Privacy Policy

1. Introduction and purpose of the privacy statement

At SourceCodeReviews.com, protecting your privacy is central to our business operations. This privacy statement has been prepared to fully inform you about how we handle your personal data.

In this document, we describe what data we collect, for what purposes we use it, and what rights you have regarding your information. We explain how we obtain personal data—both directly from you and possibly through third parties—and how we process it in accordance with applicable privacy legislation.

We invite you to carefully read this statement to familiarize yourself with our privacy practices and to understand how you can effectively exercise your rights.

In this privacy statement, the term 'independent contractors' refers to freelancers, consultants, and other independent professionals with whom SourceCodeReviews.com collaborates to perform audits and other services.

2. SourceCodeReviews.com and its activities

SourceCodeReviews.com provides services specialized in facilitating various types of audits, including source code reviews, development environment reviews, architecture reviews, usability audits, and troubleshooting. In this process, SourceCodeReviews.com gains access to source code, development environments, and other confidential information from its clients. To provide these services, SourceCodeReviews.com collects and processes certain personal data.

SourceCodeReviews.com can be contacted via email at info@sourcecodereviews.com.

A security or privacy incident is preferably reported via privacy@sourcecodereviews.com.

3. Categories of processed personal data

During your interactions with SourceCodeReviews.com, various types of personal data may be collected and processed, depending on the nature of your relationship with us and the services you use.

The following categories of personal data may be processed by us:

  • When visiting our website: When you visit our website, we temporarily register your IP address for analytical purposes and website optimization. This data is not processed at an individual level. Additionally, we use certain functional cookies to ensure the website functions correctly.
  • When communicating directly: If you contact us directly, we temporarily process the contact information you provide (such as email address or phone number) and any identifying information you share during this communication.
  • When requesting services: From representatives who request our services on behalf of an organization, we may record data such as name, position, company name, and contact details for performing the requested service delivery.
  • When performing audits: For correctly performing our audit and assessment services, we may process data from involved employees such as name, position, contact details, and where necessary, temporary access credentials for systems and code sources.
  • When collaborating with independent specialists: From freelancers and external consultants who collaborate with us, we collect professional data such as CV, expertise information, qualifications, business contact details, and administrative data such as VAT/company registration numbers and banking details.

For processing activities that SourceCodeReviews.com performs as part of service delivery for its clients, SourceCodeReviews.com acts as a processor. In these cases, the client using our services is the data controller.

4. Why does SourceCodeReviews.com collect and process personal data?

SourceCodeReviews.com collects and processes personal data from data subjects for the following purposes:

  • To correctly respond to individuals when they contact SourceCodeReviews.com, for which SourceCodeReviews.com has a legitimate interest to process personal data;
  • To improve the operation of SourceCodeReviews.com's services, processes, and applications, for which SourceCodeReviews.com has a legitimate interest to process personal data;
  • To perform the offered services by SourceCodeReviews.com, as agreed in one or more contracts, for which SourceCodeReviews.com processes personal data in execution of the relevant contract(s);
  • To manage the pool of independent contractors with whom SourceCodeReviews.com collaborates, including evaluating qualifications, expertise matching for specific audits, and administration of contracts and payments;

4.1 Legal basis for processing

SourceCodeReviews.com processes personal data based on one or more of the following legal grounds:

  • Consent: In cases where you have explicitly given consent for the processing of your personal data for one or more specific purposes. This applies, for example, to sending marketing communications and newsletters.
  • Performance of a contract: When processing is necessary for the performance of a contract to which you are a party, or to take measures at your request prior to entering into a contract. This applies to most personal data we collect in connection with our audit and assessment services.
  • Legal obligation: When processing is necessary to comply with a legal obligation to which SourceCodeReviews.com is subject, such as maintaining financial administration for tax purposes.
  • Legitimate interest: When processing is necessary for the purposes of the legitimate interests pursued by SourceCodeReviews.com or a third party, except where your interests or fundamental rights and freedoms that require protection of personal data override those interests. By legitimate interests we understand:
    • Improving our services and processes
    • Ensuring the security of our systems
    • Managing our business relationships
    • Recruiting and managing independent contractors for projects

5. With whom does SourceCodeReviews.com share personal data?

5.1 Internal – SourceCodeReviews.com

SourceCodeReviews.com takes necessary measures to ensure that access to personal data within the organization is limited to employees who effectively need access in the context of their function.

5.2 External – third parties

SourceCodeReviews.com discloses personal data to the following categories of third parties:

  • Independent contractors who actually perform the audit. They are bound by strict confidentiality through an NDA;
  • Organizations and/or persons to whom SourceCodeReviews.com has outsourced certain services and/or functions, such as providers of IT systems, software, IT support, destruction of confidential documents, etc.;
  • Organizations and/or persons who are an integral part of SourceCodeReviews.com's operations, such as external consultants and employees;
  • Organizations that provide technology services such as Google (cookies).

SourceCodeReviews.com emphasizes that personal data of data subjects are only shared with these third parties insofar as this is necessary for the performance of the audit and related services. SourceCodeReviews.com does not share this data with third parties for marketing purposes, sale of data, profiling, or other commercial purposes. Third parties with whom data is shared are primarily freelancers and consultants who collaborate with SourceCodeReviews.com to perform audits, and they are contractually bound to the same privacy standards that SourceCodeReviews.com maintains.

6. How long does SourceCodeReviews.com retain personal data?

As a general principle, SourceCodeReviews.com does not retain the collected and processed personal data longer than strictly necessary to achieve the purposes for which the data is collected. Furthermore, SourceCodeReviews.com deletes any personal data without undue delay when individuals request this.

  • Source code and other technical documentation are deleted after completion of the audit, unless otherwise agreed for follow-up audits. In the case of agreed follow-up audits, the information is retained until after the last scheduled audit.
  • Customer contact details are retained during the contractual relationship and for a maximum of five (5) years after the last interaction or service delivery, for administration and customer acquisition purposes.
  • Audit reports are retained during the term of the agreement and in the context of any follow-up audits. After termination of the agreement or after the last scheduled audit, these reports are retained for a maximum of two (2) years, unless otherwise agreed with the client.
  • Data of independent contractors are retained during the collaboration relationship and for a maximum of seven (7) years after the last collaboration, in connection with legal retention obligations for financial administration and possible liability issues.

After expiry of the applicable retention period, personal data is permanently deleted.

7. Rights regarding personal data

Regarding their personal data, data subjects always have the right:

To submit a request for access to their personal data to SourceCodeReviews.com:

SourceCodeReviews.com will confirm whether personal data is being processed or not. In the case that personal data is being processed, the data subjects in question may request to receive an extract of this personal data. If multiple copies are requested, SourceCodeReviews.com may charge a fee for this.

To submit a request for rectification of their personal data to SourceCodeReviews.com:

If the personal data that SourceCodeReviews.com possesses is inaccurate or incomplete, data subjects may request to correct or supplement this. If desired by data subjects, SourceCodeReviews.com can inform them about third parties who have received the inaccurate and/or incomplete information in the past.

To submit a request for restriction of processing of their personal data to SourceCodeReviews.com:

Data subjects may request SourceCodeReviews.com to no longer process some or all personal data in certain situations. If desired by data subjects, SourceCodeReviews.com can inform them about third parties who have received the information in the past.

To submit a request for complete deletion of their personal data to SourceCodeReviews.com:

Data subjects may request SourceCodeReviews.com to completely delete their personal data. However, this is limited to situations where this personal data is no longer needed for SourceCodeReviews.com to perform its service delivery. If desired by data subjects, SourceCodeReviews.com can inform them about third parties who have received the information in the past.

To submit an objection to the processing of their personal data to SourceCodeReviews.com:

Data subjects have the right to object to the processing of their personal data by SourceCodeReviews.com, where SourceCodeReviews.com processes this data based on a legitimate interest where data subjects demonstrate that their right takes priority over SourceCodeReviews.com's legitimate interest, or for situations where SourceCodeReviews.com processes this data for marketing purposes.

To submit a request to withdraw consent to process their personal data to SourceCodeReviews.com:

Data subjects may, in situations where the processing of personal data by SourceCodeReviews.com is based on obtained consent, always withdraw this consent. From the moment data subjects have withdrawn their consent, SourceCodeReviews.com will no longer process this personal data.

To submit a request for portability of their personal data to SourceCodeReviews.com:

Data subjects may request to receive their personal data in a structured, commonly used, and machine-readable format, and have the right to transmit this data to another data controller without being hindered by SourceCodeReviews.com. This right applies to personal data that data subjects have provided to SourceCodeReviews.com themselves, when processing is based on consent or on a contract, and the processing is carried out by automated procedures. Upon request, and if technically possible, SourceCodeReviews.com will transmit the personal data directly to another data controller designated by the data subject.

Modalities when exercising rights

All requests for exercising the above rights must be sent to SourceCodeReviews.com by contacting SourceCodeReviews.com in the manner mentioned in article 2 of this privacy statement.

The handling of requests from data subjects is subject to certain modalities, depending on the role that SourceCodeReviews.com fulfills in the processing of personal data:

  • For processing where SourceCodeReviews.com acts as data controller (for example, for data of own employees or of persons who directly contact SourceCodeReviews.com), SourceCodeReviews.com can handle requests directly.
  • For processing where SourceCodeReviews.com acts as processor (for example, for data of the client's employees or other data subjects whose data SourceCodeReviews.com processes on behalf of the client), the data subject should direct the request to the data controller (SourceCodeReviews.com's client). The client will then contact SourceCodeReviews.com if the client needs SourceCodeReviews.com's help to comply with the request.

If a data subject directs a request directly to SourceCodeReviews.com while SourceCodeReviews.com acts as processor, SourceCodeReviews.com will refer the data subject to the data controller. SourceCodeReviews.com must be able to verify the identity of the requester before complying with any request.

Filing a complaint with the Data Protection Authority:

If data subjects disagree with the processing of their personal data by SourceCodeReviews.com and they do not agree with the answer and/or solution from SourceCodeReviews.com, they may file a complaint with the Data Protection Authority.

Data Protection Authority - Drukpersstraat 35, 1000 Brussels

contact@apd-gba.be

www.gegevensbeschermingsautoriteit.be

7.1 Automated decision-making and profiling

SourceCodeReviews.com does not use automated decision-making, including profiling, that has legal effects for you or that otherwise significantly affects you. This means that we do not use fully automated processes to make decisions without human intervention that have significant impact on you. We do use limited automation for internal processes such as:

  • Matching independent contractors with projects based on expertise and availability
  • Analyzing usage statistics of our website for improvements
In all cases where automation is used, meaningful human intervention remains in the decision-making process, and no decisions are made that have legal effects or otherwise significantly affect you without human assessment.

8. Security of personal data

SourceCodeReviews.com makes considerable efforts to prevent misuse, loss, unauthorized access, and other undesirable actions with the personal data of data subjects. To this end, SourceCodeReviews.com takes necessary and appropriate technical and organizational measures so that processing complies with the requirements of national and European legislation. SourceCodeReviews.com also ensures the protection of data subjects' rights in this way. SourceCodeReviews.com ensures that these measures are regularly monitored and adjusted where necessary.

These measures include, among others:

  • Strict NDAs with all our employees and freelancers
  • Access control to systems based on 'need-to-know'
  • Encryption of all sensitive data
  • Multi-factor authentication for system access, where possible
  • Regular security updates of our systems
  • Internal audits of our own processes

9. Data transfer outside the EEA

SourceCodeReviews.com always tries to limit the transfer of personal data to third parties outside the European Economic Area (hereinafter: "EEA").

When this is nevertheless the case, SourceCodeReviews.com ensures that this transfer takes place in accordance with the GDPR (through, among others, the presence of an adequacy decision in the relevant country or the arrangement of an appropriate alternative, if necessary additional measures, etc.).

10. Changes to the privacy statement

SourceCodeReviews.com may change this privacy statement from time to time, in accordance with the limitations that apply within the applicable regulations regarding privacy and data protection. All updates and changes take effect immediately after their publication. SourceCodeReviews.com therefore encourages data subjects to consult this privacy statement at regular intervals, so that they remain informed of changes that may affect them.

Version: May 4, 2025