Universal Scientific Industrial

1. Under specific circumstances, USI may collect, process and use certain personal data as follows (the personal data in bold may be sensitive personal data or special categories of personal data):

   1. USI may collect, process and use the personal data of personnel communicating, collaborating or conducting any interaction with USI in the course of business-related functions through meetings, activities or other business channels, as follows:

      • Basic information, including name, gender, employer and business title

      • Contact information, including telephone number and e-mail address

      • Other information that may be used to directly or indirectly identify the personnel

   2. To ensure the safety and security of both the personnel and workplace environment, USI may collect, process and use the personal data of persons entering USI facilities for the purpose of performing job duties or business visits, as follows (for more information, please refer to the respective “Visitor Privacy Policy” of Company or its affiliates):

      • Basic information, including name, gender, employer, business title

      • ID card or equivalent identifiers, including ID, passport or other forms of identification and facial photography

      • Contact information, including correspondence address, telephone number and e-mail address

      • CCTV records in important areas of the Company (if you present in important areas that are equipped with CCTV)

      • Other information necessary for maintenance and promotion of public interests

   3. For the purpose of employee management and the provision of services to the employees, USI may collect, process and use the personal data of the employees when they participate in the daily operation of USI, as follows (for more information, please refer to the respective “Employee Privacy Policy” of Company or its affiliates):

      • Basic information, including name, gender, position relevant information

      • ID card or equivalent identifiers, including ID, passport or other forms of identification and facial photograph

      • Work and educational information, including work experience, educational background, language ability and other professional skills or qualification certificates

      • Contact information, including correspondence address, telephone number and e-mail address

      • CCTV records in important areas of the Company (if you present in important areas that are equipped with CCTV)

      • Other information that may be used to directly or indirectly identify the employee

      • Other information necessary for maintenance and promotion of public interests

   4. USI may collect, process and use the personal data of persons visiting the company’s website and utilizing the web services to interact with Company (such as subscription to usinsight, online inquiries and use of other online systems), as follows:

      • Basic information, including name, employer, business title

      • Contact information, including correspondence address, telephone number and e-mail address

      • Other information that may be used to directly or indirectly identify the website user, such as website user’s relation with Company

      • Data collected by Cookies

   5. USI may collect, process and use the personal data of individuals making investment enquiries about the Company through phone, e-mail or any communication channels or persons who become shareholders of the Company, as follows:

      • Basic information, including name, gender, employer, business title

      • ID card or equivalent identifiers, including ID, passport or other forms of identification and facial photograph

      • Contact information, including correspondence address, telephone number and e-mail address

      • Other information that may be used to directly or indirectly identify them

   6. USI may collect, process and use the personal data of job applicants for vacant positions at USI, as follows (for more information, please refer to the respective “Candidate Privacy Policy” of Company or its affiliates):

      • Basic information, including name, gender, birth date

      • ID card or equivalent identifiers, including ID, passport or other forms of identification and facial photograph

      • Work and educational information, including work experience, educational background, language ability and other professional skills or qualification certificates

      • Contact information, including correspondence address, telephone number and e-mail address

      • Other information that may be used to directly or indirectly identify the job applicant

      • Other information necessary for maintenance and promotion of public interests

2. In principle, USI shall not collect, process and use sensitive personal data or special categories of personal data, for example medical records, healthcare, physical examination and criminal records except for the following situations:

   1. Where it is expressly required by applicable laws and regulations

   2. Where it is necessary to fulfill statutory obligations with maintenance and protection measures that are appropriate and secure

   3. Where it is necessary to assist the public authority in performing its statutory duties of investigating illegal activities, preventing or investigating criminal cases

   4. Consent is given by the data subject

3. In principle, USI will not collect, process or use personal data of minors. Under certain circumstances, for instance to provide employee vacation benefits or other benefits, USI may need to collect the personal data of minors in the employee's family (for more information, please refer to the respective "Employee Privacy Policy" of Company or its affiliates). Please proactively avoid providing us with any personal data of minors. If you notice that you have inadvertently provided personal data of minors to us, please contact us promptly to have it deleted.

4. Unless notification may be waived in accordance with the applicable laws and regulations, USI shall inform the data subject of the followings, including but not limited to:

   1. Specific Purpose for the collection, processing and use of personal data, processing method, categories of personal data, etc.

   2. If consent is the legal basis for data processing, data subject may decide to consent or reject partially or entirely USI’s collection, processing and use of requested or suggested personal data (opt-in)

   3. If data subject rejects to provide the personal data or if the personal data provided is inaccurate, USI may not be able to provide the data subject with specific or complete information, feedback or services, or complete recruitment processes or other employment management matters

   4. The method for exercising data subject’s rights

5. USI shall collect, process and use personal data to the extent not exceeding the necessary scope of Specific Purpose and ensure the collection, processing and use of personal data that have legitimate and reasonable connection with Specific Purpose. If consent is the legal basis for processing personal data, USI will not collect, process or use the personal data until the data subject gives its consent. The data subject may request the cessation of the collection, processing and use of personal data by USI, or deletion/destruction of personal data collected, processed or used by USI (opt-out) and USI shall proceed in accordance with such request (subject to certain exceptions provided by applicable laws and regulations). To exercise rights over personal data, submit a request to the contact information provided in Sub-Section V of Section I. USI may need to validate the request. In order to validate a request, USI may ask for the following information: name, prior interactions with USI, the name of the relevant company or business partner, corporate email address, or other necessary information. Only the data subject or an authorized agent may make a request related to personal data. To designate an authorized agent, please provide a legally binding written document signed by the data subject and the authorized agent. USI may also verify the identity of the authorized agent.

6. If you are a California resident, for more information about USI’s collection, processing, and use of personal data pursuant to the California Consumer Privacy Act (CCPA), please refer to Addendum “A”. 

1. USI may disclose personal data to third parties under the following circumstances:

   1. The third party is a public authority:

      • Where it is necessary to fulfill statutory obligation

      • Where it is necessary to assist the public authority (the court, prosecutor, public security bureau or other investigation bureau, or national or local government agency, etc.) in performing its statutory duties of investigating illegal activities, preventing or investigating criminal cases

      • Where it is necessary to assert, exercise or protect USI’s legal rights

      • At the request of the data subject

   2. The third party is a private legal entity (including Company’s affiliates), private institution or organization, or a natural person:

      • Where it is necessary to fulfill statutory obligation

      • Where it is necessary to assert, exercise or protect USI’s legal rights

      • For business or commercial use to the extent not exceeding the necessary scope of the Specific Purpose

      • At the request of the data subject

2. USI shall manage third party disclosures in compliance with the following:

   1. Having a legal basis

   2. Verifying the identity of the third party

   3. Notifying data subject

   4. If consent is the legal basis, obtaining the data subject’s consent

   5. Disclosing minimal and only necessary personal data, and requiring third parties to comply with applicable laws and regulations on privacy and personal data protection

3. For more information about USI’s Third Party Disclosures pursuant to the CCPA, please refer to Addendum “A”.

USI shall take measures that are reasonable and necessary to maintain the accuracy of personal data and, proactively or at the request of the data subject, supplement or correct personal data.

1. USI shall retain personal data for a reasonable period of time not exceeding the necessary scope of Specific Purpose, which in principle does not exceed 5 years for most data processing activities. For the personal data of employees, the data retention period shall follow the respective internal data retention policy of Company or its affiliates. Unless continuous retention of personal data is expressly required by applicable laws and regulations or necessary for USI to perform duties or business, or has the consent of the data subject, USI shall, proactively or at the request of the data subject, cease the collection, processing and use of personal data, or delete/destruct personal data if collection, processing and use is no longer necessary, the legitimate and reasonable connection with Specific Purpose no longer exists, or the laws and regulations on retention become not applicable.

2. USI shall establish appropriate and secure measures to manage the storage, processing, transmission, retention, access privileges of personal data and data storage/transfer tools. USI shall commit to safeguarding personal data to prevent damage, loss, theft, leakage, unauthorized access, copies, use or alteration. The measures include but not limited to:

   1. Using appropriate and secure networks and tools for data transmission and storage, such as encryption software (SSL or HTTP) to transfer data and setting up firewalls

   2. Classifying personal data according to level of security to ensure that the collection, processing and use of such data do not exceed the necessary scope of the Specific Purpose, and preventing access by unauthorized personnel.

   3. Documenting and conducting risk assessments for any new or changed personal data processing activities. Carrying out personal data protection impact assessment in a timely manner in accordance with applicable laws and regulations and take necessary measures to mitigate potential risks.

   4. Classifying personal data according to results of risk assessments, and adopting appropriate management procedures for the collection, processing, use and disclosure of such data.

Since USI is a multinational company with affiliates in many countries and regions around the world (USI global locations), and is actively seeking customers, suppliers and other business partners globally, personal data processed by USI may be transferred across borders to the extent not exceeding the original scope of the Specific Purpose. USI shall manage the transfer and use of personal data in accordance with applicable laws and regulations on privacy and personal data protection with appropriate measures. 

To improve and enhance the company’s website services, USI uses cookies to collect, process and use certain personal data, such as the user’s internet protocol address. To know more about our use of cookies, please refer to USI | Cookie Term.

With respect to personal data collected, processed and used by USI, the data subject may be entitled to the legal rights as follows:

1. The right to request an inquiry or review

2. The right to request a copy

3. The right to supplement or correct the incomplete or incorrect personal data

4. The right to request the cessation of collection, processing and use

5. The right to request the deletion/destruction of personal data that is displayed or stored internally at USI, or publicly available on public websites, files or other forms of storage

6. Where necessary and technically feasible, the right to request the transfer of personal data, in electronic and machine readable format, to designated third party data controller

7. The right to report any personal data violation to competent supervisory authorities

USI does not sell or share (as those terms are defined under the CCPA) personal data.

USI does not disclose or use sensitive personal data outside of the permissible uses identified within the CCPA.

USI will not discriminate against a data subject for exercising legal rights.

You can exercise your data subject rights by contacting USI at privacy@usiglobal.com. Please note that if your request conflicts with applicable laws and regulations, or the decisions of a public authority, we may not be able to respond to your request.

1. The protection of privacy and personal data is an integral component of USI’s internal control and risk management system. On an annual basis, the USI conducts risk assessments and internal compliance audits. From time to time, USI also conducts supplier compliance audits and engages independent parties to audit USI’s implementation of privacy and personal data protection to ensure full compliance with the Policy and applicable laws and regulations.

2. USI’s new employees are required to complete a training course on the protection of privacy and personal data. All employees of USI also receive regular updates on relevant laws and regulations governing privacy and personal data and management guidance to enhance their compliance awareness.

3. USI adopts a zero-tolerance policy to any violation of privacy and personal data protection. Should a violation be identified after thorough investigations, USI shall immediately review and improve management measures, and take disciplinary actions against errant personnel and where necessary, seek indemnity or prosecution in accordance with applicable laws and regulations.

4. USI’s employees, external parties or natural persons may report violations, suspected violations or conducts that could result in a violation of the protection of privacy or personal data by submitting relevant materials through any channel most recently announced by the website of Company.

5. For matters concerning the Policy or any other issues related to privacy and personal data, USI’s employees, external parties or natural persons may contact the following responsible department of USI. Generally, we will respond within fifteen (15) working days.

   Universal Scientific Industrial (Shanghai) Co., Ltd.
   Legal, Compliance & IP Unit
   privacy@usiglobal.com

6. This Policy may be updated from time to time due to business needs or in accordance with applicable laws and regulations. Please refer to Company’s website for the latest version (this version was last updated on 1st August 2025).

This Supplemental Privacy Notice for California Consumers (“Notice”) supplements the Policy on the Protection of Privacy and Personal Data (“Policy”) and applies solely to USI’s customers and suppliers, visitors, website users, investors or shareholders, job applicants and employees residing in California. USI adopts this Notice to comply with the California Consumer Privacy Act (CCPA), and any amendments and implementing regulations, and any terms defined in the CCPA have the same meaning when used in this Notice. 

Categories of Personal Information USI Collects

Over the last twelve (12) months, USI has collected the following categories of personal information from customers and suppliers, visitors, website users, investors or shareholders, job applicants and employees: