Scope & Application

This Policy governs the processing of Personal Information by the Company in connection with (i) access to or use of the Site; (ii) inquiries submitted through the contact form or other channels; and (iii) the provision of freight dispatch services to owner-operators, fleet owners, and related commercial counterparties.

By accessing the Site or otherwise providing Personal Information to the Company, you acknowledge that you have read, understood, and accepted the terms of this Policy. If you do not agree, you must not access the Site and must refrain from providing any Personal Information to the Company.

This Policy supplements, and does not replace, any obligations owed to you under applicable data protection law. Where a conflict exists between this Policy and mandatory statutory rights, the latter prevails.

Data Controller

The data controller responsible for Personal Information processed under this Policy is:

Entity

Meridian Dispatchers

Jurisdiction

8401 Mayland Dr, Suite 4265, Richmond, VA 23294, USA

Inquiries

sales@meridiandispatchers.com

Telephone

(571) 576‑7104

The Company has not appointed a dedicated Data Protection Officer, as such appointment is not mandated by the volume or nature of the processing activities undertaken. Privacy inquiries are handled by the Company’s internal privacy function, contactable via the details above.

Definitions

For the purposes of this Policy, the following terms shall have the meanings ascribed below:

• Personal Information — any information that identifies, relates to, describes, or is reasonably capable of being associated with a particular natural person or household, as defined under applicable law including the California Consumer Privacy Act of 2018 (“CCPA”) and the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
• Processing — any operation or set of operations performed on Personal Information, including collection, recording, organization, storage, retrieval, use, disclosure, transmission, erasure, or destruction.
• Data Controller — the natural or legal person that determines the purposes and means of the Processing of Personal Information.
• Data Subject — the identified or identifiable natural person to whom Personal Information relates.
• Service Provider — a third party that processes Personal Information on the Company’s behalf and subject to the Company’s documented instructions.
• Site — the website operated by the Company and accessible at meridiandispatchers.com, together with any subdomains.

Information We Process

Information You Provide Directly

When you submit the Site’s contact form or otherwise communicate with the Company, the following categories of Personal Information may be collected:

• Identity data — given name and surname;
• Contact data — email address and telephone number;
• Commercial data — fleet size, equipment type, and operational preferences;
• Correspondence data — the content of any message, attachment, or free-text submission.

Information Collected Automatically

Upon each visit to the Site, the Company’s web server automatically records standard technical metadata in server access logs, including:

• Internet Protocol (IP) address;
• User-agent string (browser type and version);
• Operating system;
• Referring URL;
• Pages requested, resources retrieved, and response codes;
• Timestamp of each request.

Such logs are retained for security, diagnostic, and fraud-prevention purposes and are not correlated with identified individuals except where strictly necessary to investigate misuse or satisfy a legal obligation.

Information from Third-Party Services

The Site loads typefaces from Google Fonts. When a page is rendered, your browser establishes a direct connection to Google’s content delivery infrastructure, during which Google may collect standard technical metadata (including your IP address) in accordance with Google’s Privacy Policy. The Company is not a joint controller with Google in respect of this processing and exercises no operational control over it.

The Company does not deploy web analytics platforms, advertising trackers, social-media pixels, session-recording tools, or similar third-party data-collection technologies on the Site.

Sensitive Personal Information

The Company does not knowingly collect sensitive Personal Information (as defined under the CCPA, CPRA, or comparable state law), including government identifiers, precise geolocation, biometric data, health information, racial or ethnic origin, religious beliefs, or sexual orientation. You should not submit such information through the Site.

Purposes & Legal Bases

The Company processes Personal Information only for specified, explicit, and legitimate purposes, and only to the extent necessary for those purposes. The following table sets out the processing operations, their purposes, and the legal basis relied upon:

The Company does not sell Personal Information, does not share Personal Information for cross-context behavioral advertising, and does not use Personal Information for automated decision-making producing legal or similarly significant effects (including profiling within the meaning of Article 22 GDPR).

Disclosure of Information

The Company discloses Personal Information only in the following limited circumstances:

• Service Providers. Inquiries submitted through the Site are transmitted by email to the Company’s internal team. The Company’s email infrastructure provider acts as a Service Provider under a contractual obligation to process Personal Information only on the Company’s documented instructions and to apply appropriate technical and organizational safeguards.
• Legal Process. The Company may disclose Personal Information where required by law, court order, subpoena, or other legal process, or where the Company believes in good faith that disclosure is necessary to (i) comply with a legal obligation; (ii) protect the rights, property, or safety of the Company, its counterparties, or any third party; or (iii) investigate, prevent, or respond to suspected unlawful or fraudulent activity.
• Corporate Transactions. In connection with a contemplated or completed merger, acquisition, reorganization, or sale of all or part of the Company’s assets, Personal Information may be disclosed to prospective or actual counterparties, subject to customary confidentiality protections. Data Subjects will be notified of any change in controlling entity.
• Consent. Any other disclosure will occur only with your prior informed consent.

The Company does not disclose Personal Information to third parties for their own direct-marketing purposes.

International Data Transfers

The Company is established in, and operates from, the United States. Personal Information submitted to the Company is therefore processed and stored in the United States, which may not provide a level of data protection equivalent to that of your jurisdiction of residence.

Where Personal Information originates from the European Economic Area, the United Kingdom, or Switzerland, such transfers occur on the basis of the data exporter’s or data importer’s reliance on appropriate safeguards, including (where applicable) the Standard Contractual Clauses adopted by the European Commission, supplemented by the measures necessary to address any identified gaps. Further information is available upon request using the contact details in Section 18.

Cookies & Tracking Technologies

The Site does not set or read cookies, web beacons, clear GIFs, pixel tags, local storage items, or similar tracking technologies for the Company’s own purposes. No information is written to your device by the Company.

Content delivered by third-party services (in particular, Google Fonts, as described in Section 4.3) may be subject to such parties’ own cookie and tracking practices, which are outside the Company’s control. You may configure your browser to block or restrict such content where desired.

Data Retention

Personal Information is retained only for as long as necessary to fulfill the purposes for which it was collected, including:

• Responding to the Data Subject’s inquiry and concluding any subsequent correspondence;
• Establishing, performing, or terminating a contractual relationship;
• Complying with statutory retention obligations under tax, commercial, or regulatory law;
• Establishing, exercising, or defending legal claims within applicable limitation periods.

Server access logs are retained for a period not exceeding twelve (12) months, save where retention for a longer period is required for investigation or legal proceedings. Upon expiry of the applicable retention period, Personal Information is securely deleted, destroyed, or anonymized.

Information Security

The Company implements administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, accidental loss, alteration, disclosure, or destruction. These safeguards include, without limitation:

• Encryption of data in transit via industry-standard Transport Layer Security (TLS) where supported by counterpart infrastructure;
• Role-based access controls limiting Personal Information access to personnel with a documented operational need;
• Periodic review of information-handling practices and vendor risk posture;
• Internal confidentiality obligations binding all personnel with access to Personal Information.

Your Rights

Rights Applicable to All Individuals

Subject to applicable law and reasonable verification of identity, all Data Subjects may exercise the following rights in respect of Personal Information held by the Company:

• Right of access — to obtain confirmation of processing and a copy of the Personal Information held;
• Right of rectification — to have inaccurate or incomplete Personal Information corrected;
• Right of erasure — to have Personal Information deleted, subject to statutory exceptions;
• Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of prior processing.

California Residents (CCPA / CPRA)

Residents of the State of California are entitled, in addition to the foregoing, to:

• The right to know the categories and specific pieces of Personal Information collected, the categories of sources, the business purposes for collection, and the categories of recipients;
• The right to request correction of inaccurate Personal Information;
• The right to request deletion of Personal Information, subject to statutory exceptions enumerated in Cal. Civ. Code § 1798.105(d);
• The right to limit the use and disclosure of sensitive Personal Information (the Company does not collect such information);
• The right to opt out of the sale or sharing of Personal Information — the Company does not sell or share Personal Information as defined by the CCPA/CPRA, and no opt-out is therefore required;
• The right to non-discrimination for the exercise of any of the foregoing rights.

Other State Privacy Laws

Residents of states with comprehensive consumer privacy legislation — including, without limitation, the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, and Oregon Consumer Privacy Act — may enjoy analogous rights. Requests will be assessed on the basis of the applicable statutory framework.

EEA, UK, and Swiss Residents (GDPR)

Where the GDPR or equivalent United Kingdom or Swiss legislation applies, Data Subjects also have the right to data portability (where technically feasible), the right to restrict processing, the right to object to processing based on legitimate interests, and the right to lodge a complaint with the competent supervisory authority (see Section 16).

Exercising Your Rights

Requests should be submitted using the contact details in Section 18. The Company will, where required, take reasonable steps to verify the identity of the requestor before responding. Substantive responses will be provided within the period mandated by applicable law (generally forty-five (45) days under the CCPA and one (1) month under the GDPR), subject to permissible extensions where the request is complex or numerous.

Data Breach Notification

In the event of a confirmed security incident involving Personal Information that is reasonably likely to result in a risk to the rights or freedoms of affected Data Subjects, the Company will notify (i) affected individuals without undue delay and in compliance with applicable law, and (ii) any competent supervisory authority within the statutory period prescribed by the governing regime (which, under the GDPR, is seventy-two (72) hours from the Company becoming aware of the breach, insofar as feasible).

Children’s Privacy

The Site and the Company’s services are directed exclusively to individuals aged eighteen (18) years or older acting in a commercial capacity. The Company does not knowingly solicit or collect Personal Information from minors. If the Company becomes aware that Personal Information relating to a minor has been collected, such information will be deleted without undue delay. If you believe a minor has provided Personal Information to the Company, please notify us using the details in Section 18.

Do Not Track Signals

Because the Site does not engage in tracking across third-party services or cross-context behavioral advertising, no operational change results from the receipt of a Do Not Track (“DNT”) signal, a Global Privacy Control (“GPC”) signal, or equivalent browser-level privacy preference. The Site’s processing is identical irrespective of such signals.

Third-Party Links

The Site may contain hyperlinks to websites, applications, or services operated by third parties. The Company does not control, and accepts no responsibility for, the content, privacy practices, or security posture of any third party. The inclusion of a hyperlink does not constitute an endorsement. You are encouraged to review each third party’s own privacy notice prior to engaging with its services.

Complaints & Supervisory Authorities

The Company takes privacy complaints seriously. In the first instance, any concern regarding the Company’s handling of Personal Information should be directed to the contact points set out in Section 18. The Company will investigate and provide a substantive response.

Where the Data Subject remains dissatisfied, a complaint may be lodged with the competent regulatory authority, including:

• California residents — the California Privacy Protection Agency (cppa.ca.gov) or the Office of the Attorney General of California;
• Residents of other U.S. states — the Office of the State Attorney General in the relevant jurisdiction;
• EEA residents — the supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement;
• UK residents — the Information Commissioner’s Office (ico.org.uk).

Amendments to This Policy

The Company reserves the right to amend this Policy from time to time to reflect changes in law, technology, business practice, or operational circumstances. Any amendment will take effect upon publication of the revised Policy on the Site, with the “Effective Date” and version number updated accordingly. Material changes will be communicated by a prominent notice on the Site and, where required, by direct communication to affected Data Subjects. Continued use of the Site following publication constitutes acceptance of the revised Policy.

Contact the Company

All privacy-related inquiries, rights requests, and complaints should be addressed to:

Entity

Meridian Dispatchers

Email

sales@meridiandispatchers.com

Telephone

(571) 576‑7104

Reference

Please quote “Privacy Inquiry — MD-LEG-PRV-001”

The Company will acknowledge receipt of privacy inquiries within a reasonable period and will respond substantively within the statutory timeframes applicable to the request.