This English translation is provided for convenience only. The French version (« Mentions légales ») is the sole authoritative and legally binding version.
The diligeo.com website is published by:
Hugues Schaap, sole trader (French entrepreneur individuel) operating under the trading name Diligeo
Address: 62 rue du Faubourg Poissonnière, 75010 Paris
SIRET: 106 190 465 00018 (SIREN: 106 190 465)
APE code: 70.22Z (business and other management consultancy activities)
VAT not applicable, Article 293 B of the French General Tax Code
Director of publication: Hugues Schaap
Email: contact@diligeo.com
Website: https://diligeo.com
Vercel Inc.
340 S Lemon Ave #4133, Walnut, CA 91789, USA
Website: https://vercel.com
This policy describes how Diligeo collects, uses and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (loi Informatique et Libertés).
Diligeo · contact@diligeo.com
No data protection officer (DPO) has been appointed at this stage — such an appointment is not mandatory for an organization of this size. The point of contact for any question relating to your data is contact@diligeo.com.
The /onboarding form collects the following categories of data, depending on the branch selected (buyer case or sourcing case):
The fields marked as mandatory in the form are necessary to process your request: without them, Diligeo can neither contact you nor scope the engagement. The other fields are optional and their absence does not prevent your request from being taken into account.
The home page and the other public pages collect no personal data (no tracker, no analytics cookie).
Your data is collected in order to:
Legal basis: performance of pre-contractual measures taken at your request (Article 6(1)(b) GDPR), supplemented by your explicit consent (Article 6(1)(a) GDPR) ticked when the form is submitted. For the public data of legal entities and their directors used in the Sourcing deliverable, the legal basis is legitimate interest (Article 6(1)(f) GDPR).
The processing of your data involves the following technical processors, each strictly limited to its function:
Transfers outside the European Union: the US processors cited are bound by the European Commission's Standard Contractual Clauses (SCCs) or an equivalent mechanism under Article 46 GDPR (EU-US Data Privacy Framework certification where applicable), which govern the international transfer of personal data. Switzerland is recognised by the European Commission as offering an adequate level of protection (Decision 2000/518/EC).
Under no circumstances is your data sold, rented or transferred to third parties for commercial purposes.
The data listed in section 2.2 and collected via the /onboarding form in the Buyer branch is processed in the context of pre-contractual measures taken at your request (Article 6(1)(b) GDPR), so that the Diligeo team can contact you regarding your acquisition project and produce the requested analysis. For the Target search and Preliminary review (pre-LOI) branches, the data processed includes: identity, contact details, professional profile, financing capacity, scoping elements of the contemplated transaction (valuation provided, shareholder current accounts, timetable) and the description of the available documents. When you identify a target, the data relating to its directors (identity, role) provided by you or obtained from public registers is processed on the basis of legitimate interest (Article 6(1)(f) GDPR), strictly to the extent necessary for the pre-audit; those persons have a right to object by writing to contact@diligeo.com.
This data is intended for the Diligeo team only and is not shared with any third party (apart from the technical processors cited in section 2.4, strictly within the limits of their function). It is retained for 24 months after the last contact, then deleted.
You have the rights of access, rectification, erasure and objection with respect to this data. To exercise them, write to contact@diligeo.com.
To preserve the confidentiality of your data-room documents, they never pass through direct email or our web form. We use the SwissTransfer service (Infomaniak Network SA, Switzerland), which is GDPR-compliant and provides:
The downloaded documents are stored on the professional workstations of the Diligeo team, with restricted access (strong authentication, disk encryption), and deleted at the latest 12 months after delivery of the analysis report, or immediately upon your written request to contact@diligeo.com.
Apart from the technical processors listed in section 2.4 — each strictly within the limits of its function — no data-room document is disclosed to a third party or used for any purpose other than the requested analysis.
The data listed in section 2.2 and collected via the /onboarding form in the Sourcing branch is processed in the context of pre-contractual measures taken at your request (Article 6(1)(b) GDPR), in order to qualify sale opportunities within your scope and to provide you with a corresponding deliverable.
This data is intended for the Diligeo team only and is not shared with any third party (apart from the technical processors cited in section 2.4, strictly within the limits of their function). It is retained for 24 months after the last contact, then deleted.
The public data of legal entities and their directors used to produce the Sourcing deliverable is collected from the French public registers (INSEE SIRENE, INPI RNE, DILA BODACC) and processed on the basis of legitimate interest (Article 6(1)(f) GDPR). An objection procedure is available by email at contact@diligeo.com.
You have the rights of access, rectification, erasure and objection with respect to your personal data. To exercise them, write to contact@diligeo.com.
Your data submitted via the /onboarding form is retained for 24 months after your last contact with the Diligeo team, then deleted. The data-room documents transferred via SwissTransfer follow a distinct cycle specified in section 2.4.2 (deletion at the latest 12 months after delivery of the report, or immediately upon written request).
The technical double opt-in token stored at Upstash has a lifetime of 48 hours maximum and is automatically purged after use (single-use).
In accordance with the GDPR, you have the following rights:
To exercise these rights, contact us at: contact@diligeo.com
In the event of a dispute, you may lodge a complaint with the CNIL (the French data-protection authority): www.cnil.fr
Diligeo implements the following technical and organizational measures to protect your data:
The diligeo.com website uses no cookies for tracking, analytics, audience measurement or advertising. No third-party cookie (Google Analytics, Meta Pixel, etc.) is set.
Browser-side local storage (localStorage): the /onboarding form saves a draft of your answers in your browser's local memory, under the key diligeo:onboarding:draft, so that you can resume your entry if you close the tab by mistake. This data:
diligeo:onboarding:draft in the domain's local storage).Fonts: the site's fonts are self-hosted on the diligeo.com servers. No request is made to Google Fonts or to any other third-party service when pages load: your IP address is not transmitted to any third party through the mere consultation of the site.
All the content of the diligeo.com website (text, graphics, logo, structure) is the property of Diligeo and is protected by intellectual-property law. Any reproduction, even partial, is prohibited without prior authorization.
This page was last updated on 3 July 2026.