Privacy policy

I. Identity and Address of the Data Controller

This Privacy Notice applies to the websites: https://dito.origon.io/; https://v2.dito.com.mx/Dito.Web/; and https://dito.interfactura.com (collectively, the "Site"), owned by Interfactura, S.A.P.I. de C.V. (hereinafter, "DITO"), with address at San Francisco No. 170-A, Colonia La Fama, Santa Catarina, Nuevo León, C.P. 66100, Mexico, and Federal Taxpayer Registry (RFC) INT020124V62.

For the purposes of this Privacy Notice, "USER" means: (i) the general public and/or (ii) DITO’s customer who has entered into any Service Agreement (the "USER"). The USER fully and unconditionally accepts each and every provision of this Privacy Notice and the Site’s Terms and Conditions, which together constitute the "Legal Notice", permanently published on the Site.

Based on Articles 6, 15, 16 and other applicable provisions of the Federal Law on the Protection of Personal Data Held by Private Parties (the "Law"), its Regulations, the Privacy Notice Guidelines and other applicable provisions, DITO makes this comprehensive privacy notice available to you, in compliance with the principle of information and with the objective of guaranteeing privacy and the right to informational self-determination of personal data owners.

DITO reserves the right to modify or update this Privacy Notice at any time due to legislative developments, internal policies, or new requirements for the provision or offering of our services or products. Such modifications will be notified through the Site and, where applicable, by email.

II. Guiding Principles, Self-Regulation and Compliance Actions

In compliance with Article 5 of the Law, DITO undertakes to observe the following principles in the processing of personal data, and has implemented the actions described below to ensure effective compliance. In addition, DITO voluntarily adopts self-regulation standards in the area of personal data protection, which implies adopting higher standards of protection, transparency and continuous improvement, in line with the Self-Regulation Parameters.

  • Lawfulness: We only collect and process personal data when there is a legal basis that justifies it (contractual relationship, tax obligation, data subject consent, etc.), and we ensure that all processing is carried out in accordance with the Law.
  • Purpose: The purposes for which we collect your data are clearly described in this notice; they are determined, explicit and legitimate. We will not use your data for purposes other than those described without first informing you and, where applicable, obtaining your consent.
  • Loyalty: We process your personal data prioritizing your interests and your reasonable expectation of privacy. We do not use misleading or fraudulent means to obtain information.
  • Consent: We always obtain your consent (implicit or explicit, as applicable) before processing your data, except in cases provided by Law. We provide simple means so you can refuse or grant consent.
  • Quality: We keep your personal data accurate, complete and up to date. We implement procedures to correct or cancel information when necessary, and we avoid duplications or erroneous records.
  • Proportionality: We only process personal data that is necessary and appropriate for the purposes stated in this notice. We do not collect excessive or disproportionate data in relation to such purposes.
  • Information: Through this privacy notice, we clearly, accessibly and completely inform you about the characteristics of the processing of your personal data.
  • Transparency: Our data protection practices are clear and accessible. Except in cases of justified confidentiality, we ensure that data subjects have visibility into the use of their information.
  • Impartiality: Our data management processes are performed objectively, ensuring there are no conflicts of interest in the processing of information.
  • Accountability: We have implemented security measures, internal controls and documentation regarding the data we process and its flows. We conduct periodic reviews of our practices and continuously train our staff on privacy matters. If we identify opportunities for improvement, we implement corrective actions to strengthen the protection of your information.

III. Personal Data We Collect

Personal Data is collected through the Site when the USER provides it directly by various means, or through any source permitted by law. Such Personal Data includes:

  • Full name
  • Address (residential, business and tax)
  • Landline and mobile phone number
  • Email address
  • Federal Taxpayer Registry (RFC)
  • Unique Population Registry Code (CURP)
  • Nationality
  • Electronic Signature (FIEL)
  • Tax information
  • Income information

We do not collect sensitive personal data (such as racial or ethnic origin, health status, genetic information, religious, philosophical or moral beliefs, political opinions, or sexual preference), unless it is strictly necessary for a specific service and we obtain your express written consent.

IV. Purposes of Processing

Primary purposes (necessary for the legal relationship and service provision):

  • To provide the services and products you request.
  • To inform you of changes to such products or services.
  • To provide consulting and/or technical support services.
  • To provide financing services (when requested).
  • To invoice the services provided and manage the corresponding collections.
  • To comply with legal obligations attributable to DITO before tax authorities (SAT) and other regulatory bodies.
  • For customers of the "Interfactura Community": as a value-added service, the USER’s data may be consulted by the companies that make up the Interfactura Community (affiliates and subsidiaries) to improve quality, collaboration and ease of service provision.

Secondary purposes (not necessary for the legal relationship, but allow us to improve and offer better services):

  • To evaluate service quality through satisfaction surveys.
  • To conduct studies for statistical and market analysis purposes.
  • To send you commercial information and advertising about our own services or those of third parties (including financing services) that we believe may be of interest to you, via email, telephone, or any other means.
  • To carry out marketing, advertising and commercial prospecting activities.

Mechanism to object to secondary purposes: You have the right to object to the processing of your personal data for secondary purposes. To do so, you may contact us at soporte@interfactura.com. If you do not object within five (5) business days after this notice is made available to you (when collection is not personal or direct), we will understand that you tacitly consent. At any later time you may revoke your consent or object through the procedure described in the ARCO rights section.

V. Interfactura Community

In order to provide a value-added service to Interfactura customers (the "Interfactura Community"), the USER’s data will be available within the companies that make up the Interfactura Community (affiliates and subsidiaries), so that there is better quality, collaboration and ease of service among such companies. This availability of information is considered a transfer carried out under Article 36, section III of the Law, as they are companies of the same corporate group operating under the same processes and internal policies.

VI. Transfer of Personal Data

DITO may transfer your personal data, within and outside Mexican territory, in the following cases and without needing to obtain your consent when allowed by the Law (Article 36 of the LFPDPPP):

  • When the transfer is provided for in a Law or Treaty to which Mexico is a party.
  • When the transfer is made to controlling companies, subsidiaries or affiliates under the controller’s common control, or to a parent company or any company in the same group operating under the same processes and internal policies (including the Interfactura Community).
  • When the transfer is necessary by virtue of a contract concluded or to be concluded in the data subject’s interest by the controller and a third party.
  • When the transfer is necessary or legally required to safeguard a public interest, or for the procurement or administration of justice.
  • When the transfer is necessary for the recognition, exercise or defense of a right in a judicial proceeding.
  • When the transfer is necessary for the maintenance or fulfillment of a legal relationship between the controller and the USER.

When the transfer requires your consent (because it does not fall under the exceptions above), we will request it expressly through the enabled means. In all cases, third-party recipients assume the same obligations as DITO under the Law.

VII. ARCO Rights (Access, Rectification, Cancellation and Objection) and Revocation of Consent

The USER has the right to know what personal data we have, what we use it for, and the conditions of use (Access); to request correction of personal information if it is outdated, inaccurate, or incomplete (Rectification); to have it deleted from our databases when you consider it is not required for any of the stated purposes (Cancellation); and to object to the use of your data for specific purposes (Objection). These rights are known as ARCO rights.

The exercise of ARCO rights is free of charge. Charges may only be applied to recover reproduction, copying or shipping costs, with prior agreement from the data subject. If the same request is repeated within a period of less than twelve months without substantial changes to the privacy notice, the costs will not exceed three (3) times the current Unit of Measure and Update (UMA).

Procedure to exercise ARCO rights and revoke consent:

  1. Submitting the request: You or your legal representative may send a written request (free format) to our physical address (San Francisco No. 170-A, Col. La Fama, Santa Catarina, Nuevo León, C.P. 66100) or by email to soporte@interfactura.com.
  2. Request requirements: Your request must include and attach the following: (a) full name of the data subject and address or means (email) to receive notifications; (b) documents proving identity of the data subject (legible copy of a valid official ID such as voter ID, passport, professional license, etc.). If acting through a legal representative, also include the representative’s ID and a notarized instrument or a simple power of attorney signed before two witnesses, plus copies of the witnesses’ IDs; (c) clear and precise description of the personal data for which you seek to exercise ARCO rights (except for access); (d) the ARCO right you seek to exercise (access, rectification, cancellation or objection) or, where applicable, revocation of consent; (e) in the case of rectification, the modifications to be made and documentation supporting the request.
  3. Response timeframes: DITO will communicate its decision within a maximum of twenty (20) business days from receipt of the request. If appropriate, the right will be made effective within fifteen (15) business days following the date the response is communicated. If the request is incomplete or lacks documentation, DITO may require you—only once, within five (5) business days after receipt—to provide the necessary elements. You will have ten (10) business days to respond; otherwise, the request will be deemed not submitted. These timeframes may be extended once for an equal period if circumstances justify it, and you will be notified of the extension.

Denial of ARCO rights may be partial or total. In all cases, DITO will inform you of the reason for its decision within the timeframes indicated and will attach the relevant evidence. Reasons for denial may include, among others, failure to properly prove identity, the data not being in our possession, a legal impediment, or harm to a third party’s rights.

If your personal data was transferred prior to rectification or cancellation and continues to be processed by third parties, DITO will inform them of your request so they can also carry it out.

If the USER believes their personal data protection rights have been violated by DITO, they may contact the Secretariat for Anti-Corruption and Good Government (formerly INAI). Contact details can be found at www.gob.mx/buengobierno.

VIII. Information Security

DITO implements administrative, technical and physical security measures to protect your personal data against damage, loss, alteration, destruction, or unauthorized use, access or processing.

The Site has an internationally recognized certificate regarding security and reliability in electronic media. In addition, DITO uses highly reliable transmission, logging and storage systems to ensure confidentiality of information.

The USER’s personal information is processed and stored by DITO on servers or magnetic media located in Mexico, with physical and technological protection measures appropriate to the nature of the data processed and in accordance with best practices and applicable standards for the security and encryption of transmitted, recorded and/or stored information and/or data.

IX. Use of Cookies

We inform the USER that the Site uses cookies strictly necessary for the proper functioning of the platform. Cookies are data files stored on your hard drive or device when browsing our site. They allow us to recognize you, remember your preferences and collect information about your interaction with the site.

The cookies we use are technical and functional, and their sole purpose is to:

  • Keep the USER session active while browsing the Site.
  • Authenticate and recognize the USER when accessing restricted or personalized areas.
  • Remember configuration preferences (such as language or region) to improve the browsing experience.
  • Ensure connection security and prevent fraudulent activities.

We do not use cookies for behavioral advertising, targeted marketing, or to share information with third parties for commercial purposes.

Through these technical cookies, we may obtain information such as: session identifiers or authentication tokens; the User’s browser type; the User’s operating system type; date and time of session start and end; visited pages and searches performed.

These cookies are strictly necessary for service provision and therefore do not require express consent, in accordance with the Law and applicable regulations.

The USER may configure their browser to block or delete cookies at any time through the corresponding settings options. However, since these are necessary cookies, disabling them may prevent the Site from functioning properly or limit access to certain features.

X. Options and Means to Limit the Use or Disclosure of Personal Data

In addition to exercising ARCO rights and revoking consent, DITO provides the following means to limit the use or disclosure of your personal data:

  • DITO exclusion lists: You may request to be included in our internal exclusion lists to avoid receiving promotional or marketing messages. Simply send an email to soporte@interfactura.com with the subject "Promotion opt-out" and include your name and email address.
  • Public opt-out registries: To limit the use of your data for advertising and marketing purposes by companies in general, you may register with PROFECO’s Public Registry to Avoid Advertising (REPEP) (https://repep.profeco.gob.mx/) and, if you are a user of financial services, with CONDUSEF’s Public Registry of Users (REUS).

XI. Changes to this Privacy Notice

DITO reserves the right to modify, update or change this privacy notice at any time to address legislative or case-law reforms, changes in internal policies, or any other justified cause.

If substantial changes are made (for example, change in the controller’s identity, new purposes requiring consent, modifications in transfers), we will make a new privacy notice available through:

  • Notices on our platforms and mobile applications.
  • Email communications to registered users.
  • Publication on our website (https://dito.origon.io/), where the most recent version will always be available.

For minor changes or clarifications, we will update the last modified date at the beginning of this document.

XII. Personal Data Management System (PDMS) and Continuous Improvement

As part of our commitment to the principle of accountability and in alignment with the Self-Regulation Parameters on Personal Data Protection, DITO has implemented a Personal Data Management System (PDMS), aimed at strengthening regulatory compliance and the effective protection of information under our processing.

Through this system, DITO:

  • Documents, identifies and controls internal processes involving personal data processing.
  • Defines privacy and data protection policies and objectives.
  • Ensures participation and oversight by Senior Management in the compliance strategy.
  • Designates responsible persons for day-to-day data protection matters and their coordination with the information security area.
  • Implements training and awareness programs for its personnel.
  • Periodically evaluates its policies, security measures and internal procedures to keep them updated against regulatory, technological, or emerging risk changes.

This management model is based on continuous improvement, allowing progressive strengthening of the measures adopted to protect personal data and mitigate risks associated with its processing.

SMS/Text Messaging Disclosure

As part of our commitment to transparency and in compliance with applicable messaging regulations, DITO provides the following disclosures regarding its SMS/text messaging communications:

  • Program/Brand Name: DITO by Interfactura, S.A.P.I. de C.V.
  • Message Frequency: Message frequency varies depending on the services you have contracted and your account activity. You may receive recurring messages related to invoicing notifications, collection reminders, payment confirmations, and account updates.
  • Program Description: DITO sends SMS/text messages to users who have opted in to receive notifications related to their invoicing, collection management, payment processing, and account activity on the DITO platform.
  • Customer Care Contact: For questions or support regarding SMS messaging, please contact us at: Email: soporte@interfactura.com | Phone: 8147771100 | Address: San Francisco No. 170-A, Colonia La Fama, Santa Catarina, Nuevo León, C.P. 66100, Mexico.
  • Opt-Out: You may opt out of receiving SMS/text messages at any time by replying STOP to any message you receive from DITO, or by contacting our customer care team at the information provided above. Upon opting out, you will receive a single confirmation message and will no longer receive SMS communications from DITO.
  • Message and Data Rates: Message and data rates may apply. Please consult your mobile carrier for details regarding your messaging plan and any associated charges.

XIII. Contact

For any questions, comments, clarifications or requests related to this privacy notice or the processing of your personal data, please contact us through:

  • Email: soporte@interfactura.com (Legal Department – Personal Data Protection Officer).
  • Phone: (81) 4777-1100.
  • Address: San Francisco No. 170-A, Col. La Fama, Santa Catarina, Nuevo León, C.P. 66100.

Last update: February 2, 2026