Data privacy

At TortureID (TID), we collect information about you so that we can produce a written medical report for you and your legal representative to use. Information about you is called ‘personal information’ or ‘personal data’. 

Using, storing and sharing information is called ‘processing’ information. This statement tells you more about how we process your personal information. It also tells you about your rights.

There is more information about these things in our Privacy Notice.  


The name of our organisation is Torture ID or TID. We are an English organisation.


Email:     Send us an email at:
Post:       Write to us at: 24 Methley Mount, Chapel Allerton, Leeds, LS7 3NG, U.K.


We only ask for the information we need. We are always happy to explain why we need the information.

The information we collect, and which we may include in your report, includes:
• Your name and contact details, and details of your legal representative and GP
• Information such as date of birth, gender, ethnicity, religion, sexuality
• Information about your background and early life
• The details of your asylum case and what you have told us about any mistreatment you have experienced
• Information about your current living circumstances
• Information about your physical and psychological health
• Details of any injuries
• Photographs of injuries, if you would like us to take these.
• The clinician’s assessment of your physical and psychological health, and their opinion on how the medical findings relate to your asylum case.
The information we collect includes sensitive data, known as ‘special category data’. This is information about: race, ethnicity, religious beliefs, health, political opinion, sexual orientation, sex life and sexual health. We cannot prepare a medical report without this kind of information.


Most of the personal information we hold about you is information that you give to the clinician during your assessment appointment.

If you have been referred by your solicitor or another organisation, we also receive some personal information in the referral. This might include: Your name and contact details, your GP and the reason that a medical report is requested. Your solicitor might also send us a witness statement you have written, a copy of your Asylum Interview record, a copy of communications about your case from the Home Office and a copy of your medical records.

After your assessment, we may receive an update about your asylum claim from your solicitor or someone else who referred you to us. If you have given your consent, we might request information from your solicitor, your GP, Social Services or someone else who referred you.


We collect personal information about people for whom we have been asked to do a clinical assessment and report.


We use the information that you have given us in order to prepare a report about your health, and about any mistreatment you have reported and how this has affected you.

If you give your consent, we may also use the information to inform your GP about any health care needs identified during the assessment.

If you give your consent, we may also use the information to inform social care providers about any care needs identified during the assessment.

If you give your consent, we will also use your information to assist TID’s work, for example to:
– enable clinicians to write better reports
– train other practitioners
– evaluate our work and conduct research, for example about how many people we have prepared reports for, and what difference they have made. It might include finding out if the report has helped you to secure asylum or access health and social care services. This is to help improve our service to help other people and so that we can share knowledge to promote human rights.
– to tell people about TID’s work, for example to demonstrate the value of our work, to show what we have learned from it, to develop policy, or to raise funds
When we use information to assist TID’s work, it is always anonymised. This means we remove information that identifies you, such as your name or address.

We will only access your information for other reasons if it is necessary for you or for the organisation. For example if we received a complaint we might need to access your information to investigate it.

The law requires us to tell you the ‘lawful basis’ we rely on to process your information. This is: we process your personal information on the basis that we have agreed to provide you a report, or that you have given your consent to share information (e.g. with your GP) or on the basis that there are legitimate interests to use your personal information to provide our services in an effective, safe and efficient way.


If there is important relevant information about yourself that you do not provide, then we may not be able to write a report for you. We will tell you if we cannot write a report.


The clinician who meets you will ask for your consent at the start of your appointment. You can also provide consent by contacting us (see HOW TO CONTACT US above).


Your solicitor, your GP and other organisations working with you will have their own rules and their own privacy notices, which will apply to you. They will be able to give you information about these.


If you have been referred by your solicitor, we will give the completed report to your solicitor, and your solicitor will discuss with you who the report will be shared with.

If you have not been referred by a solicitor, with your permission we will give the finished report either to you, to the organisation that referred you to TID, or to Social Services if they have parental responsibility for you.

If you have given us consent
• We will tell your GP about any health care needs identified in the assessment
• If Social Services are involved, we will tell your social worker about any care needs identified in the assessment
• We will allow a researcher to access your personal information to evaluate our work but the information will be anonymised before it is shared outside TID.
If something, you have told us makes us think that you or someone else might be at risk of serious harm we could tell the NHS, social services, and/or police and/or and/or the Home Office. It is usually possible to explain why we need to do this, but not always. It would be very unusual for us to do this without your consent.

If you have given consent, we may share your anonymised information for evaluation, research, training, or informing people about our work for purposes such as policy development or fundraising.


We may keep an electronic copy of your medical report for six years or after our last contact with you or your legal representative. If we are made aware that the report is involved in legal proceedings we may retain it for six years after these proceedings are completed. We will then delete your report from our systems.

If you have given your consent to TID using your anonymised information to improve the quality of our work, then we will keep the anonymised information for as long as it continues to be useful for these purposes.


We are committed to keeping your personal information secure. When we share it, we use a secure on-line file transfer system and password protection so that the document cannot be opened without a password. We have detailed procedures for keeping your information secure. For example we never share personal information on insecure systems such as e-mail. Everyone at TID has to understand and follow these procedures.


You can request a copy of your personal information. This is called a ‘data subject access request’.

If the personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected (although we might need to check the accuracy of any new information you provide). If we have shared this information with others, where possible we will let them know about the correction. If you ask us, will also tell you who we’ve shared the information with.

If you need another copy of the report in the future, you can ask for it or ask your legal representative to ask for it and we will provide a copy if we still hold one. After one year we will always ask for your agreement before providing another copy of the report to your legal representative.

At any time you can ask us to delete or to stop processing your personal information. Where possible, we will do so. If the information that you want deleted is part of your medical report and cannot be removed without affecting the report, we may not be able to delete just that part of the report, but you would have the option of asking us to delete the whole report. If we have shared your personal data with others, we will let them know where possible. If you ask us, will also tell you who we’ve shared the information with.

Please note there are occasionally circumstances where we are not legally allowed to delete information. If this applies to your request we will explain it to you.

Where we are relying on your consent to process your information, you can withdraw your consent at any time.

If you would like more information about how we process your personal information, please contact us (see HOW TO CONTACT US above).

If you want to exercise any of your rights, you will not have to pay a fee. We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We try to respond to all legitimate requests within one month. However if we believe a request is clearly unfounded, repetitive or excessive. we may charge a fee, or refuse to comply.

If you are not happy with how we are dealing with your personal information, you have the right to complain to the Information Commissioner’s Office (ICO). You can contact them on 0303 123 1113. However we would prefer to deal with any issues you have before you contact the ICO.