Privacy Policy

Updated as of August 28, 2018

We respect your privacy and take Internet privacy and information security very seriously. Please read the following information in this privacy policy (“Privacy Policy”) carefully.

This Privacy Policy covers our online privacy practices with respect to use and/or disclosure of information we may collect from you when you access or use our website located at www.isoray.com and any other website from which this Privacy Policy is linked (collectively, the “Site”).

This Privacy Policy applies only to the Site and its or their related services (the “Services”), which are provided by IsoRay Medical Inc., and its affiliates (“IsoRay,” “we,” “us,” or “our”). This Privacy Policy does not apply to information collected through other means, such as by telephone or in person. Please review our privacy practices and contact us at privacy@isoray.com if you have questions.

What is Personal Information?

As used in this Privacy Policy, “Personal Information” means any information that may be used, either alone or in combination with other information, to personally identify an individual. The type and amount of Personal Information we collect about you depends on how you use the Site, and is broadly described below.

What Information is Collected, and Why?

We collect certain information, including Personal Information, from and about Site users in three ways:

* directly from you

* directly from our web server logs

* with cookies

Information Provided by You

The Site includes certain features for your benefit that will not function properly unless we collect and use Personal Information. For example, you can contact us through the Site, but in order to respond to your request we will need you to provide us with your contact details. You may also include Personal Information in messages you send to us via the Site, and that Personal Information may include information related to a medical condition or other indicia of health (“Health Information”).

We may also ask for information about your location and medical needs to assist with finding a physician and may, with your consent, collect and pass on Personal Information (including Health Information) in order to provide qualified physician recommendations.

Web Server Logs

When you access or use our Services, we may track information to administer our Services and analyze its usage. Examples of information we may track include:

* Your Internet protocol address

* The kind of browser or computer you use

* Number of links you click within our Services

* State or country from which you accessed our Services

* Date and time of your visit

* Name of your Internet service provider

* Third party websites you linked to from our Services

* Pages or information you viewed on our Services

We use this information to analyze trends, administer and improve our Services, and monitor traffic and usage patterns for information security purposes and to help make our Services more useful.

Cookies and Similar Technologies

A “cookie” is a small text file that may be transferred to your computer’s hard drive in order to personalize our Services for you and to collect aggregate information regarding usage of our Services by all of our users. Each computer is assigned a different cookie that contains a random, unique number. Our Services use two different types of cookies: a “session” cookie, which is required to track a user session, for example, and which expires shortly after the session ends), and a “persistent” cookie, used to track unique visits to our Services, as well as how the user arrived at our Services (for example, through an email link or from a referral link), and the type of user (patient, provider, etc.). So that users are not counted twice, this cookie can “persist” anywhere from six months to two years.

Your browser software can be set to warn you of cookies or reject all cookies. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. If you reject our cookie, this may disable some of the functionality of our Services and you may not be able to use certain features offered by the Site.

In addition to cookies, our Services may use similar technologies for similar purposes. A “web beacon,” “clear GIF,” “web bug,” or “pixel tag” is a tiny graphic file with a unique identifier that is similar in

function to a cookie, but would allow us to count the number of users that have visited certain pages or screens of our websites, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, web beacons can tell the sender whether and when the email has been opened. In contrast to cookies, which may be stored on your computer’s hard drive, web beacons are typically embedded invisibly on pages or screens.

As a specific example of cookie-use on our Services, we use Google Analytics on our Services to help us analyze the traffic on our Services. For more information on Google Analytics’ processing of Personal Information, please see http://www.google.com/policies/privacy/partners/.” By using a browser plugin provided by Google, you can opt out of Google Analytics. We reserve the right to share aggregated site statistics monitored by cookies and web beacons with our affiliates and partner companies.

Some features on our Services may use cookies or other methods to gather information regarding your use of the Site, and may combine the information in these cookies with any Personal Information about you that they may have. We will treat this information in accordance with this Privacy Policy.

Geolocation Data

We do not collect precise information (e.g., GPS data; latitude and longitude) concerning the location from which you access the Services, but we collect information on your region or postal code to help us gather information useful for improving the relevance of our content and securing our Services.

How We Use Personal Information

In addition to the uses and disclosures of information outlined above, Personal Information about you may be used:

* To provide, analyze, administer, and improve our Services;

* To contact you in connection with our Services and, events or offerings that you may have registered for;

* To provide you with information regarding our products and the Services;

* Where you have requested, to introduce you to physicians or healthcare providers;

* To send you surveys;

* To respond to your requests;

* To protect our rights or our property and to ensure the technical functionality and security of our Services; and

* As required to meet our legal and regulatory obligations;

How We Disclose Personal Information

We will not disclose Personal Information to third parties other than as provided below, unless we obtain your consent.

We may disclose Personal Information:

* To Our Service Providers. We transfer Personal Information to third party service providers to perform tasks on our behalf and to assist us in providing our Services. For example, we may use third party service providers for security, website analytics, and payment processing. We use commercially reasonable efforts to only engage or interact with third party service providers and partners that post a privacy policy governing their processing of Personal Information, and require our service providers to maintain confidentiality and comply with applicable laws in the processing of Personal Information.

* Healthcare Providers. With your consent, we may disclose your Personal Information, including Health Information, to qualified physicians and healthcare providers for administrative and healthcare services.

* In the Event of a Merger, Sale, or Change of Control. We may transfer or assign Personal Information to a third party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control.

In addition, we may disclose Personal Information about you if we have a good faith belief that disclosure of such information is reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our Terms, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to our or third parties’ rights, property or safety.

Third-Party Websites

This Privacy Policy does not apply when you leave the Site and go to a third party web site. If you follow a link from the Site to another website, you may decide to disclose Personal Information at that website. For example, you might provide your contact information to obtain an information packet from an organization. Please be aware that in contacting that site, or in providing information on that site, that third party may obtain Personal Information about you. We encourage you to be aware when you leave the Site and to read the privacy statements of each and every site that collects Personal Information.

The Services do not include any features that allow a third party to, and we do not, track users of our Services, in personally identifiable form, over time and across third party websites. Accordingly, we do not currently respond or take any action on the Services with respect to web browser “do not track”

signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of Personal Information about an individual consumer’s online activities over time and across third-party web sites or online services.

Information Security

Security Measures

We maintain appropriate, industry standard, physical, electronic, and procedural safeguards to protect Personal Information collected via our Services in compliance with applicable law. Except as provided elsewhere in this Privacy Policy, we limit access to Personal Information to those persons in our organization who have a business need (including servicing your account, informing you of news and offers, or aggregating information) for such access. You should know, however, that no company, including us, can fully eliminate security risks associated with Personal Information. As such, we cannot guarantee that our standard measures will prevent a third party from circumventing our security measures and unlawfully intercepting or accessing transmissions or private communications, or where an error may occur in the administration of the Services. As such, we recommend that you use caution whenever submitting Personal Information online or through a mobile application.

Compliance Statement

IsoRay is neither a “Covered Entity” nor “Business Associate” to Covered Entities as those terms are defined by the Health Insurance Portability and Accountability Act of 1996 and its regulations , except in specific cases. In those cases, we will enter into “Business Associate Agreements” when required, and abide by all legal requirements of such agreements. When we participate with a third party which operates and maintains a personal health record (“PHR”) which is subject to the Health Information Technology for Economic and Health Act of the American Recovery and Reinvestment Act, they shall abide by any federal regulations applicable to PHR related entities.

Your Rights

In General

If you would like to access, amend, erase, export, or object to or restrict the processing other Personal Information collected via our Services, you may submit a request to privacy@isoray.com or write to us at:

IsoRay Medical, Inc.

350 Hills St., Suite 106

Richland, WA 99354

Your California Privacy Rights

Under California Law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal information (as defined by California law), such as name, e-mail and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes and (b) the names and addresses of all such third parties. To request the above information, please contact us at the email or physical addresses listed below with a reference to California Disclosure Information. We will respond in accordance with California law.

Children’s Privacy

We do not direct our Services to, nor do we knowingly collect any Personal Information from, children under the age of 13. If we become aware that a child has provided us with Personal Information, we take commercially reasonable steps to remove such information.

How will you be notified about changes to this Privacy Policy?

We reserve the right to change the terms of this Privacy Policy at any time by posting a notice on the Site. We urge you to check here for any updates to this Privacy Policy from time to time. Unless otherwise indicated, any changes to this Privacy Policy will apply immediately upon posting to our Services.

What if I have questions or concerns regarding this Privacy Policy?

If you have any questions or concerns about this Privacy Policy or the information practices of IsoRay, please contact us at 1-509-375-5329.

You may also contact us at:

IsoRay Medical, Inc.

Privacy Officer

350 Hills St, Suite 106

Richland, WA 99354