GDPR Compliance Statement
General Data Protection Regulation compliance information
Our Commitment to GDPR
oak-finch is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Australian privacy laws.
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Consent: When you provide explicit consent for marketing communications or cookie usage
- Contract: To fulfill our obligations when you enroll in our programs
- Legitimate Interest: To improve our services and website functionality
- Legal Obligation: To comply with tax, accounting, and regulatory requirements
Your GDPR Rights
Right to Access
You have the right to request a copy of the personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data, subject to legal retention requirements.
Right to Restrict Processing
You can request that we limit how we use your personal data.
Right to Data Portability
You can request your data in a structured, commonly used format for transfer to another service.
Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Processing
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
Data Protection Officer
For GDPR-related inquiries, contact our data protection officer:
Email: [email protected]
Address: 142 Flinders Lane, Melbourne VIC 3000, Australia
International Data Transfers
If we transfer personal data outside Australia, we ensure appropriate safeguards are in place through:
- Standard contractual clauses approved by regulatory authorities
- Adequacy decisions confirming recipient countries provide adequate protection
- Binding corporate rules for transfers within our organization
Data Breach Notification
In the event of a data breach that poses risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach.
Exercising Your Rights
To exercise any GDPR rights or submit a data subject access request:
- Send an email to [email protected] with "GDPR Request" in the subject line
- Specify which right you wish to exercise
- Provide sufficient information to verify your identity
- We will respond within one month of receiving your request
Complaint Process
If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with:
- Our data protection officer (contact details above)
- The Australian Information Commissioner (for Australian residents)
- Your local supervisory authority (for EU residents)
Record of Processing Activities
We maintain detailed records of all data processing activities as required by GDPR Article 30. These records include:
- Purposes of processing
- Categories of data subjects and personal data
- Recipients of personal data
- Data retention periods
- Security measures implemented
Updates to This Statement
We review and update this GDPR compliance statement regularly to reflect changes in our practices or legal requirements.
Last reviewed: June 3, 2026