Version 2026-06-03
Privacy Policy
Effective date: 3 June 2026
Controller
Swiss Rotor Services AG, Winterhaldenstrasse 14 A, CH-3627 Heimberg, UID CHE-227.898.128, info@swissrotorservices.com, is responsible for the MySRS Customer Portal.
Portal data
MySRS processes account details, company contacts, shipping addresses, access requests, uploaded documents, editable PDF form revisions, spare-parts orders, payment status, technical session data, login attempts and audit logs.
Purposes and legal basis
Data is processed to provide protected documents, manage customer access, process spare-parts orders, support security operations, meet legal retention duties and handle data subject requests. Processing is based on contract performance, legitimate security interests, legal obligations and consent where required.
Security
The portal uses HTTPS-only production configuration, secure HTTP-only session cookies, bcrypt password hashing, administrator MFA, private document storage, server-side permission checks, rate-limited login and access request flows, security headers, audit logs and restricted backup/restore procedures.
Recipients and hosting
Portal data is hosted for Swiss Rotor Services operations. Production infrastructure is designed for PostgreSQL, private object storage, transactional email delivery and payment processing where enabled. Service providers may process data only for the configured portal purpose.
International users
MySRS is intended for customers worldwide. Where GDPR applies, Swiss Rotor Services handles access, correction, erasure, restriction, objection and portability requests according to GDPR rights and applicable Swiss law.
Retention and deletion
Account and document data is retained while portal access, customer support, order fulfilment, warranty, tax, export-control or legal defence purposes require it. File deletions move private objects into restricted recovery storage for the configured retention period. Customer deletion requests are reviewed against legal retention duties before removal or restriction.
Data breaches
Security incidents are assessed without delay. Where Swiss law requires notification because a breach is likely to result in a high risk, Swiss Rotor Services will notify the FDPIC and affected persons as required. Where GDPR applies, supervisory authority notification is handled within the statutory 72-hour window where feasible.
Contact
Privacy requests, deletion requests and security notices can be sent to info@swissrotorservices.com with the subject "MySRS privacy request".