Connect in person

Privacy & Cookies Policy

Last updated: April 2026

  • Welcome to Yatra. We're glad you're here.

At Yatra, we believe in doing business with integrity — and that starts with how we handle your personal information. This Privacy & Cookies Policy (“Policy”) explains what data we collect, why we collect it, how we use it, and what rights you have over it.
This Policy applies to all visitors and users of this website (the “Site”), operated by Yatra, a conscious digital marketing practice run by a sole proprietor based in Mexico.
Because Yatra is founded by a Dutch national and may serve clients across the European Union, this Policy is designed to comply with both Mexico’s Federal Law on Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares, or LFPDPPP) and the European Union’s General Data Protection Regulation (GDPR).

  • 1. Who Is responsible for your data?

The data controller responsible for the personal data collected through this Site is:

Yatra Creations Operated by: Nathalie Heijs
Based in: Mexico 

If you have any questions or concerns about your personal data, you can reach us via the contact form here.

  • 2. What personal data we collect

We only collect personal data that you voluntarily provide to us or that is gathered automatically when you visit the Site. Here’s a clear breakdown.

2.1 Data you provide directly

Newsletter Sign-Up Form (“Receive Our Love Letters”)

  • Full name
  • Email address
  • Area of interest (Marketing Services, Holistic Services, or Both)
  • Confirmation that you have read and agree to this Privacy Policy

Contact Form (“Let’s Connect”)

  • Name
  • Email address
  • Phone number (optional)
  • Message content

2.2 Data collected automatically

When you visit this Site, certain information is collected automatically through cookies and similar technologies. This includes:

  • IP address (anonymized where possible)
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent on pages, and referring URLs
  • Language preferences
  • Interactions with site elements (such as CAPTCHA verification)

We explain this in detail in Section 7 (Cookies and Tracking Technologies) below.

  • 3. Why We collect your data (purposes and legal basis)

We never collect data without a reason. Below are the specific purposes for which we process your personal information, along with the legal basis under both Mexican law (LFPDPPP) and the GDPR.

Responding to your inquiries: When you submit the Contact Form, we use your name, email, phone number, and message to get back to you. Legal basis: your consent (LFPDPPP) and legitimate interest in responding to your request (GDPR Art. 6(1)(f)).

Sending our newsletter: When you subscribe through the “Receive Our Love Letters” form, we use your name, email, and stated interests to send you relevant content, offers, and updates. Legal basis: your explicit consent (LFPDPPP and GDPR Art. 6(1)(a)).

Website analytics and improvement: We use analytics tools to understand how visitors interact with the Site so we can improve content, performance, and user experience. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) and consent where required by local cookie laws.

Security and spam prevention: We use CAPTCHA technology (Cloudflare Turnstile) to protect forms from automated abuse. Legal basis: legitimate interest in maintaining site security (GDPR Art. 6(1)(f)).

Site performance and functionality: We use caching and optimization tools to ensure the Site loads quickly and functions smoothly. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).

  • 4. How we share your data

We do not sell, rent, or trade your personal data to third parties. Period.

However, we do work with trusted service providers who process data on our behalf. These providers are contractually bound to handle your data securely and only for the purposes we specify. They include:

  • Email service provider — to deliver our newsletter and transactional emails (via FluentSMTP and the connected email service)
  • Analytics providers — to help us understand site traffic and behavior (Google Analytics and Independent Analytics)
  • Hosting provider — our web host stores and serves the Site, including any data submitted through forms
  • CAPTCHA provider — Cloudflare processes limited data to verify that form submissions come from real people
  • Translation provider — GTranslate may process limited data to deliver translated versions of the Site
  • Social media embeds — Instagram content displayed on the Site (via Smash Balloon) may allow Meta to collect certain data when you interact with it
  • E-commerce tools — WooCommerce may process session data if you interact with any shop or checkout features on the Site

We may also disclose your personal data if required to do so by law, by a valid legal process, or to protect the rights, property, or safety of Yatra or others.

  • 5. International data transfers

Because Yatra operates from Mexico and uses service providers based in various countries (including the United States and the European Union), your personal data may be transferred to and processed in countries outside your own.

When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or reliance on providers certified under recognized data protection frameworks.

When your data is transferred outside Mexico, we ensure that the receiving parties provide comparable levels of data protection as required under the LFPDPPP.

  • 6. How long we keep your data

We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy:

  • Contact form submissions: retained for up to 12 months after your inquiry is resolved, then securely deleted
  • Newsletter subscriber data: retained for as long as you remain subscribed; deleted within 30 days of unsubscribing
  • Analytics data: retained in aggregated or anonymized form according to the retention settings of each analytics tool (typically up to 14 months for Google Analytics)
  • Server logs and security data: retained for up to 12 months for security monitoring purposes
  • 7. Cookies and tracking technologies

7.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help the site remember your preferences, understand how you use it, and improve your overall experience. Some cookies are essential for the site to function; others help us analyze traffic or enable certain features.

7.2 How We Use Cookies

This Site uses the following categories of cookies:

Strictly Necessary Cookies These cookies are essential for the Site to function properly. They cannot be switched off. They include:

  • WordPress session cookies (used to manage login sessions and site functionality)

  • WooCommerce cookies (used for shopping cart and session management if applicable)

  • Cloudflare Turnstile cookies (used to verify form submissions and protect against spam)

  • WPConsent cookies (used to remember your cookie consent preferences)

  • Redis-related cookies (used for server-side performance caching)

Analytics Cookies
These cookies help us understand how visitors use the Site so we can improve it. They collect information in an aggregated or anonymized way.

  • Google Analytics cookies (_ga, _gid, _gat) — track page views, session duration, traffic sources, and user behavior

  • Independent Analytics cookies — provide WordPress-native analytics on site usage patterns

Functionality Cookies
These cookies enable enhanced functionality and personalization.

  • GTranslate cookies — remember your language preference when using the site translation feature

Third-Party / Embedded Content Cookies
Some content embedded on the Site may set cookies from third-party services.

  • Instagram embed cookies (via Smash Balloon Instagram Feed) — Meta (Instagram’s parent company) may place cookies when Instagram content is displayed on the Site. These cookies are governed by Meta’s own privacy and cookie policies.

7.3 Managing Your Cookie Preferences

When you first visit the Site, a cookie consent banner (powered by WPConsent) will ask for your preferences. You can accept or decline non-essential cookies at that time.

You can also change your cookie preferences at any time by:

  • Clicking the cookie settings link in the footer of the Site

  • Adjusting your browser settings to block or delete specific cookies

  • Using browser extensions designed for cookie management

Please note that disabling certain cookies may affect the functionality of the Site.

7.4 Do Not Track Signals

Some browsers send “Do Not Track” (DNT) signals to websites. There is currently no universal standard for how websites should respond to these signals. At this time, this Site does not respond to DNT signals, but we respect your cookie preferences as set through our consent banner.

  • 8. Your rights

Depending on where you are located, you have important rights over your personal data.

8.1 Rights Under Mexican Law (LFPDPPP)

Under the LFPDPPP, you have the right to exercise your ARCO rights:

  • Access (Acceso): Request access to the personal data we hold about you
  • Rectification (Rectificación): Request correction of inaccurate or incomplete data
  • Cancellation (Cancelación): Request deletion of your personal data when it is no longer necessary
  • Opposition (Oposición): Object to the processing of your personal data for specific purposes

To exercise your ARCO rights, please send a written request to our email address listed in Section 1. Your request should include your full name, a description of the data or rights you wish to exercise, and any supporting documentation. We will respond within 20 business days, as required by Mexican law.

8.2 Rights Under the GDPR (for EEA residents)

If you are located in the European Economic Area, you also have the right to:

  • Access your personal data and receive a copy of it
  • Rectify inaccurate or incomplete personal data
  • Erase your personal data (“right to be forgotten”)
  • Restrict the processing of your data under certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal
  • Lodge a complaint with a supervisory authority in your country of residence

To exercise any of these rights, please contact us using the details in Section 1. We will respond within 30 days.

  • 9. Data security

We take reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or alteration. These measures include:

  • SSL/TLS encryption for data transmitted between your browser and the Site
  • CAPTCHA protection on all forms to prevent automated abuse
  • Regular software and plugin updates to address security vulnerabilities
  • Access controls limiting who can view personal data
  • Secure email delivery through authenticated SMTP connections

While no system is completely immune to risk, we are committed to maintaining robust safeguards and reviewing our security practices regularly.

  • 10. Children's privacy

This Site is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete that data.

  • 11. Changes to this policy

We may update this Privacy & Cookies Policy from time to time to reflect changes in our practices, technologies, legal requirements, or the services we offer. When we make changes, we will update the “Last updated” date at the top of this page.

For significant changes, we will make reasonable efforts to notify you — for example, through a notice on the Site or via email if you are a newsletter subscriber.

  • 12. Contact us

If you have any questions about these Terms, we’d love to hear from you via our contact form.

Yatra Creations is Based in Mexico 

 

This Privacy & Cookies Policy is effective as of the date listed above and applies to all visitors and users of this Site.