1. Introduction
AdFixus Pty Ltd ("AdFixus", "we", "us", or "our") specialises in privacy-focused digital identity solutions designed to comply with stringent data privacy regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA), and the IAB Europe Transparency and Consent Framework (TCF). This Privacy Policy outlines how the AdFixus Platform manages, processes, and safeguards Visitor Data. Information collected when visiting the AdFixus websites or through the course of our regular business is covered separately in our general Privacy Policy (https://www.adfixus.com/privacy-policy).
2. Definitions
AdFixus Identifier: A secure, encrypted identifier unique to each browser and Client, created and stored on the Visitor’s device and by our Clients, but not stored by AdFixus. It is used to facilitate data exchange without linking to personal identity.
Client: An organisation, such as a publisher, advertiser, or other digital property owner, that utilises the AdFixus Platform to generate, manage, or process AdFixus Identifiers and related data for purposes such as measurement, targeting, and analytics. Clients are responsible for obtaining and communicating consent information to AdFixus as required under applicable laws and TCF guidelines.
Consent String: The encoded data representing a Visitor’s consent choices as defined by the IAB TCF. AdFixus does not create or manage consent strings; this is managed solely by the Client.
Do-Not-Track (DNT) Feature and Flag: A mechanism used by AdFixus to manage data tracking preferences based on consent status provided by Clients. If a Visitor opts out of data tracking, the DNT Feature applies a DNT flag ('Consent: dnt = true'), indicating that data tracking, identifier creation, and synchronisation are to be prevented for that Visitor.
Event Data: Information about Visitor interactions, such as ad impressions, clicks, or conversion events, processed without reference to personal identity.
Personally Identifiable Information (PII): Information that directly or indirectly identifies an individual, as defined within the GDPR, including name, email address, telephone number, identification number, location data, online identifiers, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
Visitor: An individual interacting with a Client’s digital properties where the AdFixus Platform is implemented. Visitors are identified solely through browser-level identifiers without reference to personal identity, and AdFixus does not store data that directly identifies Visitors.
Visitor Data: Information collected through a Visitor's interaction with a Client’s digital properties, including AdFixus Identifiers and Event Data, processed solely in memory and not retained by AdFixus.
3. AdFixus Platform Overview
The AdFixus Platform provides the following services to Clients:
* AdFixus Identify: Generates a secure, privacy-first identifier across participating Client domains.
* AdFixus Match: Matches identifiers without processing PII, utilising multilayer encryption to prevent the sharing of Client-specific AdFixus Identifiers while ensuring data isolation.
* AdFixus Stream: Transmits Event Data in real-time without storing PII, using Client-owned cloud storage.
* AdFixus Measure: Provides analytics for ad performance leveraging the AdFixus Identifier.
* AdFixus Link: Generates non-persistent identifiers for temporary use within AdFixus Stream and Measure, preventing consistent identification.
4. Storage of AdFixus Identifiers
The AdFixus Platform uses first-party cookies and may utilise localStorage and sessionStorage to securely store AdFixus Identifiers and related information on the Visitor’s device. Cookies expire after one year but are refreshed upon each visit.
If consent is not provided, Clients must implement the DNT Feature, which prevents identifier creation, by setting the Z DNT flag ('Consent: dnt = true') within related cookies.
5. Data Profiling
AdFixus does not create, maintain, or monetise Visitor profiles, nor does it capture data for profiling purposes. Visitor profiles maintained by Clients are based solely on data they independently collect and manage. AdFixus does not access or store such data.
6. Data Collection, Processing, and Retention
AdFixus does not collect, store, or commercialise Personally Identifiable Information (PII). Data, including AdFixus Identifiers and Visitor Data, is processed in memory and not stored.
The only data retained is for fraud prevention and security purposes. This may include anonymised or pseudonymised log data, IP addresses, or device metadata, which is kept for a maximum of 90 days and then securely deleted. This data is stored in a manner that prevents the identification of individuals by AdFixus.
7. International Data Transfers
Where personal data may be transferred internationally (including outside of the European Economic Area), AdFixus ensures appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure data is protected in accordance with applicable laws.
8. Client Consent Management
Clients subject to GDPR and TCF compliance are contractually required to obtain valid consent for the following purposes as defined by TCF:Purpose 1: Store and/or access information on a device and Purpose 7: Measure advertising performance. Any additional purposes, whether based on legitimate interest or further consent, are the sole responsibility of the Client. AdFixus may request periodic documentation or audits from Clients to verify consent mechanisms are being properly implemented.
If consent is not obtained, Clients must notify AdFixus via the DNT Feature. AdFixus will then enforce the DNT flag ('Consent: dnt = true'), preventing identifier creation and synchronisation.
9. Consumer Rights Request and Complaints
AdFixus does not sell or share personal data as defined under CCPA. Clients are responsible for facilitating consumer rights requests. AdFixus will provide necessary cooperation in support of these requests, in accordance with CCPA regulations.
Complaints regarding privacy or consent management can be sent to privacy@adfixus.com and will be addressed within 72 hours.
10. Data Erasure and Correction
AdFixus does not manage personal data directly. Any requests for data access, correction, deletion, or restriction should be directed to the Client who maintains control over Visitor data. AdFixus will cooperate with Clients in facilitating data erasure and access requests as required by applicable law.
11. Information Security
AdFixus has implemented comprehensive security measures, including ISO27001:2022 certification, regular third-party penetration testing, security audits, and continuous monitoring to safeguard data integrity. In addition, all data is encrypted using industry-standard cryptographic protocols both in transit and at rest.
12. Data Protection Officer (DPO)
AdFixus has appointed a Data Protection Officer (DPO) responsible for overseeing data protection strategy and ensuring compliance with applicable data protection laws. The DPO can be contacted at privacy@adfixus.com.
13. Breach Notification
In accordance with the Australian Privacy Act 1988 (Cth), the GDPR, and the Notifiable Data Breaches (NDB) scheme, AdFixus is committed to promptly informing Clients of any suspected or confirmed data breach involving Visitor Data.If such a breach poses a risk of serious harm to individuals, AdFixus will assist Clients in meeting their obligations to notify affected individuals and relevant data protection authorities (e.g., the OAIC and/or supervisory authorities in the EEA) within applicable timeframes.
14. Liability and Enforcement
Clients are contractually required to comply with all applicable privacy laws. This includes implementing and managing consent mechanisms integrated with AdFixus services to enforce consent through the DNT Feature. In cases of material non-compliance, AdFixus reserves the right to suspend services, notify regulators, or terminate agreements.
15. Changes to This Privacy Policy
We may periodically update this Privacy Policy. Updates will be published here. Visitors and Clients are encouraged to review this Privacy Policy regularly to stay informed.
For questions or concerns, please contact: AdFixus Pty Ltd privacy@adfixus.com
Last updated on: 8 May 2025
.png)