Privacy Policy

Our Privacy policy

Last updated on 16 March 2023

1. General‍

1.1
At Secure Code Warrior, your privacy is important to us and we take our data protection and privacy obligations seriously. This privacy policy explains how we handle (or ‘process’) your personal data and your related data protection rights. It covers all our activities, products and services including:

Secure Code Warrior’s learning platform (‘SCW Learning Platform’)
Our websites listed in Appendix B (‘website’)
Social media channels (such as Twitter, Facebook, Instagram and YouTube)
Recruitment

1.2
This privacy policy does not cover, and we are not responsible for, the privacy practices of third party organisations (such as our customers or third-party services linked to through our website or the SCW Learning Platform). For more information about how third parties process your personal data, please refer to the individual privacy policies of each organisation.

For information about third-party service providers who process personal data on our behalf (‘processors’ or ‘sub-processors’), please refer to Section 3.4.

1.3
When we use ‘us’, ‘we’, ‘our’ or ‘Secure Code Warrior’ in this privacy policy, we are referring to Secure Code Warrior Limited, a company incorporated in England and Wales (08559432), and its related bodies corporate listed in Appendix A of this privacy policy.

‍

2. Collection

2.1
Please refer to the below table for information about whose personal data we process and a breakdown of the individual data elements for each category of data subject:

We process the personal data of…	We may process your…
Website users	IP address Cookie data (see cookie policy for more information)
Platform users	Phone number (trial users only) Email address Name (first and last) Device information (browser type, device identifier and IP address) Professional information (employer, team name, role, job title) Location information (country/region and geo-location derived from IP address) Analytics and assessment data Cookie data (see cookie policy for more information)
Participants in tournaments, competitions or other promotional activities	Email address Name (first and last) Location information (country/region, unless postal address required for delivery of physical prize)
Business contacts and representatives (such as customers, prospective customers, partners and suppliers)	Phone number Email address Name (first and last) Professional information (employer, role, job title) Location information (country/region)
Recruitment candidates	Phone number Email address Name (first and last) Qualifications Information contained in resume
Anyone who corresponds with us by post, email, social media or any other method	This will vary depending on the method of communication, but will include any information that has not been withheld (such as your phone number, email address or display name) and any information you have purposefully disclosed in your correspondence with us.

2.2
Secure Code Warrior generally collects personal data directly from you when you communicate with us including (but not limited to) when you contact us, register for our services, or supply us with goods or services. For example, when we receive an email from you, we are collecting your personal data. However, there may be circumstances where we collect information about you from third parties or via other methods. In some cases we may receive personal data about you from a customer in the context of providing services to that customer. We may also receive information about you from a partner in the context of that partner providing services to us.

2.3
For more information about our use of cookies on our website and platform, please refer to our cookie policy.

2.4
If you do not provide some requested information, we may be delayed or prevented from providing our services and/or satisfying your request or inquiry.

3. Use and disclosure

3.1
Secure Code Warrior is the data controller where we determine the purpose and means of processing personal data. In accordance with applicable data protection and privacy laws, we will only process your personal data if we have a lawful basis for doing so.

Please refer to the below table for a summary of why we may process your personal data and our lawful bases for doing so.

Please also note that the purposes still stand even if the lawful bases do not apply because you are based outside the EEA/UK and are receiving services from one of our entities outside those jurisdictions.

When processing your personal data is in our legitimate interest to…
Website users	provide, operate, maintain, improve, and promote our Websites and Services enable you to access and use our Websites and Services investigate and prevent fraudulent transactions, unauthorised access to our services, and other illegal activities
Platform users	carry out market research campaigns so that we can better understand the functionality of our platform and how we can improve our platform and our services. prepare statistics relating to the use of our platform and services by our users so that we can understand the use of, and improve our platform and services. record and review customer service communications for training and performance improvements to enable us to improve customer services receive and respond to communications and requests create marketing cohorts based on the analytics information generated by our platform
Business contacts and representatives (such as customers, prospective customers, partners and suppliers)	send and receive business communications administer our relationship inform prospective customers and contracts about our services send promotional and marketing materials related to the services you have purchased
Recruitment candidates	consider applications for roles for which you may have applied negotiate employment opportunities obtain references from former employers
Anyone who corresponds with us by post, email, social media or any other method	respond to you and follow up with related/requested information at a later date
When processing is necessary…
Business contacts and representatives (such as customers, prospective customers, partners and suppliers)	for the performance of a contract to which you are party in order to take steps prior to entering into a contract
We have your consent to…
Website users	send promotional and marketing materials about us and our partners monitor and analyse trends, usage, and activities in connection with our website and services for promotional and marketing purposes personalise our website and services, including by providing features or advertisements that match your interests and preferences
Platform users	send promotional and marketing materials about us and our partners
Participants in tournaments, competitions or other promotional activities	send promotional and marketing materials about us and our partners send you a physical prize
Business contacts and representatives (such as customers, prospective customers, partners and suppliers)	send promotional and marketing materials about us and our partners

3.2
We will only process your personal data for a) the purposes listed above, or b) other related compatible purposes for which you would reasonably expect us to use it (and in such circumstances where the lawful bases are also aligned). We may also process your personal data for other purposes, but only where you have provided your express consent.

3.3
You will always have the opportunity to object to, or unsubscribe from receiving marketing materials. You can do so via ‘unsubscribe’ links in our messages or by contacting us at support@securecodewarrior.com

3.4
Secure Code Warrior may disclose your personal data in order to fulfil the purposes outlined above. This will include sharing your personal data with other members of our corporate group (Appendix A) and with the below categories of third party service providers (‘processors’) depending on your relationship with us:

We share personal data with processors who assist with and enable…
The hosting of our website, products/service, infrastructure and related databases
Product/service support, feedback and feature requests
Email communications and consent management
Analytics for our products/services, and our sales and marketing teams
Delivery of physical and virtual prizes or rewards

For a list of third-party service providers engaged by us to process personal data on behalf of our customers (‘sub-processors’), please refer to: https://www.securecodewarrior.com/trust/sub-processors

3.5

Secure Code Warrior may also disclose your personal data:

a) to specialist advisers who have been engaged to provide us with legal, accounting, administrative, financial, insurance, research, marketing or other services;
b) to law enforcement bodies and/or any other relevant supervisory/data protection authorities which may have a reasonable requirement to access your personal data; and
c) to any other person authorised and specified by you.
d) where required or authorised by or under the applicable data protection law or an order of a court or tribunal;
e) in accordance with the applicable data protection law, including where we hold a reasonable belief that the processing or disclosure is required for certain enforcement or health and safety purposes, or that processing or disclosure is necessary in relation to certain suspected unlawful activity or misconduct;
f) whilst negotiating any takeover, purchase, merger, joint venture, partnership or other similar arrangement; or
g) if reasonably necessary for the establishment, exercise or defence of a legal or equitable claim or for the purposes of confidential alternative dispute resolution.

3.6
At other times, we may notify you about our disclosure practices in respect of specific services that we provide in relation to our activities.

4. Storage and Security

4.1
We may hold your personal data in a number of different formats, including but not limited to, software programs (located both onsite and offsite, including in the cloud), databases, filing systems and in offsite backup storage.

4.2
Given the nature of our business and corporate structure we may disclose your personal data internationally to one of our related companies (Appendix A) or external service providers (Section 3.4) for the provision and improvement of our services. Where the recipient territory does not offer the same level of privacy and data protection legislation, we will ensure that adequate safeguards are in place to protect your personal data.

If you would like further information about where we may disclose your personal data, please contact us at support@securecodewarrior.com

4.3
For more information about how we protect your data, please visit our Trust Center.

‍5. Retention

5.1
Our data retention periods vary depending on your relationship with us. Please see the table below for more detail.

If you are a…	Unless otherwise requested, we will retain your personal data…
Website users	For twelve (12) months from the date of our last contact with you
Platform users	While you have access to our platform, then for a following twelve (12) months
Participants in tournaments, competitions or other promotional activities	For the duration of the event or promotion, then for a following twelve (12) months
Prospective customers	For twenty-four (24) months from the date of our last contact with you
Business contacts and representatives (such as customers, partners and suppliers)	For seven (7) years from the date of our last contact with you
Recruitment candidates	For twelve (12) months for unsuccessful candidates
Anyone who corresponds with us by post, email, social media or any other method	For twelve (12) months from the date of our last contact with you

5.2
Where we receive personal data that was not requested from us or was sent to us in error, we will delete and destroy that information as soon as is practicable. With your consent, if the information was sent for the purpose of securing employment with us, we may keep this information subject to the retention periods in the above table.

6. Your rights‍

6.1

You may have certain rights in respect of your personal data, including the right to:

a) request access to your personal data;
b) request correction of the personal data that we hold about you as described below;
c) where required by law, request erasure of your personal data where there is no good reason for us continuing to process it or where you have exercised a right to object to processing (see (d) below);
d) object to processing of your personal data where we are relying on a “legitimate interest” (or the interests of a third party) and there is no compelling reason for us to continue processing your personal data;
e) object to processing your personal data for direct marketing purposes; f) object to automated decision-making including profiling by us using your personal data which has a legal effect or similar significant effect on you;
g) request the restriction of processing of your personal data (for example, to suspend the processing of your personal data due to inaccuracy or our stated reason for processing it);
h) request that we provide you or a third party the personal data we hold regarding you in an electronically useable format; and
i) withdraw your consent for those purposes where we rely on consent, in which case we will no longer process your information for the purpose or purposes to which you originally consented, unless we have another lawful basis for doing so.

‍‍6.2
Please also note that your rights above are not absolute, may vary depending on applicable data protection law, and we may be unable to comply with your request (in whole or in part). If we reasonably determine that your request is manifestly unfounded, we reserve the right to refuse to comply with your request. We will provide you with a basis for any objection in this case.

6.3
If you wish to exercise a right that you have regarding your personal data, please contact us at support@securecodewarrior.com. We will process your request within a reasonable time and respond within one month from the date of receipt. In the event of particularly complex requests we may have to extend this period by up to two further months, but we will notify you of this.

6.4
If you have cause for complaint about our processing of your personal data, you have the right to lodge a complaint with your national data protection supervisory authority (Section 8.2 for details), although we ask that you contact us in the first instance at support@securecodewarrior.com‍

7. Changes to our privacy policy

7.1
This privacy policy was last updated on 17 March 2023.

7.2
We may amend our privacy policy from time to time by publishing a revised version on our website, or in any associated registration forms, terms and conditions, forms and other notices. Any changes will be effective as of the date they are published. In the event of any material changes to this privacy policy, we may also take additional reasonable steps to notify you of the changes.

8. Contact details

8.1
If you have any questions in relation to privacy, or you wish to access or correct your personal data, please contact us at support@securecodewarrior.com

8.2
For further information about privacy issues (and to make complaints), see the UK Information Commissioner’s Office website at www.ico.org.uk, the Office of the Australian Information Commissioner’s website at www.oaic.gov.au, and the European Data Protection Board (https://edpb.europa.eu/edpb_en).

‍

APPENDIX A - SECURE CODE WARRIOR ENTITIES

SCW Entity	Incorporation	Company No	Address
Secure Code Warrior Ltd	England and Wales	08559432	Ironstone House 4 Ironstone Way Brixworth Northampton NN6 9UD
Secure Code Warrior Inc.	Delaware (U.S.A)	-	265 Franklin st. Suite 1702 Boston MA 02110
Secure Code Warrior BVBA	Belgium	-	Baron Ruzettelaan 5 bus 3 8310 Brugge
Secure Code Warrior Pty Ltd	New South Wales (Australia)	608 498 639 (ACN)	29-43 Balfour Street Chippendale NSW 2008
SCW ehf	Iceland	-	Katrinartun 4 105 Reykjavik

‍

APPENDIX B - SECURE CODE WARRIOR WEBSITES

‍

Appendix A - Secure Code Warrior Legal Entities

a. ENGLAND AND WALES
Secure Code Warrior Limited
Company Number 08559432
Ironstone House
4 Ironstone Way
Brixworth, Northampton. NNG 9UD
United Kingdom

b. NEW SOUTH WALES
Secure Code Warrior Pty Limited
ABN 97 608 498 639
c/o Vital Addition
5, 120 Sussex Street
Sydney. NSW 2000
Australia

c. BELGIUM
Secure Code Warrior BVBA
Baron Ruzettelaan 5
bus 3 8310 Brugge
Belgium

d. DELAWARE
Security Code Warrior Inc
265 Franklin Street, Suite 1702
Boston MA 02110
USA

e. ICELAND
Motherji ehf
Borgatun 24, 105,
Reykjavik,
Iceland

Appendix B - Collection of Personal Information

a. PLATFORM USER

User email address (username)
First Name, Last Name
Employer/Company Name/ Team name
Test results /Metrics information/Assessment data
IP Address (Anonymised)
Machine ID (Anonymised)
Geo-location (derived from IP)
Password
Roles/Job Title
Inviter details (email address of inviter/First Name/Last Name)
Country/Region
Browser Type
Phone Number*

* Only required for Trial Users

Whilst you have access to our platform, and thereafter for a period of 12 months, unless otherwise agreed.

CUSTOMERS

Name
Business Email Address
Phone Number
Employer/Company Name
Job Title
Billing address
Company/Tax Registration Number

We will retain this information in accordance with applicable laws and our privacy policy for a period of 7 years from the date of our last contact with you unless, where you are entitled, request that we delete this information.

‍
PRospects / leads

Name
Business Email Address
Phone Number
Employer/Company Name
Job Title
Physical Location

We will retain this information for a period of 24 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

PARTICIPANTS IN TOURNAMENTS AND / OR COMPETITIONS: Registrant / participant

Name
Email address
Physical address in circumstances where there may be a physical prize to be delivered
Country/Region

We will retain this information for the duration of the Competition, and for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information

SUPPLIER

Name
Business/Company Name
Email Address
Phone Number
Bank Details
Billing address
Company/Tax Registration Number

We will retain this data for up to 7 years from our last contact with you, unless you request that we delete the data beforehand.

recruitment candidates

CV/ Resume
Phone Number
Date of Birth
Qualifications
Email address
Physical address (if provided)

For unsuccessful we will retain this data for a period of twelve (12) months so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand.

Website visitor

Name³
Contact information³ (company, role/title, business email address and phone number)
IP Address¹
Cookie Data¹ ²

¹ When you communicate with us through our websites:
We use Drift as one of our chatbots to allow customers to interact with us through our websites. Drift will only use the IP address for data enrichment, i.e. to determine if it is associated with a business to provide Secure Code Warrior with information such the industry and # of employees of the business.

Drift will only use cookies to track the activities of site visitors within Secure Code Warrior’s sites, e.g. whether they visited a particular product page or the pricing page before engaging with the messaging widget. Drift will NOT track users across domains or build profiles.

² Cookiebot

We use Cookiebot to manage all cookies across our websites. Cookiebot allows Secure Code Warrior to:

Enable prior consent.
Provide clear and specific information about data types and purpose of the cookies.
Fully document all given consents.
Allow our visitors to reject superfluous cookies and still use our websites.
Allow our visitors to withdraw their consent whenever they want.

³ Information is collected after consent is given

Refer to our cookie policy

We will retain this data for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

Appendix C - Purposes for which we process your personal information, and the lawful basis on which we carry out such processing

1. PLATFORM USER

1.Necessary to enable us to perform our contract with you:

to set up, administer and manage a user’s account, verify a user’s identity, provider users with our platform and services, and to receive and respond to a user’s communications and requests.
to notify our users of updates to our platform and services necessary for the performance of the contract we have with you.
to support any other purpose necessary for performance of our contractual obligations or specifically stated at the time at which you provided your personal information.

2. Necessary for the performance of our contract with you where such communication relates specifically to our services, and legitimate interest to be able to handle such queries:

to receive and respond to a user’s communications and requests.

3. For legitimate interest to enable Secure Code Warrior to:

carry out market research campaigns so that we can better understand the functionality of our platform and how we can improve our platform and our services.
prepare statistics relating to the use of our platform and services by our users so that we can understand the use of, and improve our platform and services.

4. For legitimate interests to allow Secure Code Warrior to improve customer services offering:

to record and review customer service communications for training and performance improvements to enable us to improve customer services.
To enable Secure Code Warrior to comply with legal obligations.

5. With consent:

to send users marketing materials where marketing materials have been specifically requested.

2. Customers

1. Necessary for the performance of a contract

conducting business and make our services available to customers,

2. For legitimate interests to enable Secure Code Warrior to conduct business

to send and receive business communications
to administer our relationship with customers, prospective customers and business contacts

3. For legitimate interests to contact those who may benefit from our services

informing prospective customers and business contacts about our services.

4. With consent

to send out marketing materials where these have been specifically requested.

3. email contact / prospective customer

1.For legitimate interests to enable Secure Code Warrior to conduct business

to send and receive business communications
to administer our relationship with customers, prospective customers and business contacts

2. For legitimate interests to contact those who may benefit from our services

informing prospective customers and business contacts about our services.

3. With consent

to send out marketing materials where these have been specifically requested.

‍
4. participants in tournaments and / or competitions: registrant / participant

1. Necessary for the performance of our contract with you, namely for the running of the competition and/ or tournament

2. With consent: to send out marketing materials

‍

5. SUPPLIER

1. For legitimate interests to enable Secure Code Warrior for the performance of a contract where the supplier is an individual

to assess and appoint suppliers
Legitimate interests to conduct business

2. To send and receive business communications.

3. To administer our relationship with our suppliers.

6. recruitment candidates

To enable Secure Code Warrior to recruit employees and assess potential candidates, that is to:

consider applications for roles for which you may have applied, directly or via a recruitment, and the negotiation of employment opportunities,
consider applicants for other roles within Secure Code Warrior for which they may be suited,
obtain references from former employers.

7. website visitor

For legitimate interest to enable Secure Code Warrior to,

provide, operate, maintain, improve, and promote our Websites and Services;
enable you to access and use our Websites and Services;
send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners (you can opt-out of receiving marketing communications from us by unsubscribing from any communication we send you);
monitor and analyze trends, usage, and activities in connection with our Websites and Services and for marketing or advertising purposes;
investigate and prevent fraudulent transactions, unauthorized access to our Websites and Services, and other illegal activities;
personalize our Websites and Services, including by providing features or advertisements that match your interests and preferences; and for other purposes for which we obtain your consent.

Appendix D - Secure Code Warrior Related Websites

securecodewarrior.com
help.securecodewarrior.com
discover.securecodewarrior.com
leadersinappsec.com
leadersindevsec.com
softwaresecuritygurus.com
scw.io
learn.securecodewarrior.com

Document Summary