top of page
SQ Starquest original.png

Our Story

Privacy Policy for Starquest

Data Controller (Legal Entity)

Starquest AS (hereafter "StarQuest" or "we") is the data controller responsible for the processing of personal data as described in this privacy policy.

This policy applies to both visitors to our website (starquest.no) and users of the Starquest ATS platform. Here, we explain what personal data we collect, how we use it, and what rights you have.

Use of Cookies

We use cookies on our website and ATS platform. Some cookies are essential for our services to function, while others are optional (based on your consent) for analytics or marketing purposes. We use the following categories of cookies:

  • Necessary cookies: These are essential for the website and platform to operate correctly. They enable basic features such as secure login, navigation, and storing preferences. These cannot be disabled as our services will not function without them.

  • Preference cookies: (Functional cookies) These remember your preferences and choices, such as language settings or other configurations, to provide a better and more personalized user experience.

  • Analytics cookies: These are used to collect statistics on traffic and user behavior on the website and platform. We use Google Analytics, among others, to analyze which pages are visited, for how long, geographic location (e.g., country/city), and other technical data. This data helps us understand how users interact with our services so that we can improve them.

  • Marketing cookies: These cookies are used for targeted marketing and advertising. They can track your browser activity across websites to show relevant ads and measure the effectiveness of our campaigns. Such cookies are typically set by third-party partners (e.g., Google Ads or HubSpot) and require your consent.

You can choose to accept all or only necessary cookies via our cookie consent banner. If you later wish to change your preferences or withdraw your consent, you can do so through your browser settings or our cookie control tool.

Use of Google Analytics

We use Google Analytics (GA) to analyze usage of the website and improve our services. GA is an analytics service provided by Google that collects information about visitors using cookies. Data collected includes IP address (anonymized in our setup), pages visited, visit times, and device information. This information is transmitted to Google for aggregated analysis of traffic and usage patterns.

We have configured Google Analytics to anonymize IP addresses before storage to protect your identity. Google processes this information in accordance with its own privacy policies. You can read more about how Google collects and processes data in Google's privacy policy. If you do not want Google Analytics to collect data about you, you can decline analytics cookies in our cookie banner or install the Google Analytics browser opt-out extension.

Note: Google LLC is a company established in the USA, so data collected via Google Analytics may be transferred to servers outside the EU/EEA. (See the "Data Transfers to Third Countries" section below for more information about such transfers and the measures we have implemented.)

Collection and Processing of Personal Data

What information we collect:
StarQuest collects various types of personal data depending on how you interact with us. This includes, for example:

  • Contact information: Name, email address, phone number, and possibly mailing address. This information is collected when you register as a user, contact us via forms or email, or otherwise provide us with your contact details.

  • Job-related information: Job title, company/employer, or industry (e.g., if you register to use our ATS for professional purposes, or specify your position in a contact inquiry).

  • User and account information: Username, login credentials, and settings related to your account on the StarQuest ATS platform. We also register access rights and preferences that you define on the platform.

  • Application data (recruitment): If you apply for a job via StarQuest (our recruitment system/ATS), we process the information you provide during the application process. This may include your CV, cover letter, references, education and work history, and other details relevant to the application.

  • Technical information: IP address, device and browser information, screen resolution, operating system, unique identifiers (e.g., cookie ID or device ID), and similar technical data. This is automatically collected when you use the website or ATS (e.g., through logs and cookies) as you browse our pages or interact with the platform. We may also track how you navigate on the site or platform (e.g., clicks and page views).

How we collect the data:
In most cases, you provide us with this personal data directly – for example, by filling out a form, registering an account, applying for a job, or communicating with us. Some data is generated automatically through your use of our digital services (such as technical usage data via cookies). In certain cases, we may also receive information from third-party sources you’ve interacted with (for example, if your employer creates a user for you in our ATS, or if you apply for a job via a recruitment agency that uses our platform). In such cases, you will normally already be informed by that party.

We process all personal data in accordance with the original purpose for which it was collected. If we intend to process the data for a different purpose than originally stated, we will first obtain your consent unless another lawful basis exists.

Purpose of Processing Personal Data

We collect and use personal data solely for specific, explicit, and legitimate purposes. The main purposes for our processing of personal data are as follows:

  • Provision of services and customer relationship management:
    To deliver the products and services you request, such as creating and managing user accounts on the ATS platform, enabling logins, operating and maintaining the service, and ensuring stability and security. This also includes general customer relationship management, invoicing, and fulfillment of agreements we have entered into with you or your employer (for example, if your company uses the StarQuest ATS).
    (The processing is necessary to fulfill an agreement with you or to take steps at your request prior to entering into such an agreement.)

  • Customer service and support:
    To provide customer service, respond to inquiries, handle complaints, or offer technical support when using our services. We process contact information and any details you provide when reaching out to us so we can assist you as effectively as possible.
    (This processing is either to fulfill our service agreement with you or based on our legitimate interest in providing quality support.)

  • Marketing:
    For marketing purposes, such as sending newsletters, offers, product updates, or other marketing materials via email, phone, or social media. This may include personalized marketing based on your use of our websites (e.g., through the use of marketing cookies as described above). We may also use your data to target ads on other platforms (such as Google or Facebook) if you have given consent.
    If you already have a customer relationship with us, we may, within the limits of applicable law, send you information about similar products/services based on our legitimate interest in maintaining the relationship. Without an existing relationship, we will request your explicit consent before sending you electronic marketing.
    You may unsubscribe from marketing communications at any time (every email we send includes an unsubscribe link).

  • Development and product improvement:
    To analyze the use of our website and ATS platform, understand market trends, and enhance our products and services. This includes using data (mostly aggregated or pseudonymized) on user behavior, feedback, error reports, and similar inputs to develop new features and improve the user experience.
    For example, we may analyze which ATS features are used most or evaluate user feedback to prioritize updates.
    (This processing is based on our legitimate interest in improving and further developing our services.)

  • Recruitment (via the StarQuest ATS):
    To conduct recruitment processes when you apply for a job with us via our ATS platform. The information in your job application (CV, application form, attachments, etc.) is used solely to evaluate you for the relevant position, communicate with you during the process, and potentially enter into an employment agreement.
    The legal basis for this processing is that it is necessary to take steps at your request prior to entering into an employment contract (GDPR Article 6(1)(b)).
    If you are not offered the position, your application data will be deleted within a reasonable period after the recruitment process concludes unless you consent to us retaining it longer for future job opportunities. (See also the section “Data Retention and Deletion.”)

In addition to the purposes listed above, we may, in specific cases, process personal data to fulfill legal obligations—for example, when required by current legislation or government decisions.
We do not process your personal data for purposes incompatible with the original purpose unless we obtain new consent or have another lawful basis.

Legal Basis for Processing

All processing of personal data must be based on a valid legal ground in accordance with the General Data Protection Regulation (GDPR Article 6). We rely on different legal bases depending on the purpose of the processing:

  • Consent (GDPR Article 6(1)(a)):
    In certain cases, we ask for your consent before processing your personal data. This typically applies to non-essential cookies (analytics and marketing) and sending newsletters/marketing to individuals with whom we do not already have a customer relationship.
    When the processing is based on consent, you may withdraw your consent at any time (see the section “Your Rights” below). We will then cease the specific processing based on that consent.

  • Contract (GDPR Article 6(1)(b)):
    When the processing of personal data is necessary to enter into or fulfill an agreement with you, we rely on the contract as the legal basis. This applies, for example, when you create an account and use the StarQuest ATS or when we process a job application you submit as part of a potential employment contract.
    The same applies if you request something before entering into an agreement (e.g., by contacting us about our services); in such cases, the data is processed to take the necessary steps at your request.

  • Legitimate interest (GDPR Article 6(1)(f)):
    We process certain data based on a balancing of interests, where we have a legitimate interest that we believe is not overridden by your right to privacy. This is the basis for, among other things, product improvement/analytics, certain types of customer service and support (e.g., inquiries from potential customers), IT security (to protect our systems and users), and some marketing to existing customers.
    In such cases, we have assessed that the processing is necessary for the purpose and that your personal data is handled in a way that has limited impact on your privacy (e.g., through pseudonymization or opt-out options). You have the right to object to processing carried out on this basis if you have specific reasons (see “Your Rights”).

  • Legal obligation (GDPR Article 6(1)(c)):
    Sometimes we are legally required to process certain personal data. In such cases, the legal basis is that the processing is necessary to fulfill a legal obligation. For example, accounting laws may require us to store invoice information containing personal data for a certain period, or labor regulations may require us to retain specific employment records.
    When we process data to meet such obligations, we will only process the information in accordance with the applicable law and not for any other purpose.

We will always inform you of the legal basis that applies to the specific processing of your personal data. Please note that in some situations, multiple legal bases may apply simultaneously – for example, we may process your contact details both to fulfill a contract (customer management) and based on our legitimate interest in following up with relevant information.

Retention and Deletion of Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with our legal obligations. The retention period will vary depending on the type of data and the purpose of the processing:

  • Customer and account information:
    Data related to your user profile or customer relationship (e.g., name, contact details, account information, communication history) is stored for as long as you are an active customer or user of our ATS platform. If you terminate the customer relationship or delete your account, we will either delete or anonymize the relevant personal data within a reasonable time (typically within 30 days, though longer retention may occur in backups). Some basic information may be kept longer if necessary for accounting or to handle legal claims or disputes.

  • Communication and support:
    Email inquiries, support tickets, and similar correspondence are retained as long as necessary to follow up on your case. As a rule, such communications are deleted or anonymized within 1–2 years after the issue is resolved, unless further retention is needed (e.g., if the correspondence must be archived as documentation).

  • Marketing:
    Contact information used for newsletters or marketing is stored until you unsubscribe or withdraw your consent. Upon unsubscribing, we stop all further communication immediately and delete or anonymize your data from our marketing lists. However, we may retain documentation that you gave or withdrew consent for a certain period, in order to demonstrate compliance with regulations.

  • Analytics and usage data:
    Data collected about website usage (e.g., via Google Analytics) is stored in our analytics tools for a limited time. By default, Google Analytics retains anonymized visit data for up to 14 months, after which it is automatically deleted. We also use aggregated reports for longer periods, but these do not contain personally identifiable information.

  • Recruitment data:
    Data related to job applicants (e.g., applications, CVs) is only kept for the duration of the recruitment process. After a hiring process is completed, data for applicants who were not hired will be deleted shortly afterward, unless the candidate has consented to further retention.
    If you have given consent for us to retain your CV for future opportunities, we will retain your data for the agreed period (or until you withdraw your consent). Candidates who are hired will have their data stored in our employee records and processed according to internal HR policies.

  • Legally mandated retention:
    In cases where other laws require us to store data for a specific period, we will retain the information as long as required by law. For example, accounting laws may require certain financial data (which may include personal information on invoices) to be retained for 5 years after the end of the fiscal year. Such data will not be deleted before the legally mandated retention period ends, even if you request deletion in the meantime.

When the retention period ends, or when the purpose for processing no longer exists, we ensure that the personal data is either securely deleted or anonymized (so it can no longer be linked to you). We regularly review our retention schedules and continuously delete unnecessary personal data.

Transfer of Data to Third Countries

StarQuest uses certain external IT service providers that are located outside the EU/EEA. This means that, in some cases, personal data may be transferred to “third countries” (countries outside the EEA). This particularly applies to:

  • Google (Analytics and possibly Google Ads):
    Google LLC is based in the United States, so data collected through our use of Google services (such as Analytics and advertising tools) may be processed on servers located in the U.S.

  • HubSpot:
    We use HubSpot as a tool for marketing, customer engagement, and CRM. HubSpot Inc. is a company located in the U.S., meaning that personal data (e.g., contact information submitted through our website forms) may be stored on HubSpot servers outside the EEA.

Transfers to third countries are carried out only in compliance with data protection regulations. When personal data is transferred outside the EEA, we ensure that adequate safeguards are in place to protect your data. We enter into the EU's Standard Contractual Clauses (SCCs) with our suppliers in third countries. These clauses are approved by the European Commission and require the recipient to protect personal data in accordance with European privacy standards.

In practice, this means that both Google and HubSpot (and any other third-country providers we may use) are contractually committed to processing personal data from us securely and in compliance with the GDPR. For example, SCCs are automatically included in HubSpot’s Data Processing Agreement, and the same applies to Google under their data processing terms.

Where necessary, we also implement additional measures such as encryption and limiting the types of data transferred to safeguard your privacy.

Please note: Laws in some third countries (including the U.S.) may allow local authorities to access personal data. While this is outside our control, we will inform you if we become aware of any requests for access to your data by public authorities, unless we are legally prohibited from doing so.

If we request your consent for the use of a service that involves transferring data to a third country (for example, marketing cookies set by a U.S.-based provider), we will inform you of the risks involved as part of the consent process. You are then free to decline such data transfers.

Your Rights

Right of Access

You have the right to access the personal data we have registered about you. This means you can contact us and request a copy of all the personal data we process about you. We will then provide you with an overview of the data, as well as information about the purposes of the processing, retention periods, and any third parties it is shared with (as per Article 15 of the GDPR).This right may be subject to certain limitations to protect the privacy of others, trade secrets, or intellectual property rights, but the general principle is to provide as much information as possible.

Right to Rectification

If you discover that we have registered incorrect or incomplete information about you, you have the right to have it corrected or supplemented. Upon your request, we will correct any inaccurate personal data without undue delay.This may include, for example, changes to your name or correction of typos in your contact details. In some cases, you may be required to update this information yourself (e.g., through your user profile), but we will assist you if needed.

Right to Erasure

You have the right to have your personal data deleted without undue delay in certain situations (also known as the “right to be forgotten”). Upon request, we will delete the data we have about you, provided there are no overriding reasons for continued processing.For example, you may request deletion of your account and all stored data. We will delete what we can and confirm the deletion.Exceptions: Please note that we cannot delete data we are legally required to retain for a certain period, or that is necessary to fulfill an agreement with you. For example, we cannot delete transaction data that must be kept for accounting purposes until the mandatory retention period expires. In such cases, we will restrict the data for other uses and delete it as soon as legally permitted.

Right to Restrict Processing

As a data subject, you have several rights concerning your personal data under the General Data Protection Regulation (GDPR). Below we explain your key rights and how you can exercise them. You may exercise your rights by contacting us (see Contact Information below). We will respond without undue delay and no later than 30 days, unless otherwise legally permitted.

In certain situations, you have the right to request a restriction on the processing of your personal data. This means we will temporarily stop all active processing of the data (except storage) until your request has been assessed.You may request a restriction if, for example, you believe the data is incorrect (while we verify it), or if you have objected to the processing (while we consider whether our legitimate interest outweighs your privacy rights).While restricted, your data will only be stored or processed for the establishment, exercise, or defense of legal claims, to protect another person's rights, or for important public interests. We will inform you before any such restriction is lifted.

Right to Object

You have the right to object to our processing of your personal data in certain cases. This right applies if we process your data based on legitimate interest (Article 6(1)(f) GDPR) or for tasks in the public interest or the exercise of official authority (which we typically do not perform).If you object to such processing, we must stop unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.Direct marketing: You always have the right to opt out of your data being used for direct marketing. If you receive newsletters or other marketing from us and no longer wish to, you can unsubscribe at any time – we will then stop processing your data for marketing purposes immediately. (This is considered an absolute right to object.)

Right to Data Portability

For personal data that you have provided to us, and that is processed automatically based on your consent or a contract, you have the right to data portability. This means you can receive your data in a structured, commonly used, and machine-readable format so that you can transfer it to another service provider.Upon request, we will export your applicable data in a suitable format (e.g., CSV/Excel or JSON/XML) and send it to you – or, if technically feasible, transfer it directly to a new provider of your choice.Note: This right only applies to data you have provided yourself (or that has been generated through your use of the service) and only if the processing is carried out automatically and based on consent or a contract.

Right to Withdraw Consent

If we process any of your personal data based on your consent, you have the right to withdraw that consent at any time.Withdrawing consent will not affect any processing already carried out, but we will stop any further processing of the data and purposes covered by the consent.For example, if you have consented to receive newsletters, you can unsubscribe at any time, and we will stop sending them. You can withdraw consent by contacting us or through mechanisms made available to you (e.g., the “unsubscribe” link in emails, or by changing your cookie preferences).

Right to Lodge a Complaint with a Supervisory Authority

If you believe we are processing your personal data in violation of applicable laws, we encourage you to contact us first so we can resolve the issue.You also have the right to file a complaint directly with the relevant supervisory authority. In Norway, this is the Norwegian Data Protection Authority (Datatilsynet).You can contact the authority and submit a formal complaint regarding our handling of your personal data. Visit their website at datatilsynet.no for instructions on how to proceed.

Contact Information

Starquest takes data privacy seriously, and we encourage you to get in touch if you have any questions or wish to exercise your rights.

Data Controller: Starquest AS

Address: Roald amundsens veg 46, 4340 Bryne, Norway

Email: privacy@starquest.no

Phone: +47 41 31 37 78

 

You may contact us by email or letter for any inquiries related to data protection, such as requests for access, correction, or deletion of data, or questions regarding this privacy policy. We will respond as quickly as possible and within the deadlines set by law.

 

If you use the Starquest ATS through your employer or another organization, it may be appropriate to direct inquiries regarding your personal data through your administrator/employer. In any case, we will assist in ensuring that your rights are upheld.

Date of Last Update

This privacy policy was last updated on 9 May 2025 and replaces all previous versions. We may update the policy from time to time due to changes in our data processing practices or applicable legislation. In the event of significant changes, we will notify you via our website or by email. We recommend that you review the policy regularly to stay informed about how we protect your personal data.

bottom of page