Under the Personal Data Protection Act of Singapore 2012 (the “PDPA”) Secure Code Warrior is considered a “Data Intermediary” Software-as-a-Service (SaaS) Service Provider. As a Data Intermediary, Secure Code Warrior complies with the Protection and Retention Limitation Obligations of the PDPA.
We provide further context below.
Whether and to what extent the obligations imposed by the provisions in the PDPA s apply depends on whether we are operating in the capacity of a data principal or a data intermediary when Processing Personal Data in the provision of the Secure Code Warrior Service (as applicable). “Processing” in relation to Personal Data under the PDPA means the carrying out of any operation or set of operations in relation to Personal Data, and includes recording, holding, organisation, adaptation or alteration, retrieval, combination, transmission, erasure or destruction.
Activity: Processes Personal Data through Customers (and their Employees) use of the Service.
Application of Data Protection Provisions: We are a data intermediary for these purposes; and, we are only subject to the two obligations imposed by the Data Protection Provisions relating to the protection and retention of Personal Data.
The Data Protection Provisions generally require an organization (which term includes any individual, company, association or body of persons, corporate or unincorporated) to be responsible for Personal Data of individuals in its possession or under its control, and to develop and implement policies that are necessary to meet the following obligations:
The PDPA applies only to Personal Data of individuals given in a personal capacity, for personal purposes and does not apply to “business contact information” which is defined in the PDPA as “an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes”. An organization is not required to obtain consent or otherwise comply with the PDPA in collecting, using or disclosing any business contact information disclosed in the course of a commercial transaction.
Secure Code Warrior acts as a data intermediary in connection with the use of the Service by our Customers and their authorized end users. Data intermediaries who process Personal Data on behalf of other organisations are only required to comply with two obligations under the PDPA when Processing this Personal Data:
The Protection Obligation requires us to put in place appropriate administrative, physical and technical measures to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks to the Personal Data in our possession or under our control, regardless whether the Personal Data is stored in a central server, or on local storage media, or at facilities operated by a third party vendor.
Secure Code Warrior is ISO 27001 certified and has a comprehensive security management program in place to protect the confidentiality, integrity and availability of our information assets.
Our application is built on modern cloud infrastructure designed to ensure the safety of your data. We have chosen to work with reputable third party cloud providers like AWS, who have a consistently excellent track record.
Your data is important to us. We ensure security and privacy is baked into our everyday processes throughout our organisation. We take regular data backups and test recovery, run penetration testing, encrypt all data at rest and in transit, conduct static code analysis and third party vulnerability scanning, and many other cloud security techniques. Visit our resource section to learn more.
The Retention Limitation Obligation requires us to cease to retain Personal Data which is Processed or remove the means by which the Personal Data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which the Personal Data was collected is no longer being served by retention of the Personal Data; and, the retention of the Personal Data is no longer necessary for legal or business purposes.
If you wish to make a complaint about the way we have handled your Personal Data (including if you think we have breached any applicable privacy laws), you may do so to our Privacy Officer in writing, by mail to firstname.lastname@example.org
Please include your full name, contact details and a detailed description of your complaint. Our Privacy Officer will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you consider that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
a. UNITED KINGDOM (incorporated in England and Wales)
Secure Code Warrior Limited
Company Number 08559432
4 Ironstone Way
Brixworth, Northampton. NNG 9UD
Secure Code Warrior Pty Limited
ABN 97 608 498 639
c/o Vital Addition
5, 120 Sussex Street
Sydney. NSW 2000
Secure Code Warrior BVBA
Baron Ruzettelaan 5
bus 3 8310 Brugge
Security Code Warrior Inc
265 Franklin Street, Suite 1702
Boston MA 02110
Borgatun 24, 105,
As a user of the Secure Code Warrior platform we will hold the following information about you
This personal information will be held about you for so long as you have access to our platform and thereafter for a further period of twelve (12) months or as specified in your employers contract with us (whichever is the lower).
As potential employee of Secure Code Warrior we hold the following information about you:
Should you be unsuccessful we will retain this data for a period of twelve (12) months so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand.
As an email contact or prospective customer to Secure Code Warrior we hold the following information about you:
We will retain this data for up to 7 years from our last contact with you, unless you request that we delete the data beforehand.
As a registrant, or participant in a tournament or competition we hold the following information about you:
This personal information will be held about you for so long as you have access to our platform and thereafter for a further period of twelve (12) months.
As a supplier to Secure Code Warrior we hold the following information about you:
Necessary to enable us to perform our contract with you:
Necessary for the performance of our contract with you where such communication relates specifically to our services, and legitimate interest to be able to handle such queries:
For legitimate interest to enable Secure Code Warrior to:
For legitimate interests to allow Secure Code Warrior to improve customer services offering:
To enable Secure Code Warrior to comply with a legal obligation:
To enable Secure Code Warrior to recruit employees and assess potential candidates, that is to:
consider applications for roles for which you may have applied, directly or via a recruitment, and the negotiation of employment opportunities,
consider applicants for other roles within Secure Code Warrior for which they may be suited,
obtain references from former employers.
Necessary for the performance of a contract
For legitimate interests to enable Secure Code Warrior to conduct business
For legitimate interests to contact those who may benefit from our services
Necessary for the running of the competition and/ or tournament
for legitimate interests to enable Secure Code Warrior for the performance of a contract where the supplier is an individual
Legitimate interests to conduct business