Privacy Policy

www.tayloralexander.coffee

Effective Date: December 17, 2025

1. INTRODUCTION AND SCOPE

1.1 Data Controller

Taylor Alexander Fine Gourmet Coffee
A property of AXDR VNTR LLC
84 Broadway STE 200, Derry, NH 03038, USA
Legal Contact: legal@tayloralexander.coffee
Customer Service: clientservices@tayloralexander.coffee
Phone: (305) 537-8105

1.2 Policy Overview

This Privacy Policy ("Policy") describes how Taylor Alexander Fine Gourmet Coffee ("Company," "we," "us," or "our") collects, uses, stores, discloses, and protects Personal Information obtained from or about individuals ("you," "your," or "User") who:

(a) Access or use www.tayloralexander.coffee ("Site")
(b) Purchase products or services ("Products")
(c) Subscribe to memberships or newsletters
(d) Communicate with us through any channel
(e) Interact with our marketing or advertising

(Collectively, the "Services")

1.3 Applicability

This Policy applies to all Personal Information collected through the Services, regardless of collection method (online, offline, written, verbal, electronic).

1.4 Binding Agreement

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, you must immediately cease use of the Services.

1.5 Platform Provider

The Services are provided through Fourthwall, a third-party e-commerce platform provider. While the platform facilitates our Services, all data collection, processing, and privacy obligations are solely between you and Company. Platform Provider is not responsible for our privacy practices.

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide Directly

We collect Personal Information you voluntarily provide through:

Account Information:

Full legal name
Email address
Password and account credentials
Shipping and billing addresses
Phone number
Date of birth (if applicable)
Account preferences and settings

Purchase and Transaction Information:

Order history and details
Products purchased
Purchase amounts and dates
Shipping addresses
Payment method type (card type, last 4 digits)
Transaction confirmation numbers

Financial Information:

Payment card information (processed and stored by third-party payment processors, not by Company)
Billing address
Tax identification information (for certain transactions)

Communications:

Email correspondence content
Customer service inquiry details
Feedback, reviews, and testimonials
Survey responses
Chat or messaging content
Phone call recordings (with notice)

Membership and Subscription Information:

Subscription preferences
Delivery frequency selections
Product preferences
Membership tier and benefits

Marketing and Promotional Information:

Newsletter subscription preferences
Marketing communication preferences
Referral information
Promotional code usage

User-Generated Content:

Product reviews and ratings
Comments and feedback
Photos or videos submitted
Social media interactions

Other Information:

Information provided in forms, applications, or requests
Information disclosed in communications with us
Any other information you choose to provide

2.2 Mandatory vs. Optional Information

Certain information is mandatory for Service provision (order processing, account creation). Optional information enhances user experience but is not required. We indicate mandatory fields with appropriate markers. Failure to provide mandatory information may prevent Service access or functionality.

2.3 Personal Information Collected Automatically

Device Information:

Device type, model, and manufacturer
Operating system and version
Browser type and version
Device identifiers (IDFA, Android ID, UDID)
Screen resolution and display settings
Device language and time zone
Mobile network information

Log and Usage Data:

IP address and geographic location (city, state, country)
Pages visited and content viewed
Clickstream data and navigation paths
Time and date of visits
Referral sources and URLs
Search queries entered
Features and functions used
Session duration and frequency
Error logs and diagnostic data

Location Information:

Approximate location derived from IP address
City-level geographic location
State and country information
Time zone data

Cookies and Tracking Technologies: We and our third-party service providers use cookies, web beacons, pixels, tags, scripts, and similar tracking technologies to:

Remember user preferences and settings
Authenticate users and prevent fraud
Analyze Site usage and performance
Provide personalized content and recommendations
Deliver targeted advertising
Measure marketing campaign effectiveness

See our Cookie Policy for comprehensive information on cookie use and management: [URL]

Analytics Data:

User behavior patterns
Feature usage statistics
Performance metrics
Conversion data
A/B testing results
Heatmaps and session recordings

2.4 Personal Information from Third Parties

Service Providers and Vendors:

Payment processors (transaction verification, fraud detection)
Shipping carriers (delivery confirmation, tracking updates)
Analytics providers (usage statistics, demographic data)
Marketing platforms (campaign performance, engagement metrics)
Customer service platforms (support ticket information)

Social Media Platforms:

Profile information (if you connect social media accounts)
Friends lists and connections
Public posts and interactions
Social media advertising data

Data Aggregators and Brokers:

Demographic information
Interest and preference data
Purchase behavior and intent signals
Device and online identifiers

Public Sources:

Publicly available information
Business registries and directories
Social media public profiles

Other Users:

Referral information from existing customers
Gift recipient information from purchasers
Shared content or recommendations

2.5 Combination of Information

We may combine information collected from different sources (directly provided, automatically collected, third-party sources) to create comprehensive user profiles, enhance Services, personalize experiences, and improve business operations.

2.6 Sensitive Personal Information

We collect limited Sensitive Personal Information:

Account login credentials (username, password)
Payment information (processed by third-party processors)
Government identifiers (for fraud prevention, where permitted)

We do not intentionally collect:

Social Security Numbers (except as legally required for tax reporting)
Precise geolocation data (only city-level approximate location)
Health information
Biometric data
Sexual orientation or gender identity
Religious or philosophical beliefs
Racial or ethnic origin
Trade union membership

If you provide Sensitive Personal Information not requested by us, you consent to our collection and processing of such information per this Policy.

3. HOW WE USE PERSONAL INFORMATION

3.1 Service Provision and Performance

Create and manage user accounts
Process orders and transactions
Fulfill product shipments and deliveries
Provide customer service and support
Process returns, refunds, and exchanges
Manage subscriptions and memberships
Send transactional communications (order confirmations, shipping notifications)
Authenticate users and prevent unauthorized access
Provide requested information and respond to inquiries

3.2 Service Improvement and Development

Analyze usage patterns and trends
Conduct research and analytics
Develop new products, services, and features
Test and optimize Site functionality
Improve user interface and experience
Conduct A/B testing and experiments
Measure and improve Service performance

3.3 Personalization and Customization

Personalize content and recommendations
Remember preferences and settings
Tailor marketing communications
Provide customized experiences
Save shopping cart contents
Suggest products based on purchase history

3.4 Marketing and Advertising

Send promotional emails and newsletters
Deliver targeted advertising
Conduct marketing campaigns
Measure marketing effectiveness
Provide product recommendations
Offer special promotions and discounts
Facilitate referral programs

3.5 Security and Fraud Prevention

Detect and prevent fraud and abuse
Monitor for security threats
Protect user accounts from unauthorized access
Verify user identity
Investigate suspicious activity
Enforce Terms and Conditions
Protect intellectual property rights

3.6 Legal Compliance and Protection

Comply with legal obligations and regulations
Respond to legal requests and court orders
Enforce contracts and agreements
Protect legal rights and interests
Resolve disputes
Defend against legal claims
Conduct audits and compliance reviews

3.7 Business Operations and Analytics

Conduct business analysis and reporting
Manage vendor and partner relationships
Process payments and manage accounting
Maintain records and databases
Conduct internal quality assurance
Train employees and contractors
Make informed business decisions

3.8 Communications

Respond to inquiries and requests
Provide customer support
Send administrative messages
Notify of policy or service changes
Request feedback and reviews
Conduct surveys
Send account-related notifications

3.9 Other Purposes

Any purpose disclosed at time of collection
Any purpose to which you consent
Any other lawful business purpose

4. LEGAL BASIS FOR PROCESSING (GDPR/UK GDPR)

4.1 Applicability

This section applies to individuals located in the European Economic Area (EEA), United Kingdom (UK), or other jurisdictions requiring identification of legal processing bases.

4.2 Legal Bases

We process Personal Information under the following legal bases:

Contractual Necessity: Processing necessary to perform our contractual obligations to you, including:

Account creation and management
Order processing and fulfillment
Payment processing
Delivery of products
Provision of customer service
Membership and subscription management

Consent: Processing based on your explicit consent, including:

Marketing communications (where consent required)
Cookie placement (non-essential cookies)
Newsletter subscriptions
Optional data collection

You may withdraw consent at any time without affecting lawfulness of prior processing. Withdrawal instructions provided in Section 10.

Legitimate Interests: Processing necessary for legitimate interests pursued by Company or third parties, provided such interests are not overridden by your rights and freedoms:

Fraud prevention and security
Network and information security
Business analytics and reporting
Service improvement and development
Internal administration
Direct marketing (where permitted without consent)
Understanding customer preferences
Developing new products and services

Legal Obligation: Processing necessary to comply with legal obligations, including:

Tax and accounting requirements
Regulatory compliance
Law enforcement requests
Court orders and legal processes
Mandatory record-keeping
Anti-money laundering requirements

Vital Interests: Processing necessary to protect vital interests of you or another person (rarely applicable).

Public Interest: Processing necessary for tasks carried out in the public interest (rarely applicable).

4.3 Balancing Test

For processing based on legitimate interests, we conduct balancing tests to ensure our interests do not override your fundamental rights and freedoms. You may request information about our balancing test by contacting: legal@tayloralexander.coffee

5. DISCLOSURE OF PERSONAL INFORMATION

5.1 Service Providers and Vendors

We disclose Personal Information to third-party service providers who perform services on our behalf under written contracts:

E-Commerce Platform:

Fourthwall (website hosting, e-commerce functionality)

Payment Processors:

Payment gateway providers
Fraud detection services
PCI-DSS compliant payment processors

Shipping and Fulfillment:

USPS and other shipping carriers
Fulfillment centers
Logistics providers
Address verification services

Analytics and Data Services:

Google Analytics
Website analytics platforms
Business intelligence providers
Data warehousing services

Marketing and Advertising:

Email marketing platforms
Advertising networks
Social media advertising platforms
Marketing automation tools
Attribution and conversion tracking services

Customer Service:

Customer relationship management (CRM) platforms
Help desk and ticketing systems
Live chat providers
Phone service providers

Security and Fraud Prevention:

Fraud detection and prevention services
Identity verification services
Security monitoring and threat detection
Bot detection and prevention

Other Service Providers:

Cloud storage providers
IT infrastructure and hosting
Database management
Legal and professional advisors
Accounting and tax services
Insurance providers

5.2 Affiliates and Subsidiaries

We may disclose Personal Information to AXDR VNTR LLC and its affiliated entities, subsidiaries, and related companies for business purposes, analytics, and consolidated operations.

5.3 Business Transfers

In connection with any merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, we may disclose Personal Information to:

Prospective purchasers or investors
Advisors and representatives
Successor entities
Service providers assisting with due diligence

Acquirers and successors bound by this Policy or required to adopt comparable privacy protections.

5.4 Legal Requirements and Protection

We disclose Personal Information when required or permitted by law:

Legal Process:

Court orders and subpoenas
Search warrants
Legal discovery requests
Regulatory investigations
Government agency requests

Rights Protection:

Enforce Terms and Conditions
Protect Company rights and property
Defend against legal claims
Protect user safety
Prevent fraud and abuse
Investigate violations

Public Safety:

Protect health and safety of individuals
Prevent harm to persons or property
Cooperate with law enforcement
Comply with national security requests

5.5 Advertising and Analytics Partners

We disclose certain Personal Information to advertising and analytics partners for:

Targeted advertising delivery
Advertising performance measurement
Analytics and insights
Audience segmentation
Conversion tracking
Retargeting campaigns

See Section 6 for detailed information on advertising practices.

5.6 With Your Consent

We may disclose Personal Information to other third parties when you provide explicit consent or direction.

5.7 Aggregated and De-Identified Information

We may disclose aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you to any third party for any lawful purpose, including:

Business partners
Advertisers and sponsors
Industry analysts
Media and press
Research organizations

6. ONLINE ANALYTICS AND ADVERTISING

6.1 Web Analytics Services

We use third-party web analytics services to understand how users interact with the Services:

Google Analytics:

Usage statistics and traffic analysis
User demographics and interests
Behavior flow and navigation patterns
Conversion tracking
Site performance metrics

Other Analytics Providers:

Session recording and heatmaps
User journey mapping
Funnel analysis
Cohort analysis

Analytics Data Collection: Analytics providers use cookies, pixel tags, and similar technologies to collect information about your device, browser, and usage patterns. Information collected includes:

Pages visited and time spent
Referral sources
Click patterns and interactions
Geographic location (approximate)
Device and browser information
Screen resolution and viewport

Opt-Out: To prevent Google Analytics from using your information, install the Google Analytics Opt-Out Browser Add-on: https://tools.google.com/dlpage/gaoptout

6.2 Targeted Advertising

We use third-party advertising technologies to deliver personalized advertisements based on your interests and online behavior:

Advertising Activities:

Display personalized ads on our Site and third-party websites
Retarget users who previously visited our Site
Measure advertising campaign performance
Optimize ad delivery and creative
Analyze advertising ROI

Advertising Partners:

Google Ads and Google Display Network
Facebook/Meta advertising
Instagram advertising
Other social media advertising platforms
Programmatic advertising exchanges

Information Used for Advertising:

Browsing history and pages viewed
Products viewed or purchased
Search queries
Device and browser information
Demographic data and inferred interests
Cookie identifiers and mobile advertising IDs

Cross-Device Tracking: Advertising partners may link your activity across devices to deliver consistent advertising experiences.

6.3 How Targeted Advertising Works

Advertising partners place cookies or tracking technologies on your device to:

Recognize you when you visit our Site or partner sites
Collect information about your browsing behavior
Create interest profiles and audience segments
Deliver ads tailored to your interests
Measure ad views, clicks, and conversions

6.4 Opt-Out of Targeted Advertising

You have options to control targeted advertising:

Industry Opt-Out Tools:

Network Advertising Initiative (NAI): http://www.networkadvertising.org/choices/
Digital Advertising Alliance (DAA): http://www.aboutads.info/choices/
European Interactive Digital Advertising Alliance (EDAA): http://www.youronlinechoices.eu/
Digital Advertising Alliance of Canada (DAAC): https://youradchoices.ca/

Platform-Specific Opt-Outs:

Google Ads Settings: https://www.google.com/settings/ads
Facebook Ad Preferences: https://www.facebook.com/ads/preferences
Twitter Privacy Settings: https://twitter.com/settings/privacy
LinkedIn Ad Settings: https://www.linkedin.com/psettings/advertising

Mobile Device Settings:

iOS: Settings > Privacy > Advertising > Limit Ad Tracking
Android: Settings > Google > Ads > Opt out of Ads Personalization

Browser Controls: Most browsers allow you to block or delete cookies. See Cookie Policy for detailed instructions.

Global Privacy Control (GPC): We honor Global Privacy Control signals. To enable GPC, visit: https://globalprivacycontrol.org/

Important Notes:

Opting out prevents personalized ads but does not eliminate all advertising
You may still see contextual or non-targeted ads
Opt-outs are device and browser-specific
Clearing cookies may reset opt-out preferences
We are not responsible for third-party opt-out mechanisms

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. Cookies enable websites to remember your actions, preferences, and provide enhanced functionality.

7.2 Types of Tracking Technologies

Cookies:

Session cookies (temporary, deleted when browser closes)
Persistent cookies (remain until expiration or deletion)

Web Beacons and Pixels:

Transparent images embedded in web pages or emails
Track page views, email opens, and user interactions

Local Storage:

HTML5 local storage
Stores larger amounts of data than cookies

Scripts and Tags:

JavaScript code that collects usage data
Third-party analytics and advertising scripts

Device Fingerprinting:

Collects device configuration information
Creates unique device identifiers

7.3 How We Use Cookies

Strictly Necessary Cookies:

Enable core Site functionality
Authenticate users and prevent fraud
Security and access control
Process transactions

Functional Cookies:

Remember user preferences and settings
Provide enhanced features
Remember shopping cart contents
Store language and region preferences

Performance and Analytics Cookies:

Analyze Site usage and performance
Count visitors and measure traffic sources
Understand user behavior patterns
Improve Site functionality

Marketing and Advertising Cookies:

Deliver targeted advertisements
Measure advertising effectiveness
Retarget previous visitors
Frequency cap ad delivery
Personalize marketing content

7.4 Cookie Management

See our comprehensive Cookie Policy for:

Complete list of cookies used
Cookie lifespan and purpose
Detailed management instructions
Browser-specific cookie controls

Cookie Policy available at: [URL]

7.5 Do Not Track (DNT)

We do not currently respond to browser Do Not Track signals, as no industry standard exists for DNT compliance. We do, however, honor Global Privacy Control (GPC) signals as described in Section 6.4.

8. DATA RETENTION

8.1 Retention Principles

We retain Personal Information for as long as necessary to:

Fulfill purposes for which it was collected
Provide Services to you
Comply with legal obligations
Resolve disputes
Enforce agreements
Protect legal rights

8.2 Retention Periods

Account Information:

Active accounts: Duration of account relationship
Inactive accounts: Deleted after 3 years of inactivity (or as required by law)
Closed accounts: 7 years for legal and tax compliance

Transaction Data:

Purchase records: 7 years (tax and accounting requirements)
Payment information: Per payment processor retention policies
Shipping records: 2 years

Marketing Data:

Email marketing lists: Until unsubscribe or 2 years of inactivity
Advertising data: Per advertising platform retention policies (typically 13-26 months)

Communications:

Customer service inquiries: 3 years
Email correspondence: 3 years
Chat transcripts: 2 years

Analytics and Usage Data:

Standard analytics: 26 months (Google Analytics default)
Aggregated data: Indefinitely (cannot identify individuals)

Legal and Compliance Data:

Legal claims: Duration of claim plus 7 years
Regulatory records: As required by applicable regulations

8.3 Deletion and Anonymization

After retention periods expire, we:

Permanently delete Personal Information
Anonymize or aggregate data so it can no longer identify individuals
Archive data in secure, offline storage (where legally required)

8.4 Extended Retention

We may retain Personal Information beyond standard periods when:

Required by law or regulation
Necessary for pending legal proceedings
Required for legitimate business purposes
You consent to extended retention
Necessary to protect rights or property

8.5 Backup Systems

Personal Information may persist in backup systems for limited periods (typically 90 days) after deletion. Backup data is not accessible for operational use and is deleted according to backup retention schedules.

9. DATA SECURITY

9.1 Security Commitment

We implement physical, technical, and administrative safeguards designed to protect Personal Information from unauthorized access, disclosure, alteration, destruction, and loss.

9.2 Technical Safeguards

Encryption:

Transport Layer Security (TLS) for data transmission
Encryption at rest for sensitive data
End-to-end encryption for payment processing
Encrypted backups

Access Controls:

Multi-factor authentication (MFA)
Role-based access control (RBAC)
Principle of least privilege
Regular access reviews and audits

Network Security:

Firewalls and intrusion detection systems
DDoS protection
Network segmentation
Virtual private networks (VPNs)

Application Security:

Secure coding practices
Regular security testing and vulnerability assessments
Web application firewalls
Input validation and sanitization

9.3 Administrative Safeguards

Employee security training and awareness
Background checks for personnel with data access
Confidentiality agreements and NDAs
Data handling and privacy policies
Incident response procedures
Regular security audits and assessments

9.4 Physical Safeguards

Secure data center facilities
Access controls and monitoring
Environmental controls (fire, flood, temperature)
Secure disposal of physical records

9.5 Third-Party Security

Service providers must:

Implement appropriate security measures
Sign data processing agreements
Undergo security assessments
Comply with industry standards (PCI-DSS for payment processors)
Report security incidents promptly

9.6 Limitations

Despite our security measures:

No system is completely secure
We cannot guarantee absolute security
Internet transmission is inherently insecure
You are responsible for maintaining account credential confidentiality
Unauthorized access or security breaches may occur

9.7 Security Best Practices for Users

Use strong, unique passwords
Enable multi-factor authentication where available
Do not share account credentials
Log out after using shared devices
Keep software and devices updated
Be cautious of phishing attempts
Monitor account activity regularly
Report suspicious activity immediately

9.8 Security Incident Response

In the event of a data breach:

We will investigate promptly
Assess scope and impact
Contain and remediate the breach
Notify affected individuals as required by law
Notify regulatory authorities where required
Provide information about protective steps you can take

Notification timing and method as required by applicable breach notification laws.

10. YOUR PRIVACY RIGHTS

10.1 Rights Overview

Depending on your location and applicable law, you may have certain rights regarding your Personal Information. This section describes rights available under various privacy laws.

10.2 General Privacy Rights

Right to Access: Request confirmation of whether we process your Personal Information and obtain a copy of such information.

Right to Rectification/Correction: Request correction of inaccurate or incomplete Personal Information.

Right to Deletion/Erasure: Request deletion of your Personal Information, subject to legal exceptions.

Right to Restriction of Processing: Request that we limit how we use your Personal Information in certain circumstances.

Right to Data Portability: Receive your Personal Information in structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object: Object to our processing of your Personal Information, particularly for direct marketing or processing based on legitimate interests.

Right to Withdraw Consent: Withdraw previously provided consent for processing, without affecting lawfulness of processing before withdrawal.

Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we violated your privacy rights.

10.3 How to Exercise Rights

Submission Methods:

Email: legal@tayloralexander.coffee
Subject: "Privacy Rights Request - [Type of Request]"

Mail:
Taylor Alexander Fine Gourmet Coffee
Attention: Privacy Rights
84 Broadway STE 200
Derry, NH 03038, USA

Phone: (305) 537-8105

10.4 Request Requirements

To process your request, we require:

Your full name
Email address associated with your account
Description of request and right(s) you wish to exercise
Verification information (see Section 10.5)
Specific Personal Information you want to access, delete, or correct (if applicable)

10.5 Identity Verification

To protect your privacy, we verify your identity before fulfilling requests:

Verification Methods:

Account authentication (login)
Email confirmation to registered address
Information matching (personal details on file)
Government-issued identification (for sensitive requests)
Multi-factor authentication

10.6 Response Timeline

Acknowledgment: Within 5 business days
Response: Within 30-45 days (depending on jurisdiction)
Extension: May extend up to additional 30-60 days for complex requests (with explanation)
Denial: If denied, we explain reasons and your appeal rights

10.7 Authorized Agents

You may designate an authorized agent to make requests on your behalf:

Agent Requirements:

Written authorization signed by you
Power of attorney (for certain requests)
Proof of agent's identity
You must verify your identity directly with us

10.8 Fees

Requests are generally free. We may charge reasonable fees for:

Manifestly unfounded or excessive requests
Repeated requests for copies
Administrative costs for complex requests

Fees communicated before processing request.

10.9 Limitations and Exceptions

We may deny requests when:

We cannot verify your identity
Request is manifestly unfounded or excessive
Legal obligations require retention
Necessary for legal claims or defense
Required for public interest tasks
Protected by legal privilege
Would adversely affect others' rights
Technically impossible

Denials include explanation and appeal rights where required by law.

11. CHILDREN'S PRIVACY

11.1 Age Restriction

The Services are not directed to children under 13 years of age (or applicable minimum age in your jurisdiction). We do not knowingly collect, maintain, or use Personal Information from children under 13.

11.2 Parental Notice

If you are a parent or guardian and believe your child under 13 has provided Personal Information to us, contact us immediately:

Email: legal@tayloralexander.coffee
Subject: "Child Privacy Concern"

11.3 Verification and Deletion

Upon notification or discovery that we have collected information from a child under 13:

We will verify the information
Promptly delete the child's Personal Information
Terminate the child's account
Cease further collection

11.4 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA) and do not:

Knowingly collect Personal Information from children under 13
Condition a child's participation on disclosure of more information than necessary
Retain child information longer than necessary
Transfer child information to third parties without parental consent

12. INTERNATIONAL DATA TRANSFERS

12.1 Data Storage Locations

Personal Information may be stored and processed in:

United States
Other countries where our service providers operate
Cloud storage facilities globally

12.2 Adequacy and Safeguards

For transfers from EEA/UK/Switzerland to countries without adequacy decisions, we implement appropriate safeguards:

Standard Contractual Clauses (SCCs):

EU Standard Contractual Clauses approved by European Commission
UK International Data Transfer Agreement/Addendum
Swiss-approved SCCs

Other Mechanisms:

Binding Corporate Rules (where applicable)
Certification schemes (Privacy Shield successor frameworks, if available)
Codes of conduct and certifications

12.3 Transfer Impact Assessments

We conduct Transfer Impact Assessments (TIAs) to evaluate data protection in destination countries and implement supplementary measures where necessary.

12.4 Your Consent

By using the Services, you consent to transfer of your Personal Information to countries that may have different data protection laws than your country of residence.

12.5 Questions About Transfers

For information about specific transfers or safeguards:

Email: legal@tayloralexander.coffee
Subject: "International Data Transfer Inquiry"

13. ADDITIONAL INFORMATION FOR EEA AND UK RESIDENTS

13.1 Data Controller

Taylor Alexander Fine Gourmet Coffee (a property of AXDR VNTR LLC) is the data controller responsible for processing your Personal Information under this Policy.

Contact: legal@tayloralexander.coffee

13.2 Legal Bases Summary

See Section 4 for comprehensive explanation of legal bases for processing.

13.3 Your GDPR/UK GDPR Rights

Under the General Data Protection Regulation (GDPR) and UK GDPR, you have the following rights:

Right of Access (Article 15):

Confirm whether we process your data
Obtain copy of your Personal Information
Receive information about processing purposes, categories, recipients, retention periods

Right to Rectification (Article 16):

Correct inaccurate Personal Information
Complete incomplete Personal Information

Right to Erasure/"Right to be Forgotten" (Article 17): Request deletion when:

Data no longer necessary for original purposes
You withdraw consent (where processing based on consent)
You object to processing and no overriding legitimate grounds exist
Data processed unlawfully
Legal obligation requires deletion
Data collected from children

Exceptions: We may refuse deletion when necessary for:

Exercising freedom of expression and information
Legal compliance obligations
Public interest tasks
Archiving, research, or statistical purposes
Establishing, exercising, or defending legal claims

Right to Restriction of Processing (Article 18): Request restriction when:

You contest data accuracy (during verification period)
Processing is unlawful but you oppose deletion
We no longer need data but you need it for legal claims
You object to processing (pending balancing test)

Right to Data Portability (Article 20):

Receive data in structured, commonly used, machine-readable format
Transmit data to another controller
Applies to data processed by automated means based on consent or contract

Right to Object (Article 21):

General Objection: Object to processing based on legitimate interests or public interest, unless we demonstrate compelling legitimate grounds that override your interests.

Direct Marketing: Unconditional right to object to direct marketing at any time.

Profiling: Right to object to automated decision-making with legal or significant effects.

Right Not to be Subject to Automated Decision-Making (Article 22):

Not subject to decisions based solely on automated processing (including profiling) producing legal or similarly significant effects
Exceptions: necessary for contract, authorized by law, or based on explicit consent

Right to Withdraw Consent (Article 7):

Withdraw consent at any time
Does not affect lawfulness of processing before withdrawal
Easy withdrawal process (as easy as giving consent)

Right to Lodge Complaint (Article 77): File complaint with supervisory authority in your country:

EU Member States: Contact your national Data Protection Authority
UK: Information Commissioner's Office (ICO) - https://ico.org.uk/
EEA: Refer to European Data Protection Board directory

13.4 Exercising GDPR Rights

Contact: legal@tayloalexander.coffee
Response Time: Within 1 month (extendable to 3 months for complex requests)
Fee: Generally free (except for manifestly unfounded or excessive requests)

13.5 International Transfers

See Section 12 for information on international data transfers and safeguards.

13.6 Data Protection Officer

We have not appointed a Data Protection Officer as we are not required to do so under GDPR. For data protection inquiries, contact: legal@tayloralexander.coffee

14. CALIFORNIA RESIDENTS (CCPA/CPRA)

14.1 Applicability

This section applies to California residents where the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), governs our processing of your Personal Information.

14.2 Categories of Personal Information Collected

We collect the following categories of Personal Information (see Section 2 for detailed descriptions):

A. Identifiers: Examples: Name, email address, postal address, phone number, IP address, account name, device identifiers

Sources: Directly from you, automatically collected, third parties

Business/Commercial Purposes: Service provision, communications, analytics, fraud prevention, marketing

Third-Party Disclosure: Service providers, advertising partners, affiliates, legal/security entities

B. California Customer Records (Cal. Civ. Code § 1798.80(e)): Examples: Name, address, phone number, payment information, purchase history

Sources: Directly from you, payment processors

Business/Commercial Purposes: Transaction processing, order fulfillment, customer service

Third-Party Disclosure: Service providers, payment processors, shipping carriers, legal/security entities

C. Protected Classification Characteristics: Examples: Age (over 13 verification only)

Sources: Directly from you

Business/Commercial Purposes: Legal compliance, age verification

Third-Party Disclosure: Service providers (limited)

D. Commercial Information: Examples: Purchase history, products viewed, shopping cart contents, transaction amounts

Sources: Directly from you, automatically collected

Business/Commercial Purposes: Order processing, personalization, analytics, marketing

Third-Party Disclosure: Service providers, advertising partners, analytics providers

E. Internet/Network Activity Information: Examples: Browsing history, search history, interaction with website, clicks, pages viewed

Sources: Automatically collected

Business/Commercial Purposes: Analytics, service improvement, advertising, fraud prevention

Third-Party Disclosure: Service providers, advertising partners, analytics providers

F. Geolocation Data: Examples: City, state, country, ZIP code (approximate location from IP address)

Sources: Automatically collected, directly from you (shipping address)

Business/Commercial Purposes: Service provision, fraud prevention, personalization, analytics

Third-Party Disclosure: Service providers, shipping carriers, advertising partners

G. Audio/Visual Information: Examples: Customer service call recordings (with notice)

Sources: Directly from you

Business/Commercial Purposes: Customer service, quality assurance, training

Third-Party Disclosure: Service providers

H. Inferences: Examples: Preferences, interests, behavior predictions, purchasing propensity

Sources: Derived from other collected information

Business/Commercial Purposes: Personalization, marketing, analytics, service improvement

Third-Party Disclosure: Service providers, advertising partners, analytics providers

14.3 Sensitive Personal Information

We collect the following Sensitive Personal Information:

Account login credentials (username and password)
Payment card information (processed by third-party processors)

We do NOT collect:

Social Security numbers (except as legally required for tax reporting)
Driver's license numbers
Passport numbers
Precise geolocation
Racial or ethnic origin
Religious or philosophical beliefs
Union membership
Genetic data
Biometric information
Health information
Sex life or sexual orientation

Use Limitation: We do not use or disclose Sensitive Personal Information for purposes other than those permitted under CCPA § 7027(m), and therefore you cannot opt out of such uses.

14.4 Sources of Personal Information

Directly from you (forms, purchases, communications)
Automatically from your device (cookies, analytics)
Service providers and vendors
Social media platforms
Public sources
Other users (referrals, gift purchases)

14.5 Business/Commercial Purposes

See Section 3 for comprehensive list of purposes, including:

Service provision and performance
Customer service and support
Transaction processing
Analytics and improvement
Marketing and advertising
Security and fraud prevention
Legal compliance

14.6 Your CCPA/CPRA Rights

Right to Know: Request that we disclose:

Categories of Personal Information collected
Categories of sources
Business or commercial purpose for collection
Categories of third parties to whom we disclose Personal Information
Specific pieces of Personal Information collected about you

Right to Delete: Request deletion of Personal Information, subject to legal exceptions.

Right to Correct: Request correction of inaccurate Personal Information.

Right to Opt-Out of Sale/Sharing: Opt out of "sale" or "sharing" of Personal Information for cross-context behavioral advertising.

Right to Limit Use of Sensitive Personal Information: Limit use and disclosure of Sensitive Personal Information (not applicable as we do not use for impermissible purposes).

Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights, including by:

Denying goods or services
Charging different prices or rates
Providing different quality of goods or services
Suggesting different prices or quality levels

Right to Opt-In for Minors: We do not knowingly sell or share Personal Information of consumers under 16.

14.7 Exercising CCPA Rights

Submission Methods:

Email: legal@tayloralexander.coffee
Subject: "California Privacy Rights Request"

Toll-Free Number: 1-833-484-9255

Online Form: [URL if available]

Required Information:

Full name
Email address
Phone number (optional)
Description of request
Verification information

Verification Process: We verify identity through:

Account authentication
Email confirmation
Information matching (2-3 data points)

Authorized Agents: You may designate an authorized agent by:

Providing signed written authorization
Providing power of attorney under California Probate Code §§ 4000-4465
Agent must verify their identity
You must verify your identity with us

Response Timeline:

Acknowledgment: Within 10 business days
Response: Within 45 days (extendable to 90 days with notice)

Fees: Generally free (first 2 requests per 12-month period)

14.8 Sale and Sharing of Personal Information

Definition of "Sale": Exchange of Personal Information for monetary or other valuable consideration.

Definition of "Sharing": Disclosure of Personal Information for cross-context behavioral advertising.

Categories Sold or Shared (Last 12 Months):

Category	Sold To	Shared With
Identifiers	Advertising partners, analytics providers	Advertising partners
Internet/Network Activity	Advertising partners, analytics providers	Advertising partners
Commercial Information	Advertising partners, analytics providers	Advertising partners
Geolocation Data	Advertising partners, analytics providers	Advertising partners
Inferences	Advertising partners, analytics providers	Advertising partners

Not Sold or Shared:

Sensitive Personal Information
Payment information
Account credentials
Personal Information of minors under 16

14.9 Opt-Out of Sale/Sharing

Methods:

"Do Not Sell or Share My Personal Information" Link: Available on website footer

Email: legal@tayloralexander.coffee
Subject: "Opt-Out of Sale/Sharing"

Global Privacy Control (GPC): We honor GPC browser signals automatically

Note: Opt-outs are device and browser-specific. You must opt out on each device/browser used.

14.10 Financial Incentives

Referral Programs: We may offer incentives such as discounts for referrals or newsletter signups.

Participation: Voluntary; opt-in by providing requested information

Withdrawal: Opt out at any time by contacting clientservices@tayloralexander.coffee

Value: The monetary value of any incentive is a reasonable approximation of the value of the Personal Information to us, calculated based on:

Revenue generated from referrals/conversions
Marketing cost savings
Expenses to operate the program
Customer lifetime value

14.11 Retention

See Section 8 for detailed retention periods.

14.12 Direct Marketing (Shine the Light Law)

Under California Civil Code § 1798.83, California residents may request information about our disclosure of Personal Information to third parties for their direct marketing purposes.

Notice: We do not disclose Personal Information to third parties for their direct marketing purposes.

14.13 California Consumer Rights Notice

If you have a complaint regarding our privacy practices, you may contact:

California Department of Consumer Affairs
Complaint Assistance Unit
1625 N. Market Blvd., Suite S-202
Sacramento, CA 95834

Phone: (800) 952-5210
Website: www.dca.ca.gov

15. OTHER U.S. STATE PRIVACY RIGHTS

15.1 Applicability

This section applies to residents of U.S. states with comprehensive privacy laws, including:

Virginia (Virginia Consumer Data Protection Act - VCDPA)
Colorado (Colorado Privacy Act - CPA)
Connecticut (Connecticut Data Privacy Act - CTDPA)
Utah (Utah Consumer Privacy Act - UCPA)
Montana (Montana Consumer Data Privacy Act)
Oregon (Oregon Consumer Privacy Act)
Texas (Texas Data Privacy and Security Act)
Delaware, Iowa, Indiana, Tennessee, Nebraska, New Hampshire, New Jersey, Kentucky, Rhode Island, Minnesota, Maryland (various state privacy laws)

15.2 Your Rights

Depending on your state of residence, you may have the following rights:

Right to Confirm: Confirm whether we process your Personal Information

Right to Access: Access your Personal Information

Right to Correct: Correct inaccuracies in your Personal Information

Right to Delete: Delete your Personal Information

Right to Data Portability: Obtain copy of Personal Information in portable format

Right to Opt-Out:

Opt out of targeted advertising
Opt out of sale of Personal Information
Opt out of profiling in furtherance of decisions producing legal or similarly significant effects

Right to Consent/Withdraw Consent for Sensitive Data: Control processing of Sensitive Personal Information (some states)

Right to Non-Discrimination: Not be discriminated against for exercising rights

Right to Appeal: Appeal our decision regarding your rights request (some states)

15.3 State-Specific Provisions

Virginia, Colorado, Connecticut:

Right to opt out of profiling for decisions with legal or similarly significant effects
Right to appeal denial of rights requests within reasonable timeframe

Montana:

Additional requirements for processing sensitive data
Enhanced disclosure requirements

Utah, Iowa:

Right to opt out of targeted advertising
Right to opt out of sale of Personal Information
Limited right to opt out of Sensitive Personal Information processing

Texas:

Biometric data protections (not collected by us)
Additional security requirements

Minnesota, Maryland:

Right to obtain list of third parties receiving Personal Information
Enhanced profiling rights including:
- Question profiling results
- Understand reasoning behind decisions
- Learn actions to secure different outcomes
- Review data used in profiling
- Correct data and request reevaluation

15.4 Exercising State Privacy Rights

Contact: legal@tayloralexander.coffee
Subject: "[State] Privacy Rights Request"

Toll-Free Number: 1-833-484-9255

Required Information:

Full name and state of residence
Email address
Description of request
Verification information

Response Timeline:

Acknowledgment: Within 10 business days (varies by state)
Response: Within 45 days (extendable based on state law)

Appeal Process (VA, CO, CT): If we deny your request, you may appeal by:

Submitting appeal to legal@tayloralexander.coffee within 30-60 days
We will respond within 45-60 days
If denied, you may contact your state Attorney General

15.5 Targeted Advertising Opt-Out

Use same methods as California residents (Section 14.9):

Website opt-out link
Email: legal@tayloralexander.coffee
Global Privacy Control (GPC)

15.6 Sale of Personal Information

We may sell or share Personal Information as described in Section 14.8. Opt-out rights apply to all applicable state residents.

15.7 Sensitive Personal Information

See Section 14.3 for categories collected and use limitations. We do not use Sensitive Personal Information in ways requiring opt-out under state laws, except where state law provides more restrictive definitions (e.g., Maryland, Minnesota).

15.8 Contact Information for State Privacy Requests

Email: legal@tayloralexander.coffee
Phone: 1-833-484-9255
Mail: Taylor Alexander Fine Gourmet Coffee, Attention: State Privacy Rights, 84 Broadway STE 200, Derry, NH 03038, USA

16. THIRD-PARTY LINKS AND SERVICES

16.1 Third-Party Websites

The Services may contain links to third-party websites, applications, or services that we do not own or control.

No Responsibility: We are not responsible for:

Privacy practices of third parties
Content on third-party sites
Third-party terms and policies
Security of third-party services

16.2 Third-Party Privacy Policies

Third-party websites have their own privacy policies. We encourage you to read privacy policies of any third-party services before providing Personal Information.

16.3 Social Media Platforms

We may integrate with social media platforms:

Facebook/Meta
Instagram
Twitter/X
Pinterest
LinkedIn
YouTube

Information Collected: When you interact with social media features:

Your public profile information
Friends lists and connections
Content you share
Interactions and engagements

Social media platforms collect information per their own privacy policies.

16.4 Third-Party Service Providers

Our service providers are contractually required to:

Use Personal Information only for providing services to us
Implement appropriate security measures
Comply with applicable privacy laws
Not sell or share Personal Information for their own purposes

16.5 No Endorsement

Links to or integration with third-party services do not constitute endorsement, sponsorship, or affiliation.

17. CONSENT TO TRANSFER

17.1 U.S. Data Storage

By using the Services, you understand and acknowledge that:

Personal Information is stored and processed primarily in the United States
U.S. data protection laws may differ from laws in your country
Your information may be accessible to U.S. government agencies under applicable laws

17.2 Consent

By providing Personal Information or using the Services, you consent to:

Transfer of Personal Information to the United States
Processing in jurisdictions that may not provide the same level of data protection as your country
Application of U.S. law to disputes regarding Personal Information

17.3 International Users

If you are located outside the United States, you use the Services at your own risk and are responsible for compliance with local laws.

18. CHANGES TO THIS PRIVACY POLICY

18.1 Right to Modify

We reserve the right to modify, amend, or update this Privacy Policy at any time, at our sole discretion, to reflect:

Changes in our information practices
Changes in applicable laws and regulations
New features or Services
Technological developments
Business operational changes
Feedback and best practices

18.2 Notification of Changes

Material Changes: We will notify you of material changes by:

Email notification to registered users
Prominent notice on the Site
In-app notification (if applicable)
Updated "Effective Date" at top of Policy
Update notification banner on Site

Non-Material Changes: We will update the "Effective Date" and may provide notice through the Site.

18.3 What Constitutes Material Change

Material changes include:

New categories of Personal Information collected
New purposes for processing
New categories of third-party recipients
Reduced privacy protections
Changes to data retention periods
Changes to international transfers
Changes to your rights

18.4 Review and Acceptance

Your Responsibility: Check this Policy periodically for updates.

Continued Use: Continued use of the Services after Policy modifications constitutes acceptance of modified Policy.

Rejection: If you do not agree to modifications:

Cease using the Services
Close your account
Contact us to exercise deletion rights

18.5 Prior Versions

Previous versions of this Policy available upon request:

Email: legal@tayloralexander.coffee
Subject: "Privacy Policy Archive Request"

18.6 Consent-Based Processing

For processing based on consent, material changes require:

New consent where required by law
Clear notice of changes
Easy mechanism to withdraw consent

19. AGGREGATED AND DE-IDENTIFIED INFORMATION

19.1 Aggregation and De-Identification

We may aggregate or de-identify Personal Information so it can no longer reasonably be used to identify you or any individual.

19.2 Use of Aggregated/De-Identified Data

Aggregated or de-identified information may be used for any lawful purpose, including:

Business analytics and reporting
Market research and insights
Product development and improvement
Benchmarking and industry analysis
Academic or scientific research
Public reporting and presentations
Trend analysis and forecasting

19.3 Disclosure

We may disclose aggregated or de-identified information to:

Business partners and affiliates
Advertisers and sponsors
Industry analysts and researchers
Media and press
Investors and stakeholders
Academic institutions
Government agencies (for statistical purposes)
Any third party for any lawful purpose

19.4 No Re-Identification

We will:

Maintain aggregated/de-identified information in anonymous form
Not attempt to re-identify the information
Implement technical and administrative measures to prevent re-identification
Contractually prohibit third parties from re-identifying the information

Exception: We may re-identify information if required by law.

20. SPECIFIC PROCESSING ACTIVITIES

20.1 Email Marketing

Subscription: When you subscribe to our newsletter or marketing emails:

We collect your email address and name
You consent to receive promotional communications
We track email opens, clicks, and engagement

Unsubscribe: You may unsubscribe at any time by:

Clicking "unsubscribe" link in emails
Updating email preferences in account settings
Contacting: clientservices@tayloralexander.coffee

Post-Unsubscribe: After unsubscribing:

We will cease marketing emails within 10 business days
We may still send transactional emails (order confirmations, shipping notifications)
We retain your email on suppression list to honor unsubscribe

20.2 Transactional Communications

You cannot opt out of transactional communications necessary for Service provision:

Order confirmations and receipts
Shipping and delivery notifications
Account security alerts
Password reset emails
Legal notices and policy updates
Customer service responses
Payment confirmations and receipts

20.3 SMS/Text Messaging

If we offer SMS services:

You must opt-in to receive text messages
Standard message and data rates apply
Frequency varies by program
Reply "STOP" to opt out
Reply "HELP" for assistance

Message Content: Order updates, promotional offers, account alerts (based on your preferences)

20.4 Push Notifications

If you enable push notifications:

You can disable in device settings or app settings
Types: promotional offers, order updates, account alerts, new product announcements

20.5 Product Reviews and Testimonials

If you submit product reviews:

Reviews may be published on our Site
Reviews may include your name or username (not email)
We may use reviews in marketing materials
You grant us perpetual license to use reviews
You may request review removal: clientservices@tayloralexander.coffee

20.6 Referral Programs

If you refer friends:

We collect referee name and email
Referee receives invitation from us
We do not contact referee beyond initial invitation unless they opt-in
Referee information used solely for referral program
You represent you have permission to provide referee information

20.7 Surveys and Research

If you participate in surveys:

Participation is voluntary
Responses may be aggregated for analysis
Individual responses kept confidential unless you consent to attribution
Survey data retained per Section 8

20.8 Customer Service

When you contact customer service:

We record inquiries and correspondence
Phone calls may be recorded (with notice)
Chat transcripts may be saved
Information used for support, training, and quality assurance

21. BIOMETRIC INFORMATION

21.1 No Biometric Collection

We do not collect, store, or process biometric information, including:

Fingerprints
Facial recognition data
Voiceprints
Iris or retina scans
DNA or genetic information
Hand or palm geometry

21.2 Third-Party Devices

If you use biometric authentication on your device (Face ID, Touch ID) to access your account:

Biometric data remains on your device
We do not receive or store biometric data
Authentication is handled by your device operating system

22. EMPLOYMENT AND BUSINESS APPLICATIONS

22.1 Job Applicants

If you apply for employment:

We collect resume, cover letter, application information
Information used for recruitment and hiring purposes
Retained per employment law requirements
May be shared with hiring managers and HR personnel
Separate applicant privacy notice may apply

22.2 Wholesale and Business Inquiries

If you submit wholesale or business partnership inquiries:

We collect business contact information
Company details and business requirements
Information used to evaluate partnership opportunities
Retained per business record retention policies

23. DATA SUBJECT REQUESTS LOG

23.1 Request Tracking

We maintain logs of data subject requests to:

Track request status and resolution
Demonstrate compliance with privacy laws
Analyze trends and improve processes
Respond to regulatory inquiries

23.2 Log Contents

Request logs may include:

Request type and date
Verification method used
Response provided and date
Outcome (granted, denied, partially granted)
Reason for denial (if applicable)

23.3 Log Retention

Request logs retained for:

3 years (GDPR/UK GDPR)
2 years (CCPA/CPRA)
As required by other applicable laws

24. SUPERVISORY AUTHORITIES

24.1 EEA/UK Residents

If you are located in the EEA or UK, you have the right to lodge a complaint with your supervisory authority:

Lead Supervisory Authority for Company: As we are not established in the EEA/UK, the supervisory authority where you reside or where an alleged infringement occurred has jurisdiction.

Find Your Data Protection Authority:

EU: https://edpb.europa.eu/about-edpb/board/members_en
UK: Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

24.2 U.S. State Residents

California: California Attorney General
Website: https://oag.ca.gov/privacy/ccpa
Phone: (916) 210-6276

Virginia: Virginia Attorney General
Website: https://www.oag.state.va.us
Phone: (804) 786-2071

Colorado: Colorado Attorney General
Website: https://coag.gov/resources/colorado-privacy-act
Phone: (720) 508-6000

Connecticut: Connecticut Attorney General
Website: https://portal.ct.gov/AG
Phone: (860) 808-5318

Other States: Contact your state Attorney General's office for privacy complaint procedures.

25. CONTACT INFORMATION

25.1 General Privacy Inquiries

Email: legal@tayloralexander.coffee
Subject: "Privacy Inquiry"

25.2 Customer Service (Non-Legal Matters)

Email: clientservices@tayloralexander.coffee
Phone: (569) 263-9510
Hours: Monday-Friday, 9:00 AM - 5:00 PM EST

25.3 Privacy Rights Requests

Email: legal@tayloralexander.coffee
Subject: "Privacy Rights Request - [Type of Request]"

Toll-Free: 1-833-484-9255

Mail:
Taylor Alexander Fine Gourmet Coffee
Attention: Privacy Rights
84 Broadway STE 200
Derry, NH 03038, USA

25.4 Data Protection Inquiries (EEA/UK)

Email: legal@tayloralexander.coffee
Subject: "GDPR/Data Protection Inquiry"

25.5 California Privacy Requests

Email: legal@tayloralexander.coffee
Subject: "California Privacy Rights"

Toll-Free: 1-833-484-9255

25.6 Security Incident Reporting

Email: legal@tayloralexander.coffee
Subject: "URGENT: Security Incident Report"

25.7 Child Privacy Concerns

Email: legal@tayloralexander.coffee
Subject: "Child Privacy Concern"

25.8 Complaints and Concerns

Email: legal@tayloralexander.coffee
Subject: "Privacy Complaint"

26. REGULATORY COMPLIANCE STATEMENT

26.1 Applicable Laws

This Privacy Policy complies with:

United States Federal Laws:

Children's Online Privacy Protection Act (COPPA)
CAN-SPAM Act
Electronic Communications Privacy Act (ECPA)
Computer Fraud and Abuse Act (CFAA)
Federal Trade Commission Act Section 5
Gramm-Leach-Bliley Act (where applicable)
Health Insurance Portability and Accountability Act (HIPAA) - not applicable as we do not collect protected health information

U.S. State Privacy Laws:

California Consumer Privacy Act (CCPA), as amended by California Privacy Rights Act (CPRA)
Virginia Consumer Data Protection Act (VCDPA)
Colorado Privacy Act (CPA)
Connecticut Data Privacy Act (CTDPA)
Utah Consumer Privacy Act (UCPA)
Montana Consumer Data Privacy Act
Texas Data Privacy and Security Act
Oregon Consumer Privacy Act
State privacy laws of: Delaware, Iowa, Indiana, Tennessee, Nebraska, New Hampshire, New Jersey, Kentucky, Rhode Island, Minnesota, Maryland

California-Specific Laws:

California Online Privacy Protection Act (CalOPPA)
California "Shine the Light" Law (Civil Code § 1798.83)

International Laws:

General Data Protection Regulation (GDPR) - European Union
UK General Data Protection Regulation (UK GDPR)
Swiss Federal Act on Data Protection (FADP)
Other international privacy laws where applicable

Industry Standards:

Payment Card Industry Data Security Standard (PCI-DSS) - through payment processors
ISO 27001 Security Standards (aspirational)
NIST Cybersecurity Framework (reference)

26.2 Certification and Verification

We self-certify compliance with applicable privacy laws. We do not currently hold:

Privacy Shield certification (program discontinued)
TRUSTe certification
BBB accreditation for privacy practices

We may pursue certifications in the future.

26.3 Regular Compliance Reviews

We conduct regular privacy compliance reviews:

Annual comprehensive privacy audit
Quarterly policy review
Ongoing monitoring of regulatory developments
Periodic third-party assessments
Employee privacy training

27. LANGUAGE AND INTERPRETATION

27.1 English Language Version

This Privacy Policy is drafted and executed in English. Any translations provided are for convenience only.

27.2 Conflicts

In case of conflicts between English version and translations, English version controls.

27.3 Interpretation

Headings are for convenience and do not affect meaning
"Including" means "including but not limited to"
Singular includes plural and vice versa
"Or" is not exclusive

28. RELATIONSHIP TO OTHER AGREEMENTS

28.1 Terms and Conditions

This Privacy Policy supplements and is incorporated into our Terms and Conditions. In case of conflict between this Policy and Terms and Conditions regarding privacy matters, this Policy controls.

28.2 Cookie Policy

This Privacy Policy incorporates our Cookie Policy by reference. Cookie Policy provides additional detail on cookie use and management.

28.3 Other Policies

This Policy operates in conjunction with:

Cookie Policy
Return and Refund Policy
Shipping Policy
Affiliate Program Terms
Any other applicable agreements

29. NO RIGHTS OF THIRD PARTIES

29.1 No Third-Party Beneficiaries

This Privacy Policy does not create rights enforceable by third parties, except:

Our affiliates, subsidiaries, and parent companies
Our service providers (to extent necessary for service provision)
Indemnified parties under applicable agreements

29.2 Assignment

We may assign this Privacy Policy and any rights hereunder to:

AXDR VNTR LLC or affiliated entities
Successors in interest
Acquirers of business or assets
Any third party

You may not assign any rights or obligations under this Policy.

30. SEVERABILITY

If any provision of this Privacy Policy is found invalid, illegal, or unenforceable:

The provision shall be modified to minimum extent necessary to make it enforceable
If modification is impossible, the provision shall be severed
Remaining provisions remain in full force and effect
Invalid provisions shall not affect validity of remaining provisions

31. WAIVER

Our failure to enforce any provision of this Privacy Policy does not constitute waiver of that provision or any other provision. No waiver shall be deemed continuing waiver unless expressly stated in writing.

32. ENTIRE AGREEMENT

This Privacy Policy, together with incorporated policies and applicable Terms and Conditions, constitutes the entire agreement between you and Company regarding privacy practices and supersedes all prior privacy notices, policies, and agreements.

33. EFFECTIVE DATE AND VERSION

Current Effective Date: December 17, 2025

Last Modified: December 17, 2025

Version: 1.0

Previous Versions:

Version 1.0 (December 17, 2025): Initial privacy policy on Fourthwall platform

Revision History Available: Contact legal@tayloralexander.coffee

34. ADDITIONAL STATE-SPECIFIC DISCLOSURES

34.1 Nevada Residents

Nevada law (NRS 603A.340) permits Nevada residents to opt out of the sale of certain covered information. We do not currently sell covered information as defined by Nevada law. If you are a Nevada resident and have questions, contact: legal@tayloralexander.coffee

34.2 Maine Residents

We comply with Maine's Act to Protect the Privacy of Online Customer Information. We do not sell, share, or otherwise disclose broadband customer personal information without customer consent, except as required or permitted by law.

34.3 Vermont Residents

We comply with Vermont data broker registration requirements if applicable to our business activities. We do not sell Personal Information of Vermont residents without consent.

35. ACCESSIBILITY

35.1 Accessible Format

This Privacy Policy is available in accessible formats. If you require accommodation or alternative format:

Email: legal@tayloralexander.coffee
Subject: "Accessible Privacy Policy Request"

35.2 Available Formats

Upon request, we can provide:

Large print version
Screen reader compatible version
Plain language summary
Audio recording

35.3 Web Accessibility

We strive to maintain WCAG 2.1 Level AA compliance for our website. If you encounter accessibility barriers:

Email: clientservices@tayloralexander.coffee
Subject: "Accessibility Issue"

36. QUESTIONS AND FEEDBACK

36.1 Privacy Questions

If you have questions about this Privacy Policy or our privacy practices:

Email: legal@tayloralexander.coffee
Phone: (305) 537-8105
Mail: 84 Broadway STE 200, Derry, NH 03038, USA

36.2 Privacy Feedback

We welcome feedback about our privacy practices:

Email: legal@tayloralexander.coffee
Subject: "Privacy Feedback"

Your feedback helps us improve our privacy program and better protect your information.

36.3 Response Commitment

We strive to respond to all privacy inquiries within:

5 business days: Initial acknowledgment
30 days: Substantive response
45 days: Complex matters requiring additional investigation

37. ACKNOWLEDGMENT AND CONSENT

37.1 Acknowledgment

By using the Services, you acknowledge that:

(a) You have read this Privacy Policy in its entirety
(b) You understand how we collect, use, and disclose Personal Information
(c) You understand your privacy rights and how to exercise them
(d) You understand data may be transferred to and processed in the United States
(e) You have had opportunity to ask questions before providing Personal Information
(f) You understand this Policy may change and agree to review periodically
(g) You understand cookies and tracking technologies are used as described
(h) You consent to practices described in this Policy

37.2 Consent

By providing Personal Information or using the Services, you consent to:

Collection, use, and disclosure of Personal Information as described
Transfer of Personal Information to United States and other countries
Use of cookies and tracking technologies
Automated decision-making where applicable
Receipt of communications per your preferences

37.3 Withdrawal of Consent

You may withdraw consent at any time by:

Exercising your privacy rights (Section 10)
Updating account preferences
Contacting: legal@tayloralexander.coffee

Withdrawal does not affect lawfulness of prior processing based on consent.

CONCLUSION

Thank you for trusting Taylor Alexander Fine Gourmet Coffee with your Personal Information. We are committed to protecting your privacy and maintaining transparency about our data practices.

We encourage you to:

Review this Privacy Policy periodically
Exercise your privacy rights
Contact us with questions or concerns
Provide feedback on our privacy practices

Your privacy matters to us.

CONTACT SUMMARY

Legal/Privacy Matters: legal@tayloralexander.coffee

Customer Service: clientservices@tayloralexander.coffee

Phone: (305) 537-8105

Mail: Taylor Alexander Fine Gourmet Coffee
84 Broadway STE 200
Derry, NH 03038, USA

END OF PRIVACY POLICY

Quantity:

Cart Subtotal ():

View Cart