Our privacy policy
Last updated on 20 August 2024
1. General
1.1
At Secure Code Warrior, your privacy is important to us and we take our data protection and privacy obligations seriously. This privacy policy explains how we handle (or ‘process’) your personal data and your related data protection rights. It covers all our activities, products and services including:
- Secure Code Warrior’s learning platform (‘SCW Learning Platform’)
- Our websites listed in Appendix B (‘website’)
- Social media channels (such as Twitter, Facebook, Instagram and YouTube)
- Software integrations
- Recruitment
1.2
This privacy policy does not cover, and we are not responsible for, the privacy practices of third-party organisations (such as our customers or third-party services linked to through our website or the SCW Learning Platform). For more information about how third parties process your personal data, please refer to the individual privacy policies of each organisation.
For information about third-party service providers who process personal data on our behalf (‘processors’ or ‘sub-processors’), please refer to Section 3.4.
1.3
When we use ‘us’, ‘we’, ‘our’ or ‘Secure Code Warrior’ in this privacy policy, we are referring to Secure Code Warrior Limited, a company incorporated in England and Wales (08559432), and its related bodies corporate listed in Appendix A of this privacy policy.
2. Collection
2.1
Please refer to the below table for information about whose personal data we process and a breakdown of the individual data elements for each category of data subject:
We process the personal data of… |
We may process your… |
Website users |
|
Platform users |
- Phone number (trial users only)
- Email address
- Name (first and last)
- Device information (browser type, device identifier and IP address)
- Professional information (employer, team name, role, job title)
- Location information (country/region and geo-location derived from IP address)
- Platform performance metrics and assessment data
- Cookie data (see cookie policy for more information)
- Code commit metadata, including committer name/email (if Trust Agent is installed). Refer to this Knowledge Base article for more info.
|
Participants in tournaments, competitions or other promotional activities |
- Email address
- Name (first and last)
- Location information (country/region, unless postal address required for delivery of physical prize)
|
Software integration users |
- Limited technical data related to use and interaction with our software integrations and API calls
|
Trust Agent users |
|
Business contacts and representatives (such as customers, prospective customers, partners and suppliers) |
- Phone number
- Email address
- Name (first and last)
- Professional information (employer, role, job title)
- Location information (country/region)
|
Recruitment candidates |
- Phone number
- Email address
- Name (first and last)
- Qualifications
- Information contained in resume
|
Anyone who corresponds with us by post, email, social media or any other method |
This will vary depending on the method of communication, but will include any information that has not been withheld (such as your phone number, email address or display name) and any information you have purposefully disclosed in your correspondence with us.
|
2.2
Secure Code Warrior generally collects personal data when you contact or communicate with us directly. However, there may be circumstances where we collect information about you from third parties or via other methods. In some cases, we may receive personal data about you from a customer in the context of providing services to that customer. We may also receive information about you from a partner in the context of that partner providing services to us.
2.3
For more information about our use of cookies on our website and platform, please refer to our cookie policy.
2.4
If you do not provide some requested information, we may be delayed or prevented from providing you with our services or addressing a request/inquiry related to our processing of your personal data.
3. Use and disclosure
3.1
Secure Code Warrior is the data controller where we determine the purpose and means of processing personal data. In accordance with applicable data protection and privacy laws, we will only process your personal data if we have a lawful basis for doing so.
Please refer to the below table for a summary of why we may process your personal data and our lawful bases for doing so. If you are not an EEA/UK data subject, the lawful bases for processing may not apply, but our purposes for processing still stand.
When processing your personal data is in our legitimate interest to… |
Website users |
- provide, operate, maintain, improve, and promote our Websites and Services
- enable you to access and use our Websites and Services
- investigate and prevent fraudulent transactions, unauthorised access to our services, and other illegal activities
|
Platform users |
- carry out market research campaigns so that we can better understand the functionality of our platform and how we can improve our platform and services.
- prepare statistics on how our users engage with our platform and services to better understand and improve them.
- provide customers with metrics and visualisations related to the training performance of their users
- record and review customer service communications for training and performance improvements to enable us to improve customer services
- receive and respond to communications and requests
- create marketing cohorts based on the analytics information generated by our platform
|
Business contacts and representatives (such as customers, prospective customers, partners and suppliers) |
- send and receive business communications
- administer our relationship
- inform prospective customers and contracts about our services
- send promotional and marketing materials related to the services you have purchased
|
Recruitment candidates |
- consider applications for roles for which you may have applied
- negotiate employment opportunities
- obtain references from former employers
|
Anyone who corresponds with us by post, email, social media or any other method |
- respond to you and follow up with related/requested information at a later date
|
When processing is necessary… |
Business contacts and representatives (such as customers, prospective customers, partners and suppliers) |
- for the performance of a contract to which you are party
- in order to take steps prior to entering into a contract
|
We have your consent to… |
Website users |
- send promotional and marketing materials about us and our partners
- monitor and analyse trends, usage, and activities in connection with our website and services for promotional and marketing purposes
- personalise our website and services, including by providing features or advertisements that match your interests and preferences
|
Platform users |
- send promotional and marketing materials about us and our partners
|
Participants in tournaments, competitions or other promotional activities |
- send promotional and marketing materials about us and our partners
- send you a physical prize
|
Business contacts and representatives (such as customers, prospective customers, partners and suppliers) |
- send promotional and marketing materials about us and our partners
|
3.2
We will only process your personal data for a) the purposes listed above, or b) other related compatible purposes for which you would reasonably expect us to use it (and in such circumstances where the lawful bases are also aligned). We may also process your personal data for other purposes, but only where you have provided your express consent.
3.3
You will always have the opportunity to unsubscribe to marketing materials. You can do so by clicking the ‘unsubscribe’ links included in our messages, or by contacting us at support@securecodewarrior.com
3.4
Secure Code Warrior may disclose your personal data to fulfil the purposes outlined above. This will include sharing your personal data with other members of our corporate group (Appendix A) and with the below categories of third party service providers (‘processors’) depending on your relationship with us:
We share personal data with processors who assist with and enable… |
The hosting of our website, products/service, infrastructure and related databases |
Product/service support, feedback and feature requests |
Email communications and consent management |
Analytics for our products/services, and our sales and marketing teams |
Delivery of physical and virtual prizes or rewards |
For a list of third-party service providers engaged by us to process personal data on behalf of our customers (‘sub-processors’), please refer to: https://www.securecodewarrior.com/trust/sub-processors
3.5
Secure Code Warrior may also disclose your personal data:
a) to specialist advisers who have been engaged to provide us with legal, accounting, administrative, financial, insurance, research, marketing or other services;
b) to law enforcement bodies and/or any other relevant supervisory/data protection authorities which may have a reasonable requirement to access your personal data; and
c) to any other person authorised and specified by you.
d) where required or authorised by or under the applicable data protection law or an order of a court or tribunal;
e) in accordance with the applicable data protection law, including where we hold a reasonable belief that the processing or disclosure is required for certain enforcement or health and safety purposes, or that processing or disclosure is necessary in relation to certain suspected unlawful activity or misconduct;
f) whilst negotiating any takeover, purchase, merger, joint venture, partnership or other similar arrangement; or
g) if reasonably necessary for the establishment, exercise or defence of a legal or equitable claim or for the purposes of confidential alternative dispute resolution.
3.6
At other times, we may notify you about additional disclosures relating to specific services.
4. International transfer of personal data
4.1
Given the nature of our business and corporate structure, we may disclose your personal data internationally to one of our related companies (Appendix A) or external service providers (Section 3.4) for the provision and improvement of our services. Where the recipient territory does not offer the same level of privacy and data protection legislation, we will ensure that adequate safeguards are in place to protect your personal data.
For information about transfers of personal data, please refer to our page on international transfers of personal data or contact support@securecodewarrior.com
4.2
Secure Code Warrior complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively ‘Data Privacy Framework’ or ‘DPF’), and we have certified to the U.S. Department of Commerce that we adhere to the corresponding principles of each DPF to process personal data received from the EU, UK and Switzerland.
If there is any conflict between the terms in this privacy policy and the relevant DPF principles, the DPF principles shall govern. When we receive information under the DPF and then transfer it to a third-party service provider acting on our behalf, we remain liable if they process the information in a manner inconsistent with the DPF and are responsible for the event giving rise to the damage.
Please see Section 9 below for how you can contact us or our regulators should you have a complaint related to our compliance with the DPF principles.
To learn more about the DPF program, and to view our certification, please visit
https://www.dataprivacyframework.gov/
5. Storage and Security
5.1
We may hold your personal data in a number of different formats (either on or off site), including software programs, databases, filing systems and in backup storage.
5.2
For more information about how we protect your data, please visit our Trust Center.
6. Retention
6.1
Our data retention periods vary depending on your relationship with us. Please see the table below for more detail.
If you are a… |
Unless otherwise requested, we will retain your personal data… |
Website users |
For twelve (12) months from the date of our last contact with you |
Platform users |
While you have access to our platform, then for a following twelve (12) months |
Participants in tournaments, competitions or other promotional activities |
For the duration of the event or promotion, then for a following twelve (12) months |
Prospective customers |
For twenty-four (24) months from the date of our last contact with you |
Business contacts and representatives (such as customers, partners and suppliers) |
For seven (7) years from the date of our last contact with you
|
Recruitment candidates |
For twelve (12) months for unsuccessful candidates |
Anyone who corresponds with us by post, email, social media or any other method |
For twelve (12) months from the date of our last contact with you |
6.2
Where we receive personal data that was not requested from us or was sent to us in error, we will delete and destroy that information as soon as is practicable. With your consent, if the information was sent for the purpose of securing employment with us, we may keep this information subject to the retention periods in the above table.
7. Your rights
7.1
You may have certain rights relating to your personal data, including the right to:
a) request access to your personal data;
b) request correction of the personal data that we hold about you as described below;
c) where required by law, request erasure of your personal data where there is no good reason for us continuing to process it or where you have exercised a right to object to processing (see (d) below);
d) object to processing of your personal data where we are relying on a “legitimate interest” (or the interests of a third party) and there is no compelling reason for us to continue processing your personal data;
e) object to processing your personal data for direct marketing purposes;
f) object to automated decision-making including profiling by us using your personal data which has a legal effect or similar significant effect on you;
g) request the restriction of processing of your personal data (for example, to suspend the processing of your personal data due to inaccuracy or our stated reason for processing it);
h) request that we provide you or a third party the personal data we hold regarding you in an electronically useable format; and
i) withdraw your consent for those purposes where we rely on consent, in which case we will no longer process your information for the purpose or purposes to which you originally consented, unless we have another lawful basis for doing so.
7.2
Please also note that your rights above are not absolute, may vary depending on applicable data protection law, and we may be unable to comply with your request (in whole or in part). If we reasonably determine that your request is manifestly unfounded, we reserve the right to refuse to comply with your request. We will provide you with a basis for any objection in this case.
7.3
If you wish to exercise a right that you have regarding your personal data, please contact us at support@securecodewarrior.com. We will process your request within a reasonable time and respond within one month from the date of receipt. In the event of particularly complex requests, we may have to extend this period by up to two further months, but we will notify you of this.
7.4
If you have cause for complaint about our processing of your personal data, you have the right to lodge a complaint with your national data protection supervisory authority (Section 9.2 for details), although we ask that you contact us in the first instance at support@securecodewarrior.com
8. Changes to our privacy policy
8.1
This privacy policy was last updated on 10 April 2024.
8.2
We may amend our privacy policy occasionally by publishing a revised version on our website, or supplement its terms with additional notices. Any changes will be effective as of the date they are published. In the event of any material changes to this privacy policy, we may also take additional reasonable steps to notify you of the changes.
9. Contact details
9.1
If you have any questions in relation to privacy, wish to access or correct your personal data, or make a complaint, please contact us at support@securecodewarrior.com
9.2
For more information about data protectionprinciples and obligations, or to raise a complaint with our regulators, please refer to the following websites:
9.3
If you have a complaint related to our compliance with the DPF principles (see Section 4.2 above), you may:
- Contact us directly at support@securecodewarrior.com
- Contact the free independent recourse mechanism listed under ‘Dispute Resolution’ on our DPF certification page.
- Contact your local data protection authority (see Section 9.2 above).
- Contact the U.S. Federal Trade Commission (FTC) using their report service.
- If (1) to (4) have been exhausted with no resolution, you may also invoke binding arbitration via the International Centre for Dispute Resolution.
APPENDIX A - SECURE CODE WARRIOR ENTITIES
SCW Entity |
Incorporation |
Company No |
Address |
Secure Code Warrior Ltd |
England and Wales |
08559432 |
Ironstone House 4 Ironstone Way Brixworth Northampton NN6 9UD
|
Secure Code Warrior Inc. |
Delaware (U.S.A) |
- |
265 Franklin st. Suite 1702
Boston
MA 02110
|
Secure Code Warrior BVBA |
Belgium |
- |
Baron Ruzettelaan 5
bus 3 8310 Brugge
|
Secure Code Warrior Pty Ltd |
New South Wales (Australia) |
608 498 639
(ACN)
|
C/- Level 3 360 Kent Street
Sydney 2000
|
SCW ehf |
Iceland |
- |
Katrinartun 4 105
Reykjavik
|
APPENDIX B - SECURE CODE WARRIOR WEBSITES
www.securecodewarrior.com
help.securecodewarrior.com
learn.securecodewarrior.com
portal.securecodewarrior.com
sensei.securecodewarrior.com
docs.sensei.securecodewarrior.com
www.softwaresecuritygurus.com