Privacy Policy

Last updated:
January 31, 2026

1. Introduction

Projet ORA (”ORA project”, “we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how personal data is collected, used, and protected when you use this website, in accordance with the General Data Protection Regulation (GDPR) and applicable French data protection laws.

The website does not use analytics, advertising, or tracking tools.

2. Data Controller

The data controller is:

ORA project

Legal form: Association Loi 1901

RNA number: W751282458

Registered office: 10 Cité de Trévise, 75009 Paris, France

Email: hello [at] oraproject [dot] org

3. Personal Data Collected

We may collect and process the following categories of personal data:

  • Identity data (e.g. name)
  • Contact data (e.g. email address, phone number)
  • Technical data (e.g. IP address, browser type, device information)
  • Security and access logs
  • Information voluntarily provided via contact forms or email communications

No profiling or tracking of user behavior is carried out.

4. How Personal Data Is Collected

Personal data is collected when:

  • You fill in a contact form on the website
  • You contact us by email
  • You browse the website (technical and security-related processing)

5. Purposes and Legal Bases of Processing

Personal data is processed only where legally permitted, for the following purposes:

Purpose – legal basis
Responding to inquiries – legitimate interest
Website hosting and availability – legitimate interest
Website security (DDoS protection, WAF, bot mitigation) – legitimate interest
Contract execution (if applicable) – contract
Accounting and legal obligations – legal obligation

6. Data Retention

Personal data is retained only for as long as necessary and in accordance with CNIL recommendations and legal obligations:

  • Contact requests: 3 years after the last contact
  • Data related to a commercial relationship: 3 years after the end of the relationship
  • Accounting and invoicing data: 10 years
  • Technical and security logs: retained for a limited duration for security purposes

7. Data Sharing, Hosting, and Technical Service Providers

The website is built and hosted using Webflow, which acts as a data processor and provides the website infrastructure and hosting services.

In addition, we use Cloudflare, Inc. as a technical service provider for:

  • Website security (DDoS protection, Web Application Firewall)
  • Traffic filtering and bot detection
  • Performance optimization via content delivery network (CDN)
  • Secure HTTPS connections (SSL/TLS)

Cloudflare acts as a data processor and may process technical data such as IP addresses, request metadata, and security logs solely for these purposes and on our instructions.

No personal data is sold or shared for commercial or marketing purposes.

8. International Data Transfers

Some technical data processed by Webflow and Cloudflare may be transferred outside the European Union.

In such cases, appropriate safeguards are implemented, including Standard Contractual Clauses approved by the European Commission.

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw your consent at any time (where applicable)
  • Lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL)

You may exercise your rights by contacting: privacy [at] oraproject [dot] org

In case of reasonable doubt regarding your identity, proof of identity may be requested.

10. Cookies

This website uses only strictly necessary technical cookies required for its proper functioning and security.

These cookies:

  • Do not track users
  • Do not collect analytics or advertising data
  • Do not require user consent under CNIL guidelines

No audience measurement or marketing cookies are used.

11. Data Security

We implement appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of personal data, and to protect it against unauthorized access, loss, or misuse.

12. Changes to This Privacy Policy

This Privacy Policy may be updated at any time.

The version published on the website is the version currently in force.

© 2026 The ORA Project.
Legal Notice
Privacy Policy