Home
 / 
trust center
 / 
pdpa
Legals

Personal Data Protection Act of Singapore 2012 (PDPA)

Back to Trust Center

Personal Data Protection Act of Singapore 2012 (PDPA)

Under the Personal Data Protection Act of Singapore 2012 (the “PDPA”) Secure Code Warrior is considered a “Data Intermediary” Software-as-a-Service (SaaS) Service Provider. As a Data Intermediary, Secure Code Warrior complies with the Protection and Retention Limitation Obligations of the PDPA.

We provide further context below.

Summary of the PDPA and how it applies to Secure Code Warrior

The following is a brief summary of how we comply with and/or relate to the PDPA. The PDPA establishes data protection laws which govern the collection, use and disclosure of Personal Data (the “Data Protection Provisions”). Defined terms not defined herein shall have the meaning set for in our Privacy Policy.

Whether and to what extent the obligations imposed by the provisions in the PDPA s apply depends on whether we are operating in the capacity of a data principal or a data intermediary when Processing Personal Data in the provision of the Secure Code Warrior Service (as applicable). “Processing” in relation to Personal Data under the PDPA means the carrying out of any operation or set of operations in relation to Personal Data, and includes recording, holding, organisation, adaptation or alteration, retrieval, combination, transmission, erasure or destruction.

Activity: Processes Personal Data through Customers (and their Employees) use of the Service.
Application of Data Protection Provisions: We are a data intermediary for these purposes; and, we are only subject to the two obligations imposed by the Data Protection Provisions relating to the protection and retention of Personal Data.

Obligations imposed by the Data Protection Provisions in the PDPA

The Data Protection Provisions generally require an organization (which term includes any individual, company, association or body of persons, corporate or unincorporated) to be responsible for Personal Data of individuals in its possession or under its control, and to develop and implement policies that are necessary to meet the following obligations:

  1. The obligation to obtain, on or before the collection, the individual’s consent to the collection, use and disclosure of the individual’s Personal Data (the “Consent Obligation”).
  2. The obligation to ensure that Personal Data is collected, used and disclosed only for purposes which consent was given or which a reasonable person would consider appropriate in the circumstances (the “Purpose Limitation Obligation”).
  3. The obligation to notify the individual, on or before collection, use or disclosure, the purposes for which it is collecting, using and/or disclosing the individual’s Personal Data (the “Notification Obligation”).
  4. The obligation to provide, upon the request of the individual, information about the ways in which the individual’s Personal Data has been or may have been used or disclosed in the year before the request, and allow the individual to correct his/her Personal Data (the “Access and Correction Obligation”).
  5. The obligation to use reasonable effort to ensure that the Personal Data collected by or on its behalf is accurate and complete (the “Accuracy Obligation”).
  6. The obligation to make reasonable security arrangements to protect the Personal Data and prevent unauthorized access, collection, use disclosure or similar risks (the “Protection Obligation”).
  7. The obligation to cease retaining Personal Data or remove the means by which the Personal Data can be associated with an individual when the personal data is no longer necessary for business or legal purpose (“Retention Limitation Obligation”).
  8. The obligation not to transfer Personal Data to a country or territory outside of Singapore except in accordance with the requirements under PDPA (“Transfer Limitation Obligation”).
  9. The obligation to make information about its data protection policies, practices and complaints process available on request, and designating one or more individuals as its data protection officer to ensure that the organisation complies with the PDPA (“Openness Obligation”).

The PDPA applies only to Personal Data of individuals given in a personal capacity, for personal purposes and does not apply to “business contact information” which is defined in the PDPA as “an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes”. An organization is not required to obtain consent or otherwise comply with the PDPA in collecting, using or disclosing any business contact information disclosed in the course of a commercial transaction.

Personal data provided to us by Customers

Personal Data is collected when an Account is created with Secure Code Warrior by a Customer or when authorized users of a Secure Code Warrior customer are registered to use the Service. This information constitutes business contact information for purposes of the PDPA. In this regard, we are not required to obtain consent or comply with the Data Protection Provisions in relation to such Personal Data. We do, however, as a matter of good business practices describe how we collect, use, disclose and Process this Personal Data in our Privacy Policy.

How we comply with the PDPA as a Data Intermediary with regard to Personal Data in the service

Secure Code Warrior acts as a data intermediary in connection with the use of the Service by our Customers and their authorized end users. Data intermediaries who process Personal Data on behalf of other organisations are only required to comply with two obligations under the PDPA when Processing this Personal Data:

  • the Protection Obligation; and
  • the Retention Limitation Obligation

The Protection Obligation requires us to put in place appropriate administrative, physical and technical measures to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks to the Personal Data in our possession or under our control, regardless whether the Personal Data is stored in a central server, or on local storage media, or at facilities operated by a third party vendor. 

Secure Code Warrior is ISO 27001 certified and has a comprehensive security management program in place to protect the confidentiality, integrity and availability of our information assets.

Our application is built on modern cloud infrastructure designed to ensure the safety of your data. We have chosen to work with reputable third party cloud providers like AWS, who have a consistently excellent track record. 

Your data is important to us. We ensure security and privacy is baked into our everyday processes throughout our organisation. We take regular data backups and test recovery, run penetration testing, encrypt all data at rest and in transit, conduct static code analysis and third party vulnerability scanning, and many other cloud security techniques. Visit our resource section to learn more.

The Retention Limitation Obligation requires us to cease to retain Personal Data which is Processed or remove the means by which the Personal Data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which the Personal Data was collected is no longer being served by retention of the Personal Data; and, the retention of the Personal Data is no longer necessary for legal or business purposes.

If you wish to make a complaint about the way we have handled your Personal Data (including if you think we have breached any applicable privacy laws), you may do so to our Privacy Officer in writing, by mail to privacy@securecodewarrior.com

Please include your full name, contact details and a detailed description of your complaint. Our Privacy Officer will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you consider that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.



Appendix A
Appendix b
Appendix c
Appendix d
Appendix e
Appendix A - Secure Code Warrior Legal Entities


a. ENGLAND AND WALES
   Secure Code Warrior Limited
   Company Number 08559432
   Ironstone House
   4 Ironstone Way
   Brixworth, Northampton. NNG 9UD
   United Kingdom

b. NEW SOUTH WALES
   Secure Code Warrior Pty Limited
   ABN 97 608 498 639
   c/o Vital Addition
   5, 120 Sussex Street
   Sydney. NSW 2000
   Australia

c. BELGIUM
   Secure Code Warrior BVBA
   Baron Ruzettelaan 5
   bus 3 8310 Brugge
   Belgium

d. DELAWARE
   Security Code Warrior Inc
   265 Franklin Street, Suite 1702
   Boston MA 02110
   USA

e. ICELAND
   Motherji ehf
   Borgatun 24, 105,
   Reykjavik,
   Iceland

Appendix B - Collection of Personal Information
a. PLATFORM USER
  1. User email address (username) 
  2. First Name, Last Name
  3. Employer/Company Name/ Team name
  4. Test results /Metrics information/Assessment data
  5. IP Address (Anonymised)
  6. Machine ID (Anonymised)
  7. Geo-location (derived from IP)
  8. Password 
  9. Roles/Job Title
  10. Inviter details (email address of inviter/First Name/Last Name)
  11. Country/Region
  12. Browser Type
  13. Phone Number*

* Only required for Trial Users

Whilst you have access to our platform, and thereafter for a period of 12 months, unless otherwise agreed.

CUSTOMERS
  1. Name
  2. Business Email Address
  3. Phone Number
  4. Employer/Company Name
  5. Job Title
  6. Billing address 
  7. Company/Tax Registration Number

We will retain this information in accordance with applicable laws and our privacy policy for a period of 7 years from the date of our last contact with  you unless, where you are entitled, request that we delete this information.


PRospects / leads
  1. Name
  2. Business Email Address
  3. Phone Number
  4. Employer/Company Name
  5. Job Title
  6. Physical Location

We will retain this information for a period of 24 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

PARTICIPANTS IN TOURNAMENTS AND / OR COMPETITIONS: Registrant / participant
  1. Name
  2. Email address
  3. Physical address in circumstances where there may be a physical prize to be delivered
  4. Country/Region

We will retain this information for the duration of the Competition, and for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information

SUPPLIER
  1. Name
  2. Business/Company Name
  3. Email Address
  4. Phone Number
  5. Bank Details
  6. Billing address 
  7. Company/Tax Registration Number

We will retain this data for up to 7 years from our last contact with you, unless you request that we delete the data beforehand.

recruitment candidates
  1. CV/ Resume
  2. Phone Number
  3. Date of Birth
  4. Qualifications
  5. Email address
  6. Physical address (if provided)

For unsuccessful we will retain this data for a period of twelve (12) months so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand.

Website visitor
  1. Name³
  2. Contact information³ (company, role/title, business email address and phone number)
  3. IP Address¹
  4. Cookie Data¹ ²

¹ When you communicate with us through our websites:
We use Drift as one of our chatbots to allow customers to interact with us through our websites. Drift will only use the IP address for data enrichment, i.e. to determine if it is associated with a business to provide Secure Code Warrior with information such the industry and # of employees of the business. 

Drift will only use cookies to track the activities of site visitors within Secure Code Warrior’s sites, e.g. whether they visited a particular product page or the pricing page before engaging with the messaging widget. Drift will NOT track users across domains or build profiles.

² Cookiebot

We use Cookiebot to manage all cookies across our websites. Cookiebot allows Secure Code Warrior to:

  • Enable prior consent.
  • Provide clear and specific information about data types and purpose of the cookies.
  • Fully document all given consents.
  • Allow our visitors to reject superfluous cookies and still use our websites.
  • Allow our visitors to withdraw their consent whenever they want.

³ Information is collected after consent is given

Refer to our cookie policy

We will retain this data for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

Appendix C - Purposes for which we process your personal information, and the lawful basis on which we carry out such processing
1. PLATFORM USER

1.Necessary to enable us to perform our contract with you: 

  • to set up, administer and manage a user’s account, verify a user’s identity, provider users with our platform and services, and to receive and respond to a user’s communications and requests.
  • to notify our users of updates to our platform and services necessary for the performance of the contract we have with you.
  • to support any other purpose necessary for performance of our contractual obligations or specifically stated at the time at which you provided your personal information.

2. Necessary for the performance of our contract with you where such communication relates specifically to our services, and legitimate interest to be able to handle such queries: 

  • to receive and respond to a user’s communications and requests.

3.  For legitimate interest to enable Secure Code Warrior to: 

  • carry out market research campaigns so that we can better understand the functionality of our platform and how we can improve our platform and our services.
  • prepare statistics relating to the use of our platform and services by our users so that we can understand the use of, and improve our platform and services.

4. For legitimate interests to allow Secure Code Warrior to improve customer services offering: 

  • to record and review customer service communications for training and performance improvements to enable us to improve customer services.
  • To enable Secure Code Warrior to comply with legal obligations.

5. With consent: 

  • to send users marketing materials where marketing materials have been specifically requested.
2. Customers

1. Necessary for the performance of a contract 

  • conducting business and make our services available to customers,

2. For legitimate interests to enable Secure Code Warrior to conduct business 

  • to send and receive business communications
  • to administer our relationship with customers, prospective customers and business contacts

3. For legitimate interests to contact those who may benefit from our services 

  • informing prospective customers and business contacts about our services.

4. With consent 

  • to send out marketing materials where these have been specifically requested.
3. email contact / prospective customer

1.For legitimate interests to enable Secure Code Warrior to conduct business 

  • to send and receive business communications
  • to administer our relationship with customers, prospective customers and business contacts

2. For legitimate interests to contact those who may benefit from our services 

  • informing prospective customers and business contacts about our services.

3. With consent 

  • to send out marketing materials where these have been specifically requested.

4. participants in tournaments and / or competitions: registrant / participant

1. Necessary for the performance of our contract with you, namely  for the running of the competition and/ or tournament

2. With consent: to send out marketing materials

5. SUPPLIER

1. For legitimate interests to enable Secure Code Warrior for the performance of a contract where the supplier is an individual

  • to assess and appoint suppliers
  • Legitimate interests to conduct business 

2.   To send and receive business communications.

3.  To administer our relationship with our suppliers.

6. recruitment candidates

To enable Secure Code Warrior to recruit employees and assess potential candidates, that is to: 

  • consider applications for roles for which you may have applied, directly or via a recruitment, and the negotiation of employment opportunities,
  • consider applicants for other roles within Secure Code Warrior for which they may be suited,
  • obtain references from former employers.
7. website visitor

For legitimate interest to enable Secure Code Warrior to,

  • provide, operate, maintain, improve, and promote our Websites and Services;
  • enable you to access and use our Websites and Services;
  • send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners (you can opt-out of receiving marketing communications from us by unsubscribing from any communication we send you);
  • monitor and analyze trends, usage, and activities in connection with our Websites and Services and for marketing or advertising purposes;
  • investigate and prevent fraudulent transactions, unauthorized access to our Websites and Services, and other illegal activities;
  • personalize our Websites and Services, including by providing features or advertisements that match your interests and preferences; and for other purposes for which we obtain your consent.
Appendix D - Secure Code Warrior Related Websites
  1. securecodewarrior.com
  2. help.securecodewarrior.com
  3. discover.securecodewarrior.com
  4. leadersinappsec.com
  5. leadersindevsec.com
  6. softwaresecuritygurus.com
  7. scw.io
  8. learn.securecodewarrior.com
Appendix E - External Service Providers

Secure Code Warrior (SCW) works with certain service providers (both locally and abroad) to run our business operations and to ensure that we can provide our contracted services to you. These service providers might (depending on the terms of their contracts with us) process your data:

  1. as data processors on our behalf, or 
  2. as joint controllers with us, or 
  3. they might receive data about you from us as separate date controllers.


Here is a full list of Secure Code Warrior’s service providers - our service providers are sometimes also referred to as Subprocessors on our website and/ or in any associated policies and terms and conditions.

Embrace developer-driven secure coding.

Contact us today and make software security an intrinsic part of your development process.

Start your free trial
Sensei Free 21 Day Trial
Book a demo
Product
Features
CoursesMissionsTournamentsAssessmentsTrainingCoding LabsLearning resources
Product
More
IntegrationsSupported languagesSupported vulnerabilities
SCW Connector for Okta Workflows
SCW for GitHub
SCW for Jira
Secure Code Warrior Bootcamp
Solutions
For Industries
GovernmentRetailFinance & bankingInsuranceTechnologyAutomotive & transportHealthcare
Solutions
For Teams
Engineering teamsSecurity teamsLearning & developmentC-Suite
Use cases
Achieve complianceIncrease productivityMitigate riskIncrease my skills
Company
About usPlansPartnersCareersNewsroomTrust centerContact us
Community
BlogResourcesLeaders-in-AppSecSoftware Security GurusEvents
SUPPORT
Help centerCustomer successRelease notesFAQ
connect with us and keep up to date with THE LATEST NEWS
Submit
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Twitter
Linkedin
Instagram
Facebook
Youtube
Sydney

Level 2, 29-43 Balfour Street Chippendale, NSW 2008 Australia

Boston

c/o Suite 1702, 265 Franklin Street
Boston, MA 02110 USA

Portland

Working remotely in and around Portland, OR 97204 USA

London

Working remotely in and around London, United Kingdom UK1

Bruges

Baron Ruzettelaan 5 bus 3 8310 Brugge Belgium

REYKJAVIK

Katrínartún 4 105 Reykjavik Iceland

© 2015-2022 Secure Code Warrior Limited. All rights reserved. Terms of use | Privacy policy | Cookie policy | Accessibility