Privacy Policy

Your data is always safe with us.

In this article you'll find information about:

  1. Introduction to cookies 
  2. Contact us with feedback
  3. Processing of your personal data
  4. Sharing your personal data
  5. Your rights
  6. Changes

1. Introduction

This privacy policy helps you understand which personal data we, ACOS, collect and why. It also explains how we handle, protect, store, transfer, and delete your personal data. Personal data means information relating to an identified or identifiable person, such as email address, postal address, or telephone number.

What personal data do we process?

We may process:

  • Basic contact information such as name, address, telephone number, email, and demographic information
  • Website traffic information such as login ID, username, and IP address
  • Statistics showing how you interact with the content we offer
  • Content you upload or share with us, such as images, comments, articles, and video clips
  • Information provided in connection with job applications or event registrations

2. Contact us

Your feedback is important. If you have comments or questions about this privacy policy, or related privacy matters, including potential breaches, you can fill out the form: Inquiries and questions about privacy, Visma Trust Centre.

You can also contact us by:

  • Email: info@acos.no
  • Telephone: +47 56 32 20 00
  • Address: Trollhaugmyra 150, 5353 Straume

All inquiries are handled confidentially. One of our representatives will contact you to address your concerns and outline how we may resolve your request.

3. Processing of your personal data

We process your personal data for various purposes:

3.1. Marketing newsletters

When you interact with us — for example by visiting our websites, downloading content, participating in webinars, or using our services — we may process your personal data based on legitimate interest. One of our legitimate interests is marketing.

If you have given consent, we use your personal data (name and email) to send you email newsletters with marketing content. If you no longer wish to receive these, you may unsubscribe by adjusting your preferences or via the footer options in our newsletters.

  • Legal basis: Our legitimate interest in keeping you informed (in accordance with GDPR Article 6, clause 1 f).
  • Storage: Your data will be deleted when you unsubscribe from the newsletter.

3.2. Profiling

We use personal data to deliver relevant content to you through direct marketing on social media and email.

The personal data processed may include aggregated details such as IP address, interests (based on what you click, etc.), and device data. This is done using technologies such as cookies and is known as profiling. We may also combine this with data from your customer relationship.

The purpose of profiling is to provide tailored marketing, enhance your user experience with our services, and deliver products that our customers find valuable. Since our services are generally tools for work-related purposes, your behavior in these tools typically reveals little about your personal life. We do not process sensitive data in this context.

  • Legal basis: Our legitimate interest in giving you relevant content (GDPR Article 6, clause 1 f).
  • Retention: The data is retained for up to 3 years after your last interaction. You can adjust cookie settings in our cookie preferences.

3.3. Recruitment

In relation to recruitment, we use personal data to manage the entire process. This includes evaluating applications, reviewing documentation, conducting interviews, and contacting references. We process data such as name, address, telephone, email, your resume, application, and other submitted materials. If needed, results from personality tests may also be included.

  • Legal basis: Our legitimate interest in recruiting the right candidates, cf. GDPR Article 6(1)(f).
  • Retention: Data will be deleted after 12 months, unless otherwise agreed.f any such limitations and guide you in exercising your rights as much as the law allows. To make use of these rights, contact us. If you are dissatisfied with how we handle your personal data, you also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

3.4. Security

To protect our systems against security threats and misuse, we use certain personal data. This also helps us carry out maintenance and fix errors. We may process information such as your name, email address, details of how you use our online services (including login details such as username, IP address, and device information).

  • Legal basis: Our legitimate interest in security (GDPR Article 6(1)(f)).
  • Retention: Information is kept for as long as necessary for security purposes.

3.5. Delivery of products and services

We process your personal data to manage purchases, agreements, and payments for the products and services we provide. The personal data processed in this context includes basic details such as name, address, telephone number, email, and billing information.

  • Legal basis: Necessary for the performance of a contract (GDPR Article 6(1)(b)).
  • Retention: Data will be deleted up to 3 years after your last activity.

3.6. Registration for webinars and courses

When you register for a webinar or course, we collect information needed for follow-up, such as sending you a connection link to the webinar or issuing a course certificate. This includes your name, email, billing details, and information about the course you registered for.

  • Legal basis: Our legitimate interest in providing webinars and courses to interested parties (GDPR Article 6(1)(f)).
  • Retention: Data is deleted after the agreed period.

3.7. Service improvement

We continuously work to improve the quality and user experience of our products and services. For this purpose, we may process information such as your name, email, and usage details, including login information and device type.

  • Legal basis: Our legitimate interest (GDPR Article 6(1)(f)).
  • Retention: We retain the data for up to 3 years for statistical purposes.

3.8. Handling inquiries and support

When you contact us with questions or for support via the contact form on our website, by email, or through a support case, we use the information you provide to give you an appropriate response. This typically includes your name and contact details.

  • Legal basis: Our legitimate interest in ensuring customer satisfaction (GDPR Article 6(1)(f)).
  • Retention: Information is kept as long as necessary, up to 3 years after the inquiry.

4. Sharing your personal data

4.1. ACOS as data processor and use of subcontractors

We use subcontractors to process personal data. These subcontractors are typically providers of cloud services or other IT services.

When using subcontractors, we enter into a Data Processing Agreement (DPA) to protect your privacy rights in accordance with applicable data protection legislation. If subcontractors are located outside the EU/EEA, we ensure valid transfer mechanisms are in place on your behalf by using arrangements approved by the European Commission, including the EU Model Clauses.

Information about how personal data is processed for our products is described in the respective Data Processing Agreement for the service. In such cases, ACOS acts as the Data Processor and only processes data on behalf of, and in accordance with, the instructions given by your organization.

For more information about this, you can contact the contract manager responsible for the relevant service.

4.2. Internal sharing within the Visma group

Your personal data is recorded in systems used by ACOS to deliver the service you use. ACOS is part of the Visma group, which consists of several subsidiaries. To provide you with the best possible service, we may share your personal data internally within the Visma group companies. This helps us maintain a complete overview and a better understanding of how to serve you.

4.3. Sharing outside the Visma group

We share your personal data with our partners when necessary to fulfill the service you have ordered from us. For example, if you register for an event that involves accommodation at a hotel.

5. Your rights

You have several rights regarding how we process your personal data:

  • Access: You have the right to obtain a copy of the personal data we hold about you.
  • Rectification: You have the right to request correction of inaccurate personal data concerning you.
  • Erasure: You can request that we delete your personal data.
  • Restriction: You can ask us to restrict the processing of your personal data.
  • Portability: You can request to receive your personal data, or have it transferred to another party, in a structured and machine-readable format.
  • Objection: You have the right to object to our processing of your personal data, whether it is carried out for legitimate interests or for direct marketing. You can also object to processing carried out in the public interest or in the exercise of official authority.

There may be exceptions or limitations to these rights depending on the circumstances. In such cases, we will inform you of the exception or limitation and guide you in exercising your rights as far as possible under applicable laws and regulations. To exercise these rights, please contact us. If you are dissatisfied with how we process your personal data, you also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

You may always give or withdraw your consent for cookies on acos.no..

Please note that even if you opt out of receiving marketing communications from us, you may still receive administrative messages, such as order confirmations or notifications necessary to manage your account or the services you have with us.

6. Changes

This privacy policy is reviewed regularly or when changes in laws and regulations occur. Last updated: 7 January 2025.