Legal notice and privacy policy

This English translation is provided for convenience only. The French version (« Mentions légales ») is the sole authoritative and legally binding version.

1. Legal notice

Site publisher

The diligeo.com website is published by:
Hugues Schaap, sole trader (French entrepreneur individuel) operating under the trading name Diligeo
Address: 62 rue du Faubourg Poissonnière, 75010 Paris
SIRET: 106 190 465 00018 (SIREN: 106 190 465)
APE code: 70.22Z (business and other management consultancy activities)
VAT not applicable, Article 293 B of the French General Tax Code
Director of publication: Hugues Schaap
Email: contact@diligeo.com
Website: https://diligeo.com

Hosting provider

Vercel Inc.
340 S Lemon Ave #4133, Walnut, CA 91789, USA
Website: https://vercel.com

2. Privacy policy

This policy describes how Diligeo collects, uses and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (loi Informatique et Libertés).

2.1 Data controller

Diligeo · contact@diligeo.com

No data protection officer (DPO) has been appointed at this stage — such an appointment is not mandatory for an organization of this size. The point of contact for any question relating to your data is contact@diligeo.com.

2.2 Data collected

The /onboarding form collects the following categories of data, depending on the branch selected (buyer case or sourcing case):

The fields marked as mandatory in the form are necessary to process your request: without them, Diligeo can neither contact you nor scope the engagement. The other fields are optional and their absence does not prevent your request from being taken into account.

The home page and the other public pages collect no personal data (no tracker, no analytics cookie).

2.3 Purposes of processing

Your data is collected in order to:

Legal basis: performance of pre-contractual measures taken at your request (Article 6(1)(b) GDPR), supplemented by your explicit consent (Article 6(1)(a) GDPR) ticked when the form is submitted. For the public data of legal entities and their directors used in the Sourcing deliverable, the legal basis is legitimate interest (Article 6(1)(f) GDPR).

2.4 Processors and recipients

The processing of your data involves the following technical processors, each strictly limited to its function:

Transfers outside the European Union: the US processors cited are bound by the European Commission's Standard Contractual Clauses (SCCs) or an equivalent mechanism under Article 46 GDPR (EU-US Data Privacy Framework certification where applicable), which govern the international transfer of personal data. Switzerland is recognised by the European Commission as offering an adequate level of protection (Decision 2000/518/EC).

Under no circumstances is your data sold, rented or transferred to third parties for commercial purposes.

2.4.1 Buyer case form

The data listed in section 2.2 and collected via the /onboarding form in the Buyer branch is processed in the context of pre-contractual measures taken at your request (Article 6(1)(b) GDPR), so that the Diligeo team can contact you regarding your acquisition project and produce the requested analysis. For the Target search and Preliminary review (pre-LOI) branches, the data processed includes: identity, contact details, professional profile, financing capacity, scoping elements of the contemplated transaction (valuation provided, shareholder current accounts, timetable) and the description of the available documents. When you identify a target, the data relating to its directors (identity, role) provided by you or obtained from public registers is processed on the basis of legitimate interest (Article 6(1)(f) GDPR), strictly to the extent necessary for the pre-audit; those persons have a right to object by writing to contact@diligeo.com.

This data is intended for the Diligeo team only and is not shared with any third party (apart from the technical processors cited in section 2.4, strictly within the limits of their function). It is retained for 24 months after the last contact, then deleted.

You have the rights of access, rectification, erasure and objection with respect to this data. To exercise them, write to contact@diligeo.com.

2.4.2 Transfer of the data room

To preserve the confidentiality of your data-room documents, they never pass through direct email or our web form. We use the SwissTransfer service (Infomaniak Network SA, Switzerland), which is GDPR-compliant and provides:

The downloaded documents are stored on the professional workstations of the Diligeo team, with restricted access (strong authentication, disk encryption), and deleted at the latest 12 months after delivery of the analysis report, or immediately upon your written request to contact@diligeo.com.

Apart from the technical processors listed in section 2.4 — each strictly within the limits of its function — no data-room document is disclosed to a third party or used for any purpose other than the requested analysis.

2.4.3 Sourcing case form

The data listed in section 2.2 and collected via the /onboarding form in the Sourcing branch is processed in the context of pre-contractual measures taken at your request (Article 6(1)(b) GDPR), in order to qualify sale opportunities within your scope and to provide you with a corresponding deliverable.

This data is intended for the Diligeo team only and is not shared with any third party (apart from the technical processors cited in section 2.4, strictly within the limits of their function). It is retained for 24 months after the last contact, then deleted.

The public data of legal entities and their directors used to produce the Sourcing deliverable is collected from the French public registers (INSEE SIRENE, INPI RNE, DILA BODACC) and processed on the basis of legitimate interest (Article 6(1)(f) GDPR). An objection procedure is available by email at contact@diligeo.com.

You have the rights of access, rectification, erasure and objection with respect to your personal data. To exercise them, write to contact@diligeo.com.

2.5 Retention period

Your data submitted via the /onboarding form is retained for 24 months after your last contact with the Diligeo team, then deleted. The data-room documents transferred via SwissTransfer follow a distinct cycle specified in section 2.4.2 (deletion at the latest 12 months after delivery of the report, or immediately upon written request).

The technical double opt-in token stored at Upstash has a lifetime of 48 hours maximum and is automatically purged after use (single-use).

2.6 Your rights

In accordance with the GDPR, you have the following rights:

To exercise these rights, contact us at: contact@diligeo.com

In the event of a dispute, you may lodge a complaint with the CNIL (the French data-protection authority): www.cnil.fr

2.7 Security

Diligeo implements the following technical and organizational measures to protect your data:

3. Cookies and local storage

The diligeo.com website uses no cookies for tracking, analytics, audience measurement or advertising. No third-party cookie (Google Analytics, Meta Pixel, etc.) is set.

Browser-side local storage (localStorage): the /onboarding form saves a draft of your answers in your browser's local memory, under the key diligeo:onboarding:draft, so that you can resume your entry if you close the tab by mistake. This data:

Fonts: the site's fonts are self-hosted on the diligeo.com servers. No request is made to Google Fonts or to any other third-party service when pages load: your IP address is not transmitted to any third party through the mere consultation of the site.

4. Intellectual property

All the content of the diligeo.com website (text, graphics, logo, structure) is the property of Diligeo and is protected by intellectual-property law. Any reproduction, even partial, is prohibited without prior authorization.

5. Update

This page was last updated on 3 July 2026.