Our Privacy policy
Last updated on 16 March 2023
1. General
1.1
At Secure Code Warrior, your privacy is important to us and we take our data protection and privacy obligations seriously. This privacy policy explains how we handle (or ‘process’) your personal data and your related data protection rights. It covers all our activities, products and services including:
- Secure Code Warrior’s learning platform (‘SCW Learning Platform’)
- Our websites listed in Appendix B (‘website’)
- Social media channels (such as Twitter, Facebook, Instagram and YouTube)
- Recruitment
1.2
This privacy policy does not cover, and we are not responsible for, the privacy practices of third party organisations (such as our customers or third-party services linked to through our website or the SCW Learning Platform). For more information about how third parties process your personal data, please refer to the individual privacy policies of each organisation.
For information about third-party service providers who process personal data on our behalf (‘processors’ or ‘sub-processors’), please refer to Section 3.4.
1.3
When we use ‘us’, ‘we’, ‘our’ or ‘Secure Code Warrior’ in this privacy policy, we are referring to Secure Code Warrior Limited, a company incorporated in England and Wales (08559432), and its related bodies corporate listed in Appendix A of this privacy policy.
2. Collection
2.1
Please refer to the below table for information about whose personal data we process and a breakdown of the individual data elements for each category of data subject:
We process the personal data of… |
We may process your… |
Website users |
|
Platform users |
- Phone number (trial users only)
- Email address
- Name (first and last)
- Device information (browser type, device identifier and IP address)
- Professional information (employer, team name, role, job title)
- Location information (country/region and geo-location derived from IP address)
- Analytics and assessment data
- Cookie data (see cookie policy for more information)
|
Participants in tournaments, competitions or other promotional activities |
- Email address
- Name (first and last)
- Location information (country/region, unless postal address required for delivery of physical prize)
|
Business contacts and representatives (such as customers, prospective customers, partners and suppliers) |
- Phone number
- Email address
- Name (first and last)
- Professional information (employer, role, job title)
- Location information (country/region)
|
Recruitment candidates |
- Phone number
- Email address
- Name (first and last)
- Qualifications
- Information contained in resume
|
Anyone who corresponds with us by post, email, social media or any other method |
This will vary depending on the method of communication, but will include any information that has not been withheld (such as your phone number, email address or display name) and any information you have purposefully disclosed in your correspondence with us. |
2.2
Secure Code Warrior generally collects personal data directly from you when you communicate with us including (but not limited to) when you contact us, register for our services, or supply us with goods or services. For example, when we receive an email from you, we are collecting your personal data. However, there may be circumstances where we collect information about you from third parties or via other methods. In some cases we may receive personal data about you from a customer in the context of providing services to that customer. We may also receive information about you from a partner in the context of that partner providing services to us.
2.3
For more information about our use of cookies on our website and platform, please refer to our cookie policy.
2.4
If you do not provide some requested information, we may be delayed or prevented from providing our services and/or satisfying your request or inquiry.
3. Use and disclosure
3.1
Secure Code Warrior is the data controller where we determine the purpose and means of processing personal data. In accordance with applicable data protection and privacy laws, we will only process your personal data if we have a lawful basis for doing so.
Please refer to the below table for a summary of why we may process your personal data and our lawful bases for doing so.
Please also note that the purposes still stand even if the lawful bases do not apply because you are based outside the EEA/UK and are receiving services from one of our entities outside those jurisdictions.
When processing your personal data is in our legitimate interest to… |
Website users |
- provide, operate, maintain, improve, and promote our Websites and Services
- enable you to access and use our Websites and Services
- investigate and prevent fraudulent transactions, unauthorised access to our services, and other illegal activities
|
Platform users |
- carry out market research campaigns so that we can better understand the functionality of our platform and how we can improve our platform and our services.
- prepare statistics relating to the use of our platform and services by our users so that we can understand the use of, and improve our platform and services.
- record and review customer service communications for training and performance improvements to enable us to improve customer services
- receive and respond to communications and requests
- create marketing cohorts based on the analytics information generated by our platform
|
Business contacts and representatives (such as customers, prospective customers, partners and suppliers) |
- send and receive business communications
- administer our relationship
- inform prospective customers and contracts about our services
- send promotional and marketing materials related to the services you have purchased
|
Recruitment candidates |
- consider applications for roles for which you may have applied
- negotiate employment opportunities
- obtain references from former employers
|
Anyone who corresponds with us by post, email, social media or any other method |
- respond to you and follow up with related/requested information at a later date
|
When processing is necessary… |
Business contacts and representatives (such as customers, prospective customers, partners and suppliers) |
- for the performance of a contract to which you are party
- in order to take steps prior to entering into a contract
|
We have your consent to… |
Website users |
- send promotional and marketing materials about us and our partners
- monitor and analyse trends, usage, and activities in connection with our website and services for promotional and marketing purposes
- personalise our website and services, including by providing features or advertisements that match your interests and preferences
|
Platform users |
- send promotional and marketing materials about us and our partners
|
Participants in tournaments, competitions or other promotional activities |
- send promotional and marketing materials about us and our partners
- send you a physical prize
|
Business contacts and representatives (such as customers, prospective customers, partners and suppliers) |
- send promotional and marketing materials about us and our partners
|
3.2
We will only process your personal data for a) the purposes listed above, or b) other related compatible purposes for which you would reasonably expect us to use it (and in such circumstances where the lawful bases are also aligned). We may also process your personal data for other purposes, but only where you have provided your express consent.
3.3
You will always have the opportunity to object to, or unsubscribe from receiving marketing materials. You can do so via ‘unsubscribe’ links in our messages or by contacting us at support@securecodewarrior.com
3.4
Secure Code Warrior may disclose your personal data in order to fulfil the purposes outlined above. This will include sharing your personal data with other members of our corporate group (Appendix A) and with the below categories of third party service providers (‘processors’) depending on your relationship with us:
We share personal data with processors who assist with and enable… |
The hosting of our website, products/service, infrastructure and related databases |
Product/service support, feedback and feature requests |
Email communications and consent management |
Analytics for our products/services, and our sales and marketing teams |
Delivery of physical and virtual prizes or rewards |
For a list of third-party service providers engaged by us to process personal data on behalf of our customers (‘sub-processors’), please refer to: https://www.securecodewarrior.com/trust/sub-processors
3.5
Secure Code Warrior may also disclose your personal data:
a) to specialist advisers who have been engaged to provide us with legal, accounting, administrative, financial, insurance, research, marketing or other services;
b) to law enforcement bodies and/or any other relevant supervisory/data protection authorities which may have a reasonable requirement to access your personal data; and
c) to any other person authorised and specified by you.
d) where required or authorised by or under the applicable data protection law or an order of a court or tribunal;
e) in accordance with the applicable data protection law, including where we hold a reasonable belief that the processing or disclosure is required for certain enforcement or health and safety purposes, or that processing or disclosure is necessary in relation to certain suspected unlawful activity or misconduct;
f) whilst negotiating any takeover, purchase, merger, joint venture, partnership or other similar arrangement; or
g) if reasonably necessary for the establishment, exercise or defence of a legal or equitable claim or for the purposes of confidential alternative dispute resolution.
3.6
At other times, we may notify you about our disclosure practices in respect of specific services that we provide in relation to our activities.
4. Storage and Security
4.1
We may hold your personal data in a number of different formats, including but not limited to, software programs (located both onsite and offsite, including in the cloud), databases, filing systems and in offsite backup storage.
4.2
Given the nature of our business and corporate structure we may disclose your personal data internationally to one of our related companies (Appendix A) or external service providers (Section 3.4) for the provision and improvement of our services. Where the recipient territory does not offer the same level of privacy and data protection legislation, we will ensure that adequate safeguards are in place to protect your personal data.
If you would like further information about where we may disclose your personal data, please contact us at support@securecodewarrior.com
4.3
For more information about how we protect your data, please visit our Trust Center.
5. Retention
5.1
Our data retention periods vary depending on your relationship with us. Please see the table below for more detail.
If you are a… |
Unless otherwise requested, we will retain your personal data… |
Website users |
For twelve (12) months from the date of our last contact with you |
Platform users |
While you have access to our platform, then for a following twelve (12) months |
Participants in tournaments, competitions or other promotional activities |
For the duration of the event or promotion, then for a following twelve (12) months |
Prospective customers |
For twenty-four (24) months from the date of our last contact with you |
Business contacts and representatives (such as customers, partners and suppliers) |
For seven (7) years from the date of our last contact with you
|
Recruitment candidates |
For twelve (12) months for unsuccessful candidates |
Anyone who corresponds with us by post, email, social media or any other method |
For twelve (12) months from the date of our last contact with you |
5.2
Where we receive personal data that was not requested from us or was sent to us in error, we will delete and destroy that information as soon as is practicable. With your consent, if the information was sent for the purpose of securing employment with us, we may keep this information subject to the retention periods in the above table.
6. Your rights
6.1
You may have certain rights in respect of your personal data, including the right to:
a) request access to your personal data;
b) request correction of the personal data that we hold about you as described below;
c) where required by law, request erasure of your personal data where there is no good reason for us continuing to process it or where you have exercised a right to object to processing (see (d) below);
d) object to processing of your personal data where we are relying on a “legitimate interest” (or the interests of a third party) and there is no compelling reason for us to continue processing your personal data;
e) object to processing your personal data for direct marketing purposes;
f) object to automated decision-making including profiling by us using your personal data which has a legal effect or similar significant effect on you;
g) request the restriction of processing of your personal data (for example, to suspend the processing of your personal data due to inaccuracy or our stated reason for processing it);
h) request that we provide you or a third party the personal data we hold regarding you in an electronically useable format; and
i) withdraw your consent for those purposes where we rely on consent, in which case we will no longer process your information for the purpose or purposes to which you originally consented, unless we have another lawful basis for doing so.
6.2
Please also note that your rights above are not absolute, may vary depending on applicable data protection law, and we may be unable to comply with your request (in whole or in part). If we reasonably determine that your request is manifestly unfounded, we reserve the right to refuse to comply with your request. We will provide you with a basis for any objection in this case.
6.3
If you wish to exercise a right that you have regarding your personal data, please contact us at support@securecodewarrior.com. We will process your request within a reasonable time and respond within one month from the date of receipt. In the event of particularly complex requests we may have to extend this period by up to two further months, but we will notify you of this.
6.4
If you have cause for complaint about our processing of your personal data, you have the right to lodge a complaint with your national data protection supervisory authority (Section 8.2 for details), although we ask that you contact us in the first instance at support@securecodewarrior.com
7. Changes to our privacy policy
7.1
This privacy policy was last updated on 17 March 2023.
7.2
We may amend our privacy policy from time to time by publishing a revised version on our website, or in any associated registration forms, terms and conditions, forms and other notices. Any changes will be effective as of the date they are published. In the event of any material changes to this privacy policy, we may also take additional reasonable steps to notify you of the changes.
8. Contact details
8.1
If you have any questions in relation to privacy, or you wish to access or correct your personal data, please contact us at support@securecodewarrior.com
8.2
For further information about privacy issues (and to make complaints), see the UK Information Commissioner’s Office website at www.ico.org.uk, the Office of the Australian Information Commissioner’s website at www.oaic.gov.au, and the European Data Protection Board (https://edpb.europa.eu/edpb_en).
APPENDIX A - SECURE CODE WARRIOR ENTITIES
SCW Entity |
Incorporation |
Company No |
Address |
Secure Code Warrior Ltd |
England and Wales |
08559432 |
Ironstone House 4 Ironstone Way Brixworth Northampton NN6 9UD
|
Secure Code Warrior Inc. |
Delaware (U.S.A) |
- |
265 Franklin st. Suite 1702
Boston
MA 02110
|
Secure Code Warrior BVBA |
Belgium |
- |
Baron Ruzettelaan 5
bus 3 8310 Brugge
|
Secure Code Warrior Pty Ltd |
New South Wales (Australia) |
608 498 639
(ACN)
|
29-43 Balfour Street Chippendale
NSW 2008
|
SCW ehf |
Iceland |
- |
Katrinartun 4 105
Reykjavik
|
APPENDIX B - SECURE CODE WARRIOR WEBSITES