Last updated on 16 March 2023
For information about third-party service providers who process personal data on our behalf (‘processors’ or ‘sub-processors’), please refer to Section 3.4.
Please refer to the below table for information about whose personal data we process and a breakdown of the individual data elements for each category of data subject:
Secure Code Warrior generally collects personal data directly from you when you communicate with us including (but not limited to) when you contact us, register for our services, or supply us with goods or services. For example, when we receive an email from you, we are collecting your personal data. However, there may be circumstances where we collect information about you from third parties or via other methods. In some cases we may receive personal data about you from a customer in the context of providing services to that customer. We may also receive information about you from a partner in the context of that partner providing services to us.
If you do not provide some requested information, we may be delayed or prevented from providing our services and/or satisfying your request or inquiry.
Secure Code Warrior is the data controller where we determine the purpose and means of processing personal data. In accordance with applicable data protection and privacy laws, we will only process your personal data if we have a lawful basis for doing so.
Please refer to the below table for a summary of why we may process your personal data and our lawful bases for doing so.
Please also note that the purposes still stand even if the lawful bases do not apply because you are based outside the EEA/UK and are receiving services from one of our entities outside those jurisdictions.
We will only process your personal data for a) the purposes listed above, or b) other related compatible purposes for which you would reasonably expect us to use it (and in such circumstances where the lawful bases are also aligned). We may also process your personal data for other purposes, but only where you have provided your express consent.
You will always have the opportunity to object to, or unsubscribe from receiving marketing materials. You can do so via ‘unsubscribe’ links in our messages or by contacting us at firstname.lastname@example.org
Secure Code Warrior may disclose your personal data in order to fulfil the purposes outlined above. This will include sharing your personal data with other members of our corporate group (Appendix A) and with the below categories of third party service providers (‘processors’) depending on your relationship with us:
For a list of third-party service providers engaged by us to process personal data on behalf of our customers (‘sub-processors’), please refer to: https://www.securecodewarrior.com/trust/sub-processors
At other times, we may notify you about our disclosure practices in respect of specific services that we provide in relation to our activities.
We may hold your personal data in a number of different formats, including but not limited to, software programs (located both onsite and offsite, including in the cloud), databases, filing systems and in offsite backup storage.
Given the nature of our business and corporate structure we may disclose your personal data internationally to one of our related companies (Appendix A) or external service providers (Section 3.4) for the provision and improvement of our services. Where the recipient territory does not offer the same level of privacy and data protection legislation, we will ensure that adequate safeguards are in place to protect your personal data.
If you would like further information about where we may disclose your personal data, please contact us at email@example.com
For more information about how we protect your data, please visit our Trust Center.
Our data retention periods vary depending on your relationship with us. Please see the table below for more detail.
Where we receive personal data that was not requested from us or was sent to us in error, we will delete and destroy that information as soon as is practicable. With your consent, if the information was sent for the purpose of securing employment with us, we may keep this information subject to the retention periods in the above table.
Please also note that your rights above are not absolute, may vary depending on applicable data protection law, and we may be unable to comply with your request (in whole or in part). If we reasonably determine that your request is manifestly unfounded, we reserve the right to refuse to comply with your request. We will provide you with a basis for any objection in this case.
If you wish to exercise a right that you have regarding your personal data, please contact us at firstname.lastname@example.org. We will process your request within a reasonable time and respond within one month from the date of receipt. In the event of particularly complex requests we may have to extend this period by up to two further months, but we will notify you of this.
If you have cause for complaint about our processing of your personal data, you have the right to lodge a complaint with your national data protection supervisory authority (Section 8.2 for details), although we ask that you contact us in the first instance at email@example.com
If you have any questions in relation to privacy, or you wish to access or correct your personal data, please contact us at firstname.lastname@example.org
For further information about privacy issues (and to make complaints), see the UK Information Commissioner’s Office website at www.ico.org.uk, the Office of the Australian Information Commissioner’s website at www.oaic.gov.au, and the European Data Protection Board (https://edpb.europa.eu/edpb_en).