Oraion Privacy Policy


This Privacy Policy outlines how we collect, use, share, and safeguard personal information across our digital properties.

We operate with transparency and align with global data protection regulations, including GDPR and CCPA.


Last updated: June 26, 2025


Scope

This Privacy Policy applies to oraion.com and its publicly accessible subdomains.
By accessing or using our website, you acknowledge and accept this policy.
If you have concerns or do not agree with the terms outlined here, please contact us at privacy@oraion.com prior to engagement.


Data We Collect


Oraion collects two categories of data:


1. Non-Personal Data (collected automatically via cookies and analytics tools):

  • Browser, device type, and operating system

  • IP address

  • Page views, referring/exit URLs

  • Session duration and behavior


2. Personal Data (voluntarily submitted via forms, contact, subscriptions):

  • Name, email, address, phone number

  • Professional or employment-related details (when relevant)


We only collect data that is necessary, proportionate, and relevant to our operational and business purposes.


Legal Bases for Processing


Oraion processes personal data under the following legal bases:

  • Performance of a contract

  • Legitimate interest

  • Compliance with legal obligations

  • Consent (where explicitly obtained)


We maintain a Record of Processing Activities (RoPA) as required under GDPR and evaluate our legal bases on a recurring basis.



Use of Data


We use personal data to:

  • Provide and improve services and website functionality

  • Respond to inquiries and provide support

  • Send marketing communications (where permitted)

  • Conduct internal research and diagnostics

  • Comply with regulatory and contractual obligations


We retain data only as long as necessary for the purposes described, or as required by law.



Data Sharing & Subprocessors


We do not sell personal data.

We may share information with trusted third parties under binding agreements, including:

  • Cloud infrastructure and hosting providers

  • Analytics and communication platforms

  • Legal, financial, or audit consultants

  • Payment processors (Oraion does not store card data)


All subprocessors undergo risk-based due diligence and comply with GDPR and CCPA.
A complete list of subprocessors is available upon request.


Data Governance & Access Control

Oraion enforces strict access governance across all systems handling personal data:

  • Access is role-based (RBAC) and limited to operational necessity

  • Authentication is enforced via Single Sign-On (SSO) and Multi-Factor Authentication (MFA)

  • Access events are logged and monitored

  • Permission changes require multi-reviewer approval


We apply internal policies that govern data classification, handling, and retention, reviewed regularly for compliance and operational accuracy.

International Transfers

Oraion operates globally, with its parent company based in the EU and infrastructure across both Europe and the United States.
Cross-border data transfers occur under:

  • Standard Contractual Clauses (SCCs)

  • Data Processing Agreements

  • Other appropriate legal safeguards as required


User Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you

  • Request correction or deletion

  • Restrict or object to specific processing

  • Withdraw consent at any time (when applicable)

  • Request data portability

  • File a complaint with a data protection authority


To exercise your rights, contact privacy@oraion.com.
We respond to all valid requests in accordance with applicable regulations and timeframes.


Cookies & Tracking

We use cookies and similar technologies to:

  • Monitor site performance and usage

  • Personalize user experience

  • Detect and prevent abuse or fraudulent activity


When you visit our website, you are presented with a cookie banner that allows you to accept or reject non-essential cookies.


You can also configure your browser settings to manage or block cookies. Please note that disabling certain cookies may impact website functionality and user experience.


Children’s Data

Our services are not directed to individuals under 18.
We do not knowingly collect or store data from minors.
If you believe a child has submitted personal data to Oraion, contact us immediately.


GDPR & CCPA Compliance

Oraion adheres to the principles of GDPR and CCPA. We:

  • Maintain transparency in data processing

  • Apply data minimization and purpose limitation

  • Provide clear mechanisms for users to exercise their rights

  • Do not discriminate against individuals exercising those rights

  • Have not sold personal data in the past 12 months


Contact

If you have any questions, concerns, or requests regarding this policy or your personal data, please contact:

privacy@oraion.com