Privacy Policy

Your data is always safe with us.

In this article you'll find information about:

  1. Introduction to cookies 
  2. Contact us with feedback
  3. Processing of your personal data
  4. Sharing your personal data
  5. Your rights
  6. EU's Data Act
  7. Changes

1. Introduction

This privacy policy helps you understand which personal data we, ACOS, collect and why. It also explains how we handle, protect, store, transfer, and delete your personal data. Personal data means information relating to an identified or identifiable person, such as email address, postal address, or telephone number.

What personal data do we process?

We may process:

  • Basic contact information such as name, address, telephone number, email, and demographic information
  • Website traffic information such as login ID, username, and IP address
  • Statistics showing how you interact with the content we offer
  • Content you upload or share with us, such as images, comments, articles, and video clips
  • Information provided in connection with job applications or event registrations

2. Contact us

Your feedback is important. If you have comments or questions about this privacy policy, or related privacy matters, including potential breaches, you can fill out the form: Inquiries and questions about privacy, Visma Trust Centre.

You can also contact us by:

  • Email: info@acos.no
  • Telephone: +47 56 32 20 00
  • Address: Trollhaugmyra 150, 5353 Straume

All inquiries are handled confidentially. One of our representatives will contact you to address your concerns and outline how we may resolve your request.

3. Processing of your personal data

We process your personal data for various purposes:

3.1. Marketing newsletters

When you interact with us — for example by visiting our websites, downloading content, participating in webinars, or using our services — we may process your personal data based on legitimate interest. One of our legitimate interests is marketing.

If you have given consent, we use your personal data (name and email) to send you email newsletters with marketing content. If you no longer wish to receive these, you may unsubscribe by adjusting your preferences or via the footer options in our newsletters.

  • Legal basis: Our legitimate interest in keeping you informed (in accordance with GDPR Article 6, clause 1 f).
  • Storage: Your data will be deleted when you unsubscribe from the newsletter.

3.2. Profiling

We use personal data to deliver relevant content to you through direct marketing on social media and email.

The personal data processed may include aggregated details such as IP address, interests (based on what you click, etc.), and device data. This is done using technologies such as cookies and is known as profiling. We may also combine this with data from your customer relationship.

The purpose of profiling is to provide tailored marketing, enhance your user experience with our services, and deliver products that our customers find valuable. Since our services are generally tools for work-related purposes, your behavior in these tools typically reveals little about your personal life. We do not process sensitive data in this context.

  • Legal basis: Our legitimate interest in giving you relevant content (GDPR Article 6, clause 1 f).
  • Retention: The data is retained for up to 3 years after your last interaction. You can adjust cookie settings in our cookie preferences.

3.3. Recruitment

In relation to recruitment, we use personal data to manage the entire process. This includes evaluating applications, reviewing documentation, conducting interviews, and contacting references. We process data such as name, address, telephone, email, your resume, application, and other submitted materials. If needed, results from personality tests may also be included.

  • Legal basis: Our legitimate interest in recruiting the right candidates, cf. GDPR Article 6(1)(f).
  • Retention: Data will be deleted after 12 months, unless otherwise agreed.f any such limitations and guide you in exercising your rights as much as the law allows. To make use of these rights, contact us. If you are dissatisfied with how we handle your personal data, you also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

3.4. Security

To protect our systems against security threats and misuse, we use certain personal data. This also helps us carry out maintenance and fix errors. We may process information such as your name, email address, details of how you use our online services (including login details such as username, IP address, and device information).

  • Legal basis: Our legitimate interest in security (GDPR Article 6(1)(f)).
  • Retention: Information is kept for as long as necessary for security purposes.

3.5. Delivery of products and services

We process your personal data to manage purchases, agreements, and payments for the products and services we provide. The personal data processed in this context includes basic details such as name, address, telephone number, email, and billing information.

  • Legal basis: Necessary for the performance of a contract (GDPR Article 6(1)(b)).
  • Retention: Data will be deleted up to 3 years after your last activity.

3.6. Registration for webinars and courses

When you register for a webinar or course, we collect information needed for follow-up, such as sending you a connection link to the webinar or issuing a course certificate. This includes your name, email, billing details, and information about the course you registered for.

  • Legal basis: Our legitimate interest in providing webinars and courses to interested parties (GDPR Article 6(1)(f)).
  • Retention: Data is deleted after the agreed period.

3.7. Service improvement

We continuously work to improve the quality and user experience of our products and services. For this purpose, we may process information such as your name, email, and usage details, including login information and device type.

  • Legal basis: Our legitimate interest (GDPR Article 6(1)(f)).
  • Retention: We retain the data for up to 3 years for statistical purposes.

3.8. Handling inquiries and support

When you contact us with questions or for support via the contact form on our website, by email, or through a support case, we use the information you provide to give you an appropriate response. This typically includes your name and contact details.

  • Legal basis: Our legitimate interest in ensuring customer satisfaction (GDPR Article 6(1)(f)).
  • Retention: Information is kept as long as necessary, up to 3 years after the inquiry.

4. Sharing your personal data

4.1. ACOS as data processor and use of subcontractors

We use subcontractors to process personal data. These subcontractors are typically providers of cloud services or other IT services.

When using subcontractors, we enter into a Data Processing Agreement (DPA) to protect your privacy rights in accordance with applicable data protection legislation. If subcontractors are located outside the EU/EEA, we ensure valid transfer mechanisms are in place on your behalf by using arrangements approved by the European Commission, including the EU Model Clauses.

Information about how personal data is processed for our products is described in the respective Data Processing Agreement for the service. In such cases, ACOS acts as the Data Processor and only processes data on behalf of, and in accordance with, the instructions given by your organization.

For more information about this, you can contact the contract manager responsible for the relevant service.

4.2. Internal sharing within the Visma group

Your personal data is recorded in systems used by ACOS to deliver the service you use. ACOS is part of the Visma group, which consists of several subsidiaries. To provide you with the best possible service, we may share your personal data internally within the Visma group companies. This helps us maintain a complete overview and a better understanding of how to serve you.

4.3. Sharing outside the Visma group

We share your personal data with our partners when necessary to fulfill the service you have ordered from us. For example, if you register for an event that involves accommodation at a hotel.

5. Your rights

You have several rights regarding how we process your personal data:

  • Access: You have the right to obtain a copy of the personal data we hold about you.
  • Rectification: You have the right to request correction of inaccurate personal data concerning you.
  • Erasure: You can request that we delete your personal data.
  • Restriction: You can ask us to restrict the processing of your personal data.
  • Portability: You can request to receive your personal data, or have it transferred to another party, in a structured and machine-readable format.
  • Objection: You have the right to object to our processing of your personal data, whether it is carried out for legitimate interests or for direct marketing. You can also object to processing carried out in the public interest or in the exercise of official authority.

There may be exceptions or limitations to these rights depending on the circumstances. In such cases, we will inform you of the exception or limitation and guide you in exercising your rights as far as possible under applicable laws and regulations. To exercise these rights, please contact us. If you are dissatisfied with how we process your personal data, you also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

You may always give or withdraw your consent for cookies on acos.no..

Please note that even if you opt out of receiving marketing communications from us, you may still receive administrative messages, such as order confirmations or notifications necessary to manage your account or the services you have with us.

6. EU’s Data Act: Your Data, Your Choice – Securing Your Rights

The EU’s Data Act grants you as a customer increased control over your data. The Act currently applies to customers in the EU.. It is uncertain when it will enter into force in Norway. At ACOS, we prioritize transparency and predictability. Therefore, we have clear guidelines for how we comply with the law, enabling you to easily exercise your rights.

6.1. What is the Data Act?

The Data Act gives you the right to access and take with you data generated through the use of our cloud services. The Act is intended to make switching between different service providers easier and fairer.

6.2. What does this mean in practice? How provider switching works

If you wish to switch from ACOS to another provider, we have a structured and predictable process in line with the Data Act.

  1. Notice
    - You start the process by giving us written notice with a deadline according to your agreement.
    - In the notice, you specify which services and data you wish to transfer.
     
  2. Transitional Period
    - After the notice period is over, a transitional period of 30 days begins. During this period, we will:
         - Assist you and your new provider in the switching process.
         - Ensure stable and secure operation of your services with us.
         - Facilitate a secure transfer of your exportable data.
    - If the process is technically complex, this period may be extended. In that case, you will be notified with a thorough justification.
     
  3. Your Responsibility
    - For the switch to go as smoothly as possible, you are responsible for receiving and implementing the data with your new provider.
    - You must also provide us with the necessary information so that we can assist in the best possible way.
     
  4. Data Deletion
    - Once the transfer is complete and a short retrieval period is over, we will ensure the secure and complete deletion of your data from our systems.

6.3 Which data can you take with you?

You have the right to take all "exportable data" with you. This includes the content you have entered yourself, as well as relevant usage data.

However, some data is exempt. This applies to data that is crucial for the functionality of our services, or that contains our trade secrets. We will always provide a transparent overview of which data can be transferred and which, if any, are exempt.

Description of what you can export and how you export:

Our online documentation describes both how and what you can export. Links to this documentation can be found in your product. The data will be available in a common machine-readable format such as CSV or Excel/Google Sheet Open-format.

6.4. What does it cost?

There are to types of cost you should be aware of:

  1. Switching Process Fee:
    - Until January 12, 2027: We may charge a fee that only covers our direct costs related to the switching work itself.
    - After January 12, 2027: The switching process will be free of charge.
     
  2. Ordinary Contractual Obligations:
    - Please note that a provider switch does not change the financial obligations in your agreement with us.
    - If you choose to switch halfway through a contract period, you will still be obligated to pay for the remaining period of the contract, as specified in the agreement.

6.5. Where is the data processed?

On the Visma Trust Centre, you will find an overview of where the data is processed (region and country, if applicable) and by which supplier.

6.6. Public Authorities

The police and other authorities may demand the disclosure of information from us. This may include both personal and non-personal data.

In all such cases, we follow internal guidelines and procedures to assess the request for access, and consult with Visma's legal department. We only share information that is strictly required by law, and only on the basis of valid court orders or similar legal documents from public authorities.

To prevent unauthorized access to information, we also implement technical measures such as encryption and access controls. ACOS is ISO certified and follows the Visma Security Program, which ensures high security standards and confidentiality.

In addition, we ensure that obligations are included in the agreements with our subcontractors, relating to them also having organizational and security measures similar to ours.

If we receive access requests from authorities outside the EEA, we comply with the Data Regulation's Article 32. Internal guidelines and routines are in accordance with this regulation.

6.7. Do you have any questions?

We are here to help. If you have questions about the Data Act, please contact us at privacy@acos.no

If you wish to initiate a switching process, please contact the relevant contact person specified in your contract.

7. Changes

This privacy policy is reviewed regularly or when changes in laws and regulations occur. Last updated: 20 february 2026.