====================================

Last updated: 5 January 2026

This Privacy Policy explains how Fenimore Harper Ltd (trading as “Fenimore Harper Communications”) collects and processes personal data in connection with its website and the “Daily TikTok Briefing” email service.

This policy is provided for the purposes of the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”).

1\. Data Controller and Contact Details

---------------------------------------

Controller: Fenimore Harper Ltd (“Fenimore Harper”, “we”, “us”, “our”).

Fenimore Harper Ltd determines the purposes and means of processing personal data described in this policy and is therefore the data controller.

Contact (data protection enquiries):

Email: marcus@fenimoreharper.com

2\. Scope

---------

This policy applies to personal data we process when you:

visit or interact with our website;

subscribe to receive the Daily TikTok Briefing;

opt in to receive Fenimore Harper product and service updates;

3\. Personal Data We Collect

----------------------------

We may collect and process the following categories of personal data:

3.1 Subscription and account-related data

email address;

name (if provided);

organisation / employer name (if provided);

job title / role (if provided);

subscription preferences (e.g., briefing and/or product updates);

records evidencing your subscription and preferences (e.g., date/time of submission, form content presented, and preference selections where captured).

3.2 Communications data

the content of communications you send to us (including emails);

contact details and metadata associated with those communications.

3.3 Website and device data

IP address;

device identifiers and browser type/version;

operating system;

referral source, pages viewed, navigation paths, and interactions;

approximate location derived from IP address.

3.4 Email engagement data (where enabled by our email delivery infrastructure)

delivery status (sent, bounced);

unsubscribes and preference changes;

open and click activity where supported by the email provider and your email settings.

4\. Purposes of Processing and Lawful Bases

-------------------------------------------

We process personal data only where we have a lawful basis under UK GDPR. The purposes for which we process personal data, and the relevant lawful bases, include:

4.1 Provision of the Daily TikTok Briefing

Purpose: to send you the Daily TikTok Briefing by email on weekday mornings at approximately 06:30, and to administer subscriptions (including handling bounces, unsubscribes, and technical delivery issues).

Lawful basis: legitimate interests (Article 6(1)(f) UK GDPR) in operating and administering a subscriber-requested informational email service; and/or performance of a contract (Article 6(1)(b)) where the subscription constitutes a service you have requested.

4.2 Product and service updates (marketing)

Purpose: to send you periodic updates (typically no more than monthly) about Fenimore Harper products and services.

Lawful basis: consent (Article 6(1)(a)) and/or legitimate interests (Article 6(1)(f)) where permitted by PECR and applicable marketing rules. You may withdraw consent at any time by using the unsubscribe mechanism in the relevant email or by contacting us.

4.3 Responding to enquiries and business communications

Purpose: to respond to requests, enquiries, or correspondence; to manage business relationships; and to keep administrative records of those interactions.

Lawful basis: legitimate interests (Article 6(1)(f)) in operating our business and communicating with stakeholders; and/or performance of a contract (Article 6(1)(b)) where communications relate to a service arrangement.

4.4 Website operation, analytics, and security

Purpose: to operate, maintain, and secure our website; to monitor performance; to prevent fraud, abuse, and unauthorised access; and to understand general usage patterns to improve the website and service.

Lawful basis: legitimate interests (Article 6(1)(f)) in operating a secure and effective website.

Where non-essential cookies or similar technologies are used, processing is based on consent where required.

4.5 Compliance and legal claims

Purpose: to comply with legal obligations and regulatory requests; to establish, exercise, or defend legal claims.

Lawful basis: legal obligation (Article 6(1)(c)) and/or legitimate interests (Article 6(1)(f)), as applicable.

5\. Marketing Communications and Unsubscribe

--------------------------------------------

You may unsubscribe from the Daily TikTok Briefing and/or marketing updates at any time using the unsubscribe link included in the relevant emails (or equivalent opt-out mechanism), or by contacting us at [marcus@fenimoreharper.com](mailto:marcus@fenimoreharper.com).

We may retain limited information necessary to ensure we respect your opt-out preferences (see Section 10).

6\. Brand Permission: Use of Organisation Name and Logo

-------------------------------------------------------

Fenimore Harper may request or rely on explicit permission to display an organisation’s name and/or logo (for example, on our website as a subscriber or client reference).

Where such permission is granted, it is treated as a brand/trade mark permission and is distinct from personal data processing; however, it may be associated with subscriber records for evidential and operational purposes.

If you grant permission, you represent and warrant that:

1. you are authorised to grant such permission on behalf of the relevant organisation; and

2. the organisation grants Fenimore Harper a non-exclusive, worldwide, royalty-free, revocable licence to display the organisation’s name and logo solely for the purpose of identifying the organisation as a subscriber and/or client of Fenimore Harper, without implying endorsement.

Revocation: Permission may be withdrawn at any time by emailing [marcus@fenimoreharper.com](mailto:marcus@fenimoreharper.com). Following revocation, we will remove the organisation’s name/logo from future marketing outputs and, where reasonably practicable, from public website materials within a reasonable period.

7\. Recipients of Personal Data and Processors

----------------------------------------------

We may share personal data with third parties only where necessary for the purposes set out in this policy, including:

website hosting and website-form infrastructure providers;

email delivery and mailing list management providers;

analytics, security, and performance monitoring providers;

professional advisers (legal, accounting, or compliance) where necessary;

law enforcement or regulators where required by law.

Where third parties process personal data on our behalf, they act as processors and are required to process personal data only on our instructions and with appropriate security measures.

8\. International Transfers

---------------------------

Some service providers may process personal data outside the United Kingdom. Where personal data is transferred internationally, we implement appropriate safeguards as required by UK GDPR, which may include:

the UK International Data Transfer Agreement (IDTA); and/or

the UK Addendum to the EU Standard Contractual Clauses; and/or

other legally recognised safeguards.

9\. Security

------------

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include access controls, least-privilege permissions, and secure service provider configurations. No method of transmission or storage is completely secure; however, we take reasonable steps to protect personal data.

10\. Data Retention

-------------------

We retain personal data only for as long as necessary for the purposes set out in this policy, including:

Daily TikTok Briefing subscription data: retained for as long as you remain subscribed and for a limited period thereafter for operational continuity and record-keeping.

Marketing consent records and preference data: retained for as long as required to demonstrate compliance and manage preferences.

Suppression (opt-out) records: retained for as long as necessary to ensure we do not send communications contrary to your opt-out request.

Correspondence records: retained for as long as reasonably necessary to manage the relationship and for evidential purposes.

Website logs and analytics: retained in accordance with operational needs and provider retention settings, subject to minimisation.

Where longer retention is necessary to comply with legal obligations or to establish, exercise, or defend legal claims, we will retain relevant data for that period.

11\. Cookies and Similar Technologies

-------------------------------------

Our website may use cookies and similar technologies to operate and improve the site. Cookies may include essential cookies required for core functionality and, where enabled, non-essential cookies for analytics or performance measurement.

Where non-essential cookies or similar technologies are used and consent is required, we will seek consent through an appropriate consent mechanism.

12\. Your Rights

----------------

Subject to applicable law and exceptions, you have the following rights under UK GDPR:

Right of access to your personal data;

Right to rectification of inaccurate or incomplete personal data;

Right to erasure (in certain circumstances);

Right to restrict processing (in certain circumstances);

Right to data portability (where applicable);

Right to object to processing based on legitimate interests;

Right to withdraw consent at any time where processing is based on consent (withdrawal does not affect the lawfulness of processing before withdrawal).

To exercise your rights, contact [marcus@fenimoreharper.com](mailto:marcus@fenimoreharper.com). We may need to verify your identity before responding.

13\. Complaints

---------------

If you are dissatisfied with how we process personal data, you may contact us at marcus@fenimoreharper.com. You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.

Changes to This Policy

---------------------------

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when this policy was last revised. Continued use of the website and/or subscription to the service after changes take effect constitutes acceptance of the updated policy.