Index Exchangeは、クライアント、パートナー、消費者のプライバシーとデータの保護に尽力しています。当社は、国際規制および広く認められているベストプラクティスに従って業務を行っていることを保証するため、社内コンプライアンスチームを設置しています。コンプライアンスチームは、全社的な基準、ポリシー、手順の確立により組織的なリスクを最小限にします。社内外の関係者による定期的な監査により、ポリシーおよび手順の順守を徹底しています。

Inventory Quality Certifications
  • TAG IQG Certified
  • TAG Certified Against Piracy
  • TAG Certified Against Malware
  • JIC Webs – Digital Trading Standards Group Certificate (DTSG)
  • Code of Conduct Programmatic Advertising Certificate
  • iab UK Gold Standard 1.0 Registered
General Data Protection Regulation (GDPR)

GDPR is a new EU privacy regulation that will be enforced effective May 25, 2018, replacing the existing 95/46/EC Directive on Data Protection of 24 October 1995. Index Exchange is strengthening policies and processes to align with the regulation’s requirements.

Data protection is of the utmost importance to Index Exchange. As a part of our effort to bring greater trust and transparency to the programmatic ecosystem, Index Exchange is formalizing a Privacy by Design framework whereby we will conduct data privacy impact assessments (DPIAs) for new products and updates to existing products.

We regularly conduct due diligence assessments to evaluate the business processes and data security safeguards of our vendors and partners. Currently we are evaluating our contracts with clients and partners and issuing addendums as required to ensure protection of the rights of individuals and to confirm legal and legitimate transfer of data outside of the European Union (EU).


When will the GDPR take effect?
GDPR will be effective and enforceable on May 25, 2018.

How is personal data defined under GDPR?
Personal data is any information that may be used to directly or indirectly identify a natural person such as user ID and location data. A pivotal change under GDPR is that any online identifiers including cookie data and IP addresses are now considered personal data. However, anonymous data (data where no individual can be identified) is not regulated by GDPR.

Do you have to comply with GDPR even if you do not have an establishment in the EU?
Yes. Any entity that offers goods or services to subjects in the Union and collects data on these subjects must adhere to the regulations.

Does Index Exchange transfer any data outside of the EU?
Yes. Data is primarily stored at our Toronto, Canada data center. Data transferred internally is governed with the use of standard data protection clauses. Any applicable publisher approved sub-processing is controlled with data protection agreements (DPAs).

For more information about privacy rights, security initiatives and the responsibilities placed on businesses including Index Exchange, please contact us.