Nor1, Inc.  Privacy Policy

Effective Date: January 1, 2010

Nor1, Inc. provides a software product that enables hotel companies to offer travelers the opportunity to upgrade their hotel experience, if upgraded inventory is available at the time of the traveler’s check-in.  Protecting consumer privacy is important to us and the hotel companies to which we provide services.   This Privacy Policy identifies the purposes for which personal information is collected, used and disclosed by Nor1.

EU Safe Harbor
Nor1 complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Nor1 has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view Nor1’s certification, please visit

In this Privacy Policy, the term “Personal Information” means information that identifies a particular individual, such as the individual’s name, postal address, email address and telephone number. When non-personal information such as consumer product preferences or other non-identifiable information is directly associated with personal information, that information also becomes Personal Information for purposes of this Privacy Policy.  “Sensitive Information” means Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or information that concerns an individual’s health.

Collection of Personal Information
As a third-party service provider to hotel companies, we generally receive Personal Information that was initially disclosed to the hotel companies in connection with a hotel booking.  The information we receive includes name, postal address, email address and telephone number, booking preferences and special request information.  The hotel companies are responsible for providing notice and choice to individuals from whom they collect information.

Personal information will be collected, used and disclosed in accordance with the form of consent required by applicable law and its use will be limited to the objectives for which it was collected.  The form of consent can vary from implied consent to express consent, depending upon the circumstances and the sensitivity of the type of information collected.  Consent may have been obtained from the hotel company that originally collected the information.  When applicable, we will offer individuals the opportunity to choose, by opting out, if Personal Information will (1) be disclosed to a third party or (2) be used for a purpose other than the purpose for which it was originally collected or subsequently authorized.  For Sensitive Information, we will provide an opportunity to affirmatively consent, by opting in, to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized.

Onward Transfers
Prior to disclosing Personal Information to a third party, we ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to laws providing the same level of privacy protection as is required by the Principles, and agree in writing to provide an adequate level of privacy protection. We may share your personal information with third parties, including:

Third Party Service Providers: We may use outside organizations to perform specialized services such as information technology services or marketing services. These service providers are only given the information needed to perform those services and they are bound contractually to protect the privacy and security of your information and to limit the use of your information to the service being provided.

Governmental or Other Authorities:  We advise you that we may have to disclose personal information to the government or other legal or regulatory authorities if so ordered by a court of law or for other legal reasons, such as to comply with legal process such as a search warrant, subpoena or court order, to protect the company’s rights and property.  In some cases, disclosure may be without notice to you.

A Successor Entity:  In the case of any significant transaction or event such as a sale, merger, amalgamation, financing, re-organization, liquidation, or insolvency, other parties to the transaction and their professional advisors may need to have access to our databases as part of the due diligence process. In this event, we would only provide such access under terms of a strict confidentiality agreement. Upon completion of the transaction or event, your personal information would be transferred to the successor-in-interest company to be used for the purposes for which it was collected.

Data Security
We have implemented physical, electronic and administrative measures to protect your information from error, loss or unauthorized access. For example, we use industry-standard efforts, such as passwords, firewalls and Secure Socket Layers, to secure the Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction.  In addition, our employees and any third parties we use are contractually bound to protect the confidentiality of your information and access is restricted to those with a need to know the information to carry out the identified purpose. Although we use technical safeguards, we cannot guarantee the security of Personal Information on or transmitted via the Internet.

Data Integrity
We only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, we take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.

You may access your Personal Information and request corrections, amendments or deletions of inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to your privacy or where the rights of other persons would be violated.  You may do this by sending a request to the contact information below.

We self-assess our practices to assure compliance with this Privacy Policy and periodically verify that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles

If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using the Direct Marketing Association as a third party resolution provider.  Their contact information is:

Safe Harbor
Direct Marketing Association
1615 L St., NW  Suite 1100
Washington, DC  20036-5624

This Privacy Policy may be amended from time to time consistent with the requirements of the Safe Harbor. We will post any revised policy on this website

Contact Information
Questions, comments or complaints regarding our Privacy Policy or data collection and processing practices can be mailed or emailed to:

3255 Scott Blvd., Bldg. 7, Ste 120
Santa Clara, CA 9505

Last Update:  August 13, 2014
Reviewed policy for adherence to current business practices, added contact reference to Access section.