gdpr

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (“GDPR”) is the European privacy regime that has replaced the EU Data Protection Directive (“Directive 95/46/EC”). The GDPR strengthens the security and protection of personal data in the EU.

To whom does the GDPR apply?

The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.

Secure Code Warriors Commitment to GDPR Compliance

Secure Code Warrior has made information security and data privacy foundational principles of everything we do, and we recognize the importance of adhering to regulations to advance information security and data privacy for citizens of the EU.

We appreciate that our customers have requirements under the GDPR that are directly impacted by their use of our Services. Below are several GDPR initiatives that have been implemented across our Services:

Investment in security – We’ve increased our investment in security. This includes implementing vulnerability detection throughout the software delivery life cycle, improved auditing and logging across all services, updated internal security policies, maintaining ISO 27001 certification, staff security training, improved password and secret management, 2FA enforcement, and more.
Employee training – We ensure our teams are trained in handling customer data and personal information, and that they maintain the confidentiality and security of that data.
Privacy policy updates – We have updated our Privacy Policy to clearly indicate what information we collect from website visitors and platform users.
Data Processing Addendum – We support the EU’s Standard Contractual Clauses through a Data Processing Addendum.
Data subprocessors – We list all of our third party Data subprocessors and share information on the support each subprocessor provides, and where they are located.
Data Subject Access Request procedure – We will assist with any "data subject access requests" raised by the end-user. Most of these requests can be handled by the end-users themselves, via our portal or api (for example: right to correct data, data portability). Others are handled through emailing our privacy team - privacy@securecodewarrior.com

Our Security

We appreciate that we are entrusted with valuable and sometimes sensitive user research data, which is why we have built security into every layer of our architecture, pursuing a ‘privacy by design’ approach to the design and development of our Services.

Our application is built on world-class, modern cloud infrastructure designed to ensure the safety of your data. We have carefully selected to work with proven third party cloud providers with a great security track record. We employ best practices including regular backups, data encryption, sanitized logging, and common attack prevention.

Download a copy of our Whitepaper for more information about our security practices.

International Data Transfers

Secure Code Warrior offers customers a robust international data transfer framework as a part of our Data Processing Agreement (“DPA”). The DPA ensures that our customers can lawfully transfer personal data to our Services outside of the European Economic Area by relying on the Standard Contractual Clauses. Our DPA also contains specific provisions to assist customers in their compliance with the GDPR.

Data Portability and Right To Correct Data

We help customers meet obligations under the GDPR ‘data portability’ and ‘right of rectification’ Below are some support articles that can help you with these requirements.

Right To Be Forgotten

We help customers meet obligations under the GDPR ‘right to be forgotten’ (or ‘right to erasure’) clause by making it easy to request the deletion of personal data from the SCW Platform.

Below is a support article that customers can use to delete user profiles from the SCW Platform.

Delete users from the platform

Once the above process is done, customers should email our Privacy team - privacy@securecodewarrior.com to confirm data from the Secure Code Warrior Learning Platform has been removed as well as any other processing systems.

Privacy and Consent

Your privacy is important to us, and so is being transparent about how we collect, use, and share your information. In our Privacy Policy and Cookie Policy we share what information we collect, how we use and store that data, and how you can access and control your information.

What is Secure Code Warriors purpose for processing personal data?

The SCW Platform provides training to developers of the Customer to think and act with a security mindset as they build and verify their skills . The SCW Platform allows developers to solve various security puzzles and tracks developer progress through the puzzles.

Is Secure Code Warrior a Controller or Processor?

What are "processors" and "controllers"?

A processor is an entity that only processes, or uses, stores, transmits, etc, personal data in accordance with the instructions of a controller. The majority of the time, third-party service providers processing personal data on your behalf are processors. For example, customer relationship management platforms would likely be processors.

A controller, by contrast, is an entity that determines the purposes and the means of the processing. In other words, the controller decides why and how to process personal data. Determining what personal data is to be used for, whether to disclose the data (and, if so, to whom), and how long to retain the data are all decisions that can only be made by a controller.

An organization doesn't have to be just a controller or just a processor though: it can fulfill different roles in respect to different data.

Consider, for example, a cloud hosting provider. It may be a processor of the data it hosts for its customers but will be a controller of data about its own employees and it may be a controller of certain kinds of account data about its customers.

How does this apply to Secure Code Warrior?

Being a Software as a Service provider, Secure Code Warrior acts as either a processor and a controller, depending on the circumstances. Specifically:

Secure Code Warrior is a processor with regard to the personal data that our customers (the controller) provide to us through the use of the Secure code Warrior learning platform.
Secure Code Warrior is, by necessity, a controller of personal data that it collects and for which it determines the purposes for which and the manner in which the personal data is to be processed. For example, as visitors to our website, we may collect personal data with your consent that we then use for marketing communications or data analytics to provide additional services to our customers and improve our product.

What data does Secure Code Warrior collect through its platform service and website?

Secure Code Warrior collects contact information (Full Name/Email), website tracking, and product usage information. Refer to our Privacy Policy for additional information.

Additional Resources

The following resources might prove useful:

Contact us

If you have any questions, please email us at - privacy@securecodewarrior.com

‍

Appendix A - Secure Code Warrior Legal Entities

a. ENGLAND AND WALES
Secure Code Warrior Limited
Company Number 08559432
Ironstone House
4 Ironstone Way
Brixworth, Northampton. NNG 9UD
United Kingdom

b. NEW SOUTH WALES
Secure Code Warrior Pty Limited
ABN 97 608 498 639
c/o Vital Addition
5, 120 Sussex Street
Sydney. NSW 2000
Australia

c. BELGIUM
Secure Code Warrior BVBA
Baron Ruzettelaan 5
bus 3 8310 Brugge
Belgium

d. DELAWARE
Security Code Warrior Inc
265 Franklin Street, Suite 1702
Boston MA 02110
USA

e. ICELAND
Motherji ehf
Borgatun 24, 105,
Reykjavik,
Iceland

Appendix B - Collection of Personal Information

a. PLATFORM USER

User email address (username)
First Name, Last Name
Employer/Company Name/ Team name
Test results /Metrics information/Assessment data
IP Address (Anonymised)
Machine ID (Anonymised)
Geo-location (derived from IP)
Password
Roles/Job Title
Inviter details (email address of inviter/First Name/Last Name)
Country/Region
Browser Type
Phone Number*

* Only required for Trial Users

Whilst you have access to our platform, and thereafter for a period of 12 months, unless otherwise agreed.

CUSTOMERS

Name
Business Email Address
Phone Number
Employer/Company Name
Job Title
Billing address
Company/Tax Registration Number

We will retain this information in accordance with applicable laws and our privacy policy for a period of 7 years from the date of our last contact with you unless, where you are entitled, request that we delete this information.

‍
PRospects / leads

Name
Business Email Address
Phone Number
Employer/Company Name
Job Title
Physical Location

We will retain this information for a period of 24 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

PARTICIPANTS IN TOURNAMENTS AND / OR COMPETITIONS: Registrant / participant

Name
Email address
Physical address in circumstances where there may be a physical prize to be delivered
Country/Region

We will retain this information for the duration of the Competition, and for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information

SUPPLIER

Name
Business/Company Name
Email Address
Phone Number
Bank Details
Billing address
Company/Tax Registration Number

We will retain this data for up to 7 years from our last contact with you, unless you request that we delete the data beforehand.

recruitment candidates

CV/ Resume
Phone Number
Date of Birth
Qualifications
Email address
Physical address (if provided)

For unsuccessful we will retain this data for a period of twelve (12) months so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand.

Website visitor

Name³
Contact information³ (company, role/title, business email address and phone number)
IP Address¹
Cookie Data¹ ²

¹ When you communicate with us through our websites:
We use Drift as one of our chatbots to allow customers to interact with us through our websites. Drift will only use the IP address for data enrichment, i.e. to determine if it is associated with a business to provide Secure Code Warrior with information such the industry and # of employees of the business.

Drift will only use cookies to track the activities of site visitors within Secure Code Warrior’s sites, e.g. whether they visited a particular product page or the pricing page before engaging with the messaging widget. Drift will NOT track users across domains or build profiles.

² Cookiebot

We use Cookiebot to manage all cookies across our websites. Cookiebot allows Secure Code Warrior to:

Enable prior consent.
Provide clear and specific information about data types and purpose of the cookies.
Fully document all given consents.
Allow our visitors to reject superfluous cookies and still use our websites.
Allow our visitors to withdraw their consent whenever they want.

³ Information is collected after consent is given

Refer to our cookie policy

We will retain this data for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

Appendix C - Purposes for which we process your personal information, and the lawful basis on which we carry out such processing

1. PLATFORM USER

1.Necessary to enable us to perform our contract with you:

to set up, administer and manage a user’s account, verify a user’s identity, provider users with our platform and services, and to receive and respond to a user’s communications and requests.
to notify our users of updates to our platform and services necessary for the performance of the contract we have with you.
to support any other purpose necessary for performance of our contractual obligations or specifically stated at the time at which you provided your personal information.

2. Necessary for the performance of our contract with you where such communication relates specifically to our services, and legitimate interest to be able to handle such queries:

to receive and respond to a user’s communications and requests.

3. For legitimate interest to enable Secure Code Warrior to:

carry out market research campaigns so that we can better understand the functionality of our platform and how we can improve our platform and our services.
prepare statistics relating to the use of our platform and services by our users so that we can understand the use of, and improve our platform and services.

4. For legitimate interests to allow Secure Code Warrior to improve customer services offering:

to record and review customer service communications for training and performance improvements to enable us to improve customer services.
To enable Secure Code Warrior to comply with legal obligations.

5. With consent:

to send users marketing materials where marketing materials have been specifically requested.

2. Customers

1. Necessary for the performance of a contract

conducting business and make our services available to customers,

2. For legitimate interests to enable Secure Code Warrior to conduct business

to send and receive business communications
to administer our relationship with customers, prospective customers and business contacts

3. For legitimate interests to contact those who may benefit from our services

informing prospective customers and business contacts about our services.

4. With consent

to send out marketing materials where these have been specifically requested.

3. email contact / prospective customer

1.For legitimate interests to enable Secure Code Warrior to conduct business

to send and receive business communications
to administer our relationship with customers, prospective customers and business contacts

2. For legitimate interests to contact those who may benefit from our services

informing prospective customers and business contacts about our services.

3. With consent

to send out marketing materials where these have been specifically requested.

‍
4. participants in tournaments and / or competitions: registrant / participant

1. Necessary for the performance of our contract with you, namely for the running of the competition and/ or tournament

2. With consent: to send out marketing materials

‍

5. SUPPLIER

1. For legitimate interests to enable Secure Code Warrior for the performance of a contract where the supplier is an individual

to assess and appoint suppliers
Legitimate interests to conduct business

2. To send and receive business communications.

3. To administer our relationship with our suppliers.

6. recruitment candidates

To enable Secure Code Warrior to recruit employees and assess potential candidates, that is to:

consider applications for roles for which you may have applied, directly or via a recruitment, and the negotiation of employment opportunities,
consider applicants for other roles within Secure Code Warrior for which they may be suited,
obtain references from former employers.

7. website visitor

For legitimate interest to enable Secure Code Warrior to,

provide, operate, maintain, improve, and promote our Websites and Services;
enable you to access and use our Websites and Services;
send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners (you can opt-out of receiving marketing communications from us by unsubscribing from any communication we send you);
monitor and analyze trends, usage, and activities in connection with our Websites and Services and for marketing or advertising purposes;
investigate and prevent fraudulent transactions, unauthorized access to our Websites and Services, and other illegal activities;
personalize our Websites and Services, including by providing features or advertisements that match your interests and preferences; and for other purposes for which we obtain your consent.

Appendix D - Secure Code Warrior Related Websites

securecodewarrior.com
help.securecodewarrior.com
discover.securecodewarrior.com
leadersinappsec.com
leadersindevsec.com
softwaresecuritygurus.com
scw.io
learn.securecodewarrior.com

Document Summary