On the 16th of July 2020, the Court of Justice of the European Union (“CJEU”) issued their decision in case C-311/18, also known as Schrems II. The CJEU’s decision confirmed the validity of the European Commission Controller-Processor Standard Contractual Clauses (“SCCs”) while invalidating the EU-US Privacy Shield Framework as a mechanism to transfer personal data from the EU to the US. The decision requires organizations engaged in transfers of personal data to a third country to carry out an assessment prior to making a transfer under the SCCs to ensure that data subjects are afforded a level of protection “essentially equivalent” to that guaranteed within the European Union (“EU”) by the GDPR. If this level of protection cannot be achieved through reliance on the SCCs alone, then the exporting organization must implement "supplementary measures" to protect the exported personal data to an "essentially equivalent" standard.
At Secure Code Warrior, privacy protections have been a fundamental component of our services since day one. Our commitment to protecting our customers’ data is not limited by a geographical border or region, and extends to ensure we keep pace with global privacy standards.
With regards to the ruling by the Court of Justice of the European Union (CJEU) as a result of what has become known as the “Schrems II” case, Secure Code Warrior has taken the following preliminary steps;
We will continue to closely follow the European Data Protection Board (EDPB) and the ICO’s (the UK’s data protection authority) recommendations going forward.
Regarding the adoption of Supplementary Measures, and advice from the European Data Protection Board (EDPB), Secure Code Warrior is continuing to review our Technical, Organisational and Contractual measures.
At a glance, here is how Secure Code Warrior is addressing these issues.
1. Technical Measures;
2. Contractual Measures:
We are working with our sub-processors to evaluate compliance with the SCCs and adding into Data Processing Agreements (where applicable) to notify Secure Code Warrior as the data controller, in the event a subprocessor is unable to comply with contractual commitments.
3. Organisational Measures:
We are working with our sub-processors to enhance the standard of protection for personal data. These include, data security certification, the implementation of comprehensive data protection notices, regular review of internal policies, and effective staff training.
a. ENGLAND AND WALES
Secure Code Warrior Limited
Company Number 08559432
4 Ironstone Way
Brixworth, Northampton. NNG 9UD
b. NEW SOUTH WALES
Secure Code Warrior Pty Limited
ABN 97 608 498 639
c/o Vital Addition
5, 120 Sussex Street
Sydney. NSW 2000
Secure Code Warrior BVBA
Baron Ruzettelaan 5
bus 3 8310 Brugge
Security Code Warrior Inc
265 Franklin Street, Suite 1702
Boston MA 02110
Borgatun 24, 105,
* Only required for Trial Users
Whilst you have access to our platform, and thereafter for a period of 12 months, unless otherwise agreed.
We will retain this information for a period of 24 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.
We will retain this information for the duration of the Competition, and for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information
We will retain this data for up to 7 years from our last contact with you, unless you request that we delete the data beforehand.
For unsuccessful we will retain this data for a period of twelve (12) months so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand.
¹ When you communicate with us through our websites:
We use Drift as one of our chatbots to allow customers to interact with us through our websites. Drift will only use the IP address for data enrichment, i.e. to determine if it is associated with a business to provide Secure Code Warrior with information such the industry and # of employees of the business.
We use Cookiebot to manage all cookies across our websites. Cookiebot allows Secure Code Warrior to:
³ Information is collected after consent is given
We will retain this data for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.
1.Necessary to enable us to perform our contract with you:
2. Necessary for the performance of our contract with you where such communication relates specifically to our services, and legitimate interest to be able to handle such queries:
3. For legitimate interest to enable Secure Code Warrior to:
4. For legitimate interests to allow Secure Code Warrior to improve customer services offering:
5. With consent:
1. Necessary for the performance of a contract
2. For legitimate interests to enable Secure Code Warrior to conduct business
3. For legitimate interests to contact those who may benefit from our services
4. With consent
1.For legitimate interests to enable Secure Code Warrior to conduct business
2. For legitimate interests to contact those who may benefit from our services
3. With consent
1. Necessary for the performance of our contract with you, namely for the running of the competition and/ or tournament
2. With consent: to send out marketing materials
1. For legitimate interests to enable Secure Code Warrior for the performance of a contract where the supplier is an individual
2. To send and receive business communications.
3. To administer our relationship with our suppliers.
To enable Secure Code Warrior to recruit employees and assess potential candidates, that is to:
For legitimate interest to enable Secure Code Warrior to,
Secure Code Warrior (SCW) works with certain service providers (both locally and abroad) to run our business operations and to ensure that we can provide our contracted services to you. These service providers might (depending on the terms of their contracts with us) process your data:
Here is a full list of Secure Code Warrior’s service providers - our service providers are sometimes also referred to as Subprocessors on our website and/ or in any associated policies and terms and conditions.