Aegis Sortation Privacy Policy

Last Updated: May 8, 2026
Effective Date: May 8, 2026

1. Introduction

Aegis Sortation, LLC ("Aegis," "we," "our," or "us") is a Kentucky limited liability company headquartered in Louisville, Kentucky. Aegis respects your privacy and is committed to protecting Personal Information (as defined below) collected through our website located at https://www.aegissortation.com (the "Site").

For purposes of applicable comprehensive U.S. state privacy laws, Aegis is the "controller" or "business" responsible for determining the purposes and means of processing your Personal Information.

As used in this Privacy Policy, "Personal Information" (or "Personal Data") means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual or, where applicable, a household. This definition aligns with the California Consumer Privacy Act, Cal. Civ. Code § 1798.140(v) ("CCPA"), and is consistent with the definition of "personal data" under the Kentucky Consumer Data Protection Act, KRS § 367.465(27) ("KCDPA"), as well as other state privacy laws. Personal Information does not include: (a) publicly available information as defined by applicable law; (b) De-identified Data (as defined in Section 2); or (c) aggregate consumer information.

This Privacy Policy explains how we collect, use, disclose, retain, and safeguard Personal Information obtained through the Site, including through analytics, marketing technologies, visitor identification tools, and business intelligence services deployed in connection with our B2B sales, marketing, and business operations.

By accessing or using the Site, you acknowledge that you have read and understand this Privacy Policy. Your continued use of the Site following any changes to this Privacy Policy constitutes your acknowledgment of such changes.

This Privacy Policy does not create, and shall not be construed to create, any contractual or other legal rights in or on behalf of any party.

2. Definitions

The following terms have the meanings set forth below when used in this Privacy Policy:

· "Business Purpose" means a purpose for which Personal Information is collected or used that is reasonably necessary and proportionate for the operational purposes identified in Section 6, including, without limitation, performing services on behalf of Aegis, maintaining or servicing accounts, processing or fulfilling orders, providing customer service, verifying information, or maintaining the quality, safety, and integrity of the Site.

· "De-identified Data" means data that cannot reasonably be used to infer information about, or otherwise be linked to, an identified or identifiable individual or a device linked to such individual, provided that Aegis: (i) has implemented technical safeguards and business processes that prohibit re-identification; (ii) has implemented business processes to prevent inadvertent release of De-identified Data; (iii) makes no attempt to re-identify the data; and (iv) contractually obligates any recipients of such data to comply with these requirements.

· "Process" or "Processing" means any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction.

· "Profiling" means any form of automated processing performed on Personal Information to evaluate, analyze, or predict personal aspects related to an identified or identifiable individual's economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

· "Sale" or "Sell" means the disclosure, making available, or other communication of a consumer’s Personal Information by Aegis to a Third Party for monetary or other valuable consideration.

· "Sensitive Data" means Personal Information that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status; genetic or biometric data processed to identify an individual; Personal Information of a known child; or precise geolocation data.

· "Service Provider" or "Processor" means an entity that Processes Personal Information on behalf of Aegis pursuant to a written contract that restricts the entity’s Processing of Personal Information to specific Business Purposes and prohibits the entity from selling or sharing the Personal Information, retaining, using, or disclosing it outside the direct business relationship, or combining it with information obtained from other sources.

· "Sharing" or "Share" means the disclosure, making available, or other communication of a consumer’s Personal Information by Aegis to a Third Party for cross-context behavioral advertising purposes, whether or not for monetary or other valuable consideration.

· "Targeted Advertising" means displaying advertisements to an individual where the advertisement is selected based on Personal Information obtained from that individual’s activities over time and across nonaffiliated websites or online applications to predict the individual’s preferences or interests.

· "Third Party" means an entity that is not Aegis, a Service Provider, a Processor, or an Affiliate of Aegis.

3. Scope of This Policy

This Privacy Policy applies to Personal Information collected:

· Through the Site and related online interactions.

· In a business-to-business (B2B) and professional context.

· Through email or other electronic communications between you and Aegis arising from your use of the Site.

· Through parts ordering, quote requests, and other transactional interactions initiated through the Site.

· Through career inquiry submissions made via the Site’s careers page, prior to entering a formal application or employment relationship.

This Policy does not apply to:

· Personal Information collected from employees, job applicants, or contractors in an employment context, which is governed by separate internal notices; provided, however, that initial career inquiry information submitted through the Site’s careers page is collected under this Policy until such time as the individual enters a formal application process, at which point Aegis’s employee/applicant privacy notice governs.

· Information collected offline or through customer systems not linked to this Site.

· Personal Information collected through third-party websites or services that may link to or from the Site, which are governed by their own privacy policies.

4. Information We Collect

A. Information You Provide Directly

We collect Personal Information you voluntarily provide through the Site’s contact forms, quote request forms, parts ordering forms, careers inquiry pages, and other interactive features. The categories of Personal Information we collect directly include:

· Name

· Business email address

· Phone number

· Company name

· Job title

· Inquiry details, messages, project specifications, or other information you submit through contact or quote request forms.

· Parts ordering information, including part numbers, quantities, shipping and billing addresses, and related order details submitted through the Order Now feature.

· Career-related information, such as areas of interest, general qualifications, or resume data, submitted through the Site’s careers page.

You are not required to provide Personal Information, but failure to do so may limit our ability to respond to your request, process your order, or provide the services you have requested.

B. Information Collected Automatically

When you visit the Site, we and our third-party service providers automatically collect certain Personal Information using cookies, web beacons, pixels, JavaScript tags, and similar tracking technologies (as described in Section 5 and the Cookie Disclosure Addendum). This information includes:

· IP address (which may be used to derive approximate geographic location).

· Browser type and version.

· Operating system.

· Pages viewed, click-stream data, interaction events, and navigation paths.

· Date, time, duration of visit, and referring URL.

· Unique device identifiers and advertising identifiers.

· Cookie identifiers and session data.

• Search terms and queries entered on the Site

C. Information from Third-Party Sources

We receive Personal Information about you or your organization from the following categories of third-party sources:

· Business intelligence and visitor identification providers: We use third-party platforms (including Apollo.io) that match IP addresses, browser characteristics, and behavioral signals observed on our Site against proprietary databases to identify the visiting organization or, in certain cases, individual business contacts. Information received from these sources may include name, business email address, job title, employer, industry, company size, and inferred professional interests.

· Data enrichment services: We may supplement the Personal Information we collect directly with additional business contact information and firmographic data obtained from third-party data providers and commercially available databases.

· Publicly available sources: We may collect business contact information from publicly available professional networking profiles, corporate websites, industry directories, and government records.

5. Tracking Technologies and Analytics

A. Google Tag Manager

We use Google Tag Manager ("GTM") as a tag management and orchestration system to deploy, manage, coordinate, and update analytics, performance-measurement, visitor identification, and marketing-related scripts and tags on the Site. GTM is not a tracking technology itself and does not directly collect Personal Information. However, GTM controls the loading, sequencing, and firing conditions of all other tracking technologies described in this Section. The scripts and tags deployed through GTM may set first-party and third-party cookies, collect usage data, and transmit Personal Information to third-party servers.

B. Website Analytics

We use analytics tools, including Google Analytics 4 ("GA4") and Squarespace native analytics, to evaluate Site usage, understand visitor behavior, measure performance, and improve our content and functionality. These tools use first-party cookies and collect pseudonymous identifiers (such as a randomly generated client ID) to distinguish unique visitors and track session activity. Information generated by these cookies regarding your use of the Site is transmitted to and stored by our analytics providers. You may opt out of GA4 tracking by installing the Google Analytics Opt-Out Browser Add-on.

C. Business Intelligence & Visitor Identification

We deploy third-party business intelligence and visitor identification technologies on the Site to identify which organizations and, in certain cases, which individual business professionals visit our Site. These technologies operate through reverse IP lookup, browser fingerprinting, behavioral signal analysis, and matching against proprietary third-party databases containing B2B contact records.

· Organization-Level Identification: We identify the company or organization associated with a Site visitor’s IP address by matching the IP address against databases of known corporate IP ranges. We associate browsing behavior with the identified organization to generate a lead score that supports sales prioritization.

· Individual-Level Identification: Our visitor identification service providers may also match Site visitor data against third-party B2B contact databases to identify or infer the identity of individual business professionals associated with visiting organizations. When such identification occurs, we receive the individual’s name, business email address, job title, employer name, and business phone number to utilize for direct B2B sales outreach and marketing communications.

Because this process involves the cross-referencing of online behavioral data with third-party contact databases to identify specific individuals for commercial contact, it constitutes "Targeted Advertising" and "Profiling" under the KCDPA, Colorado Privacy Act, Virginia CDPA, and others, and the "Sharing" and/or "Selling" of Personal Information under the CCPA. Your rights to opt out of these activities are described in Section 9.

D. Advertising and Remarketing Technologies

We may deploy advertising and remarketing technologies, including conversion tracking pixels, retargeting tags, and audience-building scripts (such as the Meta Pixel or LinkedIn Insight Tag), to: (i) measure the effectiveness of our advertising campaigns across third-party platforms; (ii) deliver targeted B2B advertisements to individuals who have previously visited the Site; and (iii) build custom audiences. These activities constitute Sharing under the CCPA and Targeted Advertising under the KCDPA and other applicable state privacy laws.

E. Website Platform Technologies

The Site operates on third-party hosting and content management infrastructure (Squarespace) that processes visitor data—including IP addresses, access logs, and connection metadata—as part of standard website operations such as page delivery, load balancing, content caching, and SSL/TLS encryption. These platform-level technologies are necessary for the basic operation and security of the Site.

6. How We Use Personal Information

We Process Personal Information for the following Business Purposes:

· Responding to your inquiries, quote requests, and customer service communications.

· Providing information about our products, services, and capabilities.

· Supporting B2B sales prospecting, lead qualification, marketing outreach, and business development, including through the use of visitor identification and enrichment data.

· Analyzing Site performance, traffic patterns, and marketing campaign effectiveness.

· Processing and fulfilling parts orders submitted through the Site.

· Evaluating career inquiries submitted through the Site.

· Creating audience segments for Targeted Advertising and remarketing on third-party platforms.

· Conducting Profiling activities to generate lead scores and align sales outreach with your inferred interests based on behavioral interactions with the Site.

· Maintaining and improving the security, integrity, and functionality of the Site, and preventing fraud.

· Complying with applicable legal and regulatory obligations.

· Establishing, exercising, or defending legal claims.

7. Disclosure of Personal Information

We may disclose Personal Information to the following categories of recipients for the Business Purposes described in Section 6:

· Service Providers and Processors: We disclose Personal Information to Service Providers that Process data on our behalf, including providers of website hosting (e.g., Squarespace), analytics and business intelligence, customer relationship management (CRM) platforms, marketing automation tools, email delivery platforms, order fulfillment, and IT support. Each Service Provider is bound by a written agreement that restricts Processing to the specified Business Purposes and prohibits Selling or Sharing the Personal Information.

· Professional Advisors: We disclose Personal Information to our legal counsel, accountants, auditors, insurance carriers, and other professional advisors in connection with the management of our business.

· Affiliates: We may disclose Personal Information to our parent company, subsidiaries, or entities under common ownership or control for the purposes described in this Policy.

· Government Authorities and Legal Process: We may disclose Personal Information when required by applicable law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to comply with a legal obligation, protect and defend the rights or property of Aegis, or protect against legal liability.

· Parties to a Corporate Transaction: In the event of a merger, acquisition, reorganization, asset sale, or similar corporate transaction, Personal Information may be disclosed, transferred, or assigned as part of the transaction, subject to standard confidentiality protections.

8. Sale, Sharing, Targeted Advertising, and Profiling Analysis

Aegis does not Sell Personal Information for traditional monetary consideration. However, the use of certain B2B visitor identification, analytics, and tracking technologies described in this Policy constitutes a "Sale," "Sharing," "Targeted Advertising," or "Profiling" under comprehensive state privacy laws. The following table sets forth our compliance analysis of these data flows:

Data Flow

Sale (CCPA)

Sharing (CCPA)

Targeted Adv. / Profiling

Opt-Out Right

Visitor ID — Organization-Level (IP-to-company matching)

No — no individual PI disclosed

N/A

Visitor ID — Individual-Level (Behavioral matching to B2B contact databases)

Yes — valuable consideration received (enriched data)

Yes — cross-context behavioral data used to identify individuals

Yes — Profiling and Targeted Advertising

Yes — Section 9

Remarketing Pixels / Audience Building

No — Service Provider relationship

Yes — PI disclosed for cross-context behavioral advertising

Yes

Yes — Section 9

Google Analytics / Native Analytics

No — Service Provider relationship with data use restrictions

No — analytics only, no cross-context advertising

Opt-out via GA Add-on / Banner

Service Provider disclosures (CRM, hosting, fulfillment)

No — written contracts with use restrictions

No — Business Purpose processing only

N/A

CCPA Required Disclosures: Categories of Personal Information

The following table describes the categories of Personal Information we have collected, the sources from which it was collected, the Business Purposes for collection, and the categories of Third Parties to whom it was disclosed, Sold, or Shared in the preceding twelve (12) months:

Category of PI

Sources

Business Purpose

Disclosed to (Service Providers)

Sold/Shared to (Third Parties)

A. Identifiers (name, email, phone, company, job title)

Directly from you; third-party business intelligence providers

Respond to inquiries; B2B sales prospecting; order fulfillment; marketing

CRM, email hosts, fulfillment partners, professional advisors

Shared/Sold: Visitor ID providers (for cross-context behavioral advertising and profiling)

B. Commercial Information (order history, parts ordered, quote requests)

Directly from you

Order fulfillment; customer service; internal analytics

Fulfillment, shipping, payment processors

Not Sold or Shared

C. Internet/Electronic Activity (IP, browser, pages viewed, device IDs, cookies)

Automatically via tracking technologies

Analytics; Site improvement; visitor ID; Targeted Advertising

Analytics providers, hosting platform

Shared/Sold: Advertising networks, visitor ID providers

D. Geolocation Data (approximate, derived from IP)

Automatically derived

Analytics; visitor identification

Analytics providers, visitor ID providers

Not Sold; may be Shared via visitor ID

E. Professional/Employment Info (employer, job title, industry)

Directly from you; third-party enrichment databases

Sales prospecting; lead qualification; marketing

CRM, marketing automation platforms

Shared/Sold: Visitor ID providers

F. Inferences (lead score, B2B interests, engagement level)

Derived from browsing activity and third-party data

Sales prioritization; Profiling; audience segmentation

CRM, marketing automation platforms

Not Sold or Shared

We have not collected, Sold, or Shared Sensitive Data in the preceding twelve (12) months. We do not offer financial incentives, price or service differences, or loyalty programs related to the collection, retention, or Sale of Personal Information. Aegis conducts data protection assessments for each processing activity identified in the table above that constitutes a Sale, Sharing, Targeted Advertising, or Profiling activity, as required by the KCDPA, KRS § 367.478, the Colorado Privacy Act, Colo. Rev. Stat. § 6-1-1309, and comparable state laws. These assessments evaluate the benefits of the processing to Aegis, the risks to consumer privacy, and whether adequate safeguards are in place to mitigate identified risks. Assessments are updated when there is a material change in the relevant processing activity.

9. Your Comprehensive Privacy Rights

Depending on your state of residence (including but not limited to California, Colorado, Connecticut, Delaware, Kentucky, Montana, Oregon, Texas, Utah, and Virginia), you may have some or all of the following rights with respect to your Personal Information, subject to statutory exceptions:

· Right to Know and Access: You may request disclosure of: (i) the categories of Personal Information collected; (ii) the sources; (iii) the Business Purposes for collecting, Selling, or Sharing it; (iv) the categories of Third Parties to whom it was disclosed; and (v) the specific pieces of Personal Information collected about you.

· Right to Correct: You may request correction of inaccurate Personal Information that we maintain about you.

· Right to Delete: You may request deletion of Personal Information that we have collected from you, subject to exceptions (e.g., data necessary to complete a transaction, comply with legal obligations, or enable solely internal uses reasonably aligned with your expectations).

· Right to Data Portability: You may request a copy of your Personal Information in a structured, commonly used, machine-readable format.

· Right to Opt Out of Sale, Sharing, Targeted Advertising, and Profiling: You have the absolute right to opt out of: (i) the Sale of your Personal Information; (ii) the Sharing of your Personal Information for cross-context behavioral advertising; (iii) Processing for purposes of Targeted Advertising; and (iv) Profiling in furtherance of decisions that produce legal or similarly significant effects.

· Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights by denying goods/services or altering pricing.

· Right to Appeal: If we decline to take action on your request, we will provide instructions for appealing the decision. If your appeal is denied, we will provide you with information on how to contact your State Attorney General to submit a complaint.

Submitting Requests

You may submit a verifiable consumer request by:

1. Email: [email protected] (Please use subject line: "Privacy Rights Request" or "Opt-Out Request")

2. Mail: See Section 16 for our mailing address.

Opt-Out Preference Signals (Global Privacy Control)

We seamlessly Process opt-out preference signals, including the Global Privacy Control (GPC), as a valid request to opt out of the Sale and Sharing of Personal Information and Targeted Advertising for the browser or device from which the signal is sent. We apply GPC signals on a per-browser and per-device basis. When we detect a GPC signal, we automatically: (i) cease the Sale and Sharing of Personal Information associated with that browser/device; and (ii) suppress tags that Process Personal Information for Targeted Advertising or Profiling. For more information about the GPC, visit https://globalprivacycontrol.org.

Verification and Response Timelines

We will acknowledge receipt of your request within ten (10) business days. We will respond substantively within the lesser of the time provided under any applicable law or forty-five (45) calendar days of receipt (subject to an additional 45-day extension if necessary, with notice). To protect your privacy, we will verify your identity before fulfilling access or deletion requests by matching information you provide with data we maintain. You may also designate an authorized agent to submit requests on your behalf, subject to appropriate written authorization and identity verification.

10. Sensitive Data

We do not intentionally collect Sensitive Data (as defined in Section 2) through the Site. We do not Process Sensitive Data for purposes of inferring characteristics about individuals. Under the KCDPA and other state laws, we will not Process Sensitive Data without first obtaining your affirmative consent. If you voluntarily submit sensitive information through a free-text form, we will treat such information in accordance with applicable law and limit our use to the specific purpose for which it was provided.

11. Data Retention

We retain Personal Information only as long as reasonably necessary to fulfill the purposes described in this Policy, applying the following retention framework:

· Contact and inquiry data: Retained for the duration of the business relationship and for a reasonable period thereafter to permit follow-up communications, unless you request deletion.

· Order and transactional data: Retained for at least seven (7) years to comply with tax, accounting, and commercial record-keeping obligations.

· Website usage and analytics data: Retained in identifiable form for up to twenty-four (24) months, after which it is aggregated or De-identified.

· Visitor identification and enrichment data: Retained for up to twenty-four (24) months from the date of collection, subject to earlier deletion upon a valid opt-out or deletion request.

· Career inquiry data: Retained for up to two (2) years from the date of submission, unless otherwise required by applicable employment law.

12. Data Security

We implement reasonable and appropriate administrative, technical, and organizational security measures—including TLS/SSL encryption, access controls, and periodic security assessments—designed to protect Personal Information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is completely secure. You transmit Personal Information to us at your own risk.

13. International Data Transfers

The Site is designed for B2B users located in the United States and is hosted on servers in the U.S. If you access the Site from outside the U.S., your Personal Information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By accessing the Site, you understand and consent to the transfer and Processing of your Personal Information in the United States.

14. Children’s Privacy

The Site operates exclusively in a B2B context and is not directed to, nor do we knowingly collect Personal Information from, children under the age of sixteen (16). We do not knowingly Sell or Share the Personal Information of consumers under the age of sixteen (16). If we learn that we have inadvertently collected Personal Information from a child under the age of 16, we will securely delete such information promptly.

15. Third-Party Links and Services

The Site may contain links to third-party websites, applications, and services (such as LinkedIn or third-party career portals) that are not operated by Aegis. Clicking on a third-party link will direct you away from the Site. This Privacy Policy does not apply to any third-party service. We are not responsible for the privacy practices of third parties and encourage you to review their policies.

16. Changes to This Policy & Contact Information

We may update this Privacy Policy from time to time to reflect changes in our data practices, tracking technologies, or legal requirements. Material changes will be accompanied by prominent notice on the Site and an updated "Last Updated" date.

If you have questions, concerns, or requests regarding this Privacy Policy, our data practices, or your privacy rights, please contact us at:

Aegis Sortation, LLC
Attn: Privacy Inquiries / Legal Department
13201 Data Vault Drive
Louisville, KY 40223
Phone: (502) 665-0949
Privacy Rights Requests: [email protected]
General Inquiries: [email protected]

Cookie Disclosure Addendum

1. Overview

Aegis Sortation, LLC uses cookies and similar tracking technologies (web beacons, tracking pixels, JavaScript-based tags) on the Site to support its operation, analyze performance, identify B2B visitors, and support B2B marketing and sales activities. This Addendum supplements the Privacy Policy and provides granular detail about the types of cookies deployed on the Site and your management choices.

2. Types of Cookies We Use

3. Cookie Management & Opt-Out Options

You may control or disable cookies and Tracking Technologies through the following mechanisms:

· Cookie Consent Banner: Non-essential cookies (including Analytics, Business Intelligence, and Marketing cookies identified in Section 2 above) are blocked by default and are not activated until you provide affirmative consent through the cookie consent banner presented upon your first visit to the Site. You may withdraw consent or modify your cookie preferences at any time by accessing the cookie settings link in the Site footer.

· Global Privacy Control (GPC): As detailed in Section 9 of the Privacy Policy, we strictly honor GPC signals broadcast by your browser to block tracking tags associated with Sale, Sharing, Targeted Advertising, and Profiling.

· Browser Settings: Most browsers allow you to view, manage, delete, and block cookies globally.

· Google Analytics Opt-Out: Available at https://tools.google.com/dlpage/gaoptout.

· Industry Opt-Out Tools: Network Advertising Initiative (NAI) at https://optout.networkadvertising.org and Digital Advertising Alliance (DAA) at https://optout.aboutads.info.

Note: Essential cookies cannot be disabled. If you clear your cookies, you may need to re-apply your opt-out preferences. This Privacy Policy and Cookie Disclosure Addendum are available in alternative formats upon request. Please contact us at [email protected] for accessibility assistance.