Supplier Code of Conduct

This Supplier Code of Conduct outlines the minimum expectations AdFixus Pty Ltd has for all suppliers, contractors, vendors, and service providers ("Suppliers"). It is designed to ensure that Suppliers align with AdFixus' commitment to privacy, data protection, legal compliance, ethical business, and environmental responsibility. Suppliers are expected to uphold these standards in their operations and supply chains, particularly where services affect AdFixus clients or systems operating in Australia, the EU, UK, and other regulated jurisdictions.

1. Privacy by Design & Transparency
• Respect privacy regulations: Suppliers must comply with all applicable privacy laws and frameworks, including but not limited to the Australian Privacy Act 1988 (Cth), GDPR, CCPA, and IAB TCF.
• Maintain transparency: Suppliers must provide accurate, accessible information about their data processing activities and support AdFixus in delivering transparency and compliance for end users and clients.

2. Data Minimisation & Protection
‍• Limit data collection: Suppliers must avoid collecting personally identifiable information (PII) unless contractually required, legally permitted, and securely handled.
• Use secure methods: Suppliers must adopt strong data protection techniques, including end-to-end encryption and pseudonymisation or anonymisation practices consistent with ISO/IEC 27018.
• Adhere to retention limits: Suppliers must retain data only as long as necessary for the agreed purpose or to comply with applicable legal requirements. Event and log data must be limited in scope and time (e.g. maximum 90 days unless lawfully required otherwise).

3. Consent & Data Subject Rights
• Enforce consent requirements: Suppliers must not process or share personal data without valid, documented consent where required. They must comply with opt-out and Do-Not-Track signals.
• Support rights under law: Suppliers must enable the exercise of data subject rights under GDPR, UK GDPR, CCPA, and Australian Privacy Principles (APPs), including access, correction, deletion, and data portability, when applicable.
‍
‍4. Security & Risk Management
• Implement strong security: Suppliers must maintain robust security frameworks including encryption, access controls, audit logging, and patch management. Use of multi-factor authentication and secure software development practices is expected.
• Demonstrate compliance: Suppliers must align with ISO/IEC 27001 or equivalent security standards. Where requested, Suppliers must provide evidence of compliance, such as certifications, SOC 2 reports, or security assessments.

5. Responsible Use of Technology
• Comply with applicable tracking and privacy laws: Suppliers must comply with relevant legislation regulating the use of tracking technologies, including but not limited to the Australian Privacy Act 1988 (Cth), GDPR, UK GDPR, and CCPA. Any data collection, tracking, or profiling must be based on lawful grounds and informed consent where legally required.
• Respect lawful user control mechanisms: Suppliers must respect opt-out signals and Do-Not-Track requests as required by law and must not deploy or facilitate technologies that intentionally bypass these controls.
• Manage identifiers lawfully: The use of cookies, device identifiers, or other tracking mechanisms must be compliant with applicable regulations, with identifiers managed in a transparent, consent-driven manner.
• Data handling transparency: Suppliers must ensure that users and clients are informed about the nature and purpose of any technology deployed that collects or processes user data, and must provide appropriate controls or disclosures to meet legal standards.

6. Environmental Responsibility
• Operate sustainably: Suppliers should reduce their environmental impact by optimising computing infrastructure, lowering emissions, and using renewable energy wherever feasible.
• Promote green practices: This includes supporting remote work, reducing travel, minimising waste, and selecting sustainable suppliers and data centres.
‍
7. Ethical Business Conduct
• Act lawfully and ethically: Suppliers must comply with all applicable laws, including anti-bribery (e.g. UK Bribery Act 2010, Australian Criminal Code), anti-corruption, modern slavery legislation (e.g. Australian Modern Slavery Act 2018, UK Modern Slavery Act 2015), and international labour and human rights frameworks.
• Prevent modern slavery and human trafficking: Suppliers must have appropriate policies and due diligence processes to identify, prevent, and address risks of modern slavery, including forced labour, servitude, child labour, and human trafficking, within their operations and supply chains.
• Maintain fair labour practices: Suppliers must uphold fair employment practices, provide a safe and inclusive workplace, ensure that work is freely chosen, and comply with local wage, working hour, and occupational health standards.
• Avoid conflicts of interest: Suppliers must disclose any actual or perceived conflicts of interest and act with transparency and independence when engaging with AdFixus.
• Enable whistleblower protections: Suppliers must implement confidential and accessible whistleblower mechanisms and protect individuals who report misconduct from retaliation or negative consequences.

8. Compliance & Audit Cooperation
• Support oversight: Suppliers must respond to requests for audit, due diligence, or compliance verification, including regulatory assessments where applicable.
• Prompt remediation: If non-compliance or a breach occurs, Suppliers must notify AdFixus without undue delay and cooperate fully in any investigation, containment, and resolution.

9. Continuous Improvement & Awareness
• Stay current: Suppliers must monitor changes in legal and regulatory frameworks and update internal processes accordingly.
• Train employees: Suppliers must maintain regular training programs for employees on topics such as privacy, information security, workplace conduct, and environmental impact.

Failure to comply with this Code may lead to corrective actions, including suspension or termination of the supplier relationship, notification to regulatory authorities, and legal recourse. AdFixus reserves the right to update this Supplier Code of Conduct periodically to reflect regulatory developments, risk factors, and internal policy changes.