Document Summary

General Data Protection Regulation (GDPR)

Download PDF
Our approach to security and privacyOur approach to security and privacy
Back to Trust Center

GDPR and beyond

Our commitment to data protection

Secure Code Warrior has made information security and data privacy foundational principles of everything we do, and we recognize the importance of adhering to all international laws and regulations that apply to our processing of personal data.

To that end, we ensure that all of our policies, processes and procedures meet the requirements of the European General Data Protection Regulation (‘GDPR’) - the most robust data privacy regime in the world - regardless of where our customers are based, while monitoring and adapting to international developments that go beyond the GDPR when necessary.

How we process personal data

Your privacy is important to us, and so is being transparent about how we collect, use, and share your information. Please read our privacy policy for more information about how we process personal data and our privacy protective practices.

How we protect personal data

Secure Code Warrior is committed to safeguarding our information assets, and those of our customers, against misuse, abuse or compromise. Read our Security and Privacy FAQ and Whitepaper for more detail.

Are we a ‘processor’ or ‘controller’?

Depending on your relationship with us, we may process personal data as either a ‘processor’ or ‘controller’.

Secure Code Warrior is a processor with regard to the personal data that we process on behalf of our customers (acting as a controller) to provide our products and/or services (‘customer data’).

By necessity, we are an independent controller when we process personal data on our own behalf and for our own business purposes (‘SCW data’). For example, when we use data analytics to improve our services or we have your consent to send marketing messages to you.

For the purposes of the California Consumer Privacy Act (‘CCPA’), processor is equivalent to the term ‘service provider’, but we do not meet the threshold to be considered a ‘business’ under the same act.

Our data processing addendum

We have an international Data Processing Addendum (‘DPA’) that is tailored to our services and role as a processor of customer data.

Our DPA includes Standard Contractual Clauses (‘SCCs’) to safeguard transfers from the EU/EEA and UK to countries or territories not recognised under applicable data protection law as providing an adequate level of protection for personal data (‘third countries’). 

Please read our International Data Transfer page for more information about how we safeguard international data transfers.

Who do we share personal data with?

As a processor, Secure Code Warrior further engages third-parties who process customer data to help us provide our products and/or services (‘sub-processors’). For more information about our sub-processors and our due diligence process, please refer to our list of sub-processors.

In our capacity as a controller, we also engage third-parties to process SCW data on our behalf. For more information about the categories of third party vendors who receive SCW data, please refer to Section 3.4 of our privacy policy.

Looking for something else?

Our approach to security and privacy

Visit our Trust Center to learn more about the security and privacy practices that safeguard our information assets, and those of our customers, against misuse, abuse or compromise.

Trust Center