Document Summary

General Data Protection Regulation (GDPR)

Download PDF
Our approach to security and privacyOur approach to security and privacy
Back to Trust Center

Last updated: 27 November 2023

Our commitment to data protection standards

Secure Code Warrior has made information security and data privacy foundational principles of everything we do, and we recognize the importance of adhering to all international laws and regulations that apply to our processing of personal data.

To that end, we ensure that all of our policies, processes and procedures meet the requirements of the European General Data Protection Regulation (‘GDPR’) - the most robust data privacy regime in the world - while monitoring and adapting to international developments that go beyond the GDPR when necessary.

Are we a processor or controller?

Depending on your relationship with us, we may process personal data as either a ‘processor’ or ‘controller’. These terms refer to our role in the data processing chain and our level of influence over the processing of the personal data.

Secure Code Warrior is a controller when we process personal data on our own behalf and for our own business purposes (‘SCW data’). For example, when we use data analytics to improve our services or we have your consent to send marketing messages to you. By contrast, we are a processor when we process personal data on behalf of our customers (acting as a controller) to provide them with our products and/or services (‘customer data’). 

In some jurisdictions, similar terms like ‘service provider’ or ‘contractor’ might be used instead of processor, or ‘business’ instead of controller; however, it is important to note that the legal obligations related to those roles do not always match those of the GPDR.

Processing activities and protective practices

Your privacy is important to us, and so is being transparent about how we collect, use, and share your information. Please read our privacy policy for more information about how we handle personal data.

For information about how we safeguard our information assets, and those of our customers, against misuse, abuse or compromise, please refer to our Trust Center and read our Security and Privacy FAQ and Whitepaper for more detail.

Who do we share personal data with?

In our capacity as a controller, we engage third-parties to process SCW data on our behalf. For more information about the types of third-parties which receive SCW data, please refer to Section 3.4 of our privacy policy.

For information about third-parties that process customer data to help us provide our products and/or services (‘sub-processors’) to customers, please refer to our sub-processors of customer data page.

Some recipients of personal data might be located in third-countries, for more information about how we safeguard personal data transferred to other jurisdictions, please read our international transfers of personal data page.

Data processing addendum

We have an international Data Processing Addendum (‘DPA’) that is tailored to our services and role as a processor of customer data. This includes EU/EEA and UK standard contractual clauses (‘SCCs’) as default, and our data privacy team can work with customers in other jurisdictions to supplement these provisions if necessary.

Looking for something else?

Our approach to security and privacy

Visit our Trust Center to learn more about the security and privacy practices that safeguard our information assets, and those of our customers, against misuse, abuse or compromise.

Trust Center