Privacy Policy and Cookies
Last updated: April 2026
Jurisdictional scope note
This website is aimed at clients in the Argentine Republic and in the territory of the European Union (with special attention to Spain). These documents have been drafted to comply simultaneously with Argentine regulations (Personal Data Protection Law 25,326) and applicable European regulations (GDPR – EU Regulation 2016/679; LSSI-CE – Law 34/2002). In the event of conflict between both frameworks, the most protective rule for the data subject will apply. The website is available in Spanish and English. These documents, drafted in Spanish, constitute the reference version.
This Privacy Policy describes how XPERTA processes personal data collected through this website.
1. Data controller
The data controller for the personal data collected through this website is Gastón Merino Gutiérrez, with commercial name XPERTA, address in Córdoba, Argentina, and contact email info@xpertaglobal.com.
2. Applicable regulatory framework
The processing of personal data carried out through this website is governed, for users in the European Union, by Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD) for users in Spain. For users in Argentina, it is governed by Personal Data Protection Law 25,326 and its Regulatory Decree 1558/2001.
3. Data collected and purposes of processing
XPERTA collects and processes personal data in the following cases:
A. Contact form
The data collected are the name, email address and any data the user freely includes in the message. The purpose is to handle the contact request and, if applicable, organize an initial consultation. The legal basis for users in the EU is the performance of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR), since processing always begins at the user's initiative. For users in Argentina, the legal basis is the free, express and informed consent of the data subject (Art. 5, Law 25,326), given by submitting the form together with acceptance of this policy. The data will be retained for as long as necessary to handle the request and, if a commercial relationship begins, for its duration plus the applicable legal limitation period (5 years in Argentina; 4 years in Spain as a general civil rule).
B. Scheduling via Calendly
The collected data are name, email address, time zone and any additional data the user provides when scheduling. The purpose is to manage the requested meeting. Calendly is integrated as an external link: when clicked, the user is redirected to the Calendly LLC platform outside this website, without Calendly widgets being embedded on the site. The legal basis for users in the EU is the performance of pre-contractual measures (Art. 6.1.b GDPR); for users in Argentina, the data subject's consent (Art. 5, Law 25,326). Calendly LLC acts as processor; its privacy policy can be consulted at calendly.com/privacy.
C. Communication via WhatsApp
The collected data are the phone number and any data the user provides in the conversation. The purpose is to handle inquiries and manage the initial contact process. The legal basis for users in the EU is the performance of pre-contractual measures (Art. 6.1.b GDPR), since contact is always initiated by the user. For users in Argentina, the legal basis is the data subject's consent (Art. 5, Law 25,326). WhatsApp is a service of Meta Platforms with its own privacy policy available at whatsapp.com/legal/privacy-policy. XPERTA does not control the processing of data carried out by WhatsApp on its own users.
D. Browsing data
Processed as indicated in the sections of this policy dedicated to cookies (starting with section 9).
4. Data recipients
XPERTA does not transfer or sell personal data to third parties. Data may only be communicated to technology service providers acting as processors—including Vercel Inc. (infrastructure and hosting provider) and Calendly LLC—always under the contractual safeguards required by the applicable regulations in each jurisdiction, and to public authorities when required by law.
5. International data transfers
For users in the European Union
The website is hosted on Vercel Inc.'s infrastructure, a company based in the United States. This transfer has appropriate legal coverage since Vercel is subscribed to the EU-U.S. Data Privacy Framework, recognized by the European Commission through an Adequacy Decision of July 2023. The use of Calendly likewise entails a transfer to the U.S., covered by the Standard Contractual Clauses adopted by the European Commission, as stated by Calendly in its privacy policy.
For users in Argentina
Law 25.326 (Art. 12) prohibits the transfer of personal data to countries that do not provide adequate levels of protection. The United States does not have adequacy recognition from the Argentine authority. Accordingly, transfers to Vercel Inc. and Calendly LLC are based on the express consent of the data subject (Art. 12(a), Law 25.326), given at the time the user completes the contact form or accesses Calendly to schedule a meeting, having been previously informed by this policy that their data will be processed by providers located in the U.S.
6. Obligation to register with the AAIP (Argentina)
Law 25.326 and its Regulatory Decree 1558/2001 establish the obligation to register personal data bases that are processed for commercial or customer management purposes with the Public Information Access Agency (AAIP). XPERTA has yet to complete the registration of its database with the National Database Registry of the AAIP. The data collected are at all times processed under the principles of Law 25.326 regardless of the status of that registration.
7. Data subject rights
Users in the European Union (GDPR)
You may exercise the rights of access, rectification, erasure, objection, restriction and portability by contacting info@xpertaglobal.com. XPERTA will respond within a maximum of one (1) calendar month from receipt of the request, extendable up to three months in cases of particular complexity, notifying the data subject within the first month of the reasons for the extension (Art. 12 GDPR). If you consider that your rights have not been addressed, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) at aepd.es.
Users in Argentina (Law 25.326)
You may exercise the rights of access, rectification, updating, erasure and confidentiality by contacting info@xpertaglobal.com. For the right of access, XPERTA will respond within a maximum of 30 calendar days from receipt of the request (Art. 14, Law 25.326); access is free at intervals of no less than six months, unless a legitimate interest is proven. For rectification, updating or erasure, XPERTA will resolve within a maximum of 5 business days from receipt of the request (Art. 16, Law 25.326). You may also bring a data protection action before the Public Information Access Agency (AAIP) at argentina.gob.ar/aaip.
8. Security and minors
XPERTA applies reasonable technical and organizational measures to protect personal data against unauthorized access, loss or unlawful disclosure, including encrypted communications (HTTPS), restricted access to the collected data and limitation of processing to the stated purposes. The site is not directed at children under 14. XPERTA does not knowingly collect data from minors; if it were detected that data from a minor had been collected without parental consent, it would be deleted immediately.
9. What are cookies?
Cookies are small text files stored on the user's device when visiting a website, allowing it to remember information about the visit.
10. Regulatory framework
This policy has been drafted in compliance with Directive 2002/58/EC (ePrivacy) and the GDPR for users in the EU, and with Law 25.326 as applicable for users in Argentina.
11. Cookies and measurement technologies used
Strictly necessary cookies (always active)
They do not require consent and are essential for the website's basic operation. XPERTA uses technical session cookies, limited to the browsing session, to ensure the website's basic operation; and consent preference cookies, with a duration of 12 months, to remember the user's cookie choices.
Traffic analytics — Vercel Analytics (active)
XPERTA uses Vercel Analytics as a web traffic measurement tool. Vercel Analytics does not install cookies or access the device's local storage, so it is not subject to the prior consent obligation under the ePrivacy Directive. Notwithstanding the above, Vercel Analytics processes browsing data in aggregate form—including a session identifier with a hash lifetime of less than 24 hours, visited pages, approximate country of origin, device type and browser—which may constitute pseudonymous data within the meaning of the GDPR. The processing of such data is subject to the principles of the GDPR, with the applicable legal basis being XPERTA's legitimate interest in understanding site performance (Art. 6.1.f GDPR), given the aggregated and non-identifying nature of the data processed. The data are processed by Vercel Inc. (U.S.) under the guarantees of the EU-U.S. Data Privacy Framework. More information at vercel.com/legal/privacy-policy.
Additional analytics tools (future, will require consent)
If XPERTA incorporates analytics tools based on cookies or access to the user's device (such as Google Analytics or others), these will be declared in this policy before activation, and the user will be informed through an update to the consent banner. Such tools will require prior explicit consent from users in the EU.
Marketing and advertising cookies (not currently active)
XPERTA does not currently use any advertising tracking technology. If in the future it incorporates advertising tools on platforms such as LinkedIn, Meta or Google Ads—which involve the installation of tracking pixels or tags—these will be declared in this policy before activation. Marketing cookies constitute a separate category from analytics cookies and will require explicit and independent consent from the user.
Third-party services integrated as external links
Calendly and WhatsApp are integrated on the site solely as external links that redirect the user outside the website. XPERTA does not embed widgets from these services, so no third-party cookies are installed from the site itself. Their privacy policies are available at calendly.com/privacy and whatsapp.com/legal/privacy-policy respectively.
12. Consent management
When accessing the site for the first time, a banner will be shown allowing acceptance of all cookies, rejection of optional cookies, or configuration of preferences by category. Consent can be withdrawn at any time from the cookie settings panel available in the footer.
13. Browser management
The user can block or delete cookies directly from their browser settings (Chrome, Firefox, Safari, Edge). Disabling all cookies may affect the website's functionality.
14. Updates to this policy
- XPERTA undertakes to update this policy before incorporating any new tool that involves the use of cookies or tracking technologies.
- Changes will be notified by updating the date indicated at the beginning of the document and, where applicable, by renewing consent in the banner.
Contact
For inquiries about these documents or the exercise of privacy rights, you may contact XPERTA via the email info@xpertaglobal.com, through the contact form available on the website, or by scheduling a meeting through Calendly. The applicable response times are those indicated in section 7 of the Privacy Policy according to the applicant's jurisdiction.