Supplier Code of Conduct

At AdFixus Pty Ltd, we are committed to privacy, ethical conduct, and environmental responsibility.
This Supplier Code of Conduct outlines the minimum standards and expectations for all suppliers, contractors, vendors, and service providers (“Suppliers”) engaged with AdFixus.

Suppliers are expected to uphold these principles across their operations and supply chains—particularly when services impact AdFixus clients or systems operating in Australia, the EU, the UK, and other regulated jurisdictions.

1. Privacy by Design & Transparency

• Respect privacy laws: Suppliers must comply with all relevant privacy and data protection frameworks, including the Australian Privacy Act 1988 (Cth), GDPR, CCPA, and IAB TCF.
• Be transparent: Suppliers must provide clear and accurate information about their data processing practices and support AdFixus in meeting transparency and compliance requirements.

2. Data Minimisation & Protection

• Collect only what’s necessary: Personally identifiable information (PII) should only be collected when legally permitted and contractually required.
• Protect data effectively: Implement strong data protection methods such as end-to-end encryption, pseudonymisation, or anonymisation in line with ISO/IEC 27018.
• Limit retention: Data should only be retained for the duration necessary to meet contractual or legal obligations (e.g., event/log data not exceeding 90 days unless otherwise required).

3. Consent & Data Subject Rights

• Respect consent: No personal data should be processed or shared without valid, documented consent where required. Suppliers must honour opt-out and Do-Not-Track signals.
• Enable user rights: Support individuals’ rights under GDPR, UK GDPR, CCPA, and Australian Privacy Principles (APPs) — including access, correction, deletion, and data portability.

4. Security & Risk Management

• Maintain robust security: Suppliers must apply encryption, access controls, audit logging, multi-factor authentication, and secure software development practices.
• Demonstrate compliance: Maintain alignment with ISO/IEC 27001 or equivalent standards. Upon request, provide evidence such as SOC 2 reports, certifications, or audit results.

5. Responsible Use of Technology

• Comply with tracking and privacy regulations: All tracking or profiling technologies must operate on lawful grounds and, where required, with informed consent.
• Respect user controls: Honour opt-out and Do-Not-Track mechanisms and never attempt to bypass them.
• Manage identifiers responsibly: The use of cookies, device IDs, or other tracking mechanisms must be transparent and consent-based.
• Provide clarity: Ensure that users and clients are informed about any technology used for data collection or processing and are given appropriate control or disclosure options.

6. Environmental Responsibility

• Operate sustainably: Strive to reduce environmental impact by optimising computing resources, lowering emissions, and prioritising renewable energy.
• Encourage green practices: Support remote work, reduce travel and waste, and choose environmentally responsible suppliers and data centres.

7. Ethical Business Conduct

• Act lawfully and ethically: Comply with all applicable laws, including anti-bribery, anti-corruption, and modern slavery legislation (e.g., UK Bribery Act 2010, Australian Modern Slavery Act 2018).
• Prevent modern slavery: Implement due diligence and policies to identify and prevent forced labour, servitude, or child labour in operations and supply chains.
• Uphold fair labour standards: Provide safe, inclusive, and freely chosen employment in compliance with local wage, working hour, and occupational health standards.
• Avoid conflicts of interest: Disclose any real or perceived conflicts and act with transparency and independence.
• Protect whistleblowers: Maintain confidential and accessible reporting channels and ensure protection from retaliation.

8. Compliance & Audit Cooperation

• Support oversight: Cooperate fully with AdFixus audits, due diligence, and compliance verifications, including regulatory reviews.
• Remediate promptly: In the event of a breach or non-compliance, notify AdFixus immediately and assist in containment, investigation, and resolution.

9. Continuous Improvement & Awareness

• Stay informed: Monitor and adapt to legal and regulatory developments to ensure ongoing compliance.
• Educate teams: Provide regular staff training on privacy, security, ethical conduct, and sustainability practices.

Enforcement & Updates

Failure to comply with this Code may result in corrective actions, including suspension or termination of the supplier relationship, notification to regulatory authorities, or other legal measures.

AdFixus reserves the right to review and update this Code periodically to reflect evolving regulations, risks, and internal policies.

‍