Logo The Way To Coffee

Privacy Policy

Last Updated: January 15, 2026

1. Introduction

The Way to Coffee, LLC (“we,” “us,” or “our”) operates the website https://www.thewaytocoffee.com (the “Website”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our Website.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (nDSG/FADP), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable privacy regulations.

By using our Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our Website.

2. Data Controller

The data controller responsible for your personal data is:

The Way to Coffee, LLC
7901 4th St N, STE 300
St. Petersburg, FL 33702
United States
Email: [email protected]
Website: https://www.thewaytocoffee.com

3. Information We Collect

3.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

  • Contact Forms: Name, email address, and any message content you submit through our contact forms.
  • Newsletter Subscriptions: Email address and any preferences you provide when subscribing to our newsletter.

3.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information through cookies and similar technologies:

  • Device Information: Browser type, operating system, device type, screen resolution.
  • Usage Data: Pages visited, time spent on pages, click patterns, scroll depth, referring website.
  • Technical Data: IP address (anonymized where required by law), approximate geographic location (country/region level).
  • Performance Data: Page load times, errors encountered.

3.3 Information from Third-Party Services

Our Website integrates third-party services that may collect information about you. These services and their data practices are detailed in Section 6 (Third-Party Services) and in our Cookie Policy.

4. Legal Basis for Processing (GDPR/nDSG)

For visitors from the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR): For analytics cookies and marketing technologies. You may withdraw consent at any time.
  • Legitimate Interests (Art. 6(1)(f) GDPR): For website security, fraud prevention, and improving our services. Our legitimate interests do not override your fundamental rights and freedoms.
  • Contract Performance (Art. 6(1)(b) GDPR): To respond to your inquiries submitted through contact forms.
  • Legal Obligation (Art. 6(1)(c) GDPR): To comply with applicable laws and regulations.

5. How We Use Your Information

We use the information we collect for the following purposes:

  • To Operate and Maintain the Website: Ensuring the Website functions properly, including security measures and performance optimization.
  • To Respond to Inquiries: Processing and responding to your contact form submissions and communications.
  • To Send Newsletters: Delivering newsletter content to subscribers who have opted in (you may unsubscribe at any time).
  • To Analyze Website Usage: Understanding how visitors interact with our Website to improve content and user experience.
  • To Ensure Security: Protecting against malicious activity, fraud, and security threats.
  • To Comply with Legal Obligations: Meeting our legal and regulatory requirements.

6. Third-Party Services

Our Website uses the following third-party services that may collect and process your personal data:

6.1 Cloudflare

Purpose: Content delivery network (CDN), website security, DDoS protection, and performance optimization.

Data Collected: IP address, browser information, request data, security tokens.

Legal Basis: Legitimate interest (website security and performance).

Privacy Policy: https://www.cloudflare.com/privacypolicy/

6.2 Cloudflare Web Analytics

Purpose: Privacy-focused website analytics without using client-side state (no cookies).

Data Collected: Page views, referrers, browser information, country-level location (no IP addresses stored).

Legal Basis: Legitimate interest (website improvement).

Privacy Policy: https://www.cloudflare.com/privacypolicy/

6.3 Google Analytics

Purpose: Website traffic analysis and user behavior insights.

Data Collected: IP address (anonymized), device information, browsing behavior, demographic data (if enabled), acquisition source.

Legal Basis: Consent.

Data Transfers: Data may be transferred to the United States. Google participates in the EU-U.S. Data Privacy Framework.

Privacy Policy: https://policies.google.com/privacy

Opt-Out: https://tools.google.com/dlpage/gaoptout

6.4 PostHog

Purpose: Product analytics, session recording, and user behavior analysis.

Data Collected: User interactions, session data, device information, IP address.

Legal Basis: Consent.

Privacy Policy: https://posthog.com/privacy

6.5 Stay22 (Affiliate Widget)

Purpose: Embedded accommodation booking widget for affiliate referrals.

Data Collected: May include browsing behavior within the widget, click data, booking information (if a booking is made).

Legal Basis: Consent.

Note: When you interact with the Stay22 widget, you may be subject to Stay22’s privacy practices. Any booking transactions are governed by Stay22’s and the respective accommodation provider’s terms.

Privacy Policy: https://www.stay22.com/privacy

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our Website. For detailed information about the specific cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data from the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries recognized by the European Commission as providing adequate data protection.
  • Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide appropriate safeguards.
  • Data Privacy Framework: For transfers to US companies participating in the EU-U.S. Data Privacy Framework.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact Form Submissions: Retained for up to 2 years after the last communication, unless a longer retention is required for legal purposes.
  • Newsletter Subscriptions: Retained until you unsubscribe, plus a reasonable period to process your request.
  • Analytics Data: Retained according to each analytics provider’s retention settings (typically 14-26 months).
  • Security Logs: Retained for up to 12 months for security and fraud prevention purposes.

10. Your Rights

10.1 Rights Under GDPR (EEA and UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data under certain circumstances.
  • Right to Restriction: Request that we limit the processing of your personal data.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Right to Lodge a Complaint: File a complaint with your local supervisory authority.

10.2 Rights Under Swiss Data Protection Law (nDSG/FADP)

If you are located in Switzerland, you have similar rights under the Swiss Federal Act on Data Protection, including the right to access, rectification, deletion, and to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

10.3 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information in the traditional sense. However, some analytics and affiliate services may constitute a “sale” or “sharing” under CCPA/CPRA’s broad definitions. You may opt out via our cookie consent mechanism or by enabling Global Privacy Control (GPC) in your browser.
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by CPRA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Global Privacy Control (GPC): We honor GPC signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request for the sale or sharing of your personal information.

10.4 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Subject Line: “Privacy Rights Request”

We will respond to your request within the timeframes required by applicable law (generally within 30 days for GDPR/nDSG requests, and 45 days for CCPA requests).

11. Children’s Privacy

Our Website is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information.

12. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for data in transit
  • Cloudflare security services including DDoS protection
  • Regular security assessments
  • Limited access to personal data on a need-to-know basis

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

13. Do Not Track and Global Privacy Control

Some browsers include a “Do Not Track” (DNT) feature that signals to websites that you do not want your online activity tracked. Our Website responds to DNT signals by disabling non-essential tracking when detected, where technically feasible.

We also honor Global Privacy Control (GPC) signals. GPC is a browser-based signal that communicates your privacy preferences to websites. When we detect a GPC signal, we treat it as a valid opt-out of the “sale” or “sharing” of personal information under California law.

14. Links to Other Websites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this policy
  • Post the revised policy on this page
  • Where required by law, notify you via email or through a prominent notice on our Website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

The Way to Coffee, LLC
7901 4th St N, STE 300
St. Petersburg, FL 33702
United States
Email: [email protected]

For EU/EEA/UK residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

For Swiss residents: You may contact the Federal Data Protection and Information Commissioner (FDPIC) at https://www.edoeb.admin.ch

© Copyright 2015 – 2026
https://www.thewaytocoffee.com
Author: Theresa Schlage
All rights reserved.

This website is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

Facebook Instagram Pinterest

About

Services

Portfolio

Coffee Table Book