Privacy Policy for Brashan DNA Services
Last Updated: June 8, 2026
Dr Erada R. Oguntoye trading as Brashan DNA Services (“we,” “us,” or “our”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, protect, and share your information when you use our website (brashandna.com) and our DNA testing services.
This Privacy Policy is intended to comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
We recognise that DNA testing is highly sensitive. We are committed to:
- protecting the confidentiality of your personal information; and
- processing your data fairly, lawfully, and transparently in accordance with the UK GDPR and the Data Protection Act 2018.
To provide our services, we may collect the following categories of data:
- Personal Identification Information: name and contact details (such as email address, telephone number, and postal address). Depending on the type of test, we may also collect date of birth and other participant details needed to produce the report.
- Genetic Data (Special Category Data): biological samples (such as buccal swabs and, where applicable, blood or other tissue) and the resulting genetic information, DNA profile, and test results derived from laboratory analysis.
- Payment / Transaction Details: billing details and payment status information (payment card details are processed securely by third-party payment providers rather than stored by us).
We use your data to:
- Process biological samples and produce accurate DNA test results;
- provide your results and reports to you through the delivery method you select;
- manage your account and customer relationship (including order updates, support queries, and re-issuing reports where requested); and
- manage administration and business operations related to providing our services (including payments and fraud prevention).
We process your personal data on the following lawful bases:
- Performance of a contract (Article 6(1)(b) UK GDPR): processing is necessary to provide the service you request (for example, to process your order, analyse a sample, and provide results).
- Explicit consent (Article 9(2)(a) UK GDPR) for genetic data: because genetic data is special category data, we rely on your explicit consent to collect and analyse biological samples and to process genetic data for DNA testing.
If you do not provide the necessary information and/or explicit consent for genetic testing, we may be unable to provide the requested service.
We keep data only as long as needed for the purposes described in this Privacy Policy and then securely delete or anonymise it.
- Samples: biological samples are typically destroyed within 3 to 6 months after the final report is issued (unless a longer period is required due to the type of service you choose or by applicable legal/regulatory requirements).
- Results/reports: test results and reports are stored securely for a limited period (typically 1 to 2 years) to allow for customer support, queries, and re-issue requests, after which they are securely deleted unless we must keep them longer for legal or regulatory reasons.
We do not sell your personal data or genetic data.
We only share your information where necessary to provide our services, including:
- Accredited laboratory partners: to process samples and generate results under confidentiality and data protection obligations.
- Payment processors: to take payments securely and process refunds where applicable.
We may also disclose information if required by law, regulation, or a valid legal request.
You have rights under the UK GDPR, including:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request that inaccurate or incomplete data is corrected.
- Right to erasure: request deletion of your personal data in certain circumstances (subject to legal obligations and permitted retention).
We use appropriate technical and organisational measures designed to protect your information, including:
- High-level encryption for data in transit (SSL/TLS) and encryption at rest where appropriate;
- Restricted access controls so only authorised personnel can access sensitive data; and
- Secure laboratory protocols, including sample tracking and using identifiers (such as barcodes) to reduce the use of names in lab processing.
This Privacy Policy is governed by the laws of England and Wales.
If you have questions about this Privacy Policy or want to exercise your rights, contact the Data Controller:
Dr Erada R. Oguntoye trading as Brashan DNA Services Address: 631, London Road, Ditton, Aylesford, Kent, ME20 6DJ, UK Email: Csdna@brashandna.com Website: brashandna.com