Universal Scientific Industrial

1. Under specific circumstances, USI may collect, process and use certain personal data as follows:

   1. USI may collect, process and use the personal data of personnel communicating, collaborating or conducting any interaction with USI in the course of business-related functions through meetings, activities or other business channels, as follows:

      • Personal information identifiers, including name, gender, employer and business title

      • Contact information including telephone number and e-mail address

      • Other information that may be used to directly or indirectly identify the personnel

   2. To ensure the safety and security of both the personnel and workplace environment, USI may collect, process and use the personal data of persons entering USI facilities for the purpose of performing job duties or business visits, as follows:

      • Personal information including name, gender, employer, business title, ID/passport number or other forms of identification and facial photography

      • Contact information including correspondence address, telephone number and e-mail address

      • Other information necessary for furthering public interests

   3. For the purpose of employee management and the provision of services to the employees, USI may collect, process and use the Personal Data of the employees when they participate in the daily operation of USI, as follows:

      • Personal information identifiers, including name, gender, birth date, ID/passport number or other forms of identification and facial photography, etc.

      • Expertise and experience, including educational background, language ability and other professional skills or qualification certificates

      • Contact information including correspondence address, telephone number and e-mail address

      • Other information that may be used to directly or indirectly identify the employee

      • Other information necessary for furthering public interests

   4. USI may collect, process and use the personal data of persons visiting the company’s website and utilizing the web services to interact with Company (such as subscription to USI Newsletter, online inquiries and use of other online systems), as follows:

      • Personal information including name, gender, employer, business title

      • Contact information including correspondence address, telephone number and e-mail address

      • Other information that may be used to directly or indirectly identify the website user, such as website user’s relation with Company

      • Data collected by Cookies

   5. USI may collect, process and use the personal data of individuals making investment enquiries about the Company through phone, e-mail or any communication channels or persons who become shareholders of the Company, as follows:

      • Personal information, including name, gender, employer, business title, ID/passport number or other forms of identification and facial photography

      • Contact information, including correspondence address, telephone number and e-mail address

      • Other information that may be used to directly or indirectly identify them

   6. USI may collect, process and use the personal data of job applicants for vacant positions at USI, as follows:

      • Personal information, including name, gender, birth date, ID /passport number or other forms of identification and facial photography

      • Expertise and experience, including educational background and occupation, language ability and other professional skills or qualification certificates

      • Contact information, including correspondence address, telephone number and e-mail address

      • Other information that may be used to directly or indirectly identify the job applicant

      • Other information necessary for furthering public interests

2. USI shall not collect, process and use sensitive personal data including medical records, healthcare, physical examination and criminal records except for the following situations:

   1. Where it is expressly required by applicable laws and regulations

   2. Where it is necessary to fulfill statutory obligations with maintenance and protection measures that are appropriate and secure

   3. Where it is necessary to assist the public authority in performing its statutory duties of investigating illegal activities, preventing or investigating criminal cases

   4. Consent is given by the data subject

3. Unless notification may be waived in accordance with the applicable laws and regulations, USI shall inform the data subject of the followings:

   1. Specific Purpose for the collection, processing and use of personal data

   2. Data subject may decide to consent or reject USI’s collection, processing and use of requested or suggested personal data (opt-in)

   3. If data subject rejects to provide the Personal Data or if the Personal Data provided is inaccurate, USI may not be able to provide the data subject with specific or complete information, feedback or services, or complete recruitment processes or other employment management matters

4. USI shall collect, process and use personal data to the extent not exceeding the necessary scope of Specific Purpose and ensure the collection, processing and use of personal data that have legitimate and reasonable connection with Specific Purpose. The data subject may request the cessation of the collection, processing and use of personal data by USI, or deletion/destruction of personal data collected, processed or used by USI (opt-out) and USI shall proceed in accordance with such request (subject to certain exceptions, including exceptions set forth in Section H). To exercise rights over personal data, submit a request to the contact information provided in Sub-Section V of Section I. USI may need to validate the request. In order to validate a request, USI may ask for the following information: [name, prior interactions with USI, the name of the relevant company or business partner, corporate email address, or OTHERS]. Only the data subject or an authorized agent may make a request related to personal data. To designate an authorized agent, please provide a legally binding written document signed by the data subject and the identifying agent. USI may also verify the identity of the authorized agent.

5. If you are a California resident, for more information about USI’s collection, processing, and use of personal data pursuant to the California Consumer Privacy Act (CCPA), please refer to Addendum “A”. 

1. USI may disclose personal data to third parties under the following circumstances:

   1. The third party is a public authority:

      • Where it is necessary to fulfill statutory obligation

      • Where it is necessary to assist the public authority (the Court, Prosecutor/Policy/Investigation Bureau, or national or local government agency, etc.) in performing its statutory duties of investigating illegal activities, preventing or investigating criminal cases

      • Where it is necessary to assert, exercise or protect USI’s legal rights

      • At the request of the data subject

   2. The third party is a private legal entity (including Company’s affiliates), private institution or organization, or individual persons:

      • Where it is necessary to fulfill statutory obligation

      • Where it is necessary to assert, exercise or protect USI’s legal rights

      • For business or commercial use to the extent not exceeding the necessary scope of the Specific Purpose

      • At the request of the data subject

2. USI shall manage third party disclosures in compliance with the following:

   1. Verifying the identity of the third party

   2. Notifying data subject and obtaining his/her consent unless notification may be waived in accordance with applicable laws and regulations (e.g. notification or consent may prevent the public authority from performing statutory duties)

   3. Disclosing minimal and only necessary personal data, and requiring third parties to comply with applicable laws and regulations on personal data protection

3. For more information about USI’s Third Party Disclosures pursuant to the CCPA, please refer to Addendum “A”.

USI shall take measures that are reasonable and necessary to maintain the accuracy of personal data and, proactively or at the request of the data subject, supplement or correct personal data.

1. USI shall retain Personal Data for a reasonable period of time not exceeding the necessary scope of Specific Purpose, which in principle does not exceed 5 years (or for the Personal Data of the employees, not exceeding 5 years following the termination of the employment). Unless continuous retention of personal data is expressly required by applicable laws and regulations or necessary for USI to perform duties or business, or has the consent of the data subject, USI shall, proactively or at the request of the data subject, cease the collection, processing and use of personal data, or delete/destruct personal data if collection, processing and use is no longer necessary, the legitimate and reasonable connection with Specific Purpose no longer exists, or the laws and regulations on retention become not applicable.

2. USI shall establish appropriate and secure measures to manage the storage, processing, transmission, retention, access privileges of personal data and data storage/transfer tools. USI shall commit to safeguarding personal data to prevent damage, loss, theft, leakage, unauthorized access, copies, use or alteration. The measures include:

   1. Using appropriate and secure networks and tools for data transmission and storage, such as encryption software (SSL or HTTP) to transfer data and setting up firewalls

   2. Classifying personal data according to level of security to ensure that the collection, processing and use of such data do not exceed the necessary scope of the Specific Purpose, and preventing access by unauthorized personnel

   3. Classifying personal data according to results of risk assessments, and adopting appropriate management procedures for the collection, processing, use and disclosure of such data

Personal data may be transferred among and used by Company’s affiliates located in different countries to the extent not exceeding the original scope of the Specific Purpose. USI shall manage the transfer and use of personal data in accordance with the Policy and applicable privacy and personal data laws and regulations in the countries where the personal data is transferred and used.

To improve and enhance the company’s website services, USI uses cookies to collect, process and use certain persona data, such as the user’s internet protocol address. To know more about our use of cookies, please refer to USI’s Cookie Term.

With respect to personal data collected, processed and used by USI, the data subject may be entitled to the legal rights as follows:

1. The right to request an inquiry or review

2. The right to request a copy

3. The right to supplement or correct the incomplete or incorrect personal data

4. The right to request the cessation of collection, processing and use (in terms of Personal Data of the employees, USI may still maintain the Personal Data necessary for its daily operation, management and provision of services based on its internal policies, but USI shall comply with the relevant requirements under the Policy for such retained Personal Data)

5. The right to request the deletion/destruction of personal data that is displayed or stored internally at USI, or publicly available on public websites, files or other forms of storage

6. Where necessary and technically feasible, the right to request the transfer of personal data, in electronic and machine readable format, to designated third party data controller

7. The right to report any personal data violation to public authorities in the area where the data subject is a resident or where the personal data is used

USI does not sell or share (as those terms are defined under the CCPA) personal data.

USI does not disclose or use sensitive personal data outside of the permissible uses identified within the CCPA.

USI will not discriminate against a data subject for exercising legal rights.

To request an appeal of any decisions made by USI regarding exercising Legal Rights over personal data, contact USI at privacy@usiglobal.com.

1. The protection of privacy and personal data is an integral component of USI’s internal control and risk management system. On an annual basis, the USI conducts risk assessments and internal compliance audits. From time to time, USI also conducts supplier compliance audits and engages independent parties to audit USI’s implementation of privacy and personal data protection to ensure full compliance with Policy and applicable laws and regulations.

2. USI’s new employees are required to complete a training course on the protection of privacy and personal data. All employees of USI also receive regular updates on relevant laws and regulations governing privacy and personal data and management guidance to enhance their compliance awareness.

3. USI adopts a zero-tolerance policy to any violation of privacy and personal data protection. Should a violation be identified after thorough investigations, USI shall immediately review and improve management measures, and take disciplinary actions against errant personnel and where necessary, seek indemnity or prosecution in accordance with applicable laws and regulations.

4. USI’s employees, external parties or natural persons may report violations, suspected violations or conducts that could result in a violation of the protection of privacy or Personal Data by submitting relevant materials through any channel most recently announced by the website of Company.

5. For matters concerning the Policy or any other issues related to privacy and personal data, USI’s employees, external parties or natural persons may contact the following responsible department of USI:

   Universal Scientific Industrial (Shanghai) Co., Ltd.
   Legal, Compliance & IP Unit
   +866 49 2350876
   privacy@usiglobal.com

This Policy may be updated from time to time. Please refer to Company’s website for the latest version. (This version was last updated on December 30, 2022.)

This Supplemental Privacy Notice for California Consumers (“Notice”) supplements the Policy on the Protection of Privacy and Personal Data (“Policy”) and applies solely to USI’s customers and suppliers, visitors, website users, investors or shareholders, job applicants and employees residing in California. USI adopts this Notice to comply with the California Consumer Privacy Act (CCPA), and any amendments and implementing regulations, and any terms defined in the CCPA have the same meaning when used in this Notice.

Categories of Personal Information USI Collects

Over the last twelve (12) months, USI has collected the following categories of personal information from customers and suppliers, visitors, website users, investors or shareholders, job applicants and employees: