Effective Date: 05-08-2024
CEDFOCI (also referred to as “we”, “us”, “our”, “the Service”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and genetic data when you access or use our services including DNA sample analysis, ancestry tracing, forensic matching, real-time intelligence reports, and related features.
By using our website, services, or submitting any data, you consent to the practices described in this policy (subject to applicable legal rights in your jurisdiction).
We may collect:
Name, date of birth, gender, contact information (email, phone), address
Identity verification details, government ID if required for legal or forensic purposes
Account credentials (username, password)
Raw DNA data (e.g. genotypes, sequence data, markers)
Biological sample metadata (e.g. sample date, sample type, lab handling info)
Ancestry / kinship / forensic matching results derived from the DNA data
Because CEDFOCI is used in forensic / investigative contexts, we may also collect:
Case identifiers, crime scene metadata, chain-of-custody data
Reference sample data from other parties (as permitted)
Law enforcement or judicial instructions / mandates
Device identifiers, IP address, browser / app type
Log data, analytics, crash reports
Timestamped user actions within the service
We use your data for the following purposes:
To perform DNA analysis, matching, and generate reports (ancestry, kinship, forensic)
To support investigative or legal processes, in cooperation with law enforcement or regulatory bodies
To improve and calibrate our algorithms, with appropriate safeguards
To provide you customer support, notifications, updates
To anonymize and aggregate data for research, statistical or quality-assurance purposes
To comply with legal and regulatory obligations (e.g. court orders, audits)
Where required by law (for example under Nigeria’s Data Protection Act or other applicable data protection laws), we rely on one or more of these bases to process your data:
Your explicit consent (especially for genetic data and sensitive personal data)
Legal or regulatory obligations
Legal claims / compliance with court orders / law enforcement requests
Legitimate interests, where those interests do not override your rights (e.g. improving service, fraud detection)
You may withdraw your consent at any time (subject to certain limitations, e.g. where retention is legally required).
We do not sell your personal or genetic data. We may share or disclose data only under these situations:
With your authorization — e.g. you request to send your report or raw data to a doctor, another lab, or stakeholder
Service providers & vendors — e.g. cloud storage, computational services, analytics — under strict confidentiality agreements and data protection safeguards
Law enforcement / legal / regulatory authorities — where required by law, subpoena, or judicial order
Aggregated / de-identified data — for research or publication, only when anonymized so that you cannot be identified
Affiliated labs or partner organizations — with your prior consent or under agreement
We will ensure any third parties we engage will follow suitable security, confidentiality, and data protection obligations.
Genetic data and personal data stored using industry-standard encryption both in transit (e.g. TLS/SSL) and at rest.
Access controls, audit logs, least privilege principles for staff and systems.
Regular security assessments, penetration testing, vulnerability scanning.
Samples (physical) may be destroyed after analysis or stored only with explicit consent for future use.
Retention policies:
• Personal data retained while your account or case is active, or as required by law
• Genetic data — only as long as needed, or until you request deletion
• Logs and audit trails — retained for legal, security, compliance reasons
If you request deletion of your data, we will comply, subject to legal obligations or ongoing investigations that legally require retention.
Depending on your jurisdiction, you may have the following rights with respect to your personal / genetic data:
Right to access (obtain a copy)
Right to correct inaccurate or incomplete data
Right to delete (erasure)
Right to restrict or object to processing
Right to data portability (receive your raw genetic / report data in a format)
Right to withdraw consent
Right to lodge a complaint with a data protection authority
To exercise these rights, contact us at: privacy@cedfoci.com (or another dedicated privacy contact).
Our services are generally not intended for use by minors (under 18) or without proper legal authority in forensic / investigative contexts. We do not knowingly collect genetic data from minors without parental/guardian consent or legal process.
If data is transferred internationally (outside Nigeria or relevant jurisdiction), we will ensure:
Adequate safeguards (standard contractual clauses, binding corporate rules)
Only to jurisdictions having acceptable data protection standards
Compliance with applicable cross-border data transfer laws
We may update this Privacy Policy from time to time. Changes will be posted on our website or within the app, with the effective date. If changes are material, we will notify users (e.g. via email).
If you have questions, concerns, or wish to exercise your rights, contact:
CEDFOCI / DNA Learning Center Nigeria
Email: privacy@cedfoci.com