Effective Date: January 1, 2010
EU Safe Harbor
Nor1 complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Nor1 has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Nor1’s certification, please visit http://www.export.gov/safeharbor/.
Collection of Personal Information
As a third-party service provider to hotel companies, we generally receive Personal Information that was initially disclosed to the hotel companies in connection with a hotel booking. The information we receive includes name, postal address, email address and telephone number, booking preferences and special request information. The hotel companies are responsible for providing notice and choice to individuals from whom they collect information.
Personal information will be collected, used and disclosed in accordance with the form of consent required by applicable law and its use will be limited to the objectives for which it was collected. The form of consent can vary from implied consent to express consent, depending upon the circumstances and the sensitivity of the type of information collected. Consent may have been obtained from the hotel company that originally collected the information. When applicable, we will offer individuals the opportunity to choose, by opting out, if Personal Information will (1) be disclosed to a third party or (2) be used for a purpose other than the purpose for which it was originally collected or subsequently authorized. For Sensitive Information, we will provide an opportunity to affirmatively consent, by opting in, to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized.
Prior to disclosing Personal Information to a third party, we ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to laws providing the same level of privacy protection as is required by the Principles, and agree in writing to provide an adequate level of privacy protection. We may share your personal information with third parties, including:
Third Party Service Providers: We may use outside organizations to perform specialized services such as information technology services or marketing services. These service providers are only given the information needed to perform those services and they are bound contractually to protect the privacy and security of your information and to limit the use of your information to the service being provided.
Governmental or Other Authorities: We advise you that we may have to disclose personal information to the government or other legal or regulatory authorities if so ordered by a court of law or for other legal reasons, such as to comply with legal process such as a search warrant, subpoena or court order, to protect the company’s rights and property. In some cases, disclosure may be without notice to you.
A Successor Entity: In the case of any significant transaction or event such as a sale, merger, amalgamation, financing, re-organization, liquidation, or insolvency, other parties to the transaction and their professional advisors may need to have access to our databases as part of the due diligence process. In this event, we would only provide such access under terms of a strict confidentiality agreement. Upon completion of the transaction or event, your personal information would be transferred to the successor-in-interest company to be used for the purposes for which it was collected.
We have implemented physical, electronic and administrative measures to protect your information from error, loss or unauthorized access. For example, we use industry-standard efforts, such as passwords, firewalls and Secure Socket Layers, to secure the Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. In addition, our employees and any third parties we use are contractually bound to protect the confidentiality of your information and access is restricted to those with a need to know the information to carry out the identified purpose. Although we use technical safeguards, we cannot guarantee the security of Personal Information on or transmitted via the Internet.
We only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, we take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
You may access your Personal Information and request corrections, amendments or deletions of inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to your privacy or where the rights of other persons would be violated. You may do this by sending a request to the contact information below.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using the Direct Marketing Association as a third party resolution provider. Their contact information is:
Direct Marketing Association
1615 L St., NW Suite 1100
Washington, DC 20036-5624
3255 Scott Blvd., Bldg. 7, Ste 120
Santa Clara, CA 9505
Last Update: August 13, 2014
Reviewed policy for adherence to current business practices, added contact reference to Access section.