The General Data Protection Regulation (“GDPR”) is the European privacy regime that has replaced the EU Data Protection Directive (“Directive 95/46/EC”). The GDPR strengthens the security and protection of personal data in the EU.
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
Secure Code Warrior has made information security and data privacy foundational principles of everything we do, and we recognize the importance of adhering to regulations to advance information security and data privacy for citizens of the EU.
We appreciate that our customers have requirements under the GDPR that are directly impacted by their use of our Services. Below are several GDPR initiatives that have been implemented across our Services:
We appreciate that we are entrusted with valuable and sometimes sensitive user research data, which is why we have built security into every layer of our architecture, pursuing a ‘privacy by design’ approach to the design and development of our Services.
Our application is built on world-class, modern cloud infrastructure designed to ensure the safety of your data. We have carefully selected to work with proven third party cloud providers with a great security track record. We employ best practices including regular backups, data encryption, sanitized logging, and common attack prevention.
Download a copy of our Whitepaper for more information about our security practices.
Secure Code Warrior offers customers a robust international data transfer framework as a part of our Data Processing Agreement (“DPA”). The DPA ensures that our customers can lawfully transfer personal data to our Services outside of the European Economic Area by relying on the Standard Contractual Clauses. Our DPA also contains specific provisions to assist customers in their compliance with the GDPR.
We help customers meet obligations under the GDPR ‘data portability’ and ‘right of rectification’ Below are some support articles that can help you with these requirements.
We help customers meet obligations under the GDPR ‘right to be forgotten’ (or ‘right to erasure’) clause by making it easy to request the deletion of personal data from the SCW Platform.
Below is a support article that customers can use to delete user profiles from the SCW Platform.
Once the above process is done, customers should email our Privacy team - email@example.com to confirm data from the Secure Code Warrior Learning Platform has been removed as well as any other processing systems.
The SCW Platform provides training to developers of the Customer to think and act with a security mindset as they build and verify their skills . The SCW Platform allows developers to solve various security puzzles and tracks developer progress through the puzzles.
A processor is an entity that only processes, or uses, stores, transmits, etc, personal data in accordance with the instructions of a controller. The majority of the time, third-party service providers processing personal data on your behalf are processors. For example, customer relationship management platforms would likely be processors.
A controller, by contrast, is an entity that determines the purposes and the means of the processing. In other words, the controller decides why and how to process personal data. Determining what personal data is to be used for, whether to disclose the data (and, if so, to whom), and how long to retain the data are all decisions that can only be made by a controller.
An organization doesn't have to be just a controller or just a processor though: it can fulfill different roles in respect to different data.
Consider, for example, a cloud hosting provider. It may be a processor of the data it hosts for its customers but will be a controller of data about its own employees and it may be a controller of certain kinds of account data about its customers.
Being a Software as a Service provider, Secure Code Warrior acts as either a processor and a controller, depending on the circumstances. Specifically:
The following resources might prove useful:
If you have any questions, please email us at - firstname.lastname@example.org
a. ENGLAND AND WALES
Secure Code Warrior Limited
Company Number 08559432
4 Ironstone Way
Brixworth, Northampton. NNG 9UD
b. NEW SOUTH WALES
Secure Code Warrior Pty Limited
ABN 97 608 498 639
c/o Vital Addition
5, 120 Sussex Street
Sydney. NSW 2000
Secure Code Warrior BVBA
Baron Ruzettelaan 5
bus 3 8310 Brugge
Security Code Warrior Inc
265 Franklin Street, Suite 1702
Boston MA 02110
Borgatun 24, 105,
* Only required for Trial Users
Whilst you have access to our platform, and thereafter for a period of 12 months, unless otherwise agreed.
We will retain this information for a period of 24 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.
We will retain this information for the duration of the Competition, and for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information
We will retain this data for up to 7 years from our last contact with you, unless you request that we delete the data beforehand.
For unsuccessful we will retain this data for a period of twelve (12) months so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand.
¹ When you communicate with us through our websites:
We use Drift as one of our chatbots to allow customers to interact with us through our websites. Drift will only use the IP address for data enrichment, i.e. to determine if it is associated with a business to provide Secure Code Warrior with information such the industry and # of employees of the business.
We use Cookiebot to manage all cookies across our websites. Cookiebot allows Secure Code Warrior to:
³ Information is collected after consent is given
We will retain this data for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.
1.Necessary to enable us to perform our contract with you:
2. Necessary for the performance of our contract with you where such communication relates specifically to our services, and legitimate interest to be able to handle such queries:
3. For legitimate interest to enable Secure Code Warrior to:
4. For legitimate interests to allow Secure Code Warrior to improve customer services offering:
5. With consent:
1. Necessary for the performance of a contract
2. For legitimate interests to enable Secure Code Warrior to conduct business
3. For legitimate interests to contact those who may benefit from our services
4. With consent
1.For legitimate interests to enable Secure Code Warrior to conduct business
2. For legitimate interests to contact those who may benefit from our services
3. With consent
1. Necessary for the performance of our contract with you, namely for the running of the competition and/ or tournament
2. With consent: to send out marketing materials
1. For legitimate interests to enable Secure Code Warrior for the performance of a contract where the supplier is an individual
2. To send and receive business communications.
3. To administer our relationship with our suppliers.
To enable Secure Code Warrior to recruit employees and assess potential candidates, that is to:
For legitimate interest to enable Secure Code Warrior to,
Secure Code Warrior (SCW) works with certain service providers (both locally and abroad) to run our business operations and to ensure that we can provide our contracted services to you. These service providers might (depending on the terms of their contracts with us) process your data:
Here is a full list of Secure Code Warrior’s service providers - our service providers are sometimes also referred to as Subprocessors on our website and/ or in any associated policies and terms and conditions.