What types of companies do you work with?

We work with mid-market and enterprise companies that have physical operations — hotels, clinics, offices, industrial facilities, retail chains, and remote operations. Typical projects range from $10k to $200k.

Where do you operate?

We currently operate across Argentina, Chile, and Italy. Our team can deploy on-site anywhere in these countries and provide remote support globally.

What makes DITAP different from other IT providers?

Most providers do only one layer — consulting, small fixes, or hardware installation. DITAP integrates everything: we think like strategists and execute like engineers. We design, build, deploy, and operate your entire infrastructure.

Can you take over our existing infrastructure?

Yes. We start with a comprehensive assessment of your current setup, identify gaps and risks, and build a migration roadmap that minimizes disruption while improving reliability.

Do you offer ongoing support after deployment?

Absolutely. We provide 24/7 monitoring, proactive maintenance, incident response, and SLA-backed support. Infrastructure isn't a one-time project — it needs continuous attention.

Can you work in remote or hard-to-reach locations?

This is one of our strengths. We've deployed infrastructure in remote operations using Starlink, satellite backup, ruggedized equipment, and power systems designed for challenging environments.

Back to Home

Privacy Policy

Last updated: May 2026

1. Introduction

This Privacy Policy describes how DITAP (Inversiones Tecnomagallanes SpA) ("DITAP," "we," "us," or "our") collects, uses, shares, and protects your personal information when you visit our website at ditap.io or use our services.

By accessing or using our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our website.

DITAP operates across Argentina, Chile, and Italy, and is committed to complying with applicable data protection laws in each jurisdiction:

Italy / EU: Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003 (Privacy Code).

Argentina: Law 25,326 on Protection of Personal Data, Regulatory Decree 1558/2001, and AAIP Resolution 14/2018.

Chile: Law 19,628 on Protection of Private Life and the new Law 21,719 of 2024 on Personal Data Protection (effective December 2026).

This policy is updated to incorporate international best practices and maintain preventive coverage against claims.

2. Information We Collect

We collect information that you provide directly, information generated automatically when you interact with the site, and information from third-party sources.

Information You Provide Directly:

Name, email, phone number when filling out forms.

Company, job title, and project details when requesting consulting.

Free-form content from messages you send through the site.

Information Collected Automatically:

IP address, browser type, operating system, device.

Pages visited, time on page, traffic source, browsing behavior.

Cookie data and similar technologies (see Section 6).

Information from Third Parties:

Analytics data from Google Analytics 4 (Measurement ID: G-LX5Z6C9RR6).

Advertising interaction data from Meta Pixel (Facebook/Instagram).

Social media information if you interact with our content.

Special categories of data: We do not knowingly collect sensitive data (racial origin, health, political beliefs, biometric data). If you voluntarily share such data in a free-form message, we will not process it for purposes beyond responding to you.

3. Purposes and Legal Basis for Processing

We use data for the following purposes, each with its own legal basis:

Purpose	Legal basis (GDPR / Law 25.326 / Law 19.628)
Respond to inquiries, prepare proposals, deliver projects	Contractual necessity / consent
Relevant commercial communications	Consent (opt-in) or legitimate interest with existing clients
Site usage analysis and improvement	Legitimate interest / consent (analytics cookies)
Advertising, remarketing, custom audiences (Meta, Google)	Express consent
Fraud detection and prevention	Legitimate interest
Compliance with tax, accounting, and regulatory obligations	Legal obligation

We do not sell, rent, or share personal data with third parties for their direct marketing purposes without your express consent.

Automated decision-making / AI: We do not make decisions producing legal effects based solely on automated processing or profiling, in accordance with GDPR Art. 22. If implemented, we will inform you in advance and guarantee your right to human intervention.

4. Sub-processors and Third-Party Services

We share information with the following service providers, solely for the stated purposes, under Data Processing Agreements (DPAs) with adequate safeguards:

Sub-processor	Purpose	Country / Region	Safeguard
Vercel Inc.	Site hosting, CDN, performance analytics	United States / Global	DPA + EU SCCs
Cloudflare Inc.	DNS, security, CDN optimization	United States / Global	DPA + EU SCCs
Google Analytics 4 (G-LX5Z6C9RR6)	Traffic analytics	United States	DPA + EU SCCs + IP anonymization
Meta Platforms (Pixel)	Conversion, remarketing, audiences	United States	DPA + EU SCCs
Resend	Transactional email delivery	United States	DPA + EU SCCs
Amazon Web Services (AWS)	Backend storage and processing (sub-processor for some integrations)	Global	DPA + EU SCCs
Stripe / MercadoPago	Payment processing (when applicable)	Global	DPA + PCI-DSS
Supabase (when applicable)	Database / auth	United States	DPA + EU SCCs

US-based providers operate under Standard Contractual Clauses (SCCs) approved by the European Commission. Argentina has an EU adequacy decision.

Complete and updated list of sub-processors available upon request at [email protected].

5. Cookies and Tracking Technologies

Our site uses cookies and similar technologies. Your consent is requested via the cookie banner on first visit and can be modified at any time.

Strictly necessary cookies (no consent needed, basis: legitimate interest):

`ditap-locale`: language preference. Duration: 1 year.

`ditap-theme`: theme preference. Duration: 1 year.

Session cookies needed for site functionality.

Analytics cookies (require consent):

Google Analytics 4: `_ga`, `_ga_*`, `_gid` — traffic and behavior analysis. Retention: up to 14 months.

Marketing / advertising cookies (require explicit opt-in consent):

Meta Pixel: `_fbp`, `_fbc` — conversion measurement, remarketing. Retention: up to 90 days.

Management:

Modify preferences anytime via the banner or your browser settings.

Google Analytics opt-out: install the [Opt-out Add-on](https://tools.google.com/dlpage/gaoptout).

Meta Ads opt-out: configure at [facebook.com/adpreferences](https://www.facebook.com/adpreferences).

Disabling cookies may impact site functionality.

We comply with Italian Garante guidelines on cookies (Decision 231/2021) and EDPB Guidelines 02/2023.

6. International Data Transfers

DITAP operates in Argentina, Chile, and Italy. Your data may be transferred and processed in countries other than your own, including the United States (where many of our sub-processors are based).

For EU / Italy users:

When data is transferred outside the European Economic Area (EEA), we guarantee appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission.

Adequacy decisions where applicable (Argentina has had EU adequacy since 2003).

Binding Corporate Rules (BCRs) or equivalent mechanisms.

Transfer Impact Assessments (TIAs) per Schrems II.

For Argentina users:

We comply with AAIP Disposition 60-E/2016 on international data transfer.

For Chile users:

We comply with Law 19,628 and, upon entry into force (December 2026), with Law 21,719 on cross-border transfers to countries offering adequate protection.

7. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

Inquiries and contact forms: 3 years from last interaction.

Analytics data: per each tool's configuration (max 14 months for Google Analytics).

Contractual data: 5 years from contract end (tax/accounting compliance, per applicable Commercial Code).

Billing data: 10 years (tax obligation Italy / Argentina / Chile).

Marketing cookies: up to 90 days (Meta Pixel) and 14 months (Google Analytics).

After these periods, data is deleted or irreversibly anonymized. Data needed for legal defense may be retained until the corresponding limitation period expires.

8. Your Rights as a Data Subject

Depending on your jurisdiction and applicable law, you may exercise the following rights:

Right	GDPR (EU)	Law 25.326 (AR)	Law 19.628 / 21.719 (CL)
Access	✅ Art. 15	✅ Art. 14	✅
Rectification	✅ Art. 16	✅ Art. 16	✅
Erasure / "right to be forgotten"	✅ Art. 17	✅ Art. 16	✅ (Law 21.719)
Restriction of processing	✅ Art. 18	✅	✅ (Law 21.719)
Portability	✅ Art. 20	—	✅ (Law 21.719)
Objection	✅ Art. 21	✅	✅
Not be subject to automated decisions	✅ Art. 22	—	✅ (Law 21.719)
Withdraw consent	✅	✅	✅

How to exercise your rights:

Send your request to [email protected] clearly indicating the right you wish to exercise. We will respond within a maximum of 30 calendar days (extendable to 60 days for complex cases, per GDPR Art. 12 / Law 25,326 Art. 14).

Right to lodge a complaint with supervisory authorities:

🇮🇹 Italy: Garante per la protezione dei dati personali — [garanteprivacy.it](https://www.garanteprivacy.it)

🇦🇷 Argentina: Agencia de Acceso a la Información Pública (AAIP) — [argentina.gob.ar/aaip](https://www.argentina.gob.ar/aaip)

🇨🇱 Chile: Consejo para la Transparencia / future Personal Data Protection Agency (Law 21.719)

9. Data Security

We implement appropriate technical and organizational measures per GDPR Art. 32 and international best practices:

Technical:

TLS 1.3 / SSL encryption in transit across the entire site.

AES-256 encryption at rest in databases and storage.

bcrypt or argon2 hashing for sensitive credentials.

Multi-factor authentication (MFA) for administrative systems.

Enterprise hosting on Vercel with SOC 2 Type II.

Organizational:

Data access restricted by least-privilege principle.

Continuous team training on data protection.

Records of processing activities (GDPR Art. 30).

Confidentiality agreements signed with every collaborator.

Periodic security audits and pentests.

Data breach protocol:

In the event of a breach posing risk to data subject rights, we will notify the competent supervisory authority within 72 hours (GDPR Art. 33) and affected individuals without undue delay when risk is high (GDPR Art. 34).

Despite these measures, no system is 100% invulnerable. We assume no responsibility for access resulting from force majeure or attacks beyond the state of the art.

10. Children's Privacy

Our website and services are directed at companies and adult professionals. We do not knowingly collect data from children under 18 years (or 16 in jurisdictions where that is the digital consent threshold, per GDPR Art. 8).

If a parent or legal guardian discovers a minor has provided data without authorization, please contact [email protected] for immediate deletion.

11. Direct Marketing and Anti-Spam

Prior, express, and informed consent is our basis for sending commercial electronic communications. We will never contact you without prior authorization.

Legal compliance:

🇪🇺 EU/Italy: Privacy Code art. 130, ePrivacy Directive 2002/58/EC.

🇦🇷 Argentina: Law 26,951 ("Do Not Call" Registry) and DNPDP Disposition 4/2009.

🇨🇱 Chile: Law 19,628 art. 4 and Law 21,522 on extrajudicial collection.

🌎 International: CAN-SPAM Act (USA) for cross-border emails.

Your right to unsubscribe:

Every commercial email includes a one-click unsubscribe link. You may also send your request to [email protected]. We process unsubscribes within 10 business days.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legislation, or services we use. Material changes will be communicated via:

Visible notice on the site's home page.

Email to registered users (when applicable).

Updated "Last updated" date at the top.

We recommend reviewing this page periodically. Continued use after changes constitutes acceptance.

13. Contact and Data Controller

For inquiries about this Privacy Policy or data processing:

Data Controller: DITAP (Inversiones Tecnomagallanes SpA)

Primary email: [email protected]

Privacy email: [email protected]

Phone: +39 345 243 5103

Operations: Argentina, Chile, Italy

Website: ditap.io

If you believe processing of your data violates your rights, you may directly contact the supervisory authority in your jurisdiction (see Section 8).