Skip to main content

Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence)

Key facts

SpainSpainEnglish (ES)FreePDF & WordUpdated Jun 6, 2026
Legal basisSpainNotarization: Not requiredWitnesses: 0Parties: 2
Due Diligence NDA (Acuerdo de Confidencialidad Due Diligence)
Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence)

DUE DILIGENCE NON-DISCLOSURE AGREEMENT (ACUERDO DE CONFIDENCIALIDAD PARA DUE DILIGENCE)

El presente Acuerdo de Confidencialidad para Due Diligence se suscribe el [Agreement Date] entre las partes identificadas a continuación, y se rige por el artículo 1255 del Código Civil, la Ley 1/2019, de 20 de febrero, de Secretos Empresariales (LSE), y la Ley Orgánica 3/2018 (LOPDGDD) que desarrolla el Reglamento (UE) 2016/679 (RGPD).

1. PARTIES

PARTE DIVULGADORA: [Disclosing Party Name], NIF/CIF [Disclosing NIF], domicilio social en [Disclosing Address], representada por [Disclosing Representative] (en adelante, «la Parte Divulgadora»).

PARTE RECEPTORA: [Receiving Party Name], NIF/CIF [Receiving NIF], domicilio social en [Receiving Address], representada por [Receiving Representative] (en adelante, «la Parte Receptora»).

2. PURPOSE

La Parte Divulgadora tiene la intención de compartir determinada información confidencial con la Parte Receptora exclusivamente para la siguiente finalidad: [Transaction Purpose] (en adelante, «la Operación»). La Parte Receptora solo podrá utilizar la Información Confidencial para evaluar la Operación y para ningún otro fin.

3. CONFIDENTIAL INFORMATION

3.1

«Información Confidencial» significa toda la información no pública divulgada por la Parte Divulgadora a la Parte Receptora en relación con la Operación, ya sea por escrito, oralmente, visualmente, electrónicamente o a través de la sala de datos virtual, incluyendo: [Confidential Information Scope].

3.2

La Información Confidencial incluye toda la información que reúna la condición de secreto empresarial conforme al artículo 1 de la Ley 1/2019 de Secretos Empresariales — información que no sea de dominio público, que tenga valor comercial y que haya sido objeto de medidas razonables para mantener su carácter secreto.

3.3

La Información Confidencial no incluye la información que: (a) sea o pase a ser de dominio público sin culpa de la Parte Receptora; (b) ya fuera conocida por la Parte Receptora con anterioridad a su divulgación; (c) sea desarrollada de forma independiente por la Parte Receptora sin recurrir a la Información Confidencial; o (d) deba divulgarse por imperativo legal, resolución judicial o autoridad reguladora — en cuyo caso la Parte Receptora notificará sin demora a la Parte Divulgadora y colaborará para minimizar el alcance de la divulgación.

4. OBLIGATIONS OF THE RECEIVING PARTY

4.1

La Parte Receptora deberá: (a) mantener estricta confidencialidad respecto de toda la Información Confidencial; (b) utilizar la Información Confidencial exclusivamente para evaluar la Operación; (c) divulgar la Información Confidencial únicamente a: [Permitted Recipients], cada uno de ellos sujeto a obligaciones de confidencialidad no menos restrictivas que las de este Acuerdo; (d) no copiar, reproducir ni extraer Información Confidencial más allá de lo necesario para la evaluación de la Operación; y (e) implementar las medidas técnicas y organizativas apropiadas conforme al artículo 32 del RGPD para proteger la Información Confidencial frente a accesos no autorizados.

4.2

La Parte Receptora notificará de inmediato a la Parte Divulgadora en cuanto tenga conocimiento de cualquier acceso, divulgación o pérdida no autorizados de la Información Confidencial.

5. RETURN AND DESTRUCTION

A solicitud escrita de la Parte Divulgadora, o al finalizar la evaluación de la Operación, la Parte Receptora devolverá sin demora o destruirá de manera certificada toda la Información Confidencial — incluidas las copias electrónicas almacenadas en servidores, ordenadores y almacenamiento en la nube — y facilitará confirmación escrita de la destrucción. Se exceptúan las obligaciones de conservación impuestas por la AEAT, la CNMV o la normativa aplicable.

6. DATA PROTECTION (RGPD / LOPDGDD)

Cuando la Información Confidencial incluya datos personales en el sentido del artículo 4(1) del RGPD, la Parte Receptora tratará dichos datos únicamente: (a) para evaluar la Operación, al amparo del interés legítimo del artículo 6.1(f) del RGPD; (b) de conformidad con el principio de minimización de datos del artículo 5(1)(c) del RGPD; y (c) sujeto a un acuerdo de encargado del tratamiento conforme al artículo 28 del RGPD cuando la Parte Receptora actúe como encargada del tratamiento. La Parte Receptora notificará a la Parte Divulgadora cualquier violación de la seguridad de los datos personales en el plazo de 72 horas desde su conocimiento, conforme al artículo 33 del RGPD.

7. DURATION AND REMEDIES

7.1

Las obligaciones de confidencialidad de este Acuerdo permanecerán en vigor durante [NDA Duration] desde la fecha de la primera divulgación de la Información Confidencial. Para la información que reúna la condición de secreto empresarial conforme a la Ley 1/2019 LSE, la protección legal continúa mientras la información permanezca secreta, con independencia del plazo contractual.

7.2

El incumplimiento de este Acuerdo faculta a la Parte Divulgadora a ejercer: (a) acciones de indemnización de daños y perjuicios conforme a los artículos 1101 y 1106 del Código Civil; (b) acciones de cesación y demás acciones previstas en los artículos 9 a 11 de la Ley 1/2019 LSE, incluyendo la cesación del uso, la incautación de los materiales infractores y la publicación de la sentencia; y (c) medidas cautelares conforme al artículo 721 de la LEC. También podrán aplicarse sanciones administrativas de la AEPD conforme al artículo 83 del RGPD en caso de violaciones de datos personales.

8. GOVERNING LAW AND JURISDICTION

Este Acuerdo se rige por el derecho español. Las partes someten las controversias a la jurisdicción de [Governing Court]. Las partes intentarán previamente resolver la controversia mediante mediación conforme a la Ley 5/2012 antes de iniciar cualquier procedimiento.

SIGNATURES

Firmado el [Agreement Date].

PARTE DIVULGADORA Firma: _______________________ Nombre: [Disclosing Representative] En representación de: [Disclosing Party Name] Fecha: _______________________

PARTE RECEPTORA Firma: _______________________ Nombre: [Receiving Representative] En representación de: [Receiving Party Name] Fecha: _______________________

Maintained by Vladislav Sergienko, Founder·Template last modified: ·Report an error

What Is a Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence)?

A Due Diligence NDA Spain (Acuerdo de Confidencialidad para Due Diligence) is a binding contract under which a disclosing party (parte divulgadora) agrees to share confidential business, financial, legal, or technical information with a receiving party (parte receptora) for the sole purpose of evaluating a potential merger, acquisition, investment, joint venture, or financing transaction, and the receiving party agrees not to disclose or misuse that information. The agreement is governed by Código Civil Article 1255 (freedom of contract — autonomía de la voluntad), the Ley 1/2019, de 20 de febrero, de Secretos Empresariales (LSE — implementing EU Directive 2016/943 on trade secrets), and Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y Garantía de los Derechos Digitales (LOPDGDD), which supplements Reglamento (UE) 2016/679 (RGPD).

The Ley 1/2019 de Secretos Empresariales provides the primary statutory framework for protecting business confidential information in Spain, defining a secret empresarial (trade secret) in Article 1 as information that is: (1) secret — not generally known or readily accessible to persons in the relevant business sector; (2) has commercial value because it is secret; and (3) has been subject to reasonable steps to maintain its secrecy. The LSE criminalises the unlawful acquisition, use, or disclosure of trade secrets under Articles 3 through 5, and Article 9 provides civil remedies including injunctions (medidas cautelares), damages (daños y perjuicios), and publication of the judgment. The Juzgado de lo Mercantil has jurisdiction over trade secret infringement claims under Article 86 ter LOPJ.

In a due diligence context — whether for mergers and acquisitions (M&A), private equity (capital riesgo) investment under the framework of the Comisión Nacional del Mercado de Valores (CNMV) supervision, real estate portfolio acquisition (due diligence inmobiliaria), or financing transactions subject to the Ley del Mercado de Valores (LMV, Ley 6/2023) — the disclosing party typically provides access to a virtual data room (sala de datos virtual) containing sensitive financial statements (cuentas anuales), pending litigation (litigios pendientes), intellectual property registrations before the Oficina Española de Patentes y Marcas (OEPM), employment contracts and social security liabilities, environmental compliance records, and tax compliance history with the Agencia Tributaria (AEAT).

The RGPD and LOPDGDD require that any personal data (datos personales) shared during due diligence — including employee records, customer databases, and management information — be disclosed under a data processing agreement (acuerdo de tratamiento de datos) identifying the legal basis under RGPD Article 6 (typically legitimate interest — Article 6.1(f)) and applying appropriate technical and organisational measures (medidas técnicas y organizativas) to protect the data. The Agencia Española de Protección de Datos (AEPD) has issued guidance on data transfers during M&A transactions confirming that personal data may be shared in due diligence under legitimate interest, subject to proportionality and necessity assessments.

Spanish M&A practice routinely involves a two-stage NDA process: a broad mutual NDA at initial contact (letter of intent — carta de intención) followed by a more detailed one-way due diligence NDA upon execution of a non-binding term sheet (hoja de términos or memorando de entendimiento — MOU). The Acuerdo de Confidencialidad para Due Diligence Spain is the second, more detailed document governing the data room access and disclosure process.

When Do You Need a Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence)?

A Due Diligence NDA Spain is needed at the outset of any structured process in which a target company (empresa objetivo), its shareholders, or its advisers share non-public financial, legal, or commercial information with a potential acquirer, investor, or lender to enable informed transaction evaluation.

The agreement is needed when a private equity firm (firma de capital riesgo) registered with the CNMV initiates due diligence on a Spanish target company — before accessing audited accounts (cuentas auditadas), management accounts, pending litigation schedules, IP portfolios registered with the OEPM, or customer and supplier contracts.

A Due Diligence NDA Spain is required when a strategic acquirer (adquirente estratégico) — a Spanish or foreign company — initiates a merger or acquisition process involving a Spanish empresa and needs access to the target's virtual data room organised by the target's M&A advisers (banco de inversión or asesor financiero).

The agreement is needed when a venture capital fund (fondo de capital riesgo) or business angel (inversor ángel) is evaluating a minority investment in a Spanish startup (startup española) and requires access to financial projections, technology IP, and key commercial contracts before executing a term sheet under the Ley 22/2014 de entidades de capital-riesgo.

A Due Diligence NDA Spain is required when a lender — a bank (entidad de crédito) supervised by the Banco de España under Ley 10/2014 de ordenación, supervisión y solvencia de entidades de crédito — conducts credit due diligence before extending a syndicated loan or project finance facility to a Spanish borrower.

The agreement is also needed when a real estate investment fund (SOCIMI — Sociedad Cotizada de Inversión en el Mercado Inmobiliario, governed by Ley 11/2009) is evaluating the acquisition of a property portfolio from a Spanish vendor and requires access to tenancy schedules, building surveys, and environmental compliance records before executing a preliminary sale agreement (contrato de arras or contrato privado de compraventa).

Parties in Spain should prepare a Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under the Ley de Sociedades de Capital (LSC) RDL 1/2010, the Registro Mercantil maintains the register of Spanish companies. The Código de Comercio 1885 governs commercial obligations. The Agencia Estatal de Administración Tributaria (AEAT) administers Impuesto sobre Sociedades (IS) under Ley 27/2014. The Comisión Nacional de los Mercados y la Competencia (CNMC) enforces competition law. The Código Civil governs general contractual obligations under Article 1255. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.

What to Include in Your Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence)

A valid Due Diligence NDA Spain under Código Civil Article 1255 and Ley 1/2019 de Secretos Empresariales must contain the following essential elements.

Identification of Parties: Full legal name, NIF or CIF, registered address, and Registro Mercantil details of both the disclosing party (parte divulgadora) and the receiving party (parte receptora). The legal representative of each entity, with notarial power of attorney (escritura de poder) reference, must sign.

Definition of Confidential Information: A precise definition of what constitutes información confidencial — typically covering all non-public business, financial, technical, legal, and commercial information disclosed in connection with the transaction, whether in writing, orally, visually, or through the virtual data room. Exclusions for information that is already publicly known, independently developed, or required to be disclosed by law or court order (divulgación obligatoria por ley) must be specified.

Transaction Purpose: Clear statement of the permitted purpose (finalidad) — typically the evaluation of a potential acquisition, investment, or financing transaction — outside which the confidential information may not be used. Misuse of confidential information beyond the stated purpose constitutes both a civil breach and a potential trade secret infringement under Ley 1/2019 LSE Article 3.

Permitted Recipients: Definition of the receiving party's representatives (asesores, empleados, consejeros) who may access confidential information on a need-to-know basis, with the receiving party remaining liable for breaches by its representatives. Investment banks, legal advisers (abogados), and financial advisers (auditores and asesores financieros) are typically included.

Data Room Protocols: Provisions governing access to the virtual data room — login credentials, permitted downloads, prohibition on bulk extraction, and watermarking of documents — consistent with the Ley Orgánica 3/2018 (LOPDGDD) data minimisation principle under RGPD Article 5(1)(c).

Return and Destruction: Obligation to return or certifiably destroy (destruir de manera certificada) all confidential information — including copies in electronic format stored on servers and devices — upon termination of the NDA or conclusion of the transaction process, subject to regulatory retention requirements imposed by the AEAT or CNMV.

Term and Termination: Duration of the confidentiality obligation — typically 2 to 5 years from the date of disclosure, depending on the sensitivity of the information — and termination provisions. Post-transaction confidentiality obligations for information not incorporated into public disclosure documents.

Remedies and RGPD Compliance: Reference to civil remedies under Ley 1/2019 LSE Articles 9 through 11 — injunctions (prohibición de uso), damages, and publication of judgment. Data protection compliance clause under RGPD and LOPDGDD, identifying the legal basis for personal data transfer, the data processor role (encargado del tratamiento) of the receiving party's advisers, and AEPD notification obligations.

Governing Law and Jurisdiction: Spanish law as the governing law (ley aplicable) and the Juzgado de lo Mercantil of the disclosing party's registered domicile as the competent court, or agreed arbitration before the Corte de Arbitraje de Madrid (CAM) under Ley 60/2003 de Arbitraje.

Forms-legal.com provides this Due Diligence NDA Spain template as a practical starting point for transaction documentation. All M&A and investment processes should involve specialist legal advice from a Spanish abogado or international law firm experienced in Spanish corporate transactions.

Additional compliance elements for a Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence) used in Spain include: Under the Ley de Sociedades de Capital (LSC) RDL 1/2010, the Registro Mercantil maintains the register of Spanish companies. The Código de Comercio 1885 governs commercial obligations. The Agencia Estatal de Administración Tributaria (AEAT) administers Impuesto sobre Sociedades (IS) under Ley 27/2014. The Comisión Nacional de los Mercados y la Competencia (CNMC) enforces competition law. The Código Civil governs general contractual obligations under Article 1255. Forms-legal.com provides this template as a starting point for Spain-compliant documentation.

Cite this page

CC BY 4.0 · free to cite

Reference this free template in an article, syllabus, or research note:

APA
Forms Legal. (2026). Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence) (Spain) [Legal document template]. Forms Legal. https://forms-legal.com/espana/business/contracts/due-diligence-nda-spain
MLA
"Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence) (Spain)." Forms Legal, 2026, https://forms-legal.com/espana/business/contracts/due-diligence-nda-spain.
Chicago
Forms Legal. "Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence) (Spain)." Forms Legal, 2026. https://forms-legal.com/espana/business/contracts/due-diligence-nda-spain.
BibTeX
@misc{formslegal-due-diligence-nda-spain,
  author       = {{Forms Legal}},
  title        = {Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence) (Spain)},
  year         = {2026},
  howpublished = {\url{https://forms-legal.com/espana/business/contracts/due-diligence-nda-spain}},
  note         = {Free legal document template}
}
Wikipedia
{{cite web |title=Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence) (Spain) |website=Forms Legal |publisher=Forms Legal |date=2026 |url=https://forms-legal.com/espana/business/contracts/due-diligence-nda-spain}}
RIS
TY  - ELEC
T1  - Due Diligence NDA Spain (Acuerdo de Confidencialidad Due Diligence) (Spain)
T2  - Forms Legal
PB  - Forms Legal
PY  - 2026
UR  - https://forms-legal.com/espana/business/contracts/due-diligence-nda-spain
ER  - 
Forms LegalUpdated 2026-06-06.bib.ris

Also available for these jurisdictions:

Frequently Asked Questions

Statute-referenced template — Template last modified June 2026

This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer

Found an error? Let us know