Dcycle

ConfidentialityPolicy

Last updated: February 2026

1. Purpose

This Confidentiality Policy (“Policy”) establishes the principles and obligations that govern the handling of confidential information by The Wake Up Movement S.L. (trading as Dcycle, “Company”) and all persons who have access to such information, including employees, contractors, partners, and customers.

Dcycle is committed to maintaining the highest standards of information security. As an ISO 27001 certified organisation, confidentiality is a core pillar of our information security management system.

2. Definition of Confidential Information

“Confidential Information” means any information, regardless of format or medium, that:

  • Is designated as confidential by the disclosing party.
  • Is of a nature that a reasonable person would understand to be confidential given the circumstances of disclosure.
  • Includes, but is not limited to: business plans, financial data, technical specifications, software code, customer lists, pricing information, personal data, ESG datasets, and trade secrets.

3. Obligations

All parties who have access to Confidential Information agree to:

  • Protect: Use the same degree of care to protect Confidential Information as they use to protect their own confidential information, and no less than reasonable care.
  • Restrict access: Disclose Confidential Information only to those individuals who have a legitimate need to know and who are bound by equivalent confidentiality obligations.
  • Use limitations: Use Confidential Information solely for the purpose for which it was disclosed and not for any other purpose, including competitive advantage.
  • No reverse engineering: Not attempt to reverse engineer, decompile, or otherwise derive the source of any confidential technical information.
  • Notify breaches: Promptly notify the disclosing party of any actual or suspected unauthorised disclosure or use of Confidential Information.

4. Exceptions

Confidentiality obligations do not apply to information that:

  • Is or becomes publicly available through no breach of this Policy.
  • Was already known to the receiving party at the time of disclosure, as evidenced by written records.
  • Is independently developed by the receiving party without use of or reference to the Confidential Information.
  • Is received from a third party who is free to disclose it without restriction.
  • Is required to be disclosed by applicable law, court order, or regulatory authority, provided the receiving party gives prompt written notice to the disclosing party (where legally permitted) to allow the disclosing party to seek a protective order.

5. Duration

Confidentiality obligations under this Policy apply:

  • During the contractual relationship: For the full duration of any agreement between the parties.
  • After termination: For a period of 3 years following the termination or expiry of the relationship, unless a specific agreement stipulates a longer period.
  • Personal data: Obligations regarding the confidentiality of personal data are governed by our Privacy Policy and applicable data protection law, without time limitation.

6. Return or Destruction of Information

Upon termination of the relationship or at the request of the disclosing party, the receiving party agrees to promptly return or securely destroy all Confidential Information in its possession, and to certify in writing that it has done so.

7. Customer Data

Dcycle processes customer data (including ESG datasets and sustainability metrics) exclusively to provide the contracted services. Dcycle employees access customer data only where strictly necessary for service delivery, support, or system maintenance, and always subject to internal access controls and non-disclosure obligations.

8. Employee and Contractor Obligations

All Dcycle employees, contractors, and collaborators sign confidentiality agreements as a condition of their engagement. These obligations extend to all information accessed during and after their relationship with Dcycle.

9. Data Security Measures

Dcycle implements appropriate technical and organisational security measures to protect confidential information, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Role-based access control and least-privilege principles.
  • Multi-factor authentication for platform access.
  • Regular security training for all staff.
  • Annual penetration testing and security audits.
  • Incident response and breach notification procedures.

10. Breach Consequences

Unauthorised disclosure or misuse of Confidential Information may result in:

  • Termination of the commercial or employment relationship.
  • Civil and/or criminal liability under applicable law.
  • Claims for damages arising from the breach.

11. Governing Law

This Policy is governed by the laws of Spain. Any disputes arising from this Policy shall be subject to the jurisdiction of the courts of Madrid, Spain.

12. Contact

For any questions regarding confidentiality or to report a suspected breach:

The Wake Up Movement S.L. (Dcycle) Email: security@dcycle.io Trust Center: security.dcycle.io