Privacy and data protection laws are designed to protect the confidentiality and integrity of personal information. Sheringham Shoal and Dudgeon Extensions ProjCo Limited is committed to respecting the privacy rights of our employees, contractors, suppliers, partners, website users, and others we interact with.
We process personal data only for appropriate and clearly defined purposes, and in line with applicable data protection legislation and internal governance requirements.
Who is the data controller?
The data controller will be Sheringham Shoal and Dudgeon Extensions ProjCo Limited for the processing described in this notice, unless a specific notice states otherwise (for example, where another group entity or partner is the controller for a particular activity). If you are interacting with us through a specific service, contract, or local website, the controller may be the entity operating that service or website.
This website (https://ssdewindfarm.co.uk) is operated by Sheringham Shoal and Dudgeon Extensions ProjCo Limited, which acts as controller for personal data collected through your use of this site.
2.1 General
We process personal data about employees and external personnel who work on our premises or use our systems. We also process personal data about individuals who are not employed or engaged by us (this notice is primarily aimed at those individuals).
We aim to ensure that personal data is:
● processed lawfully, fairly, and transparently;
● collected for specified, explicit purposes and not used in incompatible ways;
● adequate, relevant, and limited to what is necessary; and
● kept accurate and up to date.
We will typically process personal data where it is necessary to:
● run our operations and provide services;
● manage legitimate business interests (e.g., supplier and stakeholder management);
● comply with legal or contractual obligations; and/or
● where you have given consent (which you can withdraw at any time). Withdrawing consent does not affect processing that took place before withdrawal.
We take appropriate technical and organisational measures to protect confidentiality, integrity, and availability of personal data. We retain personal data only for as long as necessary for the relevant purpose and/or as required by law. For more detail on retention periods, contact us using the details in section 5.
We may use trusted third-party service providers to process personal data on our behalf (for example, IT, hosting, communication tools, or professional advisers). Where we do so, we put appropriate safeguards in place.
Below are examples of purposes for which we may process personal data (only those relevant to our activities will apply):
2.2 Procurement and other business-relationship activities
We may process personal data as needed to procure goods and services, manage suppliers/contractors, administer contracts, and support related compliance activities (including human rights and due diligence where relevant).
This typically includes contact details and other business-related information. The legal basis is usually performance of a contract and/or our legitimate interests in managing business relationships effectively.
We may share personal data with third parties for specific business purposes (for example, professional advisers, service providers, partners, and public authorities). Where appropriate, we require recipients to protect the data and use it only for the agreed purpose.
We may also disclose personal data in connection with corporate changes (such as reorganisation, merger, acquisition, or similar transactions) or where required to comply with legal obligations or lawful requests from authorities.
2.3 Integrity / compliance due diligence (where applicable)
We may carry out integrity or compliance due diligence on counterparties to understand who we are doing business with and to meet legal and governance obligations. In some cases this may involve processing personal data.
Depending on the circumstances, this can include contact information and role-related details, and where necessary, information relevant to compliance checks (e.g., sanctions screening results). The legal basis is typically legal obligation and/or legitimate interests, and where applicable, establishing, exercising, or defending legal claims.
2.4 Reporting channels / ethics helpline (where applicable)
Where we operate reporting channels (for example, an ethics or whistleblowing line), we may process personal data submitted through those channels in order to receive, assess, investigate, and respond to reports.
Because of the nature of reporting, information may sometimes include sensitive data. The legal basis is typically our legitimate interests, compliance with legal obligations, and/or establishing, exercising, or defending legal claims (and where required, other lawful bases under applicable legislation).
2.5 Grievance mechanisms (where applicable)
In some locations or projects, we may operate grievance mechanisms so individuals or communities can raise concerns relating to our activities. The personal data processed typically includes contact details and information needed to investigate and respond.
The legal basis is typically legitimate interests and/or legal obligations, depending on the context.
2.6 Website and cookies
We use cookies and similar technologies to operate our website and improve user experience. Please see our Cookie Policy at: https://ssdewindfarm.co.uk/cookie
For clarity, we group personal data we may process into categories. Not all categories apply in every situation.
We may process:
● Contact information: name, address, telephone number, email address, job title, organisation.
● Recruitment information (if applicable): application, CV, references, assessments, interview notes, right-to-work documentation.
● Human resources / workforce information (if applicable): employment details, qualifications, identification information, payroll-related information, emergency contact/next-of-kin details (where permitted/required).
● Communications and engagement information: correspondence with us, event registrations (including dietary/accessibility requirements where you provide them), preferences for communications, and (where relevant) online identifiers such as IP address and website usage data.
We may collect personal data:
● directly from you;
● through business interactions (e.g., during contracting or stakeholder engagement);
● from your employer (e.g., where a contractor provides details about personnel);
● from service providers acting on our behalf; and/or
● from publicly available sources (where appropriate).
Where personal data is transferred to recipients outside the UK/EEA (as applicable), we apply appropriate safeguards required by law (for example, standard contractual clauses or other recognised transfer mechanisms), and we take steps to ensure an appropriate level of protection.
Depending on your location and applicable law, you may have rights such as:
● access to your personal data;
● rectification;
● erasure;
● restriction or objection to processing; and
● data portability (in certain cases).
To ask questions or exercise your rights, contact:
Data Protection contact / DPO:
Email: gm_ukdpo@equinor.com
Postal address:
Sheringham Shoal and Dudgeon Extensions ProjCo Limited, One Kingdom Street, London W2 6BD
If you believe we have not handled your personal data appropriately, you may have the right to lodge a complaint with your relevant data protection authority.
Relevant authority: Information Commissioner’s Office (ICO).
If you provide services or interact with individuals in specific jurisdictions (for example, California, Japan, Brazil), additional notices may apply. Where relevant, we will provide those notices on this page or via links.
We may update this privacy policy from time to time. If changes are significant, we will provide a clear notice on this website. We encourage you to review this page periodically.
Last updated: 25th March 2026