We are writing to formally address the General Data Protection Regulation (GDPR) compliance for our company, Oaktree PM. As an organisation that values data privacy and protection, we are committed to ensuring that all personal data processed by our company is handled in accordance with GDPR requirements.
Oaktree PM acts as both a Data Controller and Data Processor, as defined by the GDPR. We collect, store, and process personal data from various individuals, including but not limited to employees, clients, and third-party vendors. We also engage with subcontractors who may process personal data on our behalf. We take responsibility for the personal data we collect and process, ensuring it is done lawfully and transparently.
We ensure that all personal data processing activities performed by Oaktree PM have a lawful basis as defined in Article 6 of the GDPR. These lawful bases may include:
a) Consent: We obtain explicit and informed consent from data subjects when necessary.
b) Contractual Necessity: We process personal data to fulfill contractual obligations with our clients or for pre-contractual activities.
c) Legal Obligation: We process personal data to comply with legal obligations imposed on our organization.
d) Legitimate Interests: We process personal data based on legitimate interests pursued by Oaktree PM or a third party, while ensuring that the rights and freedoms of data subjects are not overridden.
Oaktree PM recognises and respects the rights of data subjects as outlined in the GDPR. We have implemented procedures to facilitate the exercise of these rights, including:
a) Right to Access: Data subjects can request access to their personal data held by Oaktree PM.
b) Right to Rectification: Data subjects can request the correction or amendment of inaccurate or incomplete personal data.
c) Right to Erasure: Data subjects have the right to request the deletion of their personal data under certain circumstances.
d) Right to Restriction of Processing: Data subjects can request the limitation of processing their personal data in specific situations.
e) Right to Data Portability: Data subjects can request the transfer of their personal data to another organization or receive it in a structured, commonly used, and machine-readable format.
f) Right to Object: Data subjects can object to the processing of their personal data, including direct marketing or profiling activities.
Oaktree PM is committed to implementing appropriate technical and organisational measures to ensure the security and confidentiality of personal data. We have implemented safeguards to protect against unauthorised access, loss, alteration, or disclosure of personal data. These measures include:
a) Regular data protection training for employees.
b) Strict access controls and user permissions.
c) Encryption of sensitive personal data.
d) Regular monitoring and testing of security measures.
e) Incident response and breach notification procedures.
Oaktree PM acknowledges that personal data may be transferred to countries outside the European Economic Area (EEA) or to international organisations. We ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect personal data during such transfers.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by legal obligations. We have established retention policies and procedures to ensure compliance with data protection principles.
Oaktree PM incorporates privacy by design principles in our data processing activities. We conduct privacy impact assessments (PIAs) for high-risk processing activities to identify and mitigate potential privacy risks.
In the event of a personal data breach, Oaktree PM has procedures in place to promptly detect, assess, and report such breaches to the relevant supervisory authority and affected data subjects, as required by the GDPR.
We have appointed a Data Protection Officer (DPO) to oversee our data protection practices. The DPO acts as a point of contact for data subjects and supervisory authorities. The contact details of our DPO are provided at the beginning of this document.
Oaktree PM regularly reviews and updates our data protection practices to ensure ongoing GDPR compliance. We conduct internal audits, assess risks, and take appropriate measures to address any identified deficiencies.
We appreciate your attention to this matter and our commitment to GDPR compliance. Should you require any further information or have any concerns related to our data processing activities, please do not hesitate to contact our Data Protection Officer.
We encourage you to reach out to us today and start a conversation about your unique requirements. Our team is ready to listen and understand your specific needs, ensuring that we provide tailored solutions to meet your goals.
