Our Privacy Policy

I value the privacy of all website visitors, constituents, and the public interacting with me and my team. Please view our Office Privacy Policies below. Use the links to jump to a particular section.

Who We Are
Data Protection Contacts
Privacy Policies
Your Data Protection Rights
How to Complain

Who We Are

This website represents the office of David Smith, Member of Parliament for North Northumberland, and UK Special Envoy for Freedom of Religion & Belief. If you have any queries about how your personal data is used, please don’t hesitate to get in touch.

This website is intended for use by those within the United Kingdom of Great Britain and Northern Ireland only, and the site falls under the jurisdiction of English law.

Web Address:
www.davidsmithnorth.co.uk
Email:
david.smith.mp@parliament.uk
Address:
David Smith MP
Unit 13, Telford Court
Morpeth, Northumberland
NE61 2DB

Data Protection Contacts

For any queries regarding data protection, please don’t hesitate to get in touch, and we’ll respond to your query as soon as possible.

Data Protection & Information Governance Lead
Vicky Oakley

Constituency Office Manager

vicky.oakley@parliament.uk

Our Privacy Policies

We take everyone’s right to privacy extremely seriously. Please use the buttons below to view our Website and Office and Casework privacy policy. If you have any questions, don’t hesitate to get in touch.

Our Website Privacy Policy

  1. Data we collect & process
  2. Lawful bases for processing
  3. Where we get information from
  4. How we store information, and for how long
  5. Who we share your data with

1. Data we Collect & Process

Find a breakdown below of the data we collect and process below, alongside our reasons as to why this is necessary. The information is chunked into categories based on the way you interact with us – so if you don’t interact with us in a certain way, then we will not hold any data on you in this regard.

  1. Website Security Data
    We collect or use the following personal information from Security Sensitive Traffic (accessing administrative or backend areas of the site including the login page, or users identified as a potential malicious threat) for Website Security and Threat Prevention:
    • Visitor IP Address
    • Visitor Proxy IP Address
    • URL accessed
    • Complete HTTP header
    • HTTP request body
    • Names of uploaded files if malware is detected within them
    • Country of user
    • Device of user
    • Website Admin Email Addresses
    • Find more information on the WordFence privacy policy page.
  2. Google Analytics Data
    We collect or use the following personal information for Analytics and Web Statistics, when opted-in through accepting our Cookies:
    • User data: information about the user’s device, browser, and operating system, to understand our audience’s technical demographics.
    • Session data: such as session duration, pages visited, and the sequence of pages viewed.
    • Traffic source data: how visitors have arrived at our site.
    • Event data on specific actions or events triggered by users, such as page views, button clicks, product views, file downloads, and custom events as defined by the site owner.
    • Online identifiers, including cookie identifiers, internet protocol addresses (redacted and gives a city-based approximation) and device identifiers; client identifiers
    • We do not make, and do not allow our Google Analytics settings to make, any attempt to find out the identities of those visiting our website. By default, we do not share your data with other Google services.
  3. Cookies:
    • Our website, or third-party providers embedded onto our website (e.g. Google Maps) may utilise cookies to collect or store information on your device, in order to provide website functions, for statistics or marketing and tracking purposes.
    • You can access the full list of Cookies currently used on our site at www.davidsmithnorth.co.uk/cookies
    • Optional cookies are enabled/disabled by expressing your preferences when initially visiting the site. Your preferences are retained for 365 days, but may be changed sooner using the Data Preference menu, or by visiting our Cookies Page.
  4. Email List for Constituency News and Events: For those who opted to complete the ‘Join my Newsletter’ form, or by contacting me you are giving me the consent to sent you further emails about Constituency news and events. You can opt out of this at any time by requesting not the be included in future correspondence. We collect or use the following personal information for Maintaining our Email List and providing Newsletters & Constituency Updates:
    • First Name
    • Surname
    • Email Address
    • Your consent to process the data
    • Logged-in user ID (if logged in with an account on the website)
    • You can unsubscribe from email updates at any time by using the unsubscribe link within our emails, or by contacting us.
  5. Emails: For users who contact David via email, we collect or use the following personal information for responding to your query and providing any ongoing support:
    • First Name
    • Surname
    • Email Address
    • Home Address
    • Phone Number (if provided)
    • The nature of your query (if provided)
    • The content of your message or query
    • Your consent to process the data
    • I would like to send you information about constituency news and events, by contacting me you are giving me the consent to sent you further emails about Constituency news and events. You can opt out of this at any time by requesting not the be included in future correspondence.
  6. Backend Functions
    Our site is hosted by a trusted web host provider, and data is stored securely on Web Servers located within the United Kingdom. Some server access data may be logged by our provider on our server for security, legal compliance, and web hosting purposes. We collect the following data:
    • Server Request Access Logs
      • IP Address
      • Server Request (GET/POST etc.)
      • Device of Requestee
      • Country of Requestee
    • These data are generally only stored for those who make specific requests to the server (e.g. site admins, bots, etc.)
  7. User Login & Profile Information
    We collect infomation about registered users to the website (this is currently limited to site admins). This includes:
    • Profile Picture (if uploaded)
    • Email Address
    • Password (encrypted & secured)
    • Name / Profile Name
    • IP Address for Password Resets
    • Website Bio (if provided)
    • Website Link (if provided)
  • Links to Third-Party Sites: we link to some external sites outwith our jurisdiction, which may process your data on our behalf. This includes the following pages:
    • UK Parliament Webpage: David’s Parlimentary page displays his voting record, contributions to the house, and more. View Parliament’s privacy policy here.
  • Embedded or linked content from other websites:
    • Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites, when enabled, behaves in the exact same way as if the visitor has visited the other website.
    • These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website, and if you agreed to accept the relevant cookies when initially visiting our site.
    • When clicking on links external to the website, your data will no longer be subject to our privacy policy; instead that of the site you have visited.

2. Lawful Bases for Processing

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

  1. Website Security Data
    Our lawful bases for collecting and processing website security data are:
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • collecting data in the interests of data and website security and cybercrime prevention, protecting the website from malicious interference and hacking attempts, protecting user data.
  2. Google Analytics Data
    Our lawful bases for collecting and processing Google Analytics data are:
    • Your Consent (for Statistics Cookies) – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • collecting non-sensitive or identifiable website usage data (e.g. number of pageviews) to provide insights and improve website user experience.
  3. Cookies
    Our lawful bases for using cookies on our site and your device are:
    • Legitimate interests (for Functional Cookies) – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • Functional Cookies are required by websites to support core functions. Without these cookies, the website would not work or perform correctly.
    • Your Consent (on our Cookies Banner, for Optional Cookies) – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  4. Email Newsletter Subscription
    Our lawful bases for collecting, processing and sharing your Email Subscription data within the Office of David Smith MP are:
    • Your Consent (when completing our mailing list form) – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  5. Emails
    Our lawful bases for collecting, processing and sharing your emailed information within the Office of David Smith MP are:
    • Your Consent (when sending the email to us) – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  6. Backend Functions
    Our lawful bases for collecting and processing server backend functions are:
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • collecting data in the interests of data and website security and cybercrime prevention, protecting the website from malicious interference and hacking attempts, protecting user data.
  7. User Login & Profile Information
    Our lawful bases for collecting and processing registered user details (currently limited to site admins) are:
    • Your Consent (when registering an account with us) – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

3. Where we get information from

  • Directly from you;
  • Anyone who submits data on your behalf;
  • From your browser through our cookies;
  • From tags in URLs, such as referrer tags.

4. How we store information, and for how long

We employ in-depth security features including brute force prevention, a firewall, 2-factor authentication, and for administrative users, audit logs, and more, to keep our site secure. Find out how we store your data below.

  1. Website Security Data
    • Stored only for access to administrative or secure pages on the site, or for users with suspicious activity on our main pages (Security Sensitive Traffic);
    • Stored securely on our web server hosted in the United Kingdom by Hostinger;
    • Stored only for 30 days before being deleted.
  2. Google Analytics Data
    • Stored securely in the Google Cloud or on our server. (We hold Data Processing Agreements with all third-party data processors).
    • The maximum time data is stored is 2 months, before being deleted.
  3. Cookies
    • Cookies are stored securely on your browser or device, for seamless user experiences, integrations, statistics, and marketing.
    • We will never set marketing cookies on your device, but some third-party apps embedded onto our site (e.g. Google Maps) may do this.
    • The duration of cookies being set is outlined in our cookie policy.
    • Your cookie preferences are saved for 365 days, after which you will be asked to indicate these again. You can update your preferences at any time by clicking on the banner, or visiting our cookies page.
  4. Email Newsletter Subscription
    • This data is sent and stored securely with our trusted email provider – the privacy policy for this resource can be found here.
    • Your details will remain on our contact database until you unsubscribe (using the link in emails, or by contacting us), or until removed if you do not respond to our periodic re-confirmation emails.
  5. Emailed Messages
    • This data is stored securely on the Parliamentary Email host, accessible by David Smith MP and authorised Office Staff members.
    • We will retain your information for as long as necessary to respond to your query, and any longer as required to comply with our legal obligations.
    • We may subscribe you to our emailing list, you have the right to opt-out from this or unsubscribe at any time.
  6. Backend Functions
    • This data is stored securely on our web server located within the United Kingdom.
    • This data is retained for 7 days.
  7. User Login & Profile Information
    • This data is stored securely on our web server located within the United Kingdom.
    • This data is retained for as long as the account is held on the website.
    • Accounts inactive for over 365 days will be listed for deletion.

5. Who we share your data with

5.1 Data Processors
  1. WordFence Security Network
    Website security functions. We share limited security information (such as the IP Address and HTTP Request Header) with WordFence for threat detection and cybersecurity. WordPress Performance and feedback information may also be sent to the WordFence network. We hold a Data Processing Agreement (DPA) for this information.
    • Subprocessors: Amazon Web Services Inc, Twilio, Freshworks, Mode Analytics, Google LLC.
  2. Google Analytics
    Google Analytics securely stores our sites’ analytics data. A data protection agreement is in place for any data transferred. Google may securely store or transfer data to a sub-processor as listed below.
  3. Action Network (Email Newsletter)
    Action Network (operating as Action Squared, Inc.) securely stores your email address and name, in order to contact you with constituency news and events, if subscribed. We hold a data processing agreement with Action Network.
  4. Password Reset
    If you request a password reset, your IP address will be included in the email.
5.2 Joint Controllers
  1. UK Parliament
    If contacting us by email, information may be securely stored in servers managed by the UK Parliament.
5.3 Other Organisations we may share your data with
  • Relevant regulatory authorities (to comply with legal obligations or reporting requirements, as necessary);
  • Organisations we’re legally obliged to share personal information with (e.g. the Police or Courts, on presentation of a valid warrant).
5.4 Data Sharing Outside of the UK

Keeping with GDPR, we keep data sharing outside of the UK to a strict minimum. We hold Data Processing agreements with all processors we engage with outside of the UK, to meet legal requirements.

We share security data with our security partner (WordFence) as per the details outlined above. Sharing is secure and kept to a strict minimum.

Our mailing list is maintained by ActionNetwork, who may store information outside of the UK in secure servers. We rely on your consent for this when you join our mailing list.

My Office and Casework Privacy Policy

  1. Introduction
  2. Information we Collect & Process
  3. How we use your information
  4. Lawful Basis for Processing
  5. Who we share your data with
  6. Consent for other people
  7. Subject Access Requests
  8. Data Retention
  9. Data Access & Correction
  10. Data Breaches

1. Introduction

I am the Member of Parliament for North Northumberland Constituency. As your MP, it is important that I and my office can take up casework on constituent’s behalf, keep touch with constituents about my work and ask for views on local issues.

Any personal information that you give to me will be handled confidentially by me and the staff in my office, in line with the requirements of the Data Protection Act 1998 and the General Data Protection Regulation (effective 25th May 2018). If you would like information about the Data Protection Act 1998 or GDPR, this can be obtained from the Information Commissioner’s Office (ICO) through their website www.ico.org.uk or advice line 0303 123 1113.

2. Information we Collect & Process

My office collects personal information that is supplied to me in my role as a Member of Parliament. It includes information supplied by my constituents and others in relation to matters which I have been asked to pursue in the interests of individuals and groups who live in my constituency such as, but not limited to:

  • contact details for the constituent.
  • sensitive and non-sensitive personal data in connection with constituency casework.
  • information provided by signatories on petitions.
  • responses to questionnaires.
  • statistical data on the type and number of cases processed for monitoring processes.
  • contact details for the purpose of communicating news and updates.

3. How we use your information

Casework
If you ask me to pursue a matter on your behalf, I will use your information in order to pursue the matter you have raised with me. My staff will see this information, record this data on a secure electronic and contact third party organisations to seek further advice and/or make representations on your behalf. 

Your personal and sensitive personal information may be passed to third party agencies (such as the Department for Work and Pensions, Local Authorities, Home Office etc.) if I believe this to be necessary to pursue the matter you have raised with me.

Sensitive personal data is information about a person’s:

  • racial or ethnic origin;
  • political opinions;
  • religious beliefs;
  • trade union membership;
  • health;
  • sexual life;
  • alleged criminal activity; or
  • court proceedings

If information we hold about you is inaccurate and it has been passed to a third party when dealing with your case, please inform us as soon as possible so that they be contacted in order to correct their records.

Constituency news and events
I would like to send you information about constituency news and events, by contacting me you are giving me the consent to sent you further emails about Constituency news and events. You can opt out of this at any time by requesting not the be included in future correspondence.

4. Lawful Basis for Processing

Under Section 2 of the Data Protection Act, implied consent is a valid form of consent for the purposes of an MP processing personal data in relation to constituency casework. However where there is uncertainty about a constituent’s wishes, further verbal or written consent may be sought.

The Data Protection (Processing of Sensitive Personal Data)(Elected Representatives) Order 2002 (“the order”) provides an additional condition (Schedule 3) so that explicit consent is not always needed when an MP processes sensitive personal data in connection with constituency casework. However, the processing must be fair and lawful.

When a constituent contact me for a reply or assistance, consent will be assumed at the point of contact. Under the GDPR rules consent must be freely given, specific, informed and unambiguous. Should you wish to withdraw your consent at any time, please contact me using the contact details below. 

Occasionally third party organisations require express written consent in addition to the representations from the MP, in this instance you will be requested give me that written consent in order to satisfy the third party organisation that consent was given by the constituent.

5. Data Sharing

When I take up casework on your behalf, it may be necessary for me to share the details you provide with government departments, local authorities and other organisations. I will normally forward a full copy of your communication along with my correspondence, unless you specifically request me to withhold part or all our communication from third parties.

If you have any questions or concerns about how information you provide as part of a casework request is used, please contact me for more information.

Other than in the circumstances above, I will not share personal information with other organisations without your explicit consent.

In order to communicate with you about my work as the MP for North Northumberland Constituency, it may be necessary for me to transfer personal information to countries or jurisdictions outside the EU. In each case, I will take steps to ensure that the suppliers I use comply with the General Data Protection Regulation or are subject to the Privacy Shield scheme agreed between the European Union and the United States.

6. Consent for Other People

If you give me personal information about someone other than yourself, I may need to check the facts with that other person. If you ask me to take action on behalf of a friend or relative I may need to contact that person to confirm that they consent for me to act on their behalf – in some cases I will request that they contact me directly to ensure I have their written permission to deal with their case.

7. Subject Access Requests

Subject access requests, to ask for information my office holds about you, can be made verbally, however you may be requested to provide proof of identification. Please specify in your Subject Access Request what data you require. Subject Access Requests will be processed within one month from the time the request is received by my office.

Under the General Data Protection Regulation, I do not have the permission to release third party identifying information. We will refuse requests that are manifestly unfounded or excessive. Should you require large print, please mention this in your request.

8. Data Retention

All personal data is collected on a secure electronic system. Any paper documents supplied to me are scanned onto the electronic system in the data subject’s case file and securely destroyed immediately or returned to the data subject in the post, if they have requested for their return. There are no paper records kept in my office and all electronic data is retained for a period of six years. You are advised to retain your own copies of correspondence older than six years, should you wish to keep a record of your case.  

By contacting me, you are consenting to receive information about my work, I will only retain your personal information so long as I am the MP for North Northumberland, or you ask not to be contacted further. You are also giving me consent to take your case up with any relevant authority on your behalf.

I will regularly review the personal information I hold to ensure that its use is necessary and proportionate.

9. Data Access & Correction

If you wish to see any information that I hold about you, if you want me to update or correct any personal information that I hold about you, or if you have any queries regarding personal data that I hold about you, please contact my office.

10. Data Breaches

Procedures are in place to detect, report and investigate a personal data breach. The ICO will be notified if the data breach is likely to result in a risk to the rights and freedoms of individuals. We will also notify those concerned directly if the breach is likely to result in a high risks to the rights and freedoms of individuals.

Your Data Protection Rights

Which lawful basis we rely on to process your data may affect your data protection rights, which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website.

  • Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
  • Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
  • Your right to erasure – You have the right to ask us to delete your personal information. You can read more about this right here. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
  • Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
  • Your right to object to processing – You have the right to object to the processing of your personal data. You can read more about this right here.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Page Last Updated:

Sat 7th June 2025, 11:25hrs UTC.
This page is reviewed at least every 3 months to comply with privacy requirements.

Join my Newsletter
Join my Newsletter
Scroll to Top