Last updated: 8/9/24.

Protecting your private information is our priority. This Privacy Policy explains how we collect, use, and share information that we gather on www.norms.com and any other website owned by NORMS (the “Sites,” “Site,” “associated Sites”) or through your use of our products and services (collectively, the “Services”).

For the purposes of this Privacy Policy, unless otherwise noted, all references to “NORMS” include www.norms.com and any other Site owned by “NORMS.” The NORMS website and associated Sites are a resource for potential NORMS clients. By using the NORMS website or Sites, or affirmatively indicating your agreement, you consent to the data practices described in this Privacy Policy.

Please click the following links to learn more about our Privacy Policy:

1. What Does This Privacy Policy Cover?
2. Collection of Your Personal Information
3. Use of Your Personal Information
4. Sharing of Your Personal Information
5. How we respond to ‘Do Not Track’ and Other Signals
6. Use of Cookies
7. Privacy Rights and Additional Disclosures for Certain U.S. Residents
8. CCPA Notice at Collection
9. Security and Retention of Your Personal Information
10. Children’s Privacy
11. Opt-out and Unsubscribe from Communications
12. 24/7 Rewards Program
13. Accessing, Correcting, or Deleting Your Information
14. Changes to this Policy
15. Change of Ownership
16. Contact Information

1. WHAT DOES THIS PRIVACY POLICY COVER?

This Privacy Policy covers NORMS’ general treatment of personally identifiable information (“Personal Information”) that NORMS obtains when you access our Sites or Services.

This Privacy Policy does not cover the practices of other companies or any companies that use NORMS’ Sites or Services. In addition, our Sites or Services may contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any data to these websites.

2. COLLECTION OF YOUR PERSONAL INFORMATION

NORMS collects Personal Information from consumers to provide our Sites and Services. The categories of Personal Information that we have collected from consumers in the last 12 months include:

• Identifiers, such as real name, postal address, Internet Protocol address, email address, and similar identifiers;
• Categories of Personal Information described in Section 1798.80(e) of the California Civil Code, such as telephone number, employment, billing and credit card number, and similar information;

• Characteristics of protected classifications under federal or state law, such as age;
• Commercial information, such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;

• Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement;
• Approximate geolocation data;
• Audio, visual, or similar information; and,
• Inferences drawn from the above categories of information.

The categories of sensitive information include:

• Account log-in, in combination with any required security or access code, password, or credentials allowing access to the account.

Information We Automatically Collect. Like many website operators, information about your browser, computer hardware, and software may be automatically collected by NORMS. This information can include: your IP address, browser type, domain names, access times, referring website addresses, the pages of our Sites that you visit, the time spent on those pages and other statistics, and whether you reached our page via a social media or email campaign.

Information We Collect from Third Parties. If you access our Sites through third parties (e.g., Facebook or Google), or if you share content from our Sites to a third-party social media service, the third-party service will send us certain information about you if the third-party service and your account settings allow such sharing. The information we receive will depend on the policies and your account settings with the third-party service. NORMS encourages you to review the privacy statements of websites you choose to link to from NORMS so that you can understand how those websites collect, use and share your information. NORMS is not responsible for the privacy statements or other content on websites outside of the NORMS Sites.

User Contributions. You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of our Sites or Services, or transmitted to other users of our Sites, Services, or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users of our Sites with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

3. USE OF YOUR PERSONAL INFORMATION

NORMS collects and uses your Personal Information to:

• Provide you with the services on our Sites, which includes:
  • Maintaining and servicing accounts,
  • Providing customer service,
  • Processing and fulfilling orders and transactions,
  • Providing surveys to conduct research;
  • Verifying customer information,
  • Processing payments, and,
  • Providing advertising or marketing services to you.
• Provide analytic services, such as analyzing customer usage and improving services offered.
• Conduct market research and project planning.
• Detect security incidents, protect against fraudulent or other criminal activity, debug and repair errors, and maintain the overall quality and safety of our Sites.
• Share website visitor activity, through website cookies, with third-party marketing partners to market our services on our Sites and other websites that you may visit.
• Fulfill our legal and financial obligations.
• Provide you with employment opportunities.

4. SHARING OF YOUR PERSONAL INFORMATION

To Users or the Public with Your Consent. We may share your information with other users or the public with your consent.

Affiliates and Service Providers. We share your information with our third-party service providers and any subcontractors as required to offer you our products and Services. The service providers we use help us to:

• Run, operate, and maintain our Sites and Services through third-party platforms and software tools;
• Perform content moderation and crash analytics;
• Run email and mobile messaging campaigns;
• Perform marketing analytics;
• Provide measurement services and targeted ads (you can opt out of these services at websites such as http://www.aboutads.info/choices and http://www.youronlinechoices.eu/);
• Administer competitions, sweepstakes, and promotions, including verifying eligibility and prize fulfilment;
• Provide payment attribution; and,
• Provide technical and customer support.

Some external service providers may also collect information directly from you (for example, a payment processor may request your billing and financial information) in accordance with their own privacy policy. These external service providers do not share your financial information, like credit card number, with us, but may share limited information with us related to your purchase, like your zip code.

Aggregated Data. We may also aggregate or otherwise strip information of all personally identifying characteristics and may share that aggregated, anonymized data with third parties or publish it. We reserve the right to make use of any such aggregated data as we see fit.

Cookie-based Marketing and Advertising. With respect to website cookies, we share your information with third-party marketing and advertising partners to market our Services on our Sites and other websites that you may visit.

Disclosures Required by Law. We may be required to disclose your data in response to lawful requests by public authorities, including to meet law enforcement requirements. We may be under a duty to disclose or share your Personal Information to comply with any legal obligation, to enforce or apply our terms and conditions and other agreements, to protect our rights, property, or safety, or to protect the rights, property, or safety of others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.

5. HOW WE RESPOND TO ‘DO NOT TRACK’ AND OTHER SIGNALS

Some browsers provide you with a way to signal that you do not want your browsing activity to be tracked. Our Sites may not currently respond to all Do Not Track (“DNT”) or similar signals, as we are awaiting consensus from the Internet policy and legal community on the meaning of DNT and the best way to respond to these signals.

California and certain other U.S. state residents may opt out of tracking technologies by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (“GPC”) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use. Your request to opt-out of sale/sharing will be linked to your browser identifier only and not linked to any account information because the connection between your browser and the account is not known to us.

6. USE OF COOKIES

The NORMS website may use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize NORMS pages, or register with NORMS Site or Services, a cookie helps NORMS to recall your specific information on subsequent visits. This simplifies the process of recording your Personal Information, such as billing addresses, shipping addresses, and so on. When you return to the same NORMS Site, the information you previously provided can be retrieved, so you can easily use the NORMS features that you customized.

Google Analytics. We may use Google Analytics. We use the information we get from Google Analytics only to improve the Sites. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Please refer to Google’s Privacy Policy for more information. You may also choose to download the Google Analytics opt-out browser add-on.

You may wish to restrict the use of cookies. Please be aware that some of the features of our Sites may not function correctly if you disable cookies. Most modern browsers allow you to change your cookie settings. You can usually find these settings in the options or preferences menu of your browser. To understand these settings, the following links for commonly used browsers may be helpful:

• Cookie settings in Chrome
• Cookie settings in Firefox
• Cookie settings in Microsoft Edge
• Cookie settings in Safari web and iOS

Personalized Advertising. We may also use targeted advertising cookies, such as Google Ads, to deliver tailored advertising on our Sites and other websites that you may visit. You can learn more about how to control advertising cookies by visiting the Network Advertising Initiative’s Consumer Opt-Out link, the DAA’s Consumer Opt-Out link for browsers, or the DAA’s opt-out link for mobile devices. Please note that electing to opt-out will not stop advertising from appearing in your browser or applications and may make the ads you see less relevant to your interests.

7. PRIVACY RIGHTS AND ADDITIONAL DISCLOSURES FOR CERTAIN U.S. RESIDENTS

Several jurisdictions grant state residents certain rights and disclosures. We provide the following information to further help you understand your potential privacy rights.

Right to Know. You have the right to submit a verifiable request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your request we will disclose to you:

• The categories of Personal Information we collected about you;
• The categories of sources for the Personal Information we collected about you;
• Our business or commercial purpose for collecting, sharing, or selling Personal Information;
• The categories of third parties with whom we share that Personal Information;

• The categories of Personal Information we have sold, if any, about you and the categories of third parties to whom your Personal Information was sold, by category or categories of Personal Information for each third party to whom the Personal Information was sold;
• The specific pieces of Personal Information we collected about you (also called a “data portability request”).

You may only make a verifiable consumer request to know twice within a 12-month period.

Right to Delete. You have the right to submit a verifiable request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your request, we will delete (and direct our service providers and affiliates to delete) your Personal Information from our records, unless an exception applies.

Right to Correct. You have the right to submit a verifiable request for the correction of inaccurate Personal Information that we collected, taking into account the nature of the Personal Information and the purposes of processing the Personal Information.

Opting Out of Cookies and Sale/Sharing Using Online Tracking Technologies. Our use of online tracking technologies may be considered a “sale” / “sharing” under applicable law. Residents of California have the right to opt out of being tracked by these third parties by clicking the “Your Privacy Choices” link at the bottom of our Site and selecting your preferences.

However, residents of California may opt out by broadcasting an opt-out preference signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use the browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Do Not Sell or Share My Personal Information. You have the right to opt out of the sale of your Personal Information and the sharing of your Personal Information for cross-context behavioral advertising. We do not sell your Personal Information, but we may use your Personal Information for cross-context behavioral advertising. If you wish to opt out of this sharing of your Personal Information, please visit this webpage: CCPA Request Form.

Disclosure for Nevada Residents. Nevada residents have the right to request that we not exchange their information for monetary consideration. However, we do not exchange Personal Information for monetary consideration.

Right to Limit Processing of Sensitive Personal Information. You have the right to direct us to process or disclose sensitive Personal Information only for providing goods or services, or as otherwise minimally permitted under the CCPA. However, we do not use or disclose sensitive Personal Information for any purpose other than providing our goods and services to you, or as otherwise minimally permitted under the CCPA.

Third Party’s Marketing. If you are one of our customers, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information to third parties for the third parties’ direct marketing purposes. However, we do not disclose your Personal Information to third parties for their direct marketing purposes.

Exercising Your Rights. To exercise your rights described above, please submit a verifiable consumer request to us using one of the following methods:

• Call us at +1 (877) 804-4966
• Send an email to ccparequests@norms.com
• Submit your request here – NORMS CCPA Request Form

Only you or a person that you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information.

The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We endeavor to respond to a verifiable consumer request within 45 calendar days of its receipt.  If we require more time (up to an additional 45 calendar days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Right to Equal Service & Price. You have the right to receive equal service and price, even if you exercise any of your CCPA rights.

8. CCPA NOTICE AT COLLECTION

This Section, in accordance with the California Consumer Privacy Act and its regulations, explains the categories of Personal Information that we collect from consumers and the business or commercial purposes for which we use that Personal Information.

Categories of Personal Information that we collect. We collect Personal Information in a variety of contexts. For example, we collect Personal Information for human resource purposes, for providing a rewards program, and for fulfilling orders placed online or over the phone with NORMS restaurants. The Personal Information that we collect about a specific consumer will depend on our relationship with the consumer and our interactions with that individual.

The categories of Personal Information that we collect from consumers include:

• Identifiers, such as real name, postal address, Internet Protocol address, email address, and similar identifiers;
• Categories of Personal Information described in Section 1798.80(e) of the California Civil Code, such as telephone number, employment, billing and credit card number, and similar information;
• Commercial information, such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
• Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement;
• Approximate geolocation data;
• Audio, visual, or similar information; and,
• Inferences drawn from the above categories of information.

The categories of sensitive information include:

• Account log-in, in combination with any required security or access code, password, or credentials allowing access to the account.

We do not sell Personal Information, including sensitive Personal Information. However, we may share some of your information, such as Internet or other electronic network activity information, through the use of online tracking technologies such as third-party advertising cookies. If you wish to opt out of this sharing of your Personal Information, please visit this webpage: CCPA Request Form.

Why we collect Personal Information and how we use it. The business and commercial purposes for which we collect and use Personal Information depend on, among other things, our relationship and interactions with a specific consumer. The table below lists the purposes for which we collect and use Personal Information, along with examples.

Purposes for Collection and Use	Examples
Provide and manage website, products, and services.	Maintaining and servicing accounts, Providing customer service, Processing and fulfilling orders and transactions, Providing surveys to conduct research, Verifying customer information, Processing payments, and, Providing advertising or marketing services to you.
Support our everyday operations, including to meet risk, legal, and compliance requirements.	Perform accounting, monitoring, and reporting. Enable information security and anti-fraud operations, as well as conducting due diligence. Support audit and investigations, legal requests and demands, as well as exercise and defend legal claims. Enable use of service providers for business purposes. Comply with policies, procedures, and contractual obligations. Obtain support for fulfilling the above purposes from our third-party service providers, professional services, and business partners.
Manage, improve, and develop our business.	Market, personalize, develop, and improve our products and services. Conduct research and analysis, including product and services innovation. Support customer relationship management. Evaluate and engage in mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets. Obtain support for fulfilling the above purposes from our third-party service providers, professional services and business partners, and financial institutions.
Support employment, infrastructure, and human resource management.	Provide benefits to employees and dependents, including healthcare and retirement plans. Manage pay and compensation activities. Manage and operate our restaurants, facilities, and infrastructure. Process employment applications. Obtain support for fulfilling the above purposes from our third-party service providers, professional services and business partners, and financial institutions.
Use of sensitive Personal Information as permitted by law.	Perform services for our business, provide goods or services as requested by individuals, and ensure security and integrity of services. Short term transient use such as displaying first-party, non-personalized advertising. Process and fulfill orders, maintain and service account, provide customer service, verify customer information, process payments, and provide financing. Activities relating to quality and safety control or product improvement.

9. SECURITY AND RETENTION OF YOUR PERSONAL INFORMATION

NORMS secures your Personal Information from unauthorized access, use or disclosure. We routinely scan our source code to check for weaknesses or vulnerabilities. When Personal Information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol. However, no website, application, or transmission can guarantee security. Thus, while we have established and maintain what we believe to be appropriate technical and organizational measures to protect the confidentiality, security, and integrity of Personal Information obtained through the Sites, we cannot ensure or warrant the security of any information you transmit to us.

We retain information from or about you for so long as necessary to fulfill the purposes outlined in this Privacy Policy. When the information is no longer necessary for these purposes, we delete it or keep it in a form that does not identify you, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

10. CHILDREN’S PRIVACY

NORMS does not knowingly collect personally identifiable information from children under the age of sixteen. If you are under the age of sixteen, you must ask your parent or guardian for permission to use our Services.

11. OPT-OUT AND UNSUBSCRIBE FROM COMMUNICATIONS

We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send, or you may opt-out of receiving any or all communications from NORMS by contacting us here:

Email: ccparequests@norms.com

You will still continue to receive service-related messages concerning products and services you have purchased (unless we have indicated otherwise).

12. 24/7 REWARDS PROGRAM

Protecting your private information is our priority. This Privacy Policy applies to NORMS 24/7 Rewards app. The NORMS 24/7 Rewards is a resource for potential NORMS clients. By using the NORMS 24/7 Rewards, you consent to the data practices described in this Privacy Policy.

13. ACCESSING, CORRECTING, OR DELETING YOUR INFORMATION

You can review and change your Personal Information by logging into the App and visiting your account profile page. You may also send us an email at loyalty@norms.com to request access to, correct, or delete any Personal Information that you have provided to us.

We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If you delete your User Contributions from our Sites, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other users of our Sites. Proper access and use of information provided on our Sites, including User Contributions, is governed by our Terms of Use.

14. CHANGES TO THIS POLICY

NORMS will occasionally update this Privacy Policy to reflect company and customer feedback. NORMS encourages you to periodically review this Privacy Policy to be informed of how NORMS is protecting your information.

15. CHANGE OF OWNERSHIP

Should we sell, merge or transfer any part of our business, part of the sale may include your Personal Information.

16. CONTACT INFORMATION

NORMS welcomes your questions or comments regarding this Statement of Privacy. If you believe that NORMS has not adhered to this Statement, please contact NORMS at:

Email: ccparequests@norms.com