Home
 / 
trust center
 / 
Privacy Policy
Legals

Privacy Policy

Back to Trust Center

Last updated on 1 August  2022

1. General


1.1 Secure Code Warrior Limited, a company incorporated in England and Wales with Company Number 08559432 and its related bodies corporate, listed in Appendix A of this Privacy Policy (Policy) (all referred to as Secure Code Warrior) recognise that the privacy of your personal data (also known as your personal information or personally identifiable information (PII)) is important to you. At Secure Code Warrior we take our data protection and privacy obligations seriously and we are committed to ensuring that we handle personal information in accordance with the applicable data protection and privacy laws, including but not limited to:

  • the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 in the United Kingdom, 
  • the General Data Protection Regulation (EU) 2016/679 (known as the GDPR) in the European Union, 
  • the Australian Privacy Principles contained in the Privacy Act 1988, 
  • the California Consumer Privacy Act (so far as is applicable)
  • the Personal Data Protection Act 2012 (PDPA) in Singapore (Privacy Laws).

1.2 This Policy sets out how Secure Code Warrior collects, stores, processes, discloses and secures your personal information. It also sets out the rights you have in respect of your personal information. This Policy covers all our activities, including the operation of our website at www.securecodewarrior.com, use of the Security Code Warrior learning platform (SCW Learning Platform), the provision and marketing of our products, and services, recruitment, and the operation of our social media accounts including, but not limited to, Twitter, Facebook, Instagram, and YouTube channels.

1.3 This Policy applies exclusively to Secure Code Warrior. Where the Secure Code Warrior website or the platform contains links to other websites, Secure Code Warrior is not responsible for the privacy practices and terms of use of other organisations and websites.

2. Collection of your personal information


2.1 We collect personal information relating to our customers, prospective customers, business contacts, suppliers, recruitment candidates, and individuals who access the Secure Code Warrior platform or participate in our tournaments, trials, competitions, or other promotional activities.

2.2 The type of personal information Secure Code Warrior collects is set out in Appendix B. In most cases the personal information collected will include, but is not limited to, the following: first and last name, employer, professional title, contact information (email, phone, physical address), localization and device identification data (example, IP address) and other information reasonably necessary for us to provide our services to you or which is otherwise reasonably necessary for us to carry out our functions and activities.

2.3 Secure Code Warrior generally collects personal information directly from you when you communicate with us including (but not limited to) when you contact us, register for our services, or supply us with goods or services. For example, when we receive an email from you, we are collecting your personal information. However, there may be circumstances where we collect information about you from third parties or via other methods. In some cases we may receive personal information about you from a customer in the context of providing services to that customer. We may also receive information about you from a partner in the context of that partner providing services to us.

2.4 Secure Code Warrior may make a record of information relating to your visit to the SCW Website. In such an instance, you will be informed. Such information includes your server address, domain name, IP address, the date and time of your visit, pages accessed and documents downloaded. We will not collect personal information about you where you follow us on our Secure Code Warrior social media sites. If you do not wish information to be collected and recorded by means of a cookie, you may reconfigure your web browser to not accept cookies. Further information about cookies and how to disable them can be found here. For information on Secure Code Warrior’s Cookie Policy click here.

2.5 If you do not provide some requested personal information, we may be delayed or prevented from providing our services or platform to you, your employer and/ or entity through wish you access the SCW Platform, or satisfying your request or inquiry.

3. Use and disclosure of your personal information

3.1 Secure Code Warrior uses your personal information for its internal business and administrative purposes. In accordance with applicable data protection and privacy laws, we will only process your personal information if we have a lawful basis for doing so.

3.2 In respect of your personal information, these bases are:

  1. if it is necessary to provide services to you under the performance of the contract we have with you;
  2. if we are required to do so in accordance with legal obligations;
  3. if you have given your consent; and,
  4. if it is in our legitimate interests to process your personal information, provided that none of these prejudice your own rights, freedoms and interests.

Appendix C sets out the purposes for which we process your personal information, and the lawful basis on which we carry out such processing. 

Please note, that these lawful bases may not be applicable where you are receiving services from a Secure Code Warrior entity based outside of the EU and UK and you are also based outside of the EU and UK, but the following purposes will still apply and the lawful bases should help you better understand the purposes.

3.3 Secure Code Warrior will only use your personal information for the purposes listed in Appendix C or for other related compatible purposes for which you would reasonably expect us to use it (and in such circumstances the lawful bases would be in line with those listed above). We may also use your personal information for other purposes, but only where you have provided your express consent.

3.4 You will always have the opportunity to object to, or unsubscribe from receiving marketing materials. You can do this either via links in the message or by contacting Secure Code Warrior, support@securecodewarrior.com 

3.5 Secure Code Warrior may disclose your personal information in order to fulfill the purposes outlined in Appendix C. This will include sharing your personal information with other members of our corporate group and with external service providers such as those listed in Appendix E (on a confidential basis and in circumstances where those contracted service providers may only use your information for the purpose of Secure Code Warrior’s activities) to communicate with you and/or to store your contact details.

3.6 Secure Code Warrior may also disclose your personal information to:

  1. specialist advisers to Secure Code Warrior who have been engaged to provide us with legal, accounting, administrative, financial, insurance, research, marketing or other services;
  2. law enforcement bodies and/or any other relevant supervisory / data protection authorities which may have a reasonable requirement to access your personal information; and
  3. any other person authorised and specified by you.

3.7 In addition, Secure Code Warrior may use or disclose your personal information:

  1. where required or authorised by or under the applicable Privacy Laws or an order of a court or tribunal;
  2. in accordance with the applicable Privacy Laws, including where we hold a reasonable belief that the use or disclosure is required for certain enforcement or health and safety purposes, or that use or disclosure is necessary in relation to certain suspected unlawful activity or misconduct;
  3. whilst negotiating any takeover, purchase, merger, joint venture, partnership or other similar arrangement; or
  4. if reasonably necessary for the establishment, exercise or defence of a legal or equitable claim or for the purposes of confidential alternative dispute resolution.

3.8 Secure Code Warrior may at other times notify you about our disclosure practices in respect of specific services that we provide in relation to our activities. 

4. Storage and security of your personal information


4.1 Secure Code Warrior may hold your personal information in a number of different formats, including but not limited to, software programs (located both onsite and offsite, including in the cloud), databases, filing systems and in offsite backup storage.

4.2 Personal information held by Secure Code Warrior may also be stored in email accounts that are accessible through mobile devices. Given the nature of our business and corporate structure we may disclose personal information about an individual to one of our related companies overseas for the purpose of the provision and improvement of our services. Where the recipient territory does not offer the same level of privacy and data protection legislation, Secure Code Warrior will ensure that adequate safeguards are in place to protect your personal information.  If you would like further information about where we may disclose your personal information, please contact Secure Code Warrior’s Privacy Officer at support@securecodewarrior.com.

4.3 Secure Code Warrior takes all reasonable steps to protect your personal information from loss, unauthorised access, modification, disclosure or misuse. However, we cannot ensure the security of any information that you transmit to us over the Internet and you do so at your own risk.

4.4 For more information on how Secure Code Warrior protects your data, please visit our Trust Center.

5. Unsolicited information

5.1 Where Secure Code Warrior receives any personal information either in error or which was not requested by us, we will as soon as practicable delete and destroy that information. With your consent, if the information was sent for the purpose of securing employment with us, we may keep this information subject to the retention periods set out in Appendix B.

6. Retention

6.1 Secure Code Warrior will retain your personal information for so long as is necessary for the purposes outlined in this Policy (and Appendix B). In some circumstances we will be obliged by law to retain personal information for longer periods.

7. Your rights to your personal information

7.1 Privacy Laws give you certain rights in respect of your personal information, including the right to:

  1. request access to your personal information;
  2. request correction of the personal information that we hold about you as described below;
  3. where required by law, request erasure of your personal information where there is no good reason for us continuing to process it or where you have exercised a right to object to processing (see (d) below);
  4. object to processing of your personal information where we are relying on a “legitimate interest” (or the interests of a third party) and there is no compelling reason for us to continue processing your personal information;
  5. object to processing your personal information for direct marketing purposes;
  6. object to automated decision-making including profiling by us using your personal information which has a legal effect or similar significant effect on you;
  7. request the restriction of processing of your personal information (for example, to suspend the processing of your personal information due to inaccuracy or our stated reason for processing it);
  8. request that we provide you or a third party the personal information we hold regarding you in an electronically useable format; and
  9. withdraw your consent for those purposes where we rely on consent, in which case we will no longer process your information for the purpose or purposes to which you originally consented, unless we have another lawful basis for doing so.

7.2 Please also note that your rights above are not absolute and we may be unable to comply with your request (in whole or in part). If we reasonably determine that your request is manifestly unfounded we reserve the right to refuse to comply with your request. We will provide you with a basis for any objection in this case. Your rights may vary depending on the Privacy Laws that apply to you.

7.3 If you wish to exercise a right that you have regarding your personal information, please contact our Privacy Officer at support@securecodewarrior.com

7.4 Secure Code Warrior will process your request within a reasonable time and in any event and unless otherwise stated within one month from the date that we received your request. In the event of particularly complex requests we may have to extend this period by up to two further months, but we will notify you of this.

7.5 If you have any cause for complaint about our use of your personal information, you have the right to lodge a complaint with your national data protection supervisory authority (details of some are set out at the end of this Policy), although we would ask that you contact us in the first instance using the contact details given below.

8. Changes to this policy

8.1 This Policy was last updated on 1 August 2022.

8.2  Secure Code Warrior may amend this Policy from time to time by publishing a revised Policy on our website, or ​​in any associated registration forms, terms and conditions, additional privacy policies, forms and other notices. Any changes will be effective as of the date they are published. In the event of any material changes to this Policy, Secure Code Warrior may take additional reasonable steps to notify you of the changes.

9. Contact details and further information

9. Contact details and further information

9.1 If you have any questions in relation to privacy or you wish to access or correct your personal information, please contact our Privacy Officer directly by email at support@securecodewarrior.com

9.2 For further information about privacy issues (and to make complaints), see the UK Information Commissioner’s Office website at www.ico.org.uk, the Office of the Australian Information Commissioner’s website at www.oaic.gov.au, and the European Data Protection Board (https://edpb.europa.eu/edpb_en).  

Appendix A
Appendix b
Appendix c
Appendix d
Appendix e
Appendix A - Secure Code Warrior Legal Entities


a. ENGLAND AND WALES
   Secure Code Warrior Limited
   Company Number 08559432
   Ironstone House
   4 Ironstone Way
   Brixworth, Northampton. NNG 9UD
   United Kingdom

b. NEW SOUTH WALES
   Secure Code Warrior Pty Limited
   ABN 97 608 498 639
   c/o Vital Addition
   5, 120 Sussex Street
   Sydney. NSW 2000
   Australia

c. BELGIUM
   Secure Code Warrior BVBA
   Baron Ruzettelaan 5
   bus 3 8310 Brugge
   Belgium

d. DELAWARE
   Security Code Warrior Inc
   265 Franklin Street, Suite 1702
   Boston MA 02110
   USA

e. ICELAND
   Motherji ehf
   Borgatun 24, 105,
   Reykjavik,
   Iceland

Appendix B - Collection of Personal Information
a. PLATFORM USER
  1. User email address (username) 
  2. First Name, Last Name
  3. Employer/Company Name/ Team name
  4. Test results /Metrics information/Assessment data
  5. IP Address (Anonymised)
  6. Machine ID (Anonymised)
  7. Geo-location (derived from IP)
  8. Password 
  9. Roles/Job Title
  10. Inviter details (email address of inviter/First Name/Last Name)
  11. Country/Region
  12. Browser Type
  13. Phone Number*

* Only required for Trial Users

Whilst you have access to our platform, and thereafter for a period of 12 months, unless otherwise agreed.

CUSTOMERS
  1. Name
  2. Business Email Address
  3. Phone Number
  4. Employer/Company Name
  5. Job Title
  6. Billing address 
  7. Company/Tax Registration Number

We will retain this information in accordance with applicable laws and our privacy policy for a period of 7 years from the date of our last contact with  you unless, where you are entitled, request that we delete this information.


PRospects / leads
  1. Name
  2. Business Email Address
  3. Phone Number
  4. Employer/Company Name
  5. Job Title
  6. Physical Location

We will retain this information for a period of 24 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

PARTICIPANTS IN TOURNAMENTS AND / OR COMPETITIONS: Registrant / participant
  1. Name
  2. Email address
  3. Physical address in circumstances where there may be a physical prize to be delivered
  4. Country/Region

We will retain this information for the duration of the Competition, and for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information

SUPPLIER
  1. Name
  2. Business/Company Name
  3. Email Address
  4. Phone Number
  5. Bank Details
  6. Billing address 
  7. Company/Tax Registration Number

We will retain this data for up to 7 years from our last contact with you, unless you request that we delete the data beforehand.

recruitment candidates
  1. CV/ Resume
  2. Phone Number
  3. Date of Birth
  4. Qualifications
  5. Email address
  6. Physical address (if provided)

For unsuccessful we will retain this data for a period of twelve (12) months so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand.

Website visitor
  1. Name³
  2. Contact information³ (company, role/title, business email address and phone number)
  3. IP Address¹
  4. Cookie Data¹ ²

¹ When you communicate with us through our websites:
We use Drift as one of our chatbots to allow customers to interact with us through our websites. Drift will only use the IP address for data enrichment, i.e. to determine if it is associated with a business to provide Secure Code Warrior with information such the industry and # of employees of the business. 

Drift will only use cookies to track the activities of site visitors within Secure Code Warrior’s sites, e.g. whether they visited a particular product page or the pricing page before engaging with the messaging widget. Drift will NOT track users across domains or build profiles.

² Cookiebot

We use Cookiebot to manage all cookies across our websites. Cookiebot allows Secure Code Warrior to:

  • Enable prior consent.
  • Provide clear and specific information about data types and purpose of the cookies.
  • Fully document all given consents.
  • Allow our visitors to reject superfluous cookies and still use our websites.
  • Allow our visitors to withdraw their consent whenever they want.

³ Information is collected after consent is given

Refer to our cookie policy

We will retain this data for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

Appendix C - Purposes for which we process your personal information, and the lawful basis on which we carry out such processing
1. PLATFORM USER

1.Necessary to enable us to perform our contract with you: 

  • to set up, administer and manage a user’s account, verify a user’s identity, provider users with our platform and services, and to receive and respond to a user’s communications and requests.
  • to notify our users of updates to our platform and services necessary for the performance of the contract we have with you.
  • to support any other purpose necessary for performance of our contractual obligations or specifically stated at the time at which you provided your personal information.

2. Necessary for the performance of our contract with you where such communication relates specifically to our services, and legitimate interest to be able to handle such queries: 

  • to receive and respond to a user’s communications and requests.

3.  For legitimate interest to enable Secure Code Warrior to: 

  • carry out market research campaigns so that we can better understand the functionality of our platform and how we can improve our platform and our services.
  • prepare statistics relating to the use of our platform and services by our users so that we can understand the use of, and improve our platform and services.

4. For legitimate interests to allow Secure Code Warrior to improve customer services offering: 

  • to record and review customer service communications for training and performance improvements to enable us to improve customer services.
  • To enable Secure Code Warrior to comply with legal obligations.

5. With consent: 

  • to send users marketing materials where marketing materials have been specifically requested.
2. Customers

1. Necessary for the performance of a contract 

  • conducting business and make our services available to customers,

2. For legitimate interests to enable Secure Code Warrior to conduct business 

  • to send and receive business communications
  • to administer our relationship with customers, prospective customers and business contacts

3. For legitimate interests to contact those who may benefit from our services 

  • informing prospective customers and business contacts about our services.

4. With consent 

  • to send out marketing materials where these have been specifically requested.
3. email contact / prospective customer

1.For legitimate interests to enable Secure Code Warrior to conduct business 

  • to send and receive business communications
  • to administer our relationship with customers, prospective customers and business contacts

2. For legitimate interests to contact those who may benefit from our services 

  • informing prospective customers and business contacts about our services.

3. With consent 

  • to send out marketing materials where these have been specifically requested.

4. participants in tournaments and / or competitions: registrant / participant

1. Necessary for the performance of our contract with you, namely  for the running of the competition and/ or tournament

2. With consent: to send out marketing materials

5. SUPPLIER

1. For legitimate interests to enable Secure Code Warrior for the performance of a contract where the supplier is an individual

  • to assess and appoint suppliers
  • Legitimate interests to conduct business 

2.   To send and receive business communications.

3.  To administer our relationship with our suppliers.

6. recruitment candidates

To enable Secure Code Warrior to recruit employees and assess potential candidates, that is to: 

  • consider applications for roles for which you may have applied, directly or via a recruitment, and the negotiation of employment opportunities,
  • consider applicants for other roles within Secure Code Warrior for which they may be suited,
  • obtain references from former employers.
7. website visitor

For legitimate interest to enable Secure Code Warrior to,

  • provide, operate, maintain, improve, and promote our Websites and Services;
  • enable you to access and use our Websites and Services;
  • send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners (you can opt-out of receiving marketing communications from us by unsubscribing from any communication we send you);
  • monitor and analyze trends, usage, and activities in connection with our Websites and Services and for marketing or advertising purposes;
  • investigate and prevent fraudulent transactions, unauthorized access to our Websites and Services, and other illegal activities;
  • personalize our Websites and Services, including by providing features or advertisements that match your interests and preferences; and for other purposes for which we obtain your consent.
Appendix D - Secure Code Warrior Related Websites
  1. securecodewarrior.com
  2. help.securecodewarrior.com
  3. discover.securecodewarrior.com
  4. leadersinappsec.com
  5. leadersindevsec.com
  6. softwaresecuritygurus.com
  7. scw.io
  8. learn.securecodewarrior.com
Appendix E - External Service Providers

Secure Code Warrior (SCW) works with certain service providers (both locally and abroad) to run our business operations and to ensure that we can provide our contracted services to you. These service providers might (depending on the terms of their contracts with us) process your data:

  1. as data processors on our behalf, or 
  2. as joint controllers with us, or 
  3. they might receive data about you from us as separate date controllers.


Here is a full list of Secure Code Warrior’s service providers - our service providers are sometimes also referred to as Subprocessors on our website and/ or in any associated policies and terms and conditions.

Embrace developer-driven secure coding.

Contact us today and make software security an intrinsic part of your development process.

Start your free trial
Sensei Free 21 Day Trial
Book a demo
Product
Features
CoursesMissionsTournamentsAssessmentsTrainingCoding LabsLearning resources
Product
More
IntegrationsSupported languagesSupported vulnerabilities
SCW for Azure Boards
SCW Connector for Okta Workflows
SCW for GitHub
Secure Code Warrior Bootcamp
Solutions
For Industries
GovernmentRetailFinance & bankingInsuranceTechnologyAutomotive & transportHealthcare
Solutions
For Teams
Engineering teamsSecurity teamsLearning & developmentC-Suite
Use cases
Achieve complianceIncrease productivityMitigate riskIncrease my skills
Company
About usPlansPartnersCareersNewsroomTrust centerContact us
Community
BlogResourcesLeaders-in-AppSecSoftware Security GurusEvents
SUPPORT
Help centerCustomer successRelease notesFAQ
connect with us and keep up to date with THE LATEST NEWS
Submit
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Twitter
Linkedin
Instagram
Facebook
Youtube
Sydney

Level 2, 29-43 Balfour Street Chippendale, NSW 2008 Australia

Boston

c/o Suite 1702, 265 Franklin Street
Boston, MA 02110 USA

Portland

Working remotely in and around Portland, OR 97204 USA

London

Working remotely in and around London, United Kingdom UK1

Bruges

Baron Ruzettelaan 5 bus 3 8310 Brugge Belgium

REYKJAVIK

Katrínartún 4 105 Reykjavik Iceland

© 2015-2022 Secure Code Warrior Limited. All rights reserved. Terms of use | Privacy policy | Cookie policy | Accessibility