Last updated: 27 November 2023
‘Customer data’ is personal data processed by Secure Code Warrior (acting as a processor) on behalf of the customer (acting as a controller) to provide our products and/or services.
A ‘sub-processor’ is a third-party (such as a contractor, service provider or vendor) further engaged by Secure Code Warrior to help us process customer data for the same purpose. We engage different types of sub-processors to perform various functions as explained in the table below.
Where Secure Code Warrior acts as an independent controller, we process personal data on our own behalf and for our own business purposes (‘SCW data’) in compliance with applicable data protection law. For example, when we process user personal data in connection with feedback or feature requests, or when a user consents to our use of analytics cookies.
Third-parties engaged to process SCW data are not sub-processors, but we follow the same review process outlined below before engaging these service providers.
We undertake to use a commercially reasonable selection process to evaluate the security, privacy and confidentiality practices of proposed sub-processors before they process customer data.
We require sub-processors to satisfy obligations equivalent to those contained in our own customer agreements, including provisions to:
We may freely transfer personal data to sub-processors and third-countries recognised under applicable data protection law as providing an adequate level of data protection (including registered participants in the U.S. Data Privacy Framework (DPF)).
Where information is transferred to a sub-processor or third country not recognised as providing an adequate or equivalent level of data protection (‘restricted transfer’), we ensure adequate transfer mechanisms and appropriate safeguards are in place to protect personal data (such as standard contractual clauses and ISO aligned technical and organisational measures).
Please refer to our dedicated webpage regarding international transfers of personal data
We will update this page whenever we engage new sub-processors. Where we have an obligation to inform customers of updates to our sub-processor list in writing, we will also email our regular business contact and, where reasonable, the customer’s publicly disclosed privacy contact.
Unless otherwise agreed, the customer may object to the appointment of a new sub-processor within thirty (30) days of the update by emailing email@example.com, along with the legitimate reason(s) for the objection.