Effective Date: January 1, 2010
International Data Transfer and Storage
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is the biggest overhaul of EU data protection law in more than 20 years. It replaces the current EU Data Protection Directive and aims to create unified data protection legislation covering all individuals in the European Union. It will take effect on 25 May 2018. To learn more about GDPR and Nor1’s commitment to data protection, please visit http://www.nor1.com/gdpr.
Collection of Personal Information
Information Hotel Customers Provide to Nor1 for Data Processing
As a third-party service provider to hotel companies, we generally receive Personal Information that was initially disclosed to the hotel companies in connection with a hotel booking by a traveler. The information we receive includes name, postal address, email address and telephone number, booking preferences and special request information. The hotel companies are responsible for providing notice and choice to individuals from whom they collect information.
Information Hotel Customers Provide to Nor1 for Services Access
Hotel companies will create Nor1 user accounts for their employees to utilize our upgrade services. A user account has basic information such as a name, role, telephone number, password, and email address.
Information Automatically Collected by Nor1 for Services Usage
As travelers browse upgrades and hotel users access Nor1 services, Nor1 may automatically collect information about your connection and usage of Nor1 services. Connection information will include device types, browser types, IP addresses, and other connection performance metrics. Usage information will include pages visited, page rendering times, UI elements clicked, and other web page performance metrics.
Cookies and Tracking
Information Collected by Cookies and Other Web Technologies
When you visit the Nor1 website or receive or interact with upgrade offers, we may send cookies to your computer that uniquely identify your browser or use tracking pixels, agents or other visitor identification technology (collectively, “Tags”). We use Google Analytics provided by Google which also use Tags to collect and analyze information. You can find more details about how Google uses data it collects here: http://www.google.com/policies/privacy/partners/.
California Do Not Track Notice
Nor1 currently does not respond to the Do Not Track (DNT) signals for multiple reasons. Nor1 sites do not target visitors with personalized advertising based on browser history. Nor1 uses other web technologies described above to improve the performance of Nor1 sites and cannot guarantee these technologies respond to the DNT signals.
Use of Personal Information
Nor1 does not sell or rent Personal Information. Nor1 uses the Personal Information for the following general purposes:
● Provide services to our hotel company customers.
● Offer upgrades to travelers on behalf of our hotel customers.
● Provide hotel users access to complete the upgrade transactions.
● Provide reporting and other customer services to our hotel customers.
● To contact users who have signed up to receive our newsletter.
Third Party Service Providers: We may use outside organizations to perform specialized services such as for delivery of our newsletter, for information technology services or marketing services. These organizations include cloud computing service providers, data storage providers, email delivery providers, and providers we engage in the provision of services to our customers. We require that these parties agree to use such information in a confidential manner. These third parties may have access to Personal Information needed to perform their functions, but we do not permit them to use it for other purposes. Under certain circumstances, we may be liable under the Privacy Shield Principles for the acts of those third parties if they process Personal Information originating from the EU or EAA in a manner inconsistent with the Privacy Shield Principles.
Governmental or Other Authorities: We advise you that we may have to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, such as to comply with legal process such as a search warrant, subpoena or court order, or to protect the company’s rights and property. In some cases, disclosure may be without notice to you.
Compliance: We may share Personal Information to verify or enforce compliance with user agreements and applicable laws, to protect against fraud, to detect and prevent security or technical issues, to protect against misuse or unauthorized use of the Nor1 products, services, computing systems, or website, or to protect against imminent harm to the rights, property or safety of Nor1, its subscribers or the public.
A Successor Entity: In the case of any significant transaction or event such as a sale, merger, amalgamation, financing, re-organization, liquidation, or insolvency, other parties to the transaction and their professional advisors may need to have access to our databases as part of the due diligence process. In this event, we would only provide such access under terms of a strict confidentiality agreement. Upon completion of the transaction or event, your Personal information would be transferred to the successor-in-interest company to be used for the purposes for which it was collected.
We have implemented physical, electronic and administrative measures to protect your information from error, loss or unauthorized access. For example, we use industry-standard efforts, such as passwords, firewalls and Secure Socket Layers, to secure the Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. In addition, our employees and any third parties we use are contractually bound to protect the confidentiality of your information and access is restricted to those with a need to know the information to carry out the identified purpose. Although we use technical safeguards, we cannot guarantee the security of Personal Information on or transmitted via the Internet.
We only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, we take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
You may access your Personal Information and request corrections, amendments or deletions of inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to your privacy or where the rights of other persons would be violated. You may do this by sending a request to the contact information below.
Nor1 is subject to the investigatory and enforcement powers of the US Federal Trade Commission (“the FTC”). Any questions or concerns regarding the use or disclosure of personal information should be directed to the Nor1 addresses provided below. Nor1 will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information by reference to Privacy Shield Principles. In addition, Nor1 has agreed to participate in the independent dispute resolution procedure of JAMS in the investigation and resolution of complaints to resolve disputes pursuant to the Privacy Shield Principles. Information about how to file a complaint with the JAMS Privacy Shield program can be found at: https://www.jamsadr.com/eu-us-privacy-shield. For Personal Information originating in the European Union or European Economic Area, you may also have the option to select binding arbitration for the resolution of your complaint under certain circumstances. To find out more about the Privacy Shield’s binding arbitration scheme please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
3945 Freedom Circle, Suite 600
Santa Clara, CA 95054
Last Update: January 12, 2018
Added further clarity related to the Privacy Shield principles.