At Othram, Inc. (“our”, “us”, or “we”), our request system—the process by which users ask us to evaluate casework, perform analysis on casework evidence submitted to us, and through which we exchange information with users (the “Request System”)—is the primary communication channel between us and those involved in a law enforcement investigation for a particular case. The Request System is located at request.othram.com.
Purpose. We are in the business of providing human identification services for law enforcement investigations. We do not assist with consumer-based investigations or non-law enforcement investigations initiated or requested by a consumer. The Request System is usable only for law enforcement investigations. The Agency expressly acknowledges the Agency is a law enforcement agency or is assisting a law enforcement agency and will only use the Request System for law enforcement investigations. The Agency expressly denies the Agency is a consumer and expressly denies the Request System will be used by the Agency in connection with a consumer-based service request or any non-law enforcement investigation initiated or requested by a consumer.
Modifications. We may change this Policy from time-to-time, so please be sure to check back periodically. We will post any changes to these Terms on request.othram.com. Any such modification shall apply only to Requests received by us after the effective date of such modification.
“Case“ means a discreet case or project for a particular law enforcement investigation assigned by the Agency, and accepted by us, through the Request System. For clarity, a Case will never include a consumer-based investigation or any non-law enforcement investigation initiated or requested by a consumer.
“De-Identified Information“ means aggregated, de-identified, or anonymized data (without regard to the type or source of such data) that cannot be used to identify a particular individual and which is derived from, or relates to, Personal Information.
“DNA Profile Deliverable“ means the SNP profile delivered by us to the Agency and derived from a Submission.
“FBI QAS“ means the then-current Quality Assurance Standards for Forensic DNA Testing Laboratories adopted by the U.S. Federal Bureau of Investigation.
“Personal Information“ means information that identifies, or could potentially identify, an individual, including an individual's (i) name, address, and social security number, (ii) health information, and (iii) genetic information.
“Privacy Law“ means, with respect to a Case, any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree, requirement, or rule of law of any governmental authority applicable to Protected Information in such Case.
“Protected Information“ means, in connection with our providing a Request System Service, (i) information and materials received by us from the Agency, including Personal Information, and (ii) information and materials generated by us in connection with such service, including DNA Profile Deliverables and Work Product. Protected Information does not include information or materials that are publicly available through no fault of ours.
“Public“ means, with respect to a Case, the first time at which there is a public release or a public disclosure of such Case, whether by the Agency or someone else acting in concert with, or at the direction of, the Agency.
“Request System Service“ means a service provided by us to the Agency through the Request System.
“Submission“ means any item (of any kind) the Agency submits to us through the Request System, including submitted evidence and submitted extracts.
“Submission Service“ means a Request System Service directly involving a Submission.
“Technical Details“ means technical details highlighting or educating as to our capabilities.
“Work Product“ means the material that is generated as a function of analysis by us which is not subject to a chain of custody.
Uses. We shall use Protected Information in compliance with all applicable Privacy Laws and for the purpose of providing Request System Services to the Agency. In addition, if we and the Agency have separately agreed in writing to other privacy practices, then such other privacy practices shall apply to this Policy, and the order of precedence of this Policy and such other privacy practices shall be as described in such other written agreement.
Controls. We shall maintain adequate privacy and security controls with respect to the Protected Information. We shall ensure that access, use, storage, processing, and protection of Protected Information is in accordance with applicable Privacy Laws.
Employees Only. We shall provide all Submission Services to the Agency using our employees only. We shall not provide any Submission Service to the Agency using any independent contractor without the Agency’s permission or approval.
Submissions. A Submission received by us at our facility from the Agency shall not leave our facility without the Agency’s permission or approval, including in the circumstances identified in Section 9. We meet the FBI QAS applicable to (i) Submissions and (ii) Work Product.
Announcements. We shall not announce our involvement in or with a Case until the Case becomes Public (if ever). At the time a Case becomes Public (if ever), unless other arrangements are made between us and the Agency, we reserve the right to announce (including publicly) from time-to-time our involvement with a case. As part of any such announcement, we may disclose Technical Details regarding the Case. Examples of Technical Details include (i) quantity of DNA used, tested, or made available, (ii) degradation of materials, and (iii) proportions of mixtures.
Confidentiality. All our employees are subject to confidentiality restrictions that provide at least the same level of protection for Protected Information as those in this Policy.
Access. We shall ensure access to Protected Information is limited to our employees who are performing a Request System Service for the Agency and only for so long as necessary to perform such Request System Service. We shall maintain a disciplinary process to address any unauthorized access, use, or disclosure of Protected Information by our personnel. In the event of unauthorized access, use, or disclosure by our personnel of Protected Information relative to the Agency, we shall promptly notify the Agency after discovery of such unauthorized access, use, or disclosure. We have or shall enter into a written agreement or obtain written obligations with each our personnel member containing data protection obligations that provide at least the same level of protection for Protected Information as those in this Policy.
Safeguards. We have or shall implement safeguards of Protected Information providing for the following: (i) electronically tracking access to our facility, (ii) limiting physical and remote access to our facilities and data, and (iii) implementing network security, including protection against anticipated threats or hazards. In the event of unauthorized access by a third party of Protected Information, we shall promptly notify the Agency after discovery of such unauthorized access or disclosure.
Third-Party Communications. It is expected that all third-party communications regarding a Case shall be coordinated and made by the Agency. If asked by the Agency, we shall participate in third-party communications regarding a Case for the Agency, but, unless otherwise agreed to by us and the Agency, it is expected that an Agency representative shall participate with us in each such third-party communication.
DNA Profile Deliverables.
Searches. We use DNA Profile Deliverables generated from a Submission to search against third-party genealogical databases. We will attempt to cause such third-party genealogical databases to limit and restrict access to, and maintain the confidentiality of, any such DNA Profile Deliverable so-used.
No Returns. Unless a Request System Service provides for the return of a DNA Profile Deliverable or other arrangements are made between us and the Agency, we do not return any DNA Profile Deliverable to the Agency.
No Sale. We shall not sell any DNA Profile Deliverable, and we shall not sell access to any DNA Profile Deliverable.
Collection. We may collect information from DNA Profile Deliverables to establish genetic identity in the context of a Case, and we shall use such genetic identity from a DNA Profile Deliverable solely in the context of such Case. We will endeavor to avoid collecting or disseminating any DNA Profile Deliverable from which medically relevant information may be derived.
Submissions Retention. We do not retain any Submission indefinitely. The Agency agrees to facilitate the return of each Submission at the conclusion of each Case.
Additional Uses and Disclosures by Us.
Uses. We may use Protected Information as follows:
Providing or Improving Services. We use Protected Information to provide, maintain, and improve the Request System Services;
Legal Compliance. We use Protected Information to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
General Business Operations. We use Protected Information where necessary for the administration of our general business, accounting, recordkeeping, and legal functions and as part of our routine business administration, such as employee training, compliance auditing, and similar internal activities.
Disclosures. We may share Protected Information as follows:
Service Providers. We may disclose Protected Information to persons who perform functions on our behalf;
Business Transfers. We may disclose Protected Information to another entity in connection with an acquisition or merger, sale, or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer, including during negotiations related to such transactions;
Legal Compliance. We may disclose Protected Information to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; in response to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a government official; and
De-Identified Information. We are permitted to, and may, create De-Identified Information from Protected Information. We are permitted to, and may, to the extent not prohibited by law, use the De-Identified Information or share, sell, or transfer the De-Identified Information with or to third parties. Such uses may include (i) research and development, (ii) performance testing, and (iii) product development, including analyzing, building, and improving the Request System Services. For clarity, De-Identified Information shall not include DNA Profile Deliverables. The Agency shall have no right, title, or interest in or to the De-Identified Information and shall have no right to use or possess the De-Identified Information.