Privacy Policy

This privacy policy explains how StremarControl Ltd collects, uses, stores, and protects your personal data when you visit our website or engage with our services. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

StremarControl Ltd is the data controller responsible for your personal data. We are a Microsoft 365 compliance and security operations firm registered in England and Wales.

  • Company Name: StremarControl Ltd
  • Company Number: 17022761 (England & Wales)
  • Registered Address: 5 Brayford Square, London, England, E1 0SG
  • Email: privacy@stremarcontrol.com
  • Phone: +47 455 86 545

If you have any questions about this policy or how we handle your personal data, please contact us using the details above.

2. What Data We Collect

We may collect and process the following categories of personal data:

Information You Provide Directly

  • Contact form submissions: your name, company name, phone number, email address, and the content of your message.
  • Email correspondence: any personal data included in emails you send to us.
  • Engagement data: information provided during the scoping, delivery, or review of our compliance and security operations services.

Information We Collect Automatically

  • Website analytics: anonymised usage data including pages visited, time on site, referring URLs, and general geographic region. We use Vercel Web Analytics, which is privacy-focused and does not collect personally identifiable information.
  • Cookies: small text files placed on your device to enable essential site functionality and analytics. Please refer to our Cookie Policy for full details.
  • Technical data: browser type, device type, operating system, and screen resolution.

3. Lawful Basis for Processing

We process your personal data on the following lawful bases under Article 6 of the UK GDPR:

  • Legitimate interest (Article 6(1)(f)): We process contact form submissions and enquiry data to respond to your requests and to scope potential engagements. Our legitimate interest is the provision of business-to-business Microsoft 365 compliance and security operations services. We have conducted a legitimate interest assessment and determined that this processing does not override your rights and freedoms.
  • Consent (Article 6(1)(a)): Where we use non-essential cookies or analytics that require consent, we will obtain your explicit consent before processing. You may withdraw consent at any time.
  • Contractual necessity (Article 6(1)(b)): Where we process data in order to fulfil our obligations under a service engagement or statement of work agreed with you or your organisation.
  • Legal obligation (Article 6(1)(c)): Where we are required to process data to comply with a legal or regulatory obligation, such as financial record-keeping requirements.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to enquiries submitted through our contact form or by email.
  • To scope and deliver engagements, including Microsoft 365 security configuration, compliance alignment, and related operational services.
  • To send you information relevant to an ongoing or prospective engagement, where you have requested it.
  • To improve our website, content, and services based on anonymised analytics data.
  • To maintain records for contractual, legal, and regulatory compliance purposes.
  • To investigate and respond to complaints in accordance with our complaints procedure.

We do not use your data for automated decision-making or profiling. We do not send unsolicited marketing emails.

5. Data Sharing

We do not sell, rent, or trade your personal data to any third party. We may share your data with the following categories of recipients where necessary for the purposes described in this policy:

  • Hosting providers: Our website is hosted on Vercel, which processes technical data on our behalf to deliver website content.
  • Email service providers: We use Microsoft 365 for business email, which processes the content of email correspondence.
  • Professional advisors: We may share data with our legal or financial advisors where required, subject to their own confidentiality obligations.

All third-party processors are bound by data processing agreements and are required to process your data only in accordance with our instructions and applicable data protection law.

6. International Transfers

Core Microsoft 365 customer data is hosted within UK regions. Certain telemetry and service-side processing may occur in other regions within the UK or EEA in line with Microsoft and service provider terms and safeguards.

Where any transfer of personal data outside the UK or EEA is required, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office (ICO), or transfers to countries deemed to have adequate data protection by the UK Government.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Enquiry data (contact form submissions and related correspondence): retained for 2 years from the date of last contact, after which it is securely deleted.
  • Website analytics data: retained for 26 months in anonymised form.
  • Client engagement data: retained in accordance with the specific engagement agreement or statement of work. Where no specific retention period is agreed, client data is retained for 6 years following the conclusion of the engagement to meet legal and regulatory requirements.
  • Financial records: retained for 6 years as required by HMRC.

8. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that we correct any inaccurate or incomplete data.
  • Right to erasure: You may request that we delete your personal data where there is no compelling reason for its continued processing.
  • Right to restriction: You may request that we restrict the processing of your data in certain circumstances.
  • Right to data portability: You may request that we provide your data in a structured, commonly used, and machine-readable format.
  • Right to object: You may object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Rights related to automated decision-making: We do not carry out automated decision-making or profiling. Should this change, you would have the right not to be subject to decisions based solely on automated processing.

To exercise any of these rights, please contact us at privacy@stremarcontrol.com. We will respond to your request within one calendar month.

9. Cookies

Our website uses cookies to ensure essential functionality and to gather anonymised analytics data. For full details on the cookies we use, their purpose, and how to manage your preferences, please refer to our Cookie Policy.

10. Children's Data

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a person under 16, please contact us immediately and we will take steps to delete that data.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically. Where changes are significant, we will make reasonable efforts to notify affected individuals.

12. Contact and Complaints

If you have any questions, concerns, or requests regarding this privacy policy or our handling of your personal data, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Last updated: March 2026. StremarControl Ltd, Company No. 17022761.