Platform Privacy Policy

1. Introduction

AdFixus Pty Ltd ("AdFixus", "we", "us", or "our") specialises in privacy-focused digital identity solutions compliant with global regulations, including:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act 2018)
• IAB Europe Transparency and Consent Framework (TCF)

This Policy outlines how the AdFixus Platform manages, processes, and safeguards Visitor Data. Information collected through AdFixus websites or normal business operations is covered in our Online Privacy Policy.

2. Definitions

• AdFixus Identifier: A secure, encrypted identifier unique to each browser and Client, stored on the Visitor’s device and by our Clients.
• Client: An organisation (publisher, advertiser, or digital property owner) using the AdFixus Platform to generate, manage, or process AdFixus Identifiers for measurement, targeting, and analytics.
• Consent String: Encoded data representing a Visitor’s consent choices under IAB TCF.
• Do-Not-Track (DNT) Feature and Flag: Mechanism to manage data tracking based on Visitor consent. If a Visitor opts out, the DNT flag ('Consent: dnt = true') prevents identifier creation and synchronisation.
• Event Data: Information about Visitor interactions (ad impressions, clicks, conversions).
• Personally Identifiable Information (PII): Data that directly or indirectly identifies an individual, including name, email, phone number, location, online identifiers, or factors specific to identity.
• Visitor: An individual interacting with a Client’s digital properties where the AdFixus Platform is implemented.
• Visitor Data: Information collected through Visitor interactions, including AdFixus Identifiers and Event Data.

3. AdFixus Platform Overview

The Platform provides the following services to Clients:

• AdFixus Identify: Generates a secure identifier across participating Client domains.
• AdFixus Match: Matches identifiers without processing PII using multi-layer encryption, ensuring data isolation.
• AdFixus Stream: Transmits Event Data in real-time without storing PII, using Client-owned cloud storage.
• AdFixus Measure: Provides analytics for ad performance leveraging AdFixus Identifiers.
• AdFixus Link: Generates non-persistent identifiers for temporary use, preventing consistent identification.

4. Storage of AdFixus Identifiers

• Stored using first-party cookies, localStorage, sessionStorage, or other browser storage mechanisms.
• Cookies expire after one year, refreshed upon each visit.
• If consent is not provided, Clients implement the DNT Feature, preventing identifier creation via the Z DNT flag.

5. Data Profiling

• AdFixus does not create, maintain, or monetise Visitor profiles.
• Any profiles are managed solely by Clients.

6. Data Collection, Processing, and Retention

• AdFixus does not collect, store, or commercialise PII.
• Data processed in memory only; only anonymised/pseudonymised data is retained for fraud prevention and security.
• Retained data (e.g. IP addresses, device metadata) is kept for maximum 90 days and securely deleted.

7. International Data Transfers

• Transfers of PII internationally comply with applicable safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Client Consent Management

• Clients under GDPR and TCF are responsible for obtaining valid consent for:
  • Purpose 1: Store/access information on a device
  • Purpose 7: Measure advertising performance
• AdFixus enforces consent either via the DNT Feature or by reading, validating and enforcing consent strings (TC Strings) where a TCF compliant Consent Management Platform (CMP) is used.

9. Consumer Rights Requests and Complaints

• AdFixus does not sell or share personal data under CCPA.
• Clients are responsible for facilitating consumer rights requests; AdFixus will cooperate.
• Privacy complaints can be sent to privacy@adfixus.com, responded to within 72 hours.

10. Data Erasure and Correction

• AdFixus does not manage PII directly.
• Requests for access, correction, deletion, or restriction should be directed to Clients.
• AdFixus will support Clients in fulfilling legal obligations.

11. Information Security

• Security measures include:
  • ISO27001:2022 certification
  • Regular penetration testing and audits
  • Continuous monitoring
  • Encryption in transit and at rest using industry-standard protocols

12. Data Protection Officer (DPO)

• AdFixus has appointed a DPO overseeing compliance with applicable privacy laws.
• Contact: privacy@adfixus.com

13. Breach Notification

• AdFixus complies with the Australian Privacy Act 1988, GDPR, and Notifiable Data Breaches (NDB) scheme.
• Clients will be promptly informed of any suspected or confirmed breaches involving Visitor Data.
• Assistance will be provided to notify affected individuals and authorities as required.

14. Liability and Enforcement

• Clients must comply with all applicable privacy laws and consent management obligations.
• AdFixus may suspend services, notify regulators, or terminate agreements in cases of material non-compliance.

15. Changes to This Privacy Policy

• Updates will be published on this page.
• Visitors and Clients should review the Policy regularly.

16. Contact

• For questions or concerns: privacy@adfixus.com