GDPR Compliance Statement

Effective Date: June 20th, 2025

1. Introduction

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal data from individuals in the European Economic Area (EEA). Broken Duck Media is committed to complying with the GDPR and ensuring that user privacy is protected when using our website, forms, chatbot, and services.

2. Who We Are

Broken Duck Media is a software development studio based in Thailand. We specialize in AI-enhanced digital platforms and services for educational and business clients. For the purpose of GDPR, we act as the “Data Controller” for any personal data we collect from EEA users.

3. Legal Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

• Consent – when you submit data through our forms, accept cookies, or interact with our chatbot.
• Contractual necessity – when data processing is required to fulfill service agreements or respond to inquiries.
• Legitimate interests – including service improvement, analytics, and basic operations, where such processing does not override your rights and freedoms.
• Legal obligation – when we are required to comply with legal or regulatory requirements.

4. Your Data Protection Rights

If you are located in the EEA, you have the following rights under the GDPR:

• Right to Access – You can request a copy of the personal data we hold about you.
• Right to Rectification – You can request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten") – You can request the deletion of your data, subject to legal exceptions.
• Right to Restrict Processing – You can request limits on how we use your data.
• Right to Data Portability – You can request your data in a machine-readable format.
• Right to Object – You can object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent – You can revoke consent at any time for processing based on prior consent.
• Right to Lodge a Complaint – You can file a complaint with a supervisory authority in your country.

5. Data Transfers Outside the EEA

As a Thailand-based company, we may process your data outside the European Economic Area. When we do, we implement safeguards such as Standard Contractual Clauses or data processing agreements to ensure an adequate level of data protection.

6. Data Retention

We store your personal data for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required by law. In general, data may be retained indefinitely unless deletion is requested.

7. Security Measures

We maintain technical and organizational measures to protect your data from unauthorized access, disclosure, or destruction. These include SSL encryption, access control, and regular security reviews of our infrastructure and vendor relationships.

8. Exercising Your Rights

To exercise any of your rights under the GDPR, please contact us at:

Email: admin@brokenduckmedia.com

We will respond to verified requests within 30 days as required by law.

9. Updates to This Statement

We may update this GDPR Compliance Statement as necessary to reflect changes in regulations, business operations, or technical infrastructure. Revisions will be posted with an updated effective date at the top of this page.