TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, confirms compliance with data protection and data security criteria.
The targeting platform “Turbine” by Xaxis uses intelligent methods and technologies to generate audience profiles for advertisers, with all data being fully anonymized during collection and processing. With certification by TÜV TRUST IT, it is now officially confirmed that the platform meets high standards for security and data protection.
Xaxis is a global digital media company that connects advertisers and publishers with customers across all available channels. The company uses advanced methods and technologies to generate audience profiles that deliver measurable advertising results within targeted groups. Xaxis relies on its proprietary targeting platform “Turbine,” which has now been audited for data protection and security. “Turbine” replaced the previous system “Open AdStream LT,” which was also certified by TÜV TRUST IT in 2013.
The audit of “Turbine” was conducted in two phases based on TÜV TRUST IT’s “Trusted Service” requirements catalog. Phase one involved a documentation review, including the service description, processed data, data flows, locations, and service providers. Based on these findings, additional relevant documentation was reviewed, particularly those outlining measures to secure the information processed within the scope of “Turbine” and to ensure compliance with data protection requirements.
In phase two, the effectiveness of the documented measures was assessed. The focus was on whether the documented processes, procedures, and controls were actually implemented. This included random checks of the technical implementation. The audit and certification confirmed that:
- All information is effectively anonymized,
- IP addresses are not stored,
- No sensitive data as defined in § 3 para. 9 BDSG (e.g., religious beliefs, political opinions, or sexuality) is stored or processed,
- The privacy policy is fully transparent,
- A technically effective opt-out is available.
“Xaxis has demonstrated that the ‘Turbine’ platform processes only anonymized data,” says Manuel Münchhausen, Project Manager at TÜV TRUST IT. “Sensitive data is neither stored nor processed, and IP addresses are not retained due to effective anonymization.” The certificate is valid for three years, with annual monitoring audits required during this period.
“As a digital company, data processing and usage are core aspects of our work. Ensuring the secure handling of information is therefore extremely important to Xaxis—both for consumers and advertisers. TÜV, as an independent authority, provides the necessary transparency and verified security for all parties involved,” concludes Lars Kirschke, Managing Director of Xaxis.