Privacy Policy (UK)

Last Updated: 2026 / 06 / 23
Effective Date: 2026 / 06 / 23

Thank you for choosing to use the Usay Ring smart wearable device and its accompanying website https://myusay.com/ (the "Website"), developed and operated by Fison Health Co., Limited and/or its affiliates (collectively referred to as "we" or "us"). For the purposes of this Privacy Policy, Fison Health Co., Limited acts as the data controller, being responsible for deciding how and for what purpose your personal data is processed when you use the Website. We take your privacy and personal data protection very seriously and will safeguard your personal data and privacy strictly in accordance with the United Kingdom (the “UK”) applicable laws and regulations.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Website, and outlines the rights to which you are entitled. Please carefully read and understand all the contents of this policy before using the Website. Important contents that might affect your personal data and privacy rights have been highlighted in bold for your attention.

Table of Contents

• I. How We Collect and Use Your Personal Data
• II. Legal Basis for Our Collection and Use of Your Personal Data
• III. How We Share, Transfer, and Disclose Your Personal Data
• IV. How We Store and Transmit Your Personal Data
• V. What Rights You Have
• VI. How We Protect Your Personal Data
• VII. How We Protect the Personal Data of Minors
• VIII. Updates to This Privacy Policy
• IX. How to Contact Us

I. How We Collect and Use Your Personal Data

Please be informed and understand that we will only collect your personal data for the purposes and within the scope outlined in this Privacy Policy in compliance with applicable laws and regulations. In handling your personal data, we are committed to maintaining your trust in us and strictly adhere to the principles of purpose limitation, explicit consent, data minimization, accuracy, security safeguards, subject participation, and transparency, etc. We also ensure that you can exercise your relevant rights through convenient means to protect your personal data and privacy.

To provide you with excellent user experience and comprehensive personal data and privacy protection, we will collect and use data that you actively provide while using the Website, as well as data collected automatically during your use of the Website, in the following ways.

1. Device Data

1.1 To ensure the proper functioning, security, and management of your device and account, we collect certain technical and operational data related to the device itself. This data is essential for core functionalities such as device pairing, software updates, and troubleshooting.

1.2 The collection of this device data is based on the necessity for the performance of our contract with you to provide the core device service. It enables us to:

• Facilitate the initial setup, secure pairing, and ongoing operation of your website.
• Use unique device identifiers to help protect your account from unauthorized access and fraudulent activities.
• Deliver necessary firmware updates and diagnose technical issues to improve your experience.
• Link the physical device to your digital account for personalized data management.

1.3 The device data fields we collect include: IP address, browser type and version, operating system, and device identifiers.

This data is typically collected automatically when you set up and use the device. It is stored securely and is essential for the basic functionality of our Website.

1.4 To provide our service, the data you need to provide is summarized as follows:

• Mandatory data: above all data in section 1.3.

2. Behavioral Data

2.1 To ensure the optimal functionality, security, and continuous improvement of our services, we collect certain user interaction data related to your browsing activities on our platform. This data is essential for core functionalities such as personalizing your experience, maintaining service security, and enhancing the overall usability and content relevance of our website.

2.2 The collection of this interaction data is based on the necessity for the performance of our contract with you to provide a personalized and secure service. It enables us to:

• Understand user preferences and behavior patterns to tailor content, recommendations, and interface layout;
• Monitor and analyze user engagement to identify and troubleshoot usability issues, thereby improving website performance and design;
• Detect and prevent potential security threats, fraudulent activities, and automated bot traffic by analyzing behavioral anomalies;
• Measure the effectiveness of our content and features to drive informed decisions for service development.

2.3 The specific interaction data fields we collect include: browsing history, click-through behavior, time spent on pages, search query keywords.

This data is typically collected automatically through technical means such as event listeners in web code, browser APIs, and local storage mechanisms as you interact with our website. It is stored securely and is integral to providing a functional, adaptive, and secure user experience.

2.4 To provide our service, the data you need to provide is summarized as follows:

• Mandatory data: above all data in section 2.3.
• Special categories of personal data: Search Query Keywords.

3. Subscriptions and Payments

3.1 To ensure the secure operation, identity verification, and fulfillment of contractual obligations, we collect certain account, transactional, and communication data that you provide directly to us. This data is fundamental for core services such as account creation, order processing, payment verification, customer support, and service delivery.

3.2 The collection of this data is based on the necessity for the performance of our contract with you, as well as our legitimate interests in providing secure and efficient services. It enables us to:

• Create and manage your user account, authenticate your identity, and secure access to our services.
• Process your transactions, arrange for the delivery of purchased goods or services, and handle any related refunds or disputes.
• Provide personalized customer support and maintain a record of our communications for quality assurance and dispute resolution.
• Facilitate user-generated content, such as product reviews, to enhance the community experience and inform other users.

3.3 The specific data fields we collect in this category include: email, password, payment, and billing account details (including Paypal, Shopify Payments, Apple Pay, Google Pay, and credit card information), shipping/delivery address, billing address, recipient's name, email verification code, SMS or mobile verification code, chat logs or communication records with customer service personnel, email correspondence, product reviews and comments, order history, shopping cart contents, records of refunds.

3.4 This data is typically provided by you voluntarily during registration, checkout, or when interacting with our support teams. It is stored securely and is essential for the basic functionality, security, and fulfillment of the services you request. To provide our service, the data you need to provide is summarized as follows:

• Mandatory data: above all data in section 3.3.
• Special categories of personal data: chat logs or communication records with customer service personnel, email correspondence, product reviews and comments, order history, shopping cart contents.

4. Location Data

4.1 To ensure the security of our services, prevent fraudulent activities, and comply with regional legal and regulatory requirements, we automatically collect your IP address and derive an approximate geographic location from it. This data is essential for core functionalities such as access control, content localization, and security threat analysis.

4.2 The collection of this data is based on our legitimate interests in securing our platform and providing a localized user experience, as well as the necessity to comply with applicable laws in different jurisdictions. It enables us to:

• Enhance Security and Prevent Fraud: Detect and prevent unauthorized access, account takeover attempts, and other fraudulent activities by identifying logins or transactions originating from anomalous or high-risk geographic locations.
• Provide Localized Content and Services: Automatically display the website in the appropriate language, show region-specific pricing and promotions, and ensure compliance with local content regulations.
• Optimize Network Performance: Assist in routing requests to the nearest server or content delivery network (CDN) node to improve page load times and service reliability.
• Fulfill Legal and Tax Obligations: Determine the applicable tax jurisdiction (e.g., for sales tax/VAT) and comply with data sovereignty or other regional legal requirements.

4.3 The specific data fields we collect in this category include: approximate geographic location derived from IP address.

4.4 This data is collected automatically through technical means when you interact with our website. We typically utilize third-party IP geolocation databases or APIs to perform the translation from IP address to geographic information. The data is stored securely and is integral to providing a secure, compliant, and optimized user experience. To provide our service, the data processing is summarized as follows:

• Mandatory data: above all data in section 4.3.

5. Service Optimization

You acknowledge and agree that, on the condition that the information is processed using secure encryption technology, de-identified, and cannot be used to re-identify any specific individual, we may use the information that you provide while using the Website, as well as corresponding model-generated replies and feedback, for model training and algorithm iteration. This allows us to continuously adjust and optimize the model’s performance in order to provide you with services of higher quality. If you do not wish us to use such information for model training and optimization, you may contact us using the contact information disclosed in Section IX of this Privacy Policy.

6. Customer Service

To provide you with better customer services, we will collect the complaint and feedback information that you provide (including text and images), information you provide when contacting our customer service team via email at cs@myusay.com, and information you send to us when participating in surveys, contests, or promotional activities, such as your name, contact details, and messages.

II. Legal Basis for Our Collection and Use of Your Personal Data

1. Performance of Contract
We process your personal data in order to fulfill our contractual obligations to you (for example, processing orders, delivering products or services, and providing after-sales support), when such processing is necessary for the performance of the contract between you and us.

2. Express Consent
In certain circumstances, we will collect and process your personal data or sensitive personal data only with your prior explicit consent or separate explicit consent. For example, in scenarios involving the sending of electronic marketing communications or delivery of wellness analysis reports. You have the right to withdraw such consent at any time.

3. Legal Obligations
We may process certain data in order to fulfill statutory and compliance duties and obligations in accordance with applicable laws and regulations, as well as requirements from administrative authorities or courts. For examples, financial and tax compliance, consumer rights protection, product recalls, or safety requirements. These obligations may vary depending on the jurisdiction.

4. Legitimate Interests
4.1 In certain circumstances, we process your personal data on the legal basis of our legitimate interests, as permitted by Article 6(1)(f) of the UK General Data Protection Regulation. This applies when the processing is necessary for purposes pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
4.2 We rely on this legal basis only after conducting a careful balancing test to ensure that our interests are legitimate and do not disproportionately impact your privacy. Our legitimate interests typically include:

• To analyze usage patterns and feedback to enhance the functionality, user experience, and features of our services.
• To ensure the security of our IT systems, websites, and services, including the detection, prevention, and investigation of fraud, security breaches, or other malicious activities. This includes the processing of technical data such as IP addresses, browser types, and access times, which is technically necessary to display our website and guarantee its stability and security.
• For the general administration and operation of our business, including internal record-keeping, and for communicating with you regarding your inquiries or feedback, where such communication is not solely based on contractual necessity or your consent.
• To establish, exercise, or defend legal claims.

III. How We Share, Transfer, and Disclose Your Personal Data

1. To ensure the normal operation of, to provide you with our core functionalities of, and to improve the features and services of, the Website, we may need to share information that has been anonymized or de‑identified with our affiliates, and certain reliable suppliers and cooperative partners. Only after obtaining your explicit consent and within the scope of your explicit authorization, will we share data that can be used to identify you personally with a third‑party. We require that any third party receiving your personal data to strictly comply with policies and requirements regarding the protection of personal data and privacy, including but not limited to processing the data in accordance with data protection agreements, undertakings, and relevant data processing policies, minimizing the scope of data to be shared, avoiding identification of individuals, and take all reasonably necessary technological measures to safeguard your personal data and privacy.

2. To date, the external services we use from third party suppliers fall into the following seven categories:

• 2.1 E-commerce SaaS Platform and Infrastructure Services: We utilize Shopify as our e-commerce platform provider to host our online store, process secure payments, manage order fulfillment, and protect against fraudulent transactions, ensuring a seamless and secure shopping experience for you.
• 2.2 Cloud Storage and Technical Infrastructure: We utilize cloud service providers located in Germany for data storage, data hosting, and security optimization. These providers act as service providers and are prohibited from using your data for any purpose other than providing these infrastructure services.
• 2.3 Payment Processing Services: When you make a subscription through the Website, your payment data are processed by authorized third‑party payment service providers (e.g., Google Pay, Apple Pay, and PayPal). We do not store the details of your bank account or payment account data. Such data are directly processed by the payment service providers under applicable laws and regulations.
• 2.4 Verification Code and CAPTCHA Services: To protect your account security and prevent automated bot attacks, we use third-party services to deliver email/SMS verification codes and provide CAPTCHA challenges during login or registration.
• 2.5 Customer Support Services: We employ third-party platforms to manage our help desk, live chat, and email communications, ensuring your inquiries and technical issues are resolved efficiently.
• 2.6 Web Analytics Services: We use analytics service providers to collect information about how you interact with our website. This data helps us understand user behavior, optimize our site performance, and improve the user experience of our wearable products.
• 2.7 Advertisement Services: We collaborate with advertising service providers to deliver relevant marketing content and measure the effectiveness of our promotional campaigns based on your interactions with our site.

Details regarding our third‑party suppliers, types of personal data to be shared, purposes of sharing, and other relevant information are set out in the table below:

For additional question or information, please contact us via email at data_protect@myusay.com.

3. If we sincerely believe that disclosing personal data is reasonably necessary and proportionate to achieve any of the following purposes, we will disclose your personal data to third parties only in the following circumstances:

3.1 In compliance with any applicable laws, regulations, court orders or judgments, or law enforcement demands. We will share information about the number and types of governmental requests we receive through public reports.
3.2 Enforcing applicable terms of use, including investigating possible violations.
3.3 Monitoring, preventing, or otherwise addressing fraud, security, or technical issues.
3.4 Protecting the personal or proprietary safety of you, ourselves, or the public from harm.

IV. How We Store and Transmit Your Personal Data

1. Data Storage

1.1 Storage Location
To ensure the security of your personal data and privacy and provide you with stable and efficient services, in compliance with the applicable laws and regulations of German Berlin city, your personal data will be primarily stored and hosted in cloud infrastructure located in Germany. We implement administrative, technical, and physical safeguards designed to protect this information in accordance with the applicable cybersecurity standards.

1.2 Retention Period
We will retain your personal data only for as long as is necessary to provide you with the services of the Website. Once the retention period exceeds what is necessary, or when you withdraw your consent, request deletion of your personal data, deregister your account, or when your personal data is no longer used for the intended purpose of collection, we will delete or permanently anonymize your personal data, unless otherwise required by applicable laws and regulations.

The retention period for cookies data provided to third-party suppliers is as follows:

For data provided to third parties, please directly refer to the privacy policy of the third party. For example, please refer to Shopify’s Cookie Policy at https://www.shopify.com/zh/legal/cookies.

For other data (such as users’ personal information, order data, etc.), it is currently stored on the company's relevant servers and will be retained in accordance with legal and regulatory requirements.

2. Cross-Border Data Transfers

2.1 Cross-Border Data Transfer Process
We recognize the value of your personal data, and are committed to providing you with consistent, secure services worldwide. To offer you safe, stable, and efficient global services, your personal data (including but not limited to account information, wellness data synchronized from the smart ring, usage records, and log data) will be collected and transferred in compliance with the applicable laws and regulations of your country or region. For additional question or information, please contact us via email at data_protect@myusay.com.

2.2 How We Safeguard Your Personal Data During Cross-Border Transfers
We undertake that we will exert ourselves to ensure that your personal data receives adequate protection in any data transfer in strictly compliance with all applicable personal data and privacy protection laws and regulations of the relevant countries and regions. We will adopt including but not limited to the following measures:

• 2.2.1 Equivalent Level of Data Protection: We will endeavor to ensure that the legal and data protection practices in the recipient jurisdiction provide a level of protection comparable to that of the country or region where the data was originally collected.
• 2.2.2 Execution of Standard Contractual Clauses (SCCs): We will sign Standard Contractual Clauses recognized by regulatory authorities (such as the Hong Kong Office of the Privacy Commissioner for Personal Data and the European Commission) with the data recipients. These clauses will legally bind and oblige the recipients to protect your personal data in accordance with standards equivalent to those under the PDPO, GDPR, and other relevant laws and regulations.
• 2.2.3 Obtainment of Your Explicit Consent: In certain exceptional circumstances, if the above safeguards are not applicable, we will clearly inform you of the purpose, scope, and risks of the transfer, and seek your explicit consent in advance.
• 2.2.4 Data Anonymization and Pseudonymization: When transmitting data to third‑party suppliers and partners, we will prioritize the use of data that has been anonymized (unable to identify a specific individual) or pseudonymized (replaced with identifiers instead of direct personal identifiers), in order to minimize risks to the greatest extent.

2.3 Jurisdictional Differences and Risk Notice
If your personal data is stored or processed in a jurisdiction other than where they are collected, the personal data and privacy protection laws in that jurisdiction may differ from those in your country or region and may not provide an entirely consistent level of protection. By creating a Usay account and continuing to use the Website, you acknowledge that you understand and accept the reasonable risks associated with such cross-border data transfers.

3. Complaints and Appeals

If you have any questions or complaints regarding our cross-border data transfer or privacy protection measures, please contact us via email at data_protect@myusay.com, or via the “Help & Feedback” page of the Website. You also have the right to lodge a complaint with the data protection authority in your place of residence.

V. What Rights You Have

We respect the rights to which you are entitled under the applicable laws and regulation to acquire, access, correct, transfer, restrict the process of, and delete your personal data, and we are committed to ensuring that you can exercise your rights conveniently.

1. What Rights You Have

1.1 Right to Access Your Personal Data
You have the right to ascertain whether we have collected or processed your personal data, and to access, within reasonable limits, what personal data about you we have collected or processed, including the types of information, purposes of processing, and potential recipients (if any). Some information (e.g., sleep monitoring data) can be accessed directly by you through our website.

1.2 Right to Correct Your Personal Data
You have the right to request that we correct any inaccurate, incomplete, outdated, or misleading personal data we possess about you. Some information, such as basic profile details, can be corrected by you directly.

1.3 Right to Delete Your Personal Data / Right to Be Forgotten
You have the right to request that we delete your personal data. Unless we have a legitimate legal basis not to delete them, or are under a legal obligation to retain the data, we will act in accordance with your request. We typically ensure your right to deletion through the following two methods:

• 1.3.1 When a user initiates an unbinding process, the user will be prompted that the temporarily stored data within the Website and the ring will be deleted.
• 1.3.2 When a user initiates an account cancellation, the user will be prompted that all data on the server will be deleted.

1.4 Right to Data Portability
You have the right to receive your personal data held by us in a structured, commonly used, and machine‑readable format, and to transmit that data to another data controller without hindrance at your choice.

1.5 Right to Object to or Restrict Processing
You have the right to object to or opt out of our processing of your personal data. If we do not have a lawful reason to continue such processing, we will cease processing your personal data upon receipt and verification of your objection.

1.6 Right to Refuse Automated Decision‑Making and Profiling
You have the right to refuse or opt out of decisions based solely on automated processing (including profiling) that produce legal effects or similarly significant effects on you. We are obliged to obtain your separate explicit consent before carrying out such decisions, or to provide you with human intervention, the opportunity to express your point of view, and the right to contest the decision.

1.7 Right to Withdraw Consent
To the extent permitted by applicable laws and regulations, you have the right to withdraw your consent for us to process your information at any time. When you withdraw consent, we will cease collecting and processing new data from you, and you may also choose to have the personal data previously collected from you deleted. Withdrawal of consent does not affect the lawfulness and legitimacy of our processing based on consent before the withdrawal. However, please be advised and understand that withdrawing consent may result in difficulties or limitations in using the Website.

1.8 Right to Restrict Cross‑Border Transfers
You have the right to be informed whether your personal data is transferred outside your country / region of residence, and in certain circumstances to restrict such transfers. We undertake to obtain your explicit consent and explain the relevant matters in advance of any cross‑border transfer that may materially affect your rights.

1.9 Right of Nondiscrimination
You have the right not to be discriminated against by us in any way for exercising any of the personal data rights or privacy rights set out in this Privacy Policy or under any applicable laws and regulations, such as being refused objectively available services, being charged different prices, or being offered services of different quality. At the same time, you acknowledge and understand that providing certain personal data is prerequisite for us to deliver certain related functions and services. If you refuse to provide such information, we will be objectively unable to provide the relevant functions or services. For example, if you refuse to provide third‑party account information, you will not be able to register or log in using such third‑party account; if you refuse our collection of your wellness and exercise data, we will be unable to provide you with individualized wellness suggestions.

1.10 You have other relevant rights under applicable laws and regulations such as UK GDPR in UK and England.

1.11 Right to Legal Remedies
If you believe we have violated applicable laws and regulations, or that your rights have been infringed, you have the right to seek remedies through the following channels:

• 1.11.1 Complaint to Regulatory Authorities in Your Country or Region: For example, if you are in UK England, you may lodge a complaint with the UK Information Commissioner's Office (ICO). The ICO has the power to investigate and may issue an “enforcement notice” requiring us to rectify any violations.
• 1.11.2 Arbitration: If you suffer losses or damages (including mental distress) due to our violation of applicable laws and regulations, pursuant to our Terms of Use, you have the right to submit the matter to the Shenzhen Court of International Arbitration for arbitration against us.

2. How to Exercise Your Rights

You may exercise the above rights by logging into your Usay account and using the account settings interface. You may also submit rights requests in text and/or image form along with your email address for receipt of feedback on the “Help & Feedback” page, or by email at data_protect@myusay.com. To protect the security of your and other users’ personal data and ensure smooth exercise of your rights, please provide sufficient information for us to verify your identity when making a request. Generally, we will respond within 30 days after receiving your request and verifying your identity. However, We may refuse your request for legitimate reasons such as court orders or to prevent undue impact on the legitimate rights of others.

VI. How We Protect Your Personal Data

1. Data Protection Measures

We place great emphasis on the security of your personal data and privacy. To this end, we adopt measures including, but not limited to:

• 1.1 Technical Measures: We will implement security measures such as anonymizing or pseudonymizing personal data, strict access controls, and the use of encryption technologies to protect the data we process.
• 1.2 Internal Controls: We will provide regular confidentiality training for employees, and limit access to, and processing of, your personal data to authorized personnel only.
• 1.3 Third‑party Cooperation: We will ensure through contracts and other reasonable measures that the data processing activities of all third party suppliers and partners should comply with applicable legal requirements.
• 1.4 Authoritative Regulation: We are subject to supervision by applicable regulatory authorities and continuously assess the adequacy of our data protection measures to ensure the legal and industry standards be met.

2. Data Breach

We maintain reasonable administrative, technical, and physical security measures, including encryption and access controls, to protect your personal information. In the event of a security breach involving your unencrypted personal information, we will comply with applicable laws and regulations, including notifying the relevant regulatory authority and the affected users without undue delay in compliance with applicable laws and regulations of the relevant jurisdiction. Furthermore, we will make every reasonably possible effort to patch vulnerabilities or attacks that could lead to data breaches, in order to avoid any adverse impact on your personal rights and interests.

VII. How We Protect the Personal Data of Minors

We are committed to protecting the privacy of minors. THE WEBSITE IS INTENDED FOR ADULTS ONLY, AND NOT INTENDED FOR MINORS UNDER THE AGE OF 18. We will not proactively provide services to minors under the age of 18, nor intentionally collect or process their personal data. If we become aware that we have collected personal data of a minor, we will take steps to promptly delete or anonymize such information and cease processing it. Parents or legal guardians of minors may contact us by email at data_protect@myusay.com for any question or request regarding personal data of minors.

VIII. Updates to This Privacy Policy

To provide you with better services, the Website may be updated from time to time due to changes on our operations, technologies, or applicable laws and regulations. We will revise this Privacy Policy accordingly, and such revisions shall form part of this Privacy Policy and have the same effect as the current version. Without your explicit consent, we will not reduce the rights you are entitled to under the currently effective Privacy Policy.

The updated version of the Privacy Policy will be published in the Website and marked with an “Effective Date.” If there are material changes, we will notify you in a prominent manner (e.g., push notification, pop‑up window, or email).

IX. How to Contact Us

If you have any questions, comments, or complaints regarding this Privacy Policy, please contact our Data Protection Officer (DPO) using the following contact details:

Data Protection Officer: Kaelly Wei
Address: RM 503, 5/F, Hang Seng Castle Peak Road Building, 339 Castle Peak Road, Cheung Sha Wan, Kowloon, Hong Kong, China
Email: data_protect@myusay.com
Phone: +852 69597886
Fison Health Co., Limited

You can contact our UK Representative regarding matters pertaining to the UK GDPR:
By Email: ziyang@myusay.com
Address: Ziyang He, 16 Arundel terrace, first floor flat, London, UK, sw13 8dp, UK
By Phone Number: +447415206783
Fison Health Co., Limited