Last Updated: 2026 / 06 / 23
Effective Date: 2026 / 06 / 23
1. What Special Categories of Personal Data We Collect
Where you voluntarily provide and consent, we may collect and use the following wellness, lifestyle, sexual life, sexual orientation and behaviour-related information, which qualifies as “Special Categories of Personal Data” under UK GDPR (particularly when used to assess wellness or infer wellness status):
Chat logs or communication records with customer service personnel, Email correspondence, Product reviews and comments, Order history, Shopping cart contents, and Search query keywords.
When used individually or in combination, the above data may reveal or infer your wellness status, lifestyle, mental state, dietary habits, diseases, sexual life, sexual orientation, and medication usage. Therefore, we will protect and process it according to “Special Categories of Personal Data” standards.
2. Our Purposes for Using This Data
We will only use the above “Special Categories of Personal Data” for the following specific purposes, within necessary and appropriate limits:
2.1. Providing, Maintaining, and Improving wellness and Fitness Services:
- Recording and displaying your activity, sleep, and wellness data trends;
- Generating personalised exercise, sleep, stress management, and wellness recommendations for you;
- Providing assistive wellness management support through AI conversations and wellness recommendations (non-medical diagnosis).
2.2. Account and Service Security:
- Using profile pictures and similar data to help you identify accounts and reduce misoperations;
- Using related data for anomaly detection to ensure account and data security.
2.3. Customer Service and Complaint Handling:
- Using user complaint feedback and complaint images to analyse issues, improve products and services, and conduct quality and safety tracking when necessary.
2.4. Compliance and Risk Management:
- To comply with applicable laws and regulations or regulatory requirements;
- To establish, exercise, or defend legal claims (e.g., disputes related to wellness or services).
We will not use the above data for purposes incompatible with those stated above unless we obtain your explicit consent again, or the relevant use has another legal basis.
3. Legal Basis for Processing “Special Categories of Personal Data”
Under UK GDPR, we process your personal data based on the following legal bases:
3.1. General Personal Data Processing Legal Basis:
- UK GDPR Article 6(1)(b): Necessary for the performance of a contract with you (e.g., providing wellness records and analysis services);
- UK GDPR Article 6(1)(f): Necessary for the purposes of the legitimate interests pursued by us or a third party (provided it does not override your rights and freedoms), e.g., improving product functionality and ensuring service security;
- UK GDPR Article 6(1)(c) (Where applicable): Necessary for compliance with a legal obligation.
3.2. Additional Conditions for Special Categories of Personal Data:
- UK GDPR Article 9(2)(a): You have given us explicit consent to the processing of those Special Categories of Personal Data; and/or
- UK GDPR Article 9(2)(h), (i), or (j) (Where applicable): For wellness or social care services, public wellness, or research/statistical purposes under UK law.
In most consumer-facing commercial scenarios, we will primarily rely on your “explicit consent” as the basis for processing your wellness data and other “Special Categories of Personal Data”.
4. Whether Provision Is Mandatory and Consequences of Not Providing
You have no legal obligation to provide us with the above “Special Categories of Personal Data”. However, if you choose not to provide it or do not consent to our processing:
- 4.1. You may be unable to use, or can only use in a limited capacity, features related to wellness assessment, exercise/sleep analysis, AI wellness recommendations, etc.
- 4.2. This will not affect your use of basic functions that only rely on general personal data (e.g., account registration, basic information display).
5. How We Protect This Data
For the above “Special Categories of Personal Data”, we implement security measures stricter than general data, including but not limited to:
- 5.1. Industry-standard encryption technologies during transmission and storage (e.g., encrypted channels, encrypted databases);
- 5.2. Strict access controls, with only necessary staff accessing under the "principle of least privilege";
- 5.3. Security logging and regular audits to detect and respond to potential security incidents;
- 5.4. Data minimisation and retention period controls, retaining data only for the period necessary to achieve the stated purposes, and securely deleting or anonymising after expiry.
6. Data Sharing and Cross-Border Transfers
Where necessary to achieve the above purposes, we may disclose data to:
- 6.1. Service providers processing data on our behalf (as data processors), such as cloud services, data analytics, and customer support providers;
- 6.2. Group companies in the UK or other jurisdictions meeting UK data protection standards;
- 6.3. Regulatory authorities, law enforcement, or courts where legally required or permitted.
If data is transferred outside the UK, we will adopt appropriate safeguards under UK GDPR, such as adequacy decisions or International Data Transfer Agreements (IDTA or equivalent) or other methods, to ensure your data receives protection equivalent to UK GDPR levels.
7. Your Rights
You have the following rights regarding your “Special Categories of Personal Data”:
- 7.1. Rights of access, rectification, erasure, restriction of processing, objection, and data portability;
- 7.2. Where we process based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.
To exercise any of the above rights, or if you have questions about our processing of your Special Categories of Personal Data, please contact us via:
Mailing Address: RM 503, 5/F, Hang Seng Castle Peak Road Building, 339 Castle Peak Road, Cheung Sha Wan, Kowloon, Hong Kong, China
Email: data_protect@myusay.com
Phone: +852 69597886
Fison Health Co., Limited
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).