Non Disclosure Agreement

Cyber Rebels NDA

Non-Disclosure Agreement (NDA)

This Non-Disclosure Agreement (“Agreement”) is made as of June 9, 2026 (“Effective Date”) between:

Cyber Rebels Ltd (“Recipient”), a company registered in England and Wales (Company No. 16228861), having its registered office at 56 High Street, Tamworth, Staffordshire, B77 1LP;

and

of (“Disclosing Party”).

1. Purpose

During discussions, training, consultancy, scoping or related work, the Disclosing Party may share confidential information with the Receiving Party.

This may happen when a client explains how their organisation works, describes security concerns, shares internal processes, discusses past incidents, provides staff or system information, or asks Cyber Rebels to understand risks that are not publicly known.

The purpose of this Agreement is to make sure that any confidential information shared for that work is handled carefully, used only for the agreed purpose, and not shared inappropriately.

2. What Counts as Confidential Information

Confidential information means any non-public information shared in any form, whether spoken, written, digital, visual or otherwise.

This may include, but is not limited to, business operations, internal procedures, policies, security measures, vulnerabilities, incident details, staff information, personal data, technical information, systems information, plans, strategies, financial information, client information, training requirements, reports, proposals, risk findings and any other information that would reasonably be understood to be confidential.

Information will not be treated as confidential if it:

is already public through no fault of the Receiving Party;
was already known by the Receiving Party before it was shared;
is received lawfully from another source;
is developed independently without using the confidential information; or
must be disclosed by law, regulation, court order or a competent authority.

3. Responsibilities of the Receiving Party

The Receiving Party will:

keep confidential information secure and confidential;
use it only for the purpose for which it was shared;
only share it with people who need access to support the agreed work;
make sure anyone given access understands the need to protect it;
not disclose it to anyone else without permission unless legally required;
take reasonable technical and organisational steps to protect it; and
tell the Disclosing Party promptly if it becomes aware of any unauthorised access, loss or disclosure.

In practice, this means confidential information should only be used in a controlled and proportionate way. It should not be copied, discussed, forwarded or stored more widely than necessary.

4. Permitted Disclosure

The Receiving Party may share confidential information where necessary with its employees, contractors, trainers, professional advisers, insurers, legal advisers or trusted service providers, provided they need the information for the agreed purpose and are required to keep it confidential.

The Receiving Party may also disclose confidential information where required by law, regulation, court order, a regulator, or another competent authority. Where legally allowed, the Receiving Party will tell the Disclosing Party before making that disclosure.

5. Data Protection

Where confidential information includes personal data, both parties will comply with UK data protection law, including the UK GDPR and the Data Protection Act 2018.

Each party will normally act as an independent controller unless a separate written agreement says otherwise. If Cyber Rebels Ltd is required to process personal data on the client’s behalf and under the client’s instructions, the parties will put appropriate data processing terms in place before that processing begins.

6. Duration of Confidentiality

This Agreement applies from the date confidential information is first shared.

The duty to protect confidential information continues for 36 months after the relevant training, consultancy, discussion or service has ended.

Where information remains protected by law, including trade secrets, personal data, legal obligations or information that is still clearly confidential, the duty to protect it will continue for as long as that protection applies.

7. Return or Secure Destruction

If the Disclosing Party asks in writing, the Receiving Party will return or securely destroy confidential information within 14 days, unless it is required to keep a copy for legal, regulatory, insurance, accounting, audit or legitimate business record purposes.

Routine backups may continue to hold copies for a limited period, but those copies will remain protected and will not be actively used unless recovery is required.

8. No Licence or Ownership Transfer

Sharing confidential information does not give the Receiving Party ownership of that information.

No intellectual property rights, licence or wider usage rights are granted unless agreed separately in writing.

9. No Obligation to Proceed

This Agreement does not require either party to enter into a contract, buy services, provide services, or continue discussions. It only controls how confidential information is handled.

10. Remedies

Unauthorised disclosure of confidential information may cause serious harm.

If confidential information is misused or disclosed without permission, the Disclosing Party may seek appropriate legal remedies, including injunctive relief, in addition to any other rights available under law.

11. Governing Law

This Agreement is governed by the laws of England and Wales.

The courts of England and Wales will have exclusive jurisdiction over any dispute relating to this Agreement.

12. Signatures

Disclosing Party (Client)
Name:
Company:
Date:

Leave this empty:

Your legal name

Your email address

Please Confirm full name and signature.

Draw Signature
Type In Signature

Draw your signature with your mouse, tablet or smartphone Clear

I agree that I am and I agree this is a legal representation of my signature for all purposes just the same as a pen-and-paper signature

I agree that I am and I understand this is a legal representation of my signature

Adopt & Sign

Signed by Andrew Longhurst
Signed On: April 25, 2026

Timestamp

Audit

November 3, 2025 1:01 pm BST

Cyber Rebels NDA Uploaded by Andrew Longhurst - [email protected] IP 81.96.203.80