Terms of Service

These Terms of Service govern your use of the StremarControl website and the provision of our compliance and security operations services. By accessing this website or engaging our services, you agree to be bound by these terms. If you do not agree to these terms, please do not use this website or our services.

1. Introduction and Acceptance

These terms constitute a legally binding agreement between you (whether as an individual or on behalf of the organisation you represent) and StremarControl Ltd, a company registered in England and Wales (Company No. 17022761), with its registered office at 5 Brayford Square, London, England, E1 0SG. These terms apply to all visitors to our website and to all clients engaging our professional services, unless superseded by a separate written agreement.

2. Definitions

In these terms, the following definitions apply:

  • "Services" means the Microsoft 365 compliance operations, control engineering, security configuration, and related services provided by StremarControl Ltd, as described on our website or in a specific engagement agreement.
  • "Client" means the individual or organisation that engages StremarControl Ltd to provide Services under a statement of work or engagement agreement.
  • "Engagement" means a specific project or scope of work agreed between StremarControl Ltd and the Client, typically documented in a statement of work (SOW) or engagement letter.
  • "Deliverables" means the reports, configurations, documentation, recommendations, and other outputs produced by StremarControl Ltd in the course of an Engagement.
  • "Website" means the website located at stremarcontrol.com and all associated subdomains.

3. Scope of Services

The information presented on our Website is provided for general informational purposes only and does not constitute professional advice. It should not be relied upon as a substitute for specific compliance, legal, or technical guidance tailored to your organisation's circumstances.

The specific scope, deliverables, timelines, and fees for any Engagement will be set out in a statement of work or engagement letter agreed between StremarControl Ltd and the Client prior to commencement. Our Services typically include, but are not limited to:

  • Security and compliance configuration across Microsoft 365 and related platforms.
  • ISO 27001 gap analysis, policy development, and alignment support.
  • Regulatory and compliance framework mapping and readiness assessments.
  • Security hardening and assurance reviews.
  • Technical documentation and runbook development.

Any changes to the agreed scope of an Engagement must be documented in a written change request signed by both parties.

4. Intellectual Property

StremarControl Ltd retains all intellectual property rights in its proprietary methodologies, frameworks, tools, templates, and general know-how developed independently or prior to any Engagement. Nothing in these terms or any Engagement agreement transfers ownership of such intellectual property to the Client.

The Client retains all intellectual property rights in their own data, systems, configurations, and proprietary information provided to StremarControl Ltd during an Engagement.

Deliverables produced during an Engagement are licensed to the Client for their internal business use upon full payment of applicable fees, unless otherwise agreed in writing. StremarControl Ltd may retain anonymised and aggregated insights from Engagements for the purpose of improving its methodologies and services.

5. Client Obligations

The Client agrees to:

  • Provide accurate, complete, and timely information as reasonably required for the performance of the Services.
  • Grant timely access to relevant systems, environments, and personnel as agreed in the statement of work.
  • Designate a primary contact who has the authority to make decisions and provide approvals on behalf of the Client.
  • Ensure that any credentials, access tokens, or permissions provided to StremarControl Ltd are appropriate for the agreed scope and are revoked promptly upon completion of the Engagement.
  • Comply with all applicable laws and regulations in relation to the use of Deliverables and any configurations implemented.

Delays or failures resulting from the Client's inability to meet these obligations may affect timelines and are not the responsibility of StremarControl Ltd.

6. Confidentiality

Both parties agree to treat as confidential all information received from the other party that is designated as confidential or that would reasonably be understood to be confidential given its nature and the circumstances of disclosure. This mutual obligation of confidentiality applies by default to all Engagements without the need for a separate non-disclosure agreement, though either party may request a formal NDA.

All Client data, including tenant configurations, security posture information, and compliance documentation, is treated as strictly confidential. StremarControl Ltd will not disclose Client data to any third party, except to authorised subprocessors required for service delivery (who are bound by equivalent confidentiality obligations) or where required by law.

Confidentiality obligations survive the termination of any Engagement for a period of five years, unless a longer period is agreed in writing.

7. Limitation of Liability

To the maximum extent permitted by law, StremarControl Ltd's total aggregate liability arising out of or in connection with any Engagement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the total fees paid by the Client to StremarControl Ltd in the twelve (12) months preceding the event giving rise to the claim.

StremarControl Ltd shall not be liable for any indirect, consequential, special, or incidental losses, including but not limited to loss of profit, loss of data, loss of business opportunity, or reputational damage, howsoever arising.

Nothing in these terms excludes or limits liability for:

  • Death or personal injury caused by negligence.
  • Fraud or fraudulent misrepresentation.
  • Any liability that cannot be excluded or limited under applicable law.

8. Indemnification

The Client agrees to indemnify, defend, and hold harmless StremarControl Ltd, its directors, officers, and employees from and against any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising out of or in connection with:

  • The Client's breach of these terms or any Engagement agreement.
  • The Client's use of Deliverables in a manner not authorised or contemplated by the Engagement.
  • Any inaccurate, misleading, or incomplete information provided by the Client.
  • Any third-party claims arising from the Client's use of configurations or recommendations implemented during an Engagement.

9. Data Processing

Where an Engagement involves the processing of personal data on behalf of the Client, a separate Data Processing Agreement (DPA) will be executed between the parties in accordance with the UK GDPR. The DPA will set out the subject matter, duration, nature, and purpose of processing, as well as the categories of data subjects and types of personal data involved.

Personal data collected through this Website is processed in accordance with our Privacy Policy. By using this Website, you acknowledge that you have read and understood our Privacy Policy.

10. Termination

Either party may terminate an Engagement by providing thirty (30) days' written notice to the other party. Upon termination, the Client shall pay for all Services rendered and expenses incurred up to the effective date of termination.

Either party may terminate an Engagement immediately by written notice if the other party:

  • Commits a material breach of these terms or the Engagement agreement and fails to remedy such breach within fourteen (14) days of receiving written notice of the breach.
  • Becomes insolvent, enters administration, or has a receiver appointed over any of its assets.

Upon termination, StremarControl Ltd will return or securely destroy all Client data in its possession within thirty (30) days, except for data required to be retained to meet legal, regulatory, or professional indemnity obligations, which will be held securely for up to six (6) years.

11. Force Majeure

Neither party shall be liable for any delay or failure to perform its obligations under these terms where such delay or failure results from circumstances beyond that party's reasonable control, including but not limited to: acts of God, pandemic, government action, war, terrorism, civil unrest, power failure, internet or telecommunications failure, cyberattack, or natural disaster. The affected party shall notify the other party promptly and use reasonable efforts to mitigate the impact.

12. Governing Law

These terms and any Engagement agreement shall be governed by and construed in accordance with the laws of England and Wales. Both parties agree to submit to the exclusive jurisdiction of the courts of England and Wales for any disputes arising under or in connection with these terms.

13. Dispute Resolution

In the event of any dispute arising out of or in connection with these terms or any Engagement, the parties agree to follow the escalation procedure below before commencing formal legal proceedings:

  1. Senior management discussion: The dispute shall first be referred to senior management representatives of each party, who shall attempt to resolve the matter through good-faith negotiation within fourteen (14) days.
  2. Mediation: If the dispute is not resolved through negotiation, either party may refer the matter to mediation under the CEDR Model Mediation Procedure. The costs of mediation shall be shared equally between the parties.
  3. Court proceedings: If the dispute is not resolved through mediation within sixty (60) days of referral, either party may commence proceedings in the courts of England and Wales.

14. Severability

If any provision of these terms is found by a court of competent jurisdiction to be invalid, unlawful, or unenforceable, that provision shall be deemed severed from these terms and shall not affect the validity and enforceability of the remaining provisions, which shall continue in full force and effect.

15. Entire Agreement

These terms, together with any applicable statement of work, engagement letter, or data processing agreement, constitute the entire agreement between the parties in relation to the subject matter hereof. These terms supersede all prior discussions, negotiations, representations, and agreements, whether written or oral, relating to such subject matter. No amendment to these terms shall be effective unless made in writing and signed by both parties.

16. Contact

If you have any questions about these Terms of Service, please contact us:

Last updated: March 2026. StremarControl Ltd, Company No. 17022761.