Data is already flowing.
Here is the proof
that we
govern it well.
Yaripo SpA's complete privacy, security and compliance framework. Seven documents. No fine print.
Yaripo SpA operates with early adoption of Chilean Law 21.719. Our DPA v2.0 includes 72-hour notification, a versioned sub-processor list with 30-day prior notice, and a DPIA protocol for sensitive data — standards required by legal teams in mining and industrial enterprises across Latin America.
Complete legal and security framework
DPA v2.0 suited for mining and industrial clients. Includes Annex A (sub-processors) and Annex B (controls). 72-hour notification, DPIA protocol and data destruction certificate.
Implemented technical controls: least-privilege access, MFA, TLS 1.2+ encryption, logging, vulnerability management and incident response plan. Serves as supporting documentation in negotiations without formal audit.
Responsible AI use framework aligned with ISO 42001 and OECD guidelines. Covers algorithmic risk assessment, human oversight, transparency and data protection in AI systems.
Principles, roles and controls for managing data as an organisational asset. Includes ROPA, data classification, quality, lifecycle management and alignment with Law 21.719.
What data we collect, why, who processes it and how long we retain it. Data subject rights explained in plain language. Designed to support compliance with Law 21.719 and aligned with GDPR structure.
Website terms of use, scope of services, intellectual property, limitation of liability and governing law. Applies to visitors, prospects and clients.
Cookie categories, purposes and preference management. Includes a list of analytics tools and their purpose.
What you need,
by role
Each role needs different documents.
For due diligence, vendor qualification and contract signing. The DPA includes Annexes A and B required in enterprise procurement.
For vendor risk assessment. Documented technical controls, CAIQ/VSR questionnaire available on request and AI governance policy.
For exercising data subject rights and understanding what data we collect and how we manage the personal information lifecycle.
No smoke.
What we have
and what is coming.
Actual status — no inflated certification claims.
Early adoption. DPA v2.0, documented policies and controls. Full effectiveness: 1 Dec. 2026.
AI governance policy designed to support ISO 42001 principles and OECD guidelines. No formal certification yet.
8 documented control domains in DPA Annex B. CAIQ questionnaire available on request.
Gap analysis scheduled for H2 2026. Target certification 2027 subject to enterprise portfolio growth.
Documentation prepared to meet registration deadlines with the Chilean Personal Data Protection Agency once the regulation enables formal registration.
Feasibility assessment based on enterprise client base in USA and Australia. No date commitment.
Request the DPA
ready to sign
Yaripo's DPA is a negotiated and versioned document, adapted for the mining and industrial sector. It is not a generic PDF.
We review it together if your legal team has observations. The vast majority of procurement processes close without modifications.
Legal documentation request
Streamlined DPA & Compliance Management
I have read and accept the Privacy Policy and the Terms of Service of Yaripo SpA.
You must accept the terms to continue.
Yaripo team · Response within 2 business days
What legal teams
ask us
Questions that arise during due diligence and enterprise procurement.
Does Yaripo comply with international data protection regulations?
Yes. Yaripo operates with early adoption of data protection standards aligned with GDPR principles and equivalent international frameworks. Our versioned DPA, privacy policies, security statement and incident response protocols are designed to support compliance with applicable regulations.
Does Yaripo have ISO 27001 certification?
Not currently. Yaripo has technical controls aligned with ISO 27001, documented in Annex B of the DPA . For vendor qualification processes, we complete CAIQ/VSR questionnaires within 30 business days. Formal certification is on our roadmap for 2027.
Where is the data processed by Yaripo stored?
Cloud infrastructure is defined on a project-by-project basis according to client requirements — it may be AWS, GCP, Azure or other providers. The region and international transfer mechanism are documented in Annex A (sub-processors) of the DPA.
How quickly does Yaripo notify clients of a security incident?
Yaripo commits to issuing a preliminary alert within 24 hours and a full notification within a maximum of 72 hours from incident detection, in accordance with clause 11 of the DPA.
What happens to data when the contract ends?
Yaripo proceeds with secure return or deletion within a maximum of 30 calendar days from termination. A written certificate of destruction is issued within 10 business days. Only data required for Yaripo's own legal obligations is retained.
Does Yaripo have an AI Governance policy?
Yes. The Yaripo AI Governance Policy is aligned with ISO 42001 and OECD AI principles. It covers algorithmic risk assessment, human oversight and data protection in artificial intelligence systems.
How can I exercise rights over my personal data?
Through the privacy request form . Yaripo will respond within the timeframe required by applicable data protection law. Full procedure in the Privacy Policy .