Skip to main content

Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros)

Key facts

SpainSpainEnglish (ES)FreePDF & WordUpdated Jun 6, 2026
Legal basisSpainNotarization: Not requiredWitnesses: 0Parties: 2
Third-Party Employee NDA (Acuerdo de Confidencialidad para Empleados de Terceros)
Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros)

THIRD-PARTY EMPLOYEE NON-DISCLOSURE AGREEMENT (ACUERDO DE CONFIDENCIALIDAD PARA EMPLEADOS DE TERCEROS)

El presente Acuerdo de Confidencialidad para Empleados de Terceros se celebra el [Agreement Date], al amparo del artículo 1255 del Código Civil, la Ley 1/2019 de Secretos Empresariales (LSE) y la Ley Orgánica 3/2018 (LOPDGDD) de desarrollo del Reglamento (UE) 2016/679 (RGPD).

1. PARTIES

EMPRESA DIVULGADORA: [Disclosing Company Name], NIF/CIF [Disclosing Company NIF], con domicilio social en [Disclosing Company Address], representada por [Disclosing Representative] (en adelante, «la Empresa Divulgadora»).

PERSONA (EMPLEADO DE TERCERO): [Individual Name], DNI/NIE/pasaporte [Individual DNI], empleado o contratado a través de [Individual Employer], con la función de [Individual Role] (en adelante, «la Persona»).

El presente acuerdo complementa el contrato de servicios subyacente: [Underlying Contract]. La Persona queda vinculada directa y personalmente por este acuerdo, con independencia de las obligaciones intersocietarias derivadas del contrato subyacente.

2. SCOPE OF ACCESS

La Persona tendrá acceso a los siguientes sistemas, instalaciones o información en relación con su función ([Individual Role]): [Access Scope]. El acceso se limita estrictamente a lo necesario para la ejecución del proyecto o servicio asignado.

3. CONFIDENTIAL INFORMATION

3.1

«Información Confidencial» significa toda información no pública de la Empresa Divulgadora a la que la Persona acceda o reciba en relación con la prestación, incluyendo: [Confidential Information Categories]. La Información Confidencial incluye los secretos empresariales en el sentido del artículo 1 de la Ley 1/2019 LSE.

3.2

No se considera Información Confidencial aquella que: (a) sea de dominio público sin culpa de la Persona; (b) fuera conocida por la Persona con anterioridad a la prestación; (c) sea desarrollada de forma independiente sin referencia a la información de la Empresa Divulgadora; o (d) deba divulgarse por mandato legal o resolución judicial — previa notificación por escrito a la Empresa Divulgadora cuando legalmente sea posible.

4. INDIVIDUAL OBLIGATIONS

4.1

Durante el periodo de prestación ([Engagement Period]) y durante [Post-Engagement Duration] tras su finalización, la Persona deberá: (a) mantener estricta confidencialidad respecto de toda la Información Confidencial; (b) utilizar la Información Confidencial únicamente para la ejecución del proyecto o servicio asignado; (c) no copiar, descargar, transmitir ni almacenar Información Confidencial en dispositivos personales o sistemas no autorizados; (d) no divulgar Información Confidencial a ninguna persona ajena a la Empresa Divulgadora sin su consentimiento previo por escrito; y (e) notificar de inmediato a la Empresa Divulgadora cualquier incumplimiento de confidencialidad real o sospechado, o cualquier acceso no autorizado a los sistemas.

4.2

La Persona tratará los datos personales a los que acceda durante la prestación únicamente conforme al artículo 29 del RGPD — exclusivamente siguiendo las instrucciones documentadas de la Empresa Divulgadora — y aplicará las medidas técnicas y organizativas de seguridad apropiadas conforme al artículo 32 del RGPD. Las violaciones de seguridad de datos personales se notificarán al responsable de protección de datos de la Empresa Divulgadora en el plazo exigido por el artículo 33 del RGPD.

4.3

Al finalizar la prestación o a solicitud por escrito de la Empresa Divulgadora, la Persona devolverá o destruirá de forma certificable, sin demora, toda la Información Confidencial — incluidos los archivos electrónicos almacenados en dispositivos y en la nube — y facilitará confirmación por escrito de su destrucción.

5. REMEDIES

El incumplimiento de este acuerdo por la Persona faculta a la Empresa Divulgadora a: (a) reclamar la indemnización civil de daños y perjuicios conforme a los artículos 1101 y 1902 del Código Civil; (b) ejercitar las acciones previstas en los artículos 9 a 11 de la Ley 1/2019 LSE — cesación y prohibición del uso, indemnización de daños calculada sobre las pérdidas efectivas o el enriquecimiento injusto, y publicación de la sentencia — ante el Juzgado de lo Mercantil; y (c) instar las sanciones administrativas de la AEPD conforme al artículo 83 del RGPD cuando se vean afectados datos personales. La Empresa Divulgadora podrá solicitar medidas cautelares urgentes conforme al artículo 721 de la LEC.

6. GOVERNING LAW AND JURISDICTION

Este acuerdo se rige por la legislación española. Las controversias quedan sometidas a la jurisdicción del Juzgado de lo Mercantil del domicilio social de la Empresa Divulgadora para las reclamaciones sobre secretos empresariales conforme a la Ley 1/2019 LSE, o al Juzgado de Primera Instancia para las reclamaciones civiles generales.

SIGNATURES

Firmado el [Agreement Date].

EMPRESA DIVULGADORA Firma: _______________________ Nombre: [Disclosing Representative] En representación de: [Disclosing Company Name] Fecha: _______________________

PERSONA Firma: _______________________ Nombre: [Individual Name] DNI/NIE: [Individual DNI] Empleador: [Individual Employer] Fecha: _______________________

Maintained by Vladislav Sergienko, Founder·Template last modified: ·Report an error

What Is a Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros)?

A Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) is a direct confidentiality agreement signed by an individual employee, contractor, or consultant of an external organisation — such as a technology vendor, professional services firm, or outsourcing provider — who requires access to the disclosing company's confidential information in the course of delivering services in Spain. The agreement is governed by Código Civil Article 1255 (freedom of contract — autonomía de la voluntad), Ley 1/2019, de 20 de febrero, de Secretos Empresariales (LSE), and Ley Orgánica 3/2018 (LOPDGDD) supplementing Reglamento (UE) 2016/679 (RGPD), with the individual bound directly rather than through their employer organisation alone.

The distinction between this agreement and a standard inter-company NDA is critical under Spanish law. Under Código Civil Article 1257, contracts bind only the contracting parties (relatividad contractual) — an NDA signed between Company A and Vendor B does not automatically bind Vendor B's individual employees. Ley 1/2019 LSE Article 5 does impose direct liability on individuals who acquire, use, or disclose trade secrets obtained through their employment or service duties, but a written individual NDA with each third-party employee provides clearer, more enforceable obligations and enables direct legal action against the individual under Código Civil Articles 1101 and 1106 without needing to pierce the corporate veil of the vendor entity.

Third-party employees who typically require this agreement in Spain include: IT contractors (desarrolladores de software, administradores de sistemas) implementing or maintaining the disclosing company's information systems; auditors (auditores) and tax consultants (asesores fiscales) reviewing confidential financial records for Agencia Tributaria (AEAT) compliance; management consultants (consultores de gestión) advising on restructuring or strategy; data processors (encargados del tratamiento) under RGPD Article 28 whose individual staff access personal data stored by the disclosing company; and Empresa de Trabajo Temporal (ETT) workers placed under Ley 14/1994 at the disclosing company's premises who access confidential business systems.

The RGPD framework adds a specific dimension to Third-Party Employee NDAs in Spain: where the third-party employee accesses personal data belonging to the disclosing company's customers, employees, or data subjects, the individual must be bound by data processing obligations under RGPD Article 29 — processing only on documented employer instructions and maintaining confidentiality of personal data. The Agencia Española de Protección de Datos (AEPD) has confirmed that processor sub-contracting chains must bind each individual processor to equivalent confidentiality and data security obligations under RGPD Article 28.4.

The Juzgado de lo Mercantil has jurisdiction over trade secret misappropriation claims under Ley 1/2019 LSE Article 13, and civil damages claims may be brought against the individual third-party employee directly under Código Civil Articles 1101 and 1902 (extracontractual liability — responsabilidad extracontractual) even where no direct contractual relationship exists between the disclosing company and the individual, if the individual has acted unlawfully under LSE Articles 3 through 5.

The legal framework governing the Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) in Spain draws on several key statutes and regulatory bodies. Under the Ley de Sociedades de Capital (LSC) RDL 1/2010, the Registro Mercantil maintains the register of Spanish companies. The Código de Comercio 1885 governs commercial obligations. The Agencia Estatal de Administración Tributaria (AEAT) administers Impuesto sobre Sociedades (IS) under Ley 27/2014. The Comisión Nacional de los Mercados y la Competencia (CNMC) enforces competition law. The Código Civil governs general contractual obligations under Article 1255. Parties executing a Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) in Spain should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Código Civil art. 1255; Ley 1/2019 de Secretos Empresariales art. 3–5 sets the foundational requirements.

When Do You Need a Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros)?

A Third-Party Employee NDA Spain is needed when a company's confidential information, trade secrets, or personal data will be accessed by named individuals employed by or contracted through an external vendor, consultancy, or service provider.

The agreement is needed when an IT outsourcing provider (proveedor de servicios TI) deploys individual contractors at the disclosing company's premises or remotely on the company's systems — each contractor should sign a personal NDA in addition to any framework services agreement between the companies, because the individual contractor is the person with actual physical access to sensitive systems and data.

A Third-Party Employee NDA Spain is needed when an external auditing firm (firma de auditoría) or tax advisory firm (asesoría fiscal) sends individual partners and staff to review confidential accounting records, unpublished financial statements, or pending AEAT tax inspections — the individual professionals access information far beyond what is covered by the firm's standard engagement letter.

The agreement is needed when a management consulting firm (consultora de gestión) is engaged for a strategic project — such as a merger integration, operational restructuring, or market entry analysis — and its individual consultants will be briefed on non-public pricing data, customer strategies, or competitive positioning.

A Third-Party Employee NDA Spain is required when an Empresa de Trabajo Temporal (ETT) places temporary workers at the company under Ley 14/1994 — ETT workers are employed by the ETT, not the host company (empresa usuaria), so the host company cannot rely on the ET Article 5.a duty of loyalty running from the ETT worker to the host. A direct NDA bridges this gap.

The agreement is also needed when a freelance professional (profesional autónomo) — a graphic designer, copywriter, software developer, or financial analyst — is engaged for a specific project involving access to the company's confidential business data, customer information, or unreleased product details, particularly where the freelancer's services agreement does not contain a detailed confidentiality clause meeting the requirements of Ley 1/2019 LSE.

Parties in Spain should prepare a Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under the Ley de Sociedades de Capital (LSC) RDL 1/2010, the Registro Mercantil maintains the register of Spanish companies. The Código de Comercio 1885 governs commercial obligations. The Agencia Estatal de Administración Tributaria (AEAT) administers Impuesto sobre Sociedades (IS) under Ley 27/2014. The Comisión Nacional de los Mercados y la Competencia (CNMC) enforces competition law. The Código Civil governs general contractual obligations under Article 1255. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.

What to Include in Your Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros)

A valid Third-Party Employee NDA Spain under Código Civil Article 1255 and Ley 1/2019 de Secretos Empresariales must contain the following essential elements to be directly binding on the third-party individual.

Identification of Parties: Full name, DNI or NIE (or passport number for non-Spanish nationals), employer organisation, job title, and contact address of the individual signatory (empleado de tercero or contratista). Full legal name, NIF, and registered address of the disclosing company (empresa divulgadora). The agreement should reference the underlying commercial contract between the disclosing company and the individual's employer organisation.

Scope of Access: Clear description of the specific systems, premises, projects, or information categories to which the individual will have access — for example, customer database access, financial reporting systems, research and development documentation, or personal data archives. The specificity of the access scope limits the individual's liability to information actually accessible and prevents the agreement from being challenged as disproportionately broad.

Definition of Confidential Information: Thorough definition of información confidencial under Ley 1/2019 LSE Article 1 criteria — information that is not publicly known, has commercial value, and has been kept secret — plus business-specific categories: trade secrets, customer data, supplier terms, technical specifications, software code, financial projections, and any information marked confidential by the disclosing company.

Obligations of the Individual: The individual must: (1) maintain strict confidentiality during and after the engagement period; (2) access confidential information only to the extent necessary for the assigned project or service; (3) not copy, transmit, download, or store confidential information on personal devices or non-authorised systems; (4) immediately notify the disclosing company of any suspected security breach, unauthorised access, or loss of confidential materials; and (5) return or certifiably destroy all confidential materials upon completion of the project or engagement.

Duration: The confidentiality obligation during the engagement is absolute. Post-engagement duration — typically 2 to 3 years — must be clearly stated. For trade secrets qualifying under Ley 1/2019 LSE, the individual's obligation not to disclose continues as long as the information remains secret, independent of the contractual term.

Data Protection Obligations: Where the individual will access personal data belonging to the disclosing company's data subjects — customers, employees, or others — the agreement must include RGPD Article 29 processor obligations: processing only on the disclosing company's documented instructions, maintaining confidentiality of personal data, implementing appropriate technical and organisational measures (medidas técnicas y organizativas) under RGPD Article 32, and reporting personal data breaches to the disclosing company's DPD within the timeframe required by RGPD Article 33 (72 hours from discovery).

Remedies: Reference to civil remedies under Ley 1/2019 LSE Articles 9 through 11 against the individual — injunctions (medidas cautelares), damages, and seizure of infringing materials — and civil liability under Código Civil Articles 1101 and 1902. AEPD administrative sanctions under RGPD Article 83 for data protection breaches reaching up to €20 million or 4% of global annual turnover may also apply.

Governing Law and Jurisdiction: Spanish law as governing law and the Juzgado de lo Mercantil (for trade secret claims) or Juzgado de Primera Instancia (for general civil claims) of the disclosing company's registered domicile as the competent court.

Forms-legal.com provides this Third-Party Employee NDA Spain template as a practical supplement to inter-company services agreements. Legal review by a Spanish abogado is recommended to confirm the agreement is appropriately tailored to the individual's specific access scope and the applicable sector data protection requirements.

Under the Ley de Sociedades de Capital (LSC) RDL 1/2010, the Registro Mercantil maintains the register of Spanish companies. The Código de Comercio 1885 governs commercial obligations. The Agencia Estatal de Administración Tributaria (AEAT) administers Impuesto sobre Sociedades (IS) under Ley 27/2014. The Comisión Nacional de los Mercados y la Competencia (CNMC) enforces competition law. The Código Civil governs general contractual obligations under Article 1255.

Cite this page

CC BY 4.0 · free to cite

Reference this free template in an article, syllabus, or research note:

APA
Forms Legal. (2026). Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) (Spain) [Legal document template]. Forms Legal. https://forms-legal.com/espana/business/contracts/third-party-employee-nda-spain
MLA
"Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) (Spain)." Forms Legal, 2026, https://forms-legal.com/espana/business/contracts/third-party-employee-nda-spain.
Chicago
Forms Legal. "Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) (Spain)." Forms Legal, 2026. https://forms-legal.com/espana/business/contracts/third-party-employee-nda-spain.
BibTeX
@misc{formslegal-third-party-employee-nda-spain,
  author       = {{Forms Legal}},
  title        = {Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) (Spain)},
  year         = {2026},
  howpublished = {\url{https://forms-legal.com/espana/business/contracts/third-party-employee-nda-spain}},
  note         = {Free legal document template}
}
Wikipedia
{{cite web |title=Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) (Spain) |website=Forms Legal |publisher=Forms Legal |date=2026 |url=https://forms-legal.com/espana/business/contracts/third-party-employee-nda-spain}}
RIS
TY  - ELEC
T1  - Third-Party Employee NDA Spain (Acuerdo de Confidencialidad para Empleados de Terceros) (Spain)
T2  - Forms Legal
PB  - Forms Legal
PY  - 2026
UR  - https://forms-legal.com/espana/business/contracts/third-party-employee-nda-spain
ER  - 
Forms LegalUpdated 2026-06-06.bib.ris

Frequently Asked Questions

Statute-referenced template — Template last modified June 2026

This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer

Found an error? Let us know