Privacy Notice

Privacy Notice

(As of July 28, 2025)

Regardless of whether you are a customer of ours, an interested party, or a visitor to our website, we, RSB Retail+Service Bank GmbH, are pleased about your visit to our website www.rsb-bank.de and your interest in our company. The protection of your personal data is an important concern for us.

Below, we provide you with insight into what personal data we collect from you and how we process it when you visit this website. Furthermore, you will receive an overview of the rights you are entitled to under applicable data protection law. We will also inform you about your contact persons if you have further questions.

Some sections of our websites may contain links to websites of third-party providers. These websites are subject to their own data protection principles. We are not responsible for their operation, including how data is handled. If you send information to or via such third-party websites, you should review the privacy statements of those sites before providing any personally identifiable information.

1. General Information

1.1 Contact Details of the Controller and Data Protection Officer

Controller in the sense of the GDPR:

RSB Retail+Service Bank GmbH
Bahnhofstraße 82
70806 Kornwestheim
Email: datenschutz(at)rsb-bank.de 
Phone: +49-7154-206-9
Fax: +49-7154-206-7009

We have appointed the following data protection officer:

2B Advice GmbH
Joseph-Schumpeter-Allee 25
53227 Bonn
Email: datenschutz(at)rsb-bank.de 
Phone: +49-228-9261-65-120
Fax: +49-228-9261-65-109

1.2 Definitions

What is personal data?
Personal data is any information relating to an identified or identifiable natural person. This includes information such as civil name, address, telephone number, and date of birth.

What does the term processing mean?
Processing of personal data includes activities such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination, or otherwise making available, aligning or combining, restricting, erasing, or destroying personal data.

2. How and Why Do We Collect Your Personal Data?

2.1 Website Access

Informational Use of the Website
You can visit our website without providing personal information. If you use our website for informational purposes only and do not provide personal information otherwise, we do not process personal data, except for data transmitted by your browser.

Technical Provision of the Website
To technically provide the website, it is necessary that we process certain automatically transmitted information so that your browser can display our website. These are:

  • IP address
  • Browser type/version
  • Browser language
  • Operating system
  • Inner browser window resolution
  • Screen resolution
  • JavaScript enabled
  • Java enabled/disabled
  • Cookies enabled/disabled
  • Color depth
  • Time of access

We process your personal data for the technical provision of our website on the basis of the following legal grounds:

  • For the performance of a contract or to carry out pre-contractual measures according to Art. 6 para. 1 lit. b GDPR, insofar as you visit our website to inform yourself about our products; and

  • To safeguard our legitimate interests according to Art. 6 para. 1 lit. f GDPR, to be able to technically provide you with the website. Our legitimate interest is to provide you with an attractive, technically functional, and user-friendly website as well as to take measures to protect our website against cyber risks and to prevent cyber risks from emanating from our website to third parties.

Data is only stored for the duration of your visit and deleted after you leave the site.

SSL/TLS Encryption
For security and to protect confidential content (e.g., orders or inquiries), this site uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” and the lock icon in your browser.

With encryption enabled, data you transmit cannot be read by third parties.

External Hosting
Our website is hosted by an external provider. All collected personal data is stored on their servers.

2.2 Online Banking

When you use our online banking services, we process personal data (e.g., name, account details, transfer data, transaction information) in order to provide you with banking services such as account access, transfer orders, and account balance inquiries via our online platform.

The processing of this data is carried out for the purpose of fulfilling our contract with you in accordance with Article 6(1)(b) of the GDPR. Where legal obligations exist (e.g., commercial or tax-related retention obligations), processing is additionally carried out on the basis of Article 6(1)(c) of the GDPR.

Recipients of your data include, among others, the payment service providers of the payment recipient and technical service providers involved in the execution of online banking. In the case of cross-border transfers and urgent transfers within Germany, the transfer data may be transmitted via the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system, which is based in Belgium, to the payment service provider of the payment recipient. For system security reasons, SWIFT temporarily stores the transfer data in its data centers located in the European Union, Switzerland, and the United States.

Personal data is stored for as long as necessary to fulfill contractual and legal obligations. Afterwards, the data is deleted in accordance with the statutory retention periods.

2.3 RSB Portal

We hereby inform you in accordance with Article 13 of the GDPR about the specific data collection procedures provided for within the RSB portal, their intended purpose, and the applicable deletion periods.

By entering the information required for the RSB portal and using the portal, you consent in accordance with Article 6(1)(a) of the GDPR to the processing of this data for the purpose of using the portal. Consent is voluntary and can be withdrawn at any time with future effect. After consent has been withdrawn, use of the RSB portal is no longer possible.

Company name, street, house number, postal code, city: These are used to verify the identity of the requesting user and are deleted after 14 days.
Membership number, last name, first name, email, telephone number, password: These are stored as contact and access data. After 80 days without access, you will receive a notification by email that the account will be deactivated in 10 days.

2.4 Contact Initiated by You

Contact Form 

If you send us inquiries via the contact form, the information you provide in the form, including the contact details you enter, will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. This data will not be passed on without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, insofar as your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures (e.g., consultation regarding purchase interest, preparation of an offer). In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Article 6(1)(f) GDPR).

The data you enter into the contact form will remain with us until the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal provisions – especially retention periods – remain unaffected.

Inquiry via Email

If you contact us via email, your inquiry, including all resulting personal data (e.g., name, email address, inquiry), will be stored and processed by us for the purpose of handling your request.

The processing of this data is based on Article 6(1)(b) of the GDPR, insofar as your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures (e.g., consultation regarding purchase interest, preparation of an offer). In all other cases, the processing is based on our legitimate interests (Article 6(1)(f) GDPR), as we have a legitimate interest in the effective handling of inquiries addressed to us.

The data you send to us via contact inquiries will remain with us until the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions – especially statutory retention periods – remain unaffected.

2.5 Applications

Advertised Positions

If you apply for a specific advertised position, we process your application documents for the purpose of deciding on the filling of the position to which the application refers, based on Article 6(1)(b) of the GDPR (pre-contractual measures) in conjunction with Section 26(1) of the German Federal Data Protection Act (BDSG) (decision on the establishment of an employment relationship).

In the course of the application process, further personal data may also be collected and processed—either directly from you, from publicly accessible sources, or from former employers and trainers.

If the application process does not lead to your employment, your personal data will be deleted two months after you receive our rejection decision.

If the application process results in your employment, the collected data, including your application documents, will be transferred to your personnel file and will remain there for the duration of your employment.

Unsolicited Applications

Applications that do not refer to a specific position (unsolicited applications) are processed on the basis of your consent pursuant to Article 6(1)(a) of the GDPR. You can withdraw your consent at any time with effect for the future.

Your personal data will be deleted after one year from the date of receipt of your application, unless it is still part of ongoing application processes or you have previously withdrawn your consent.

If none of the application processes lead to your employment, your personal data will be deleted two months after the last position for which we considered you has been filled.

If an application process results in your employment, the collected data, including your application documents, will be transferred to your personnel file and will remain there for the duration of your employment.

3. Recipients of Your Data

Processors

To operate efficiently, we rely on the support of specialized external service providers who may process personal data as part of their services. These service providers include, for example, IT providers involved in the administration and hosting of our website.

We have entered into data processing agreements with these service providers. If a service provider is located outside the European Economic Area (EEA), we take additional security measures—for example, through specific contractual clauses—to ensure that the data is treated with the same level of protection as within the EEA. Compliance with our data protection requirements is regularly reviewed.

The transfer of data to our processors and the processing of data in the context of their services is carried out on the same legal basis on which we are permitted to process the data ourselves. No additional legal basis is required.

Recipients in the Context of Contractual Fulfillment

In addition, we transfer personal data to third parties where necessary for the fulfillment of a contract—for example, to the payment service provider of the payment recipient.

Other Recipients

Further transmission of data only occurs if it is required by law (e.g., tax authorities, regulatory bodies) or if you have explicitly consented to such transmission.

4. Duration of Storage

When you actively use our website, we initially store your personal data for the duration necessary to respond to your inquiry or for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

Additionally, we retain your personal data until the statute of limitations for any potential legal claims arising from the relationship with you expires, in order to use the data as potential evidence. The limitation period generally ranges from 12 to 36 months but can extend up to 10 years.

Once the statute of limitations has expired, we delete your personal data unless a statutory retention obligation exists—for example, under the German Commercial Code (§§ 238, 257 para. 4 HGB) or the German Fiscal Code (§ 147 paras. 3 and 4 AO). These retention obligations can range from two to ten years.

5. Rights of the Data Subject

Your rights as a data subject

Under the statutory provisions, you are entitled to the following rights as a data subject, which you may assert against us:

Right of access:
You have the right, at any time and in accordance with Article 15 of the GDPR, to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you are further entitled under Article 15 of the GDPR to receive information about this personal data and certain additional details (including the purposes of processing, categories of personal data, categories of recipients, planned retention period, source of the data, the use of automated decision-making, and, in the case of third-country transfers, the appropriate safeguards), as well as a copy of your data.

Right to rectification:
In accordance with Article 16 of the GDPR, you have the right to request that we correct any inaccurate or incorrect personal data we hold about you.

Right to erasure:
You have the right under Article 17 of the GDPR to request that we delete personal data concerning you without undue delay. This right does not apply, among other things, if the processing of personal data is necessary for:
(i) exercising the right to freedom of expression and information,
(ii) compliance with a legal obligation to which we are subject (e.g., statutory retention requirements), or
(iii) the establishment, exercise, or defense of legal claims.

Right to restriction of processing:
Under the conditions set out in Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data.

Right to data portability:
In accordance with Article 20 of the GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.

Right to withdraw consent:
You have the right to withdraw your previously given consent to the processing of your personal data at any time with effect for the future.

Right to object:
You have the right to object at any time to the processing of your personal data based on Article 6(1)(f) of the GDPR (processing on the basis of a balancing of interests), provided there are reasons relating to your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
If our interests conflict with the termination of the processing, we are permitted—despite your objection—to continue processing your personal data.

The objection can be made without any specific form and should preferably be directed to:

RSB Retail+Service Bank GmbH
Bahnhofstraße 82
70806 Kornwestheim
Email: datenschutz(at)rsb-bank.de
Phone: +49-7154-206-9
Fax: +49-7154-206-7009

Right to lodge a complaint with a supervisory authority:
In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority—particularly in the Member State of your place of residence, your workplace, or the place of the alleged infringement—if you believe that the processing of your personal data violates the GDPR.

This right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for us is:

The State Commissioner for Data Protection of Baden-Württemberg
Königstraße 10a
70173 Stuttgart
Phone: +49 711/61 55 41-0
Fax: +49 711/61 55 41-15
Email: poststelle(at)ldi.bw.de 

However, we recommend that you first address your complaint to our data protection officer.

Where possible, please submit your requests for exercising your rights in writing to the address listed above or directly to our data protection officer.

6. Additional Information

Scope of Your Obligation to Provide Data
In principle, you are not required to provide us with your personal data. However, if you do not provide such data, we may be unable to offer you access to our website, respond to your inquiries, or enter into a contract with you. Personal data that we do not strictly require for the processing purposes mentioned above is marked as optional with “if applicable” or by another indication.

Automated Decision-Making / Profiling
We do not use any automated decision-making or profiling (i.e., automated analysis of your personal circumstances).

Changes
We reserve the right to amend this privacy notice at any time. Any changes will be announced by publishing the updated privacy notice on our website. Unless otherwise specified, such changes shall take immediate effect. Please review this privacy notice regularly to ensure that you are aware of the most current version.

to top