Compliance – FAQ

Data Privacy and Compliance – FAQ

We have created an FAQ below to support questions related to how the AFFIXCON  Data Pool is generated and how applicable consumer privacy and regulatory compliance are addressed.

How does AFFIXCON collect the data?     

AFFIXCON does not collect data directly from the consumer. AFFIXCON contracts with Contributors to utilise their consumer data assets.  AFFIXCON manages deep profiles around people, places and businesses geo-tied to their digital footprint. From this we build a comprehensive identity graph with interconnected entities across multiple contact pathways both online and offline.

What AFFIXCON Requires from its Contributors?

AFFIXCON contracts with Contributors such that they warrant:

  • The Consumer records are collected in compliance with the Australian Privacy Act 1988.
  • The Consumer consented / opted-in such that their details can be utilised to fulfil AFFIXCON Use Cases.
  • The Consumer consented / opted-in such that their details can be provided to third party organisations downstream.
  • The Consumer consented / opted-in such that their details can be provided to Third Party Organisations outside Australia.
  • The Contributors have a robust and effective Consumer opt-out process from the Consumer and to and from AFFIXCON.
  • The Consumer has been informed of the Contributors opt-out process.
  • The Contributors have a data breach policy.
  • The Contributors consent to the AFFIXCON Privacy compliance attestation audit.

Does AFFIXCON Consider the Consumer?

AFFIXCON as part of its core ISO 27001 Information Security Management System implementation considers the Consumer as an ‘Interested Party’. As such they have legal and consideration rights in the handling, storage, use and disclosure of their information by AFFIXCON. We therefore have designed our Information Security Compliance and Privacy Compliance program to protect the Consumer as an Interested Party.

Understanding our Contributors.

Our Contributors are sourced from three types of industry leading data generating organisations, these include online mobile device driven location data, offline opt-in lead generation data and offline attribute data at address and person level.

In reference to our Contributors when we refer to AFFIXCON collection practices below we are referring to our Contributors collectively.

AFFIXCON captures data at a broad level for both Consumers and Mobile Location Data and addresses applicable privacy and compliance. Note that while apps and sites, the same privacy compliance applies to all data collected and managed by AFFIXCON.

All data collected, and associated partners are required to, support clear and compliant privacy notices and opt-in/out management that allow for collection, use, and distribution to 3rd parties. Noncompliant data that is identified is suppressed as detailed below and will not be delivered to customers.

What rights and permissions do you have to the data that you make available to your customers?

AFFIXCON maintains complete rights to license the data collected to customers for any legally permissible purpose including but not limited to marketing, advertising, publishing, lead generation, analytics, fraud prevention, credit scoring, debt collection, and contextual recommendations.

We set a minimum Use Case standard for all ingested data such that it may be utilised for analytics, segmentation, indirect marketing and summary modelling.

How do we provide you data?

AFFIXCON provides its data to clients either:

  • Licenced Platform – client can upload their PII data and link to the AFFIXCON platform
  • Data Load – client can receive a bucket of selected AFFIXCON data.

How can AFFIXCON Audience Intelligence be transferred to a non-PII environment/application?

AFFIXCON’s deep audience segments on consumers can be attached to device ids, cookies, hashed emails. In a non-PII supported environment, deep consumer intelligence will go out as segments without attachment to core identifying information. For example, in a programmatic environment when requests come in against a hashed email, a device id , cookie, or an ip address, AFFIXCON matches the input against its base and returns segments such as pet-owner, >120k income, outdoor enthusiast, executive at a FT500 company, age 35-45, male, visited x, y z, places and searched for keywords/concepts/tech domain related web searches in last couple of weeks. This external intelligence would help contextualize offer/recommendation and personalization. So in essence, all PIIs can be fully abstracted in the resulting feed/dataset/platform output. Customers can receive machine-readable intelligence tied to some ids, cross-device ids or hashed ids.

If a brand wants to extend intelligence on its consumer base, AFFIXCON can accept input with non-PII data (a set of hashed emails, device ids, cookies, ip addresses or other) and append deep intelligence against the input. For PII level enhancement, AFFIXCON dataset, platform, tools or a subset of it could be taken in-house for append and aggregation.

Do you follow any self-regulatory practices?

AFFIXCON follows closely and adheres to the generally accepted principles of many organizations including ISO 27001, NAI, DAA, and others.

What options do you provide, if any, for consumers to opt-out of your data practices?

AFFIXCON only works with data that is collected with clearly stated opt-in and easily accessible opt-out for consumers.

How do you avoid collecting data from child-directed websites, apps or other sources, owned and pirated or via partner relationships?

No data is collected or maintained for people under the age of 18 years.

Do you Model Data?

AFFIXCON models over 700 fields of data at differing levels of geography from the individual consumer to the household and geographies above as defined by the ASGS.

We ingest data from consumers that is self-reported such as date of birth and model it across the whole population as an Age Band.

Data is sourced from the individual or from official publication channels such as the Australian Taxation Office and the Australian Bureau of Statistics.

A detailed model build , source data and methodology profile is available for each of the 700 fields of data we publish.

For example, in the case or property descriptive fields such as property type (residential / commercial) or has Pool yes / no we use exact data. For fields such as length or residence we derive the value for our historical occupancy database. For grocery backet spend we derive the value from publish Australian Bureau of Statistics (ABS) household spend profiles.

A sample of notifications and relevant excerpts from privacy policies for various publishers are provided below.

Example 1 – In App Notifications

Example 2 – In App Notifications

Example 3 – In App Notifications

Example 4 – In App Notifications

Example 5 – In App Notifications

Sample Publisher Privacy Policy