Privacy policy

Version Information

• This Policy applies to Say Way Limited (“the Company,” “we,” “our”) and its website mysayway.com (“the Site”).
• Last updated: 2026-05-01.

Personal Data We Collect 

Legal Bases for Processing (UK GDPR)

• UK GDPR: Performance of a contract, Legitimate interests, Consent, and Legal obligations.
• Hong Kong PDPO: Data is collected for purposes directly related to our functions/activities. We obtain explicit opt-in consent before using your data for direct marketing.

Your Rights

We respect your rights regardless of your location.

• UK/EU Residents: Rights to access, rectify, erase, restrict processing, and data portability.
  
  

• Hong Kong Residents: Under the PDPO, you have the right to:

  • Check whether we hold your personal data and access such data.
  • Request the correction of any inaccurate data.
  • Opt-out of direct marketing at any time, free of charge.
    
• To exercise your rights: Contact privacy@mysayway.com. We will respond within 30 days (UK) or 40 days (HK) as per respective legal requirements.

Direct Marketing (Hong Kong Specific)

If you are a Hong Kong resident, we will not use your personal data for direct marketing purposes unless we have received your express consent. You may withdraw this consent at any time by clicking "Unsubscribe" in our emails or contacting our Data Protection Officer.

Cookies and Similar Technologies

• Essential cookies: ensure core site functionality.
• Analytics cookies: measure performance (activated only with consent).
• Marketing cookies: deliver personalised ads (settings can be changed anytime in the “Cookie Preference Centre”).
  

Data Sharing

• Payment processors (e.g., Stripe, PayPal)
• Logistics partners (for delivery)
• Government or regulatory bodies (when legally required)
• All partners are bound by data-processing agreements and may access information only as necessary.

International Data Transfers

As we are headquartered in Hong Kong, your data will be stored and processed on our secure servers in HK.

• For UK Users: We ensure that transfers from the UK to Hong Kong are protected by Standard Contractual Clauses (SCCs) or other approved legal safeguards to ensure a level of protection equivalent to the UK GDPR.

Data Retention

• Customer accounts: up to 7 years after closure (tax requirements).
• Marketing lists: removed when consent is withdrawn or after 24 months of inactivity.
• Transaction records: retained 6-7 years per finance and tax laws.

Data Security Measures

We take all reasonably practicable steps to protect your data from unauthorized access or loss:

• TLS 1.2/1.3 encryption for all data in transit.
• Servers located in secure facilities with role-based access control.
• Regular security audits and multi-factor authentication for internal access.

Third-Party Links

• Our Site may contain links to third-party websites. Clicking such links means you are subject to their privacy policies; we are not responsible for their practices.

Changes To This Policy

• We may update this Policy due to legal or operational reasons. Material changes will be announced via e-mail or on-site notice. Continued use of the Site after the effective date constitutes acceptance of the revised Policy.

Contact & Complaints

If you have questions about this policy or how your data is handled, please contact our Data Protection Officer (DPO):

Email: privacy@mysayway.com

Postal Address: Room 1123, 11/F, Star House, 3 Salisbury Road, Tsim Sha Tsui, Kowloon, Hong Kong.

Regulatory Authorities:

UK: Information Commissioner’s Office (ICO).

Hong Kong: Office of the Privacy Commissioner for Personal Data (PCPD