At Ultrasonix Medical Corporation ("Ultrasonix," "we," or "us"), we are committed to ensuring the privacy of individual visitors to our website. This Privacy Policy (this "Policy") describes how personal information is collected from visitors of the Ultrasonix website at www.ultrasonix.com (the "Site"), and how such personal information is used and disclosed. By using our Site and providing us with your personal information, you confirm your consent to our collection, use and disclosure of your personal information as set out in this Policy and in any other consent obtained from you. In addition, this privacy policy describes how the HIPAA and PIPA requirements with regard to “Personal Health Information” (PHI) are addressed by Ultrasonix Medical Corporation. Please note that we reserve the right to revise this Policy at any time without notice. Notification of such changes or revisions will be given only by posting the revised Policy on the Site. We encourage you to review this Policy every time you visit the Site and provide personal information to us to make sure you understand how information you provide will be used.

Effective Date
The effective date of this Policy is July 16, 2007.

Applicable Law
We are generally governed by the Personal Information Protection Act ("PIPA") (B.C.) and the intent of this Policy is to comply with the requirements of PIPA. It is our policy to comply with the requirements of PIPA and any other applicable law regarding the collection, use or disclosure of personal information, but also to rely on all applicable exemptions and exceptions if reasonable to do so.

What is Personal Information?
Personal information means information about an identifiable individual. Examples of personal information may include an individual's name, address, telephone number, e-mail address, credit card number or other account number, or information about that person's activities when directly linked to that person. Personal information also includes demographic information, such as date of birth, gender, geographic area, and personal preferences.

Personal information does not include business contact information; being information to enable an individual at a place of business to be contacted, including the name, position name or title, business telephone number, business address, business email or business fax number of the individual provided it is used to contact an individual in their capacity as an employee or official of an organization. Personal information also does not include work product information, which is information prepared or collected by an individual or group of individuals as a part of the individual's or group's responsibilities or activities related to the individual's or group's employment or business (excluding personal information about an individual who did not prepare or collect the personal information).

Personal information also does not include "aggregate" information, which is data we collect about a category or group of customers, products or services for which individual identities are not present, or from which they have been removed. Aggregate information allows us to better consider new products and services and tailor existing products and services to needs and desires of prospective customers.

Personal Information We Collect
As a visitor to the Site you may provide personal information to us in several ways. For example, you may provide us with personal information when you: (1) register to subscribe to a Ultrasonix newsletter; (2) participate in our Customer Satisfaction Survey, or any other survey administered on the Site; (3) fill out a form to request information about our products, services, or to provide us with comments or feedback, such as in our "How to Buy" or "Contact Us" portions of the Site; (4) sign up to receive E-mail Alerts; or (5) contact us by email for any reason. We collect your name, contact information (e.g., email address, postal address, and telephone number) and certain employment related information (such as your employer and the department or specialty in which you work) in this manner.

We also collect personal information from you if you submit a job application or resume to us via email. Personal information collected in this regard includes name, address, telephone number and email address, as well as other employment related information that you provide to us in the resume or application, in which case we would have your deemed consent to use and disclose the information provided for the purpose of considering you as a candidate for a position with us.

Additionally, some information is automatically collected from you on the Site, such as your computer's operating system, browser type, and IP address. This information is collected by web servers through the operation of the technology involved. In addition, we make use of "cookies." Cookies are small files that are stored on your computer by a Web site to give you a unique identification. We use cookies on the Site to keep you logged in to the Site and to keep track of your selections from our online catalog. We treat automatically collected information as personal information if we combine it with or link it to any of the personally identifiable information mentioned above. Otherwise, it is used in the aggregate only. IP addresses are not linked to any personally identifiable information. In addition, a third-party service is used to anonymously track traffic data on the Site through the use of a cookie that is not linked to, and does not track, any personally identifiable information about users of our Site.

Consent
It is our policy to collect personal information with the knowledge and consent of the individual unless applicable law permits or requires otherwise.

Deemed Consent
An individual is deemed to consent to the collection, use or disclosure of their personal information for a purpose if at the time their consent is deemed to be given, the purpose would be obvious to a reasonable person and the individual voluntarily provides the information for that purpose. It is our policy to rely on deemed consent where it is reasonable to do so.

How We Use Personal Information
In general, we use personal information to process your requests and provide you with products, services or information, or to inform you about other products or services we believe may be of interest to you. For example, we use your information to deliver products or provide services you have requested or purchased, to send you information about our products or services via email and postal mail, to generally improve our products and services, and to develop new products and services. When we use personal information in our internal marketing efforts, we provide you with choices (see "Choice," below). We may also receive personal information from third parties with whom we have business relationships, and may combine this information with the other personal information we maintain about you. If we do so, this Policy governs such information.

Sharing of Personal Information
We do not sell, rent, or share personal information with third parties without your prior consent except as described in this Policy. We may share personal information with third-party vendors and distribution partners who assist us in performing internal functions necessary to operate our business. These functions may include, for example, analyzing data, providing marketing assistance, processing credit card payments, and providing requested corporate and/or product information. In all cases we limit personal information shared with our third-party vendors to that information which is necessary to carry out those functions, and we require our vendors to keep the information confidential and to only use it for the purpose for which it was provided. We are not responsible for any additional information you provide to these third parties, however, and we encourage you to become familiar with their practices before disclosing information directly to them.

The law provides that we may disclose personal information without consent in certain circumstances, including but not limited to emergency situations that threaten the health or safety of an individual, to protect our rights or property, investigations or legal proceedings, disclosure of certain information where it is publicly available, disclosure pursuant to applicable legislation or treaties authorizing or requiring such disclosure, disclosure to comply with subpoenas, warrants, orders and other legal requirements and processes, disclosure to law enforcement officials as permitted in applicable legislation, and disclosure of employee personal information as reasonably related to establishing, maintaining and terminating employment relationships. In addition, information about our customers, including personal information, may be disclosed during the course of a business transaction as permitted by PIPA as part of, for example, a merger, acquisition, debt financing or sale of company assets.

Links to Other Web Sites
Our Site may contain links to other Web sites ("Third Party Sites"). We accept no responsibility or liability with respect to links to Third Party Sites. Links from our Site to Third Party Sites or content are provided for your convenience only, and we do not have control over the content or privacy and security practices and policies of such Third Party Sites or the parties maintaining them. Any personal information you provide on linked pages is provided directly to that third party and is subject to that third party’s privacy policy. We encourage you to learn about their privacy and security practices and policies before providing them with personal information.

Use of our Site by Children
We do not intend, and the Site is not designed, to collect information from children who are under 13 years of age. If you are under 13, you should not provide information on the Site.

Security
We have put into place reasonable security measures in an effort to prevent loss, misuse, and alteration of information while it is under our control. We cannot, however, guarantee protection of all information against interception, misappropriation, misuse, or alteration, or that your information may be not be disclosed or accessed by accidental circumstances or by the unauthorized acts of others. If you choose to transmit information to us over the Internet, you do so at your own risk. Furthermore, we have no control over the security of Third Party Sites you might visit, interact with, or do business with.

Your Comments or Concerns
We welcome your feedback. If you have any comments or concerns about this Policy or would like to contact us for any reason, you may reach us via the contact form, phone at (604) 279-8550 or at the following address:

Ultrasonix Medical Corporation
Human Resources Department
130-4311 Viking Way
Richmond, BC, Canada V6V 2K9

Access to Personal Information
The law provides that individuals may request that we provide them with access to their personal information in our custody or control, together with information about how we are using and disclosing their information and the recipients of any disclosure.  Such requests must be in writing and must provide us with sufficient information to verify the identity of the person making the request and to locate our record, if any, of the personal information in question.  We will respond to requests in the time allowed by law, which is generally 45 days. In certain circumstances, we may have a right to extend this period of time and will advise in writing if we are doing so. We will make a reasonable effort to assist applicants and to respond as accurately and completely as reasonably possible.  All requests may be subject to any fees and disbursements the law permits us to charge.  Where appropriate to do so, we may require advance payment of a deposit or the entire costs of responding to a request for access to personal information.

All such requests should be sent to the above address to the attention of Human Resources.

Please note that your ability to access your personal information under our control is not an absolute right. We are not permitted to disclose certain information, such as, for example, personal information about another individual, and we also have the option to choose to not provide other types of information such as information collected during the course of an investigation or legal proceeding, confidential commercial information or information subject to legal privilege. We reserve all our rights to not provide information where the law provides us with the choice of not doing so.

Our response to all such requests will be in writing. We will confirm whether we are providing all or part of the requested information, whether or not we are allowing access or providing copies, and, if access is being provided, when and how that will be given.

If access to information or copies are refused by us, we will provide written reasons for such refusal and the section of PIPA on which that refusal is based. We will also provide the name of an individual who can answer questions about the refusal, and particulars of how the requesting individual can ask the Information and Privacy Commissioner of British Columbia to review our decision. 

You may also ask us to correct errors or omissions in your personal information that is in our custody or control. If you allege errors or omissions in the personal information in our custody or control, we will either correct the personal information and, if reasonable to do so, and if not contrary to law, send correction notifications to any other organizations to whom we disclosed the incorrect information; or decide not to correct the personal information but annotate the personal information that a correction was requested but not made. Corrections or amendments will not be made to opinions as opposed to factual information, although we reserve the right to modify opinions where changes in the facts on which those opinions are based occur.

Personal Health Information
Ultrasonix Medical Corporation currently does not collect or use "Personal Health Information "("PHI") from identified individuals, as such term is defined in the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").  Nor is Ultrasonix Medical Corporation a "covered entity" under the HIPAA Privacy Rule.

Ultrasonix does conduct design validation tests on initial pre-production units. When required by national or other applicable laws or regulations, design validation tests include clinical validation and/or evaluation of performance of the medical device. As part of the validation process, non-identifying PHI data may be used, namely, PHI that has been cleansed of all specified identifiers of an individual and of the individual's relatives, household members, and employers.

In addition, Ultrasonix may provide maintenance and support services for its products, and in the course of providing such maintenance and support, may come in contact incidentally with PHI.  In particular, Ultrasonix service agents may come in contact with PHI residing on the hard drive of the computer module of a customer's "Sonix" unit, when replacing or repairing such hard drive or module.

However, when the defective module, part or system is returned to Ultrasonix from a customer site for servicing, any PHI shall be erased by Customer Service personnel. The data may either be erased from the hard drive or a system recovery can be performed (System Software Configuration G SSC 001). If the customer explicitly asks for the data to be sent back to them, then the data will be saved to a DVD and shipped to their requested address. Once the data has been recovered, the data on the hard drive shall be erased as stated above. After repairs to the system have been completed, defective hard drives shall be destroyed.

Security Breach
If attempted or successful unauthorized access, use, disclosure, modification or destruction of PHI of an identified individual is detected by Ultrasonix employees or subcontractors, it shall immediately be reported to Ultrasonix Human Resources department. Ultrasonix Human Resources department shall prepare a written report as necessary per contract or regulatory requirement to the necessary person or organization.