Digital Ethics Policy

V2.3  |  05/01/2026

Digital Ethics Policy

At Summerdown, we pass all our operations through our Purpose – Reconnecting people and place so that both might thrive

As a family-run business with deep ties to the land and the community who call it home, success is never achieved at the expense of people or the planet. Our regenerative approach extends beyond the farm; it permeates every aspect of our business, from product development to our digital strategies. We recognise the need to be good stewards of and for all we are responsible to. Active stewardship isn’t just about reducing harm—it’s about actively promoting diversity and embracing nature-positive practices in every area of our operations.

This way of working ensures that every action we take is grounded in ethical decision-making and fairness. It helps guides our approach to our use of digital tools and technology, where we recognise the power—and responsibility—that comes with the use of technology. Our digital ethics policy seeks to incorporate these principles.


1. Purpose

This policy establishes the principles and guidelines that govern the ethical use of digital tools, data, and technology across our business. We commit to using digital resources responsibly, ensuring that we operate with integrity, respect privacy, and align with our values.

2. Scope

This policy applies to all employees, partners, and third-party contractors who access, manage, or develop digital systems or data for our company. It includes all digital activities, from customer interactions to data collection, processing, and storage.

3. Core Principles

3.1 Integrity

At Summerdown, we are committed to being open about our digital processes, reflecting our Integrity Without Compromise value. This means providing clear information to users on how we collect, store, and use their data. When engaging with digital platforms—whether for product development, marketing, or customer service—we ensure that all stakeholders understand the purpose and scope of our data collection and processing activities.

Example of Integrity in Practice

At Summerdown, transparency in digital processes is essential. For instance, we have consistently made it clear to customers what we will do with their data at every interaction. This includes having our privacy policy readily available, using a double opt-in method for newsletter sign-ups, and limiting the number of cookies on our website to avoid unnecessary tracking. These practices ensure that our customers’ privacy is respected, even when it requires additional measures to uphold transparency. Having this policy available online is another example of ensuring we are always acting with integrity when it comes to our digital footprint.

3.2 Privacy and Data Protection

We steward personal and sensitive data with care, acknowledging that each individual’s privacy is not just a legal obligation but a matter of human dignity. Adhering to GDPR and other privacy regulations, we ensure that:

  • Data is only collected with explicit consent and for specific purposes.
  • Individuals have the right to access, modify, or delete their data at any time.
  • We use industry-standard encryption and security protocols to protect all data in our care.
  • We do not share personal information with third parties without explicit consent unless required by law.
  • For our formal GDPR policy please see Appendix 1.
Example of Privacy in Practice

Summerdown goes beyond legal obligations such as GDPR by deliberately limiting the number of cookies active on our website. We believe that our customers should not feel overly tracked or followed after engaging with us online. In the same way that it would be intrusive for a shopkeeper to follow someone out of their store, we ensure that our website’s cookie usage is minimal, necessary, and respectful of visitors' privacy, reflecting our commitment to protecting human dignity in the digital space.

3.3 Environmental Sustainability

Digital operations, like all aspects of business, have an impact on the environment. We seek to minimize this impact by:

  • Using energy-efficient technology solutions.
  • Continuously improving the sustainability of our digital infrastructure.
  • We commit to practices that reflect our care for the planet, ensuring that our digital choices foster regeneration, allowing nature and our community to thrive together.
Example of Environmental Sustainability in Practice

At Summerdown, we are mindful of the environmental impact of our digital infrastructure. We use managed platforms that actively report on their environmental footprint, enabling us to make informed and responsible decisions. This approach helps us ensure that our digital operations align with our regenerative ethos, allowing us to minimise harm and promote sustainability across all aspects of the business.

3.4 Security and System Integrity

The integrity of our digital systems is paramount to safeguarding trust. We employ rigorous security measures to protect against breaches, unauthorised access, and misuse of data, including:

  • Use of firewalls, encryption, and multi-factor authentication (MFA) across all platforms.
  • Clear protocols for data breaches, ensuring swift response to mitigate any potential harm.
Example of Security and System Integrity in Practice

Although we have not experienced any major breaches, Summerdown is committed to maintaining a high level of digital security. We employ proactive measures such as regular vulnerability assessments, firewalls, encryption, and multi-factor authentication (MFA) to safeguard data and prevent unauthorised access. These protocols help us mitigate risks and ensure the integrity of our digital systems, providing peace of mind to our customers and partners.

4. Ethical Use of AI and Automation

At Summerdown, technology—including AI—is a tool that supports our team’s creativity and judgment. It enhances, rather than replaces, the deep, relational work of connecting with our partners and customers. Artificial Intelligence (AI) and automation can greatly enhance operations, but they must be used responsibly:

  • We believe that technology should serve, not replace, human judgment and creativity. In our use of AI, we ensure transparency, so that every decision supports, rather than undermines, relational trust and fairness.
  • AI models are regularly audited to prevent the transfer of biases and ensure fairness.
  • We will not use AI for invasive data gathering or profiling that breaches privacy or ethical standards.
Example of Ethical Use of AI in Practice

When developing this very policy, Summerdown utilised AI in a way that aligns with our values of transparency and fairness. Rather than relying on broad, internet-based data sources, which can be prone to inaccuracies and hallucinations, we trained a GPT model on our internal documentation and Summerdown-created content. This approach ensured that the AI-generated outputs reflected our unique knowledge base and avoided biases or misleading information, maintaining trust and integrity in the process.

At Summerdown, we believe that AI is a tool, not a creator. It is always people who create, develop, and publish content. Where used, AI will always support human decision-making at Summerdown, but the real work of trust, creativity, and responsibility will remain firmly in human hands.

5. Responsible Digital Marketing

In line with our commitment to ethical marketing, we:

  • Avoid manipulative digital tactics that treat people as mere data points. Instead, we seek to engage individuals as whole persons, fostering genuine connection and mutual respect in every interaction.
  • Avoid promoting a ‘consumption’ and ‘scarcity’ mindset. Instead, we foster an ‘abundance’ mindset, reflecting our nature-positive values.
  • Provide clear opt-out mechanisms for all targeted marketing communications.
  • Ensure all customer data used for marketing purposes is anonymized and aggregated wherever possible.
  • When considering the platforms we operate on we will use a framework developed and open for review in Appendix 2.
Example of Responsible Digital Marketing in Practice

At Summerdown, we intentionally avoid using manipulative ‘scarcity’ tactics like limited-time promotions or heavy discounts to drive sales. Instead, we focus on authentic marketing that highlights who we are, what we do, and why we do it. Our mission to restore through peppermint extends to our digital marketing, where we aim to create moments of connection that restore and uplift, rather than agitate or pressure those interacting with us.

6. Ethical Data Governance

We are committed to managing data ethically across all touchpoints. This means:

  • Minimizing data collection to only what is necessary for business purposes.
  • Storing data only for as long as it is needed and deleting or anonymizing it when no longer required.
  • Following strict data retention schedules to ensure responsible management of all data.
Example of Ethical Data Governance in Practice

As part of our commitment to ethical data management, Summerdown has implemented rules to regularly review and remove inactive email accounts from our newsletter subscriber list. If an email account shows no interaction with our communications over a set period, we suppress and ultimately remove it from our mailing list. This ensures that we only retain data that is actively used and necessary, aligning with our values of minimising data collection and respecting individual privacy.

7. Compliance and Accountability

Compliance with this policy is mandatory across all levels of the business. Every team member is responsible for upholding these ethical standards. To maintain accountability:

  • We will regularly review digital projects to ensure they meet our ethical standards.
  • We will address any ethical concerns related to new technologies or digital initiatives.
  • Any reported violations of this policy will be resolved promptly and transparently.
Example of Compliance and Accountability in Practice

This updated Digital Ethics Policy was developed in response to the growing variety of digital interactions Summerdown is involved with as a company. By creating this document, we ensure that our digital decisions are made more consistently and ethically. It also provides a transparent framework for partners and customers to question and engage with our digital practices, fostering accountability and trust across all levels of interaction.


Appendix 1 – General Data Protection Regulation (GDPR) Compliance Policy

This GDPR policy outlines how Summerdown ensures compliance with the General Data Protection Regulation (GDPR) in the handling of personal data.

1. Purpose

The purpose of this policy is to ensure that Summerdown complies with GDPR, safeguarding the personal data of all individuals we interact with. We commit to processing personal data lawfully, fairly, and transparently, while respecting the rights and privacy of data subjects.

2. Scope

This policy applies to all employees, contractors, and partners who process personal data on behalf of Summerdown. It covers all personal data processed within our digital systems, including customer, supplier, employee, and partner information.

3. Core Principles of Data Processing

Summerdown commits to upholding the following GDPR principles in all data processing activities:

  • Lawfulness, Fairness, and Transparency: We process personal data in a lawful, fair, and transparent manner. Individuals are informed about how their data will be used, ensuring clear and accessible communication at all stages.
  • Purpose Limitation: Personal data is collected for specified, legitimate purposes and not processed in any way incompatible with those purposes.
  • Data Minimisation: We collect only the personal data necessary for the intended purpose, avoiding excessive or irrelevant data collection.
  • Accuracy: All personal data held is kept accurate and up to date. Individuals have the right to request corrections to inaccurate data.
  • Storage Limitation: Personal data is stored only for as long as necessary to fulfil the purpose for which it was collected, after which it is deleted or anonymised.
  • Integrity and Confidentiality: Personal data is processed securely, with appropriate technical and organisational measures in place to protect it against unauthorised access, alteration, or disclosure.

4. Individual Rights

In compliance with GDPR, Summerdown ensures that individuals can exercise the following rights:

  • Right to Access: Individuals can request access to their personal data and information about how it is processed.
  • Right to Rectification: Individuals can request corrections to any inaccurate or incomplete personal data held by Summerdown.
  • Right to Erasure (Right to be Forgotten): Individuals can request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected, or if they withdraw consent.
  • Right to Restrict Processing: Individuals can request restrictions on the processing of their personal data under certain circumstances.
  • Right to Data Portability: Individuals can request that their personal data be transferred to another organisation in a structured, commonly used format.
  • Right to Object: Individuals have the right to object to the processing of their personal data, including for direct marketing purposes.
  • Rights in Relation to Automated Decision-Making and Profiling: Individuals have the right to not be subject to decisions based solely on automated processing that significantly affects them.

5. Data Security

We implement industry-standard security measures to protect personal data, including:

  • Encryption of personal data during transfer and storage.
  • Secure access controls and password protection.
  • Regular vulnerability assessments and updates to security protocols.

6. Data Breaches

In the event of a data breach:

  • Internal Reporting: Any data breach is reported immediately to the Data Protection Officer (DPO).
  • Notification: If the breach poses a risk to the rights and freedoms of individuals, it will be reported to the relevant supervisory authority within 72 hours.
  • Communication with Data Subjects: If the breach poses a high risk to individuals’ rights and freedoms, those affected will be informed promptly.

7. Third-Party Data Sharing

We will not share personal data with third parties unless:

  • Legal Requirement: It is required by law.
  • Contractual Necessity: It is necessary for fulfilling contractual obligations, with the individual’s consent or under GDPR provisions.

Any third party that processes personal data on our behalf will comply with GDPR and enter into a data processing agreement (DPA) to ensure the same level of protection.

8. Data Protection Officer (DPO)

Our appointed DPO is responsible for ensuring GDPR compliance, providing guidance, and responding to any data protection issues. They also act as the contact point for supervisory authorities.

9. Data Retention

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected. Once no longer required, the data will be securely deleted or anonymised.

10. Updates to this Policy

We will review and update this GDPR policy as necessary to ensure ongoing compliance with the law. Any significant changes will be communicated to all employees, partners, and stakeholders.

For any questions or to exercise your rights under GDPR, please contact:

This policy serves as a guide for ensuring that Summerdown remains compliant with GDPR regulations and continues to handle personal data in a manner that reflects our commitment to privacy, integrity, and respect for individuals.


Appendix 2 - Digital Platform Assessment Framework

This framework helps evaluate whether a digital platform aligns with our core ethical principles before deciding to engage. It incorporates a structured Risk/Benefit Analysis alongside specific guiding questions from our Platform Alignment Checklist to ensure consistency with our values.

1. Benefits

This section evaluates the positive potential of engaging with a platform, ensuring alignment with our mission and values.

1.1 Brand Alignment

  • Question: Does the platform allow us to tell our brand story effectively and authentically?
  • Consideration: Assess how the platform’s format (e.g., visual, text-based, interactive) supports your ability to communicate your mission, values, and products authentically.

1.2 Audience Reach

  • Question: Does the platform provide access to an audience that is aligned with our values and willing to engage meaningfully?
  • Consideration: Analyse the demographics and engagement patterns of the platform’s user base to determine whether it facilitates building genuine, lasting relationships with your customers.

1.3 Innovation & Growth

  • Question: Could engaging with this platform help us strengthen relationships with our community and partners while maintaining our ethical standards?
  • Consideration: Evaluate whether the platform offers new opportunities for growth (e.g., increasing sales, brand awareness, or partnerships) that align with your ethical approach to business.

2. Risks

This section highlights potential negative impacts of engaging with a platform, with questions to guide you in assessing ethical concerns.

2.1 Data Privacy Concerns

  • Questions:
    • Does the platform comply with GDPR and other privacy regulations relevant to our business?
    • Does the platform provide users with control over their data (e.g., easy opt-in/out mechanisms)?
    • Does the platform limit intrusive tracking, such as excessive cookies and profiling?
  • Consideration: Review the platform’s data collection practices and user control over personal data to determine whether it respects user privacy in line with your standards.

2.2 Environmental Impact

  • Questions:
    • Has the platform committed to reducing its environmental impact, such as using renewable energy for its data centres?
    • Does using this platform contradict or complement our sustainability goals?
  • Consideration: Examine the platform’s environmental impact reports, where available, and evaluate whether your engagement contributes to or detracts from our environmental commitments.

2.3 Marketing Ethics

  • Questions:
    • Does the platform enable authentic, respectful engagement without manipulative tactics?
    • Is there a risk of the platform promoting a consumption / scarcity mindset, which conflicts with our philosophy?
  • Consideration: Assess how the platform’s algorithm or engagement mechanisms might push users toward consumption-driven behaviour, and whether this aligns with our commitment to fostering genuine, ethical connections.

2.4 Ethical Data Governance

  • Questions:
    • Does the platform collect and retain only the data necessary for business purposes?
    • Are there clear data deletion policies, and do they align with our standards for ethical data use?
  • Consideration: Investigate the platform’s data retention policies and ensure they comply with our principles of minimizing data collection and ensuring timely deletion.

3. Risk/Benefit Summary

After reviewing the above sections, provide a summary of the key risks and benefits identified.

  • Overall Benefit: Does the platform’s potential for brand alignment, audience engagement, and growth outweigh the ethical risks?
  • Overall Risk: Are the platform’s privacy, environmental, marketing, or data governance risks significant enough to outweigh potential benefits?

4. Decision

Based on the analysis, decide on the level of engagement with the platform:

  • Full Engagement: The platform aligns with most or all of our ethical standards, and the benefits outweigh the risks.
  • Limited Engagement: The platform presents some ethical concerns, but we can engage with restrictions to mitigate risks.
  • No Engagement: The platform does not align with our values, and the risks significantly outweigh any potential benefits.

V2.3  |  05/01/2026