top of page

Privacy Policy

Who we are: Nature Ways Travel (“we”, “us”, “our”) provides bespoke group travel, retreats, and programs in Costa Rica and beyond. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website, contact us, or use our services.
 

  • This Policy applies to:

    • Our website and landing pages,

    • Contact and inquiry forms,

    • Email, phone, and messaging interactions,

    • Booking, trip planning, and on-trip coordination services,

    • Advertising and analytics tools we use.

    It does not cover third-party sites we link to or services we do not control.

  • a) Information you provide directly

    • Identity and Contact: name, email, phone, company, job title, postal address.

    • Trip Details: group size, dates, budget, interests, itinerary preferences, activity selections.

    • Traveler Information (for bookings): full names as per ID, nationality, date of birth, passport details (only when necessary to book flights/lodging), emergency contact, rooming lists.

    • Preferences & Needs: dietary requirements, accessibility needs, allergies, medical considerations you choose to share for safe travel planning.

    • Payment Information: billing details (we use PCI-compliant processors; we do not store full card numbers on our servers).

    • Content: messages, testimonials, reviews, media you submit.

    b) Information collected automatically

    • Device and Usage: IP address, browser type/version, device type, pages viewed, time on site, referring/exit pages.

    • Cookies and Similar Tech: for site functionality, analytics, and (if enabled) advertising performance. See Cookies section below.

    c) Information from third parties

    • Travel partners and suppliers (e.g., hotels, activity operators) for booking status and service fulfillment.

    • Analytics and ad platforms (e.g., Google Analytics, Meta) for aggregated insights.

    • Social networks if you interact with our pages or use social login.

    Sensitive information such as health or accessibility needs is collected only with your consent and used strictly to plan safe, appropriate travel.

  • We process personal data to:

    • Provide and manage travel services, itineraries, and on-site support (contract performance or steps prior to a contract).

    • Respond to inquiries, provide quotes, and offer trip proposals (legitimate interests; contract steps).

    • Process payments and prevent fraud (contract performance; legal obligation; legitimate interests).

    • Communicate trip updates, logistics, and safety notices (contract performance; legitimate interests).

    • Send optional marketing updates, destination insights, and offers (consent where required; otherwise legitimate interests with easy opt-out).

    • Improve our website, services, and customer experience through analytics (legitimate interests; consent where required for cookies).

    • Comply with legal, tax, and accounting obligations (legal obligation).

    • Protect our rights, users, staff, and partners (legitimate interests).

    You may withdraw consent at any time, without affecting prior lawful processing.

  • We share information only as needed:

    • Service Providers: payment processors, cloud hosting, email platforms, form tools, CRM, analytics, customer support tools, website providers (e.g., Wix).

    • Travel Partners: hotels/lodges, transport companies, activity operators, local guides, event venues, insurance providers—strictly for booking and service delivery.

    • Business Operations: professional advisors, auditors, and insurers bound by confidentiality.

    • Legal/Compliance: authorities, regulators, or to enforce our terms, protect safety, or comply with law.

    • Business Transfers: if we undergo a merger, acquisition, or asset sale, data may transfer as part of the transaction.

    • With Your Consent: e.g., publishing testimonials or photos.

    We do not sell your personal information.

  • We may transfer your data to countries outside your own (including Costa Rica, the United States, and the European Economic Area) to deliver services. Where required, we use appropriate safeguards such as Standard Contractual Clauses, and we ensure partners implement adequate security measures.

  • We keep personal data only as long as needed:

    • Inquiry records and routine correspondence: up to 24 months after last interaction.

    • Booking and travel records (including invoices): typically 7 years to meet tax/accounting obligations.

    • Marketing subscriptions: until you unsubscribe or after a reasonable inactivity period.

    • Cookie data: per cookie type (see banner/settings).

    We may retain data longer where required by law or to establish or defend legal claims.

  • Depending on your location, you may have rights to:

    • Access, correct, or update your data,

    • Delete your data,

    • Object to or restrict certain processing,

    • Port your data to another provider,

    • Withdraw consent (where processing is based on consent),

    • Lodge a complaint with a supervisory authority.

    To exercise rights, contact us at [contact email]. We will verify your request and respond within applicable timeframes.
    California residents (CPRA): you have rights to know, delete, correct, and opt out of sharing for cross-context behavioral advertising. We do not sell personal information. You may designate an authorized agent to submit requests.
    EEA/UK residents (GDPR): our legal bases are listed above; you may contact your local authority (e.g., ICO in the UK) if concerns persist.
    India (DPDP Act 2023): you may access, correct, and erase personal data and file grievances with the Data Protection Board as applicable.

  • We use:

    • Strictly Necessary Cookies: site security, load balancing, form submissions.

    • Performance/Analytics Cookies: to understand site traffic and improve the experience.

    • Functional Cookies: remember choices (e.g., language).

    • Advertising/Measurement Cookies (optional): measure campaign performance and reach.

    Controls:

    • Use our Cookie Banner/Settings to manage non-essential cookies.

    • Adjust browser settings to block or delete cookies.

    • Some features may not function without certain cookies.

    Do Not Track: industry standards are evolving; we do not respond to DNT signals at this time.

  • We implement administrative, technical, and physical measures to protect personal data (encryption in transit, access controls, least-privilege practices). No online service can guarantee absolute security, but we work to prevent unauthorized access, use, or disclosure. If required by law, we will notify you and regulators of a data breach.

  • Our services are not directed to children under 13 (or under 16 in some jurisdictions). We do not knowingly collect personal data from children without appropriate parental/guardian consent. If you believe a child has provided data to us, contact [contact email] to request deletion.

  • If you share testimonials, reviews, or images, you grant us permission-where applicable and only with your consent-to display them on our channels. You can withdraw permission by contacting [contact email]; removal will occur where feasible.

  • Our site may link to third-party websites and services. Their privacy practices are governed by their own policies. Review those policies before sharing information.

  • We may update this Policy to reflect legal, technical, or business developments. Changes will appear here with a new effective date. For material changes, we may provide additional notice.
     

bottom of page