On the 16th of July 2020, the Court of Justice of the European Union (“CJEU”) issued their decision in case C-311/18, also known as Schrems II. The CJEU’s decision confirmed the validity of the European Commission Controller-Processor Standard Contractual Clauses (“SCCs”) while invalidating the EU-US Privacy Shield Framework as a mechanism to transfer personal data from the EU to the US. The decision requires organizations engaged in transfers of personal data to a third country to carry out an assessment prior to making a transfer under the SCCs to ensure that data subjects are afforded a level of protection “essentially equivalent” to that guaranteed within the European Union (“EU”) by the GDPR. If this level of protection cannot be achieved through reliance on the SCCs alone, then the exporting organization must implement "supplementary measures" to protect the exported personal data to an "essentially equivalent" standard.
At Secure Code Warrior, privacy protections have been a fundamental component of our services since day one. Our commitment to protecting our customers’ data is not limited by a geographical border or region, and extends to ensure we keep pace with global privacy standards.
With regards to the ruling by the Court of Justice of the European Union (CJEU) as a result of what has become known as the “Schrems II” case, Secure Code Warrior has taken the following preliminary steps;
We will continue to closely follow the European Data Protection Board (EDPB) and the ICO’s (the UK’s data protection authority) recommendations going forward.
Regarding the adoption of Supplementary Measures, and advice from the European Data Protection Board (EDPB), Secure Code Warrior is continuing to review our Technical, Organisational and Contractual measures.
At a glance, here is how Secure Code Warrior is addressing these issues.
1. Technical Measures;
2. Contractual Measures:
We are working with our sub-processors to evaluate compliance with the SCCs and adding into Data Processing Agreements (where applicable) to notify Secure Code Warrior as the data controller, in the event a subprocessor is unable to comply with contractual commitments.
3. Organisational Measures:
We are working with our sub-processors to enhance the standard of protection for personal data. These include, data security certification, the implementation of comprehensive data protection notices, regular review of internal policies, and effective staff training.
a. UNITED KINGDOM (incorporated in England and Wales)
Secure Code Warrior Limited
Company Number 08559432
4 Ironstone Way
Brixworth, Northampton. NNG 9UD
Secure Code Warrior Pty Limited
ABN 97 608 498 639
c/o Vital Addition
5, 120 Sussex Street
Sydney. NSW 2000
Secure Code Warrior BVBA
Baron Ruzettelaan 5
bus 3 8310 Brugge
Security Code Warrior Inc
265 Franklin Street, Suite 1702
Boston MA 02110
Borgatun 24, 105,
As a user of the Secure Code Warrior platform we will hold the following information about you
This personal information will be held about you for so long as you have access to our platform and thereafter for a further period of twelve (12) months or as specified in your employers contract with us (whichever is the lower).
As potential employee of Secure Code Warrior we hold the following information about you:
Should you be unsuccessful we will retain this data for a period of twelve (12) months so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand.
As an email contact or prospective customer to Secure Code Warrior we hold the following information about you:
We will retain this data for up to 7 years from our last contact with you, unless you request that we delete the data beforehand.
As a registrant, or participant in a tournament or competition we hold the following information about you:
This personal information will be held about you for so long as you have access to our platform and thereafter for a further period of twelve (12) months.
As a supplier to Secure Code Warrior we hold the following information about you:
Necessary to enable us to perform our contract with you:
Necessary for the performance of our contract with you where such communication relates specifically to our services, and legitimate interest to be able to handle such queries:
For legitimate interest to enable Secure Code Warrior to:
For legitimate interests to allow Secure Code Warrior to improve customer services offering:
To enable Secure Code Warrior to comply with a legal obligation:
To enable Secure Code Warrior to recruit employees and assess potential candidates, that is to:
consider applications for roles for which you may have applied, directly or via a recruitment, and the negotiation of employment opportunities,
consider applicants for other roles within Secure Code Warrior for which they may be suited,
obtain references from former employers.
Necessary for the performance of a contract
For legitimate interests to enable Secure Code Warrior to conduct business
For legitimate interests to contact those who may benefit from our services
Necessary for the running of the competition and/ or tournament
for legitimate interests to enable Secure Code Warrior for the performance of a contract where the supplier is an individual
Legitimate interests to conduct business