‘Customer data’ is personal data processed by Secure Code Warrior (acting as a processor) on behalf of the customer (acting as a controller) to provide our products and/or services.
A ‘sub-processor’ is a third-party further engaged by Secure Code Warrior to help us process customer data for the same purpose. We engage different types of sub-processors to perform various functions as explained in the table below.
Where Secure Code Warrior acts as an independent controller, we process personal data on our own behalf and for our own business purposes (‘SCW data’) in compliance with applicable data protection law.
Third-parties engaged to process SCW data are not sub-processors, but we follow the same review process outlined below before engaging these vendors.
For more information about our privacy-protective practices, please refer to our privacy policy (see Section 3.4 for information about the categories of third party vendors who receive SCW data)
Due diligence
We undertake to use a commercially reasonable selection process to evaluate the security, privacy and confidentiality practices of proposed sub-processors before they process customer data.
Contractual safeguards
We require sub-processors to satisfy equivalent obligations as those required by Secure Code Warrior in our own customer agreements, including provisions to:
Where information is transferred to a third country not recognised as providing an adequate or equivalent level of protection by applicable data protection law (‘restricted transfer’), we also ensure the appropriate transfer mechanisms (such as standard contractual clauses) are in place.
We will update this page whenever we engage new sub-processors.
Where we have an obligation to inform customers of updates to our sub-processor list in writing, we will notify our regular business contact and (where reasonably practicable) the customer’s publicly disclosed privacy contact by email. Unless otherwise agreed, the customer may object to the appointment of a new sub-processor (along with the legitimate reason(s) for the objection) within thirty (30) days following notification.