Nor1 has been acquired by Oracle and will soon transition to the Oracle Privacy Policy. Click here to view the Oracle Privacy Policy. Please note that the provisions of Nor1’s Privacy Policy below will remain active until the policy transition is complete.

Nor1, Inc. Privacy Policy

Effective Date: January 1, 2010


Nor1, Inc. provides online upgrade services that enable hotel companies to offer travelers the opportunity to upgrade their hotel experience, if upgraded inventory is available at the time of the traveler’s check-in. Protecting consumer privacy is important to us and the hotel companies to which we provide services. This Privacy Policy identifies the purposes for which personal information is collected, processed, and disclosed by Nor1 across our upgrade platform services and company website.


In this Privacy Policy, the term “Personal Information” means information that identifies a particular individual, such as the individual’s name, postal address, email address and telephone number. When non-personal information such as consumer product preferences or other non-identifiable information is directly associated with Personal Information, that information also becomes Personal Information for purposes of this Privacy Policy. “Sensitive Information” means Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or information that concerns an individual’s health.

International Data Transfer and Storage

Nor1 complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Nor1 has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is the biggest overhaul of EU data protection law in more than 20 years. It replaces the current EU Data Protection Directive and aims to create unified data protection legislation covering all individuals in the European Union. It went into effect on 25 May 2018. To learn more about GDPR and Nor1’s commitment to data protection, please visit /gdpr.

Collection of Personal Information

Information Hotel Customers Provide to Nor1 for Data Processing
As a third-party service provider to hotel companies, we generally receive Personal Information that was initially disclosed to the hotel companies in connection with a hotel booking by a traveler. The information we receive includes name, postal address, email address and telephone number, booking preferences and special request information. The hotel companies are responsible for providing notice and choice to individuals from whom they collect information.

Information Hotel Customers Provide to Nor1 for Services Access
Hotel companies will create Nor1 user accounts for their employees to utilize our upgrade services. A user account has basic information such as a name, role, telephone number, password, and email address.

Information Automatically Collected by Nor1 for Services Usage
As travelers browse upgrades and hotel users access Nor1 services, Nor1 may automatically collect information about your connection and usage of Nor1 services. Connection information will include device types, browser types, IP addresses, and other connection performance metrics. Usage information will include pages visited, page rendering times, UI elements clicked, and other web page performance metrics.

Cookies and Tracking

Information Collected by Cookies and Other Web Technologies
When you visit the Nor1 website or receive or interact with upgrade offers, we may send cookies to your computer that uniquely identify your browser or use tracking pixels, agents or other visitor identification technology (collectively, “Tags”). We use Google Analytics provided by Google which also use Tags to collect and analyze information. You can find more details about how Google uses data it collects here:

California Do Not Track Notice
Nor1 currently does not respond to the Do Not Track (DNT) signals for multiple reasons. Nor1 sites do not target visitors with personalized advertising based on browser history. Nor1 uses other web technologies described above to improve the performance of Nor1 sites and cannot guarantee these technologies respond to the DNT signals.

Use of Personal Information

Nor1 does not sell or rent Personal Information. Nor1 uses the Personal Information for the following general purposes:

  • Provide services to our hotel company customers.
  • Offer upgrades to travelers on behalf of our hotel customers.
  • Provide hotel users access to complete the upgrade transactions.
  • Provide reporting and other customer services to our hotel customers.
  • To contact users who have signed up to receive our newsletter.


Personal information will be collected, used and disclosed in accordance with the form of consent required by applicable law and its use will be limited to the objectives for which it was collected. The form of consent can vary from implied consent to express consent, depending upon the circumstances and the sensitivity of the type of information collected. Personal Information provided to us by a hotel company that originally collected it is provided to us under a written agreement with that hotel company, and we are not responsible for any acts or omissions of the hotel company in that regard. When applicable, we will offer individuals the opportunity to choose, by opting out, if Personal Information will (1) be disclosed to a third party not otherwise provided in the Privacy Policy, or (2) be used for a purpose other than the purpose for which it was originally collected or subsequently authorized. For Sensitive Information, we will provide an opportunity to affirmatively consent, by opting in, to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized.

Onward Transfers

We do not rent, sell or share Personal Information except as provided in this Privacy Policy, where you have provided your express consent, and in the following circumstances:

Third Party Service Providers: We may use outside organizations to perform specialized services such as for delivery of our newsletter, for information technology services or marketing services. These organizations include cloud computing service providers, data storage providers, email delivery providers, and providers we engage in the provision of services to our customers. We require that these parties agree to use such information in a confidential manner. These third parties may have access to Personal Information needed to perform their functions, but we do not permit them to use it for other purposes. Under certain circumstances, we may be liable under the Privacy Shield Principles for the acts of those third parties if they process Personal Information originating from the EU, EEA, or Switzerland in a manner inconsistent with the Privacy Shield Principles.

Governmental or Other Authorities: We advise you that we may have to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, such as to comply with legal process such as a search warrant, subpoena or court order, or to protect the company’s rights and property. In some cases, disclosure may be without notice to you.

Compliance: We may share Personal Information to verify or enforce compliance with user agreements and applicable laws, to protect against fraud, to detect and prevent security or technical issues, to protect against misuse or unauthorized use of the Nor1 products, services, computing systems, or website, or to protect against imminent harm to the rights, property or safety of Nor1, its subscribers or the public.

A Successor Entity: In the case of any significant transaction or event such as a sale, merger, amalgamation, financing, re-organization, liquidation, or insolvency, other parties to the transaction and their professional advisors may need to have access to our databases as part of the due diligence process. In this event, we would only provide such access under terms of a strict confidentiality agreement. Upon completion of the transaction or event, your Personal information would be transferred to the successor-in-interest company to be used for the purposes for which it was collected.

Data Security

We have implemented physical, electronic and administrative measures to protect your information from error, loss or unauthorized access. For example, we use industry-standard efforts, such as passwords, firewalls and Secure Socket Layers, to secure the Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. In addition, our employees and any third parties we use are contractually bound to protect the confidentiality of your information and access is restricted to those with a need to know the information to carry out the identified purpose. Although we use technical safeguards, we cannot guarantee the security of Personal Information on or transmitted via the Internet.

Data Integrity

We only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, we take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.


You may access your Personal Information and request corrections, amendments or deletions of inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to your privacy or where the rights of other persons would be violated. You may do this by sending a request to the contact information below.


We self-assess our practices to assure compliance with this Privacy Policy and periodically verify that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

Nor1 is subject to the investigatory and enforcement powers of the US Federal Trade Commission (“the FTC”). Any questions or concerns regarding the use or disclosure of personal information should be directed to the Nor1 addresses provided below. Nor1 will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information by reference to Privacy Shield Principles. In addition, Nor1 has agreed to participate in the independent dispute resolution procedure of JAMS in the investigation and resolution of complaints to resolve disputes pursuant to the Privacy Shield Principles. Information about how to file a complaint with the JAMS Privacy Shield program can be found at: For Personal Information originating in the European Union, European Economic Area, or Switzerland you may also have the option to select binding arbitration for the resolution of your complaint under certain circumstances. To find out more about the Privacy Shield’s binding arbitration scheme please see


This Privacy Policy may be amended from time to time. We will post any revised policy on this website.

Contact Information

Questions, comments or complaints regarding our Privacy Policy or data collection and processing practices can be mailed or emailed to:


3945 Freedom Circle, Suite 600

Santa Clara, CA 95054

Last Update: January 8, 2019

Added further clarity related to the Privacy Shield principles.

Contact us for answers to your questions and to understand how we can help you generate more revenue.


Go to Nor1’s Help Center