship, for example on the basis of your identity card, and to collect and record your name, place of birth, date of birth, nationality and residential address. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes that occur in the course of the business relationship. As a securities institution subject to the supervision of the Federal Financial Supervisory Authority, we are legally obliged to process certain data when providing securities services (e.g. financial portfolio management, investment advice, investment and acquisition brokerage). 

Within the scope of our business relationship, you must therefore provide those personal data that are necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it. Should you not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you

9. Is there any automated decision making (including profiling)?

For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law.

10. Consequences of revocation of consent and objection

If you revoke a necessary and already granted consent, we will no longer process your personal data. If you object to data processing in the public interest or on the basis of a balance of interests, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.


We take personal data security very seriously and do our best to protect your data from unintentional or unlawful destruction, loss or alteration, unauthorised disclosure or unauthorised access.

Huddlestock maintains technical, physical and administrative safeguards to help protect the privacy of clients’ data. For example, we update and test our security technology on an ongoing basis and use data encryption or pseudonymisation measures where possible. We process only that data that are adequate and relevant for our purposes, restrict access to your personal data to those employees and partners who need to know such information. 

Section B: Website-relevant information

1. Collection of general information when visiting our website

When you view our website, general information is automatically collected by means of a cookie. This information (log files or server log files) describes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and the like. This data is collected by the Internet service that hosts our website. They are technically necessary in order to display the contents of the website correctly and are generally collected whenever you move around the internet. In particular, they are processed for the following purposes:

  1. Ensuring a problem-free connection of the website.
  2. Ensuring a smooth use of our website.
  3. Evaluation of system security and stability.

According to the internet host, the data of the log files are anonymised after 7 days and stored for a maximum of 8 weeks. Anonymous information of this kind can also be statistically evaluated by us in order to optimise our internet presence and the technology behind it.

This processing of your personal data is permitted due to our legitimate interest. We do not use your data to draw conclusions about your person. The only recipients of the data is Huddlestock as the responsible body and the Internet host.

2. Use of website analytics services

The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) sentence 1 letter f EU-GDPR. With the tracking measure used, we want to ensure a needs-based design and the ongoing optimisation of our website. On the other hand, we use the tracking measure to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

To get the latest status of analytics tools used, please have a look at the current valid Cookie Policy.

Google Analytics

For the purpose of demand-oriented design and continuous optimisation of our pages, we use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised usage profiles are created and cookies are used (see under point 4). The information generated by the cookie about your use of this website, such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking). You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the Google Analytics Opt-out Browser Add-on.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help Center.


LinkedIn sets a cookie to register statistical data on users’ behaviour on our website for internal analytics. This data can be transmitted to servers in the USA. For more information related to GDPR, please visit the LinkedIn Privacy Policy

Other analytics tools

Please have a look at the current valid Cookie Policy.

3. Device width detection

This website is programmed in HTML5 and offers you the advantage of a responsive design. With the help of the computer language used, we have created several pages with the same content, allowing you to view our offer on different devices (desktop computer, tablet, smartphone). No cookies are used for device width detection! Your device only transmits technical data and browser information, from which the programming derives a percentage for the display. This information is not linked to personal information and stored, but is queried anew with each visit. Your device is not recognised – so there is no need to worry about data protection.

4. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS. In this way, we also protect the data described in point 1 of this section.

5. Electronic communication

If you submit inquires to us via our contact form, contact us by email, telephone or fax, the information provided, as well as any contact information (name, surname) provided, will be stored by us in order to handle your inquiry/process your request. We will not share this information without your consent. 

The processing of the above-mentioned data is based on Art. 6 (1) (b) GDPR if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest (Art. 6 (1) (f) GDPR) or on your agreement (Art. 6 (1) (a) GDPR) if this has been requested. The consent may be revoked at any time. The information you have entered into the contact form/provided via telephone, e-mail or fax shall remain with Huddlestock until you ask to delete the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists. 

6. Use of MyFonts 

We use MyFonts for the visual design of our website. MyFonts is a service of MyFonts Inc, Woburn MA, USA (Monotype Group). The fonts are installed on our website. Therefore, no personal data (e.g. IP address) is passed on to the provider in the USA.

7. Embedded YouTube videos

We embed YouTube videos on our websites. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is started, the provider uses cookies that collect information about user behaviour. If you wish to prevent this, you must block the storage of cookies in your browser.

Further information on data protection at “YouTube” can be found in the provider’s privacy policy at

8. Validity of this privacy notice

Our data protection declaration should always comply with the current legal requirements and reflect changes to our services, e.g. when new services are introduced. Therefore, the latest data protection declaration applies to your next visit.

9. Questions about data protection

If you have questions about data protection that concern Huddlestock, our data protection coordinator can help you.


Company: Huddlestock Fintech AS


Huddlestock 2024 © All rights Reserved. Cookie settings