Privacy Notice

Privacy Policy (Effective 25. Mai 2018)


We, RSB Retail+Service Bank GmbH, are delighted by your visit to our website and your interest in our company. The protection of your personal data is of paramount importance to us. Below, in accordance with Articles 12, 13, 14, and 21 of the General Data Protection Regulation (GDPR), we inform you about the handling of your personal data when using our website

Our privacy notice for customers can be found here.

Personal data are details about personal or factual circumstances of a specific or identifiable natural person. This includes information such as your legal name, address, telephone number, and date of birth.


Data Controller
The controller in terms of the General Data Protection Regulation:

RSB Retail+Service Bank GmbH
Bahnhofstraße 82
70806 Kornwestheim, Germany
Phone: +49-7154-206-9
Fax: +49-7154-206-7009

Data Protection Officer
Contact details:

RSB Retail+Service Bank GmbH
Data Protection Officer
Bahnhofstraße 82
70806 Kornwestheim, Germany
Phone: +49-7154-206-9
Fax: +49-7154-206-7009

Purposes and Legal Bases of Data Processing

Informative Use of the Website
You can visit our website without providing any personal information. If you use our website for information purposes only, without transmitting any personal information to us, we do not process any personal data, except for the data transmitted by your browser to enable your visit to the website.

Technical Provision of the Website
For the purpose of technically providing the website, it is necessary that we process certain automatically transmitted information from you so that your browser can display our website and you can use the website. This information is automatically collected every time you access our website and stored in our server log files. This information relates to the computer system of the requesting computer. The following information is collected:

- IP address

- Browser type/version (e.g., Firefox 59.0.2 (64-bit));

- Browser language (e.g., German);

- Operating system used (e.g., Windows 10);

- Internal resolution of the browser window;

- Screen resolution;

- JavaScript activation;

- Java on/off;

- Cookies on/off;

- Color depth;

- Time of access.

We process your personal data for the technical provision of our website on the basis of the following legal grounds:


- For the performance of a contract or to carry out pre-contractual measures according to Art. 6 para. 1 lit. b GDPR, insofar as you visit our website to inform yourself about our products; and

- To safeguard our legitimate interests according to Art. 6 para. 1 lit. f GDPR, to be able to technically provide you with the website. Our legitimate interest is to provide you with an attractive, technically functional, and user-friendly website as well as to take measures to protect our website against cyber risks and to prevent cyber risks from emanating from our website to third parties.ass von unserer Website Cyberrisiken für Dritte ausgehen.

Online Banking
In the context of online banking, you have the option to conduct transfers. The bank transmits the data contained in the transfer (transfer data) directly or with the involvement of intermediaries to the payment service provider of the recipient. The payment service provider of the recipient can provide the recipient with the transfer data, which includes the International Bank Account Number (IBAN), in whole or in part. For cross-border transfers and for urgent domestic transfers, the transfer data may be forwarded to the payment service provider of the recipient via the message transmission system Society for Worldwide Interbank Financial Telecommunication (SWIFT) based in Belgium. For reasons of system security, SWIFT temporarily stores the transfer data in its data centers in the European Union, Switzerland, and the USA.

Aktive Nutzung der Website

Neben der rein informatorischen Nutzung unserer Website können Sie unsere Website auch aktiv nutzen, um mit uns in Kontakt zu treten oder sich bei uns um eine Stelle zu bewerben. Zusätzlich zu der oben dargestellten Verarbeitung Ihrer personenbezogenen Daten bei einer rein informatorischen Nutzung verarbeiten wir dann auch weitere personenbezogene Daten von Ihnen, die wir zur Bearbeitung und Beantwortung Ihrer Anfrage und Bewerbungen benötigen.
You have the option to deactivate the map service and prevent data transmission to Google. To do this, deactivate JavaScript in your browser. The branch finder will not be usable in this case.


RSB Portal
Below, we inform you in accordance with Art. 13 GDPR about the data collections specifically intended within the framework of the RSB Portal, their purpose, and the intended deletion periods. By entering the required information for the RSB Portal and using the portal, you consent to the processing of these data for the purpose of using the portal. The consent is voluntary and can be revoked at any time with effect for the future. After a revocation, the use of the RSB Portal is no longer possible.

Company, street, house number, postal code, city: are used to verify the identity of the requesting user and are deleted after 14 days. Membership number, surname, first name, email, telephone, password: are stored as contact and access data. After 80 days without access, you will receive an email notice that the account will be deactivated in 10 days.


Active Use of the Website
In addition to purely informational use, you can also actively use our website to contact us or apply for a job. In addition to the processing of your personal data described above for informational use, we also process further personal data from you, which we need to handle and respond to your inquiries and applications.


User Inquiries
To process and answer your inquiries to our email address, we process the personal data you provide in this context. This always includes your name and email address to enable us to respond, as well as other information that you send us as part of your communication.

We process your personal data to respond to user inquiries on the basis of the following legal grounds:

- To safeguard our legitimate interests according to Art. 6 para. 1 lit. f GDPR; our legitimate interest lies in the proper handling of customer inquiries.

Some sections of our websites may contain links to third-party websites. These websites are subject to their own privacy policies. We are not responsible for their operation, including data handling. If you send information to or about such third-party sites, you should review the privacy policies of these sites before sending them information that can be linked to you.

Categories of Recipients
Initially, only our employees have knowledge of your personal data. Furthermore, we share your personal data, to the extent legally permitted or required, with other recipients who provide services related to our website on our behalf. We limit the sharing of your personal data to what is necessary, particularly to be able to process your order. Partly our service providers receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. Partly the recipients act independently with the data we transmit to them.


Below we list the categories of recipients of your personal data:


- IT service providers in the administration and hosting of our website.

International Transfer
We do not transfer your personal data to countries outside the EU or the EEA or to international organizations.

Duration of Storage

Informative Use of the Website
For purely informational use of our website, we store your personal data on our servers exclusively for the duration of your visit to our website. After you leave our website, your personal data is immediately deleted.

Active Use of the Website
For active use of our website, we initially store your personal data for the duration of responding to your inquiry or for the duration of our business relationship. This includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

Additionally, we then store your personal data until the expiration of the statute of limitations of any legal claims arising from the relationship with you, to use them as evidence if necessary. The statute of limitations is usually between 12 and 36 months but can be up to 10 years.

Upon the expiration of the statute of limitations, we delete your personal data, unless there is a legal retention obligation, such as from the Commercial Code (§§ 238, 257 Abs. 4 HGB) or from the Tax Code (§ 147 Abs. 3, 4 AO). These retention obligations can last two to ten years.

If you apply for a job with us, we store your application data for the duration of the application process. If we do not make you an offer, we delete your data two months after our rejection decision has been communicated to you. If we hire you, we continue to store the data for the execution of the employment relationship.

Your Rights as a Data Subject
You have the following rights as a data subject, which you can exercise against us under the legal conditions:

Right of Access: You have the right at any time to request confirmation from us within the scope of Art. 15 GDPR as to whether we process personal data concerning you; if this is the case, you are also entitled within the scope of Art. 15 GDPR to be informed about this personal data and to receive further information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making, and, in the case of international transfers, the appropriate safeguards) and a copy of your data.

Right to Rectification: You are entitled under Art. 16 GDPR to demand that we correct any personal data stored about you if it is incorrect or erroneous.

Right to Deletion: You have the right, under the conditions of Art. 17 GDPR, to demand that we delete personal data concerning you without delay. The right to deletion does not apply, for example, if the processing of personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (e.g., statutory retention requirements) or (iii) for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing: You have the right, under the conditions of Art. 18 GDPR, to demand that we restrict the processing of your personal data.

Right to Data Portability: You have the right, under the conditions of Art. 20 GDPR, to demand that we provide you with the personal data concerning you, which you have provided to us, in a structured, common, and machine-readable format.

Right of Withdrawal: You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

Right to Complain to a Supervisory Authority: You have the right, under the conditions of Art. 77 GDPR, to file a complaint with a supervisory authority, especially in the Member State of your residence, place of work, or the place of the alleged infringement if you believe that the processing of your personal data violates the GDPR. This right to complain is without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for us is:
Der Landesbeauftragte für Datenschutz Baden-Württemberg
Dr. Stefan Brink 
Königstraße 10a 
70173 Stuttgart, Germany 
Phone: +49 711 61 55 41-0 
Fax: +49 711 61 55 41-15 

However, we recommend that you direct any complaints initially to our data protection officer.

Your requests for the exercise of your rights should ideally be addressed in writing to the address given above or directly to our data protection officer.

Right to Object: You have the right, under the conditions of Art. 21 GDPR, to object to the processing of your personal data, so that we must stop processing your personal data. The right to object exists only within the limits provided by Art. 21 GDPR. In addition, our interests may oppose ending the processing, so that we are entitled to process your personal data despite your objection.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

The objection can be made informally and should ideally be addressed to:

RSB Retail+Service Bank GmbH
Bahnhofstraße 82
70806 Kornwestheim, Germany
Phone: +49-7154-206-9
Fax: +49-7154-206-7009

Obligations to Provide Data 
You are not generally obligated to provide us with your personal data. However, if you do not, we will not be able to make our website available to you, respond to your inquiries, or enter into a contract with you. Personal data that we do not require for the processing purposes mentioned above are marked as voluntary.


Automated Decision-Making / Profiling
We do not use any automated decision-making or profiling (automated analysis of your personal circumstances).


We reserve the right to change this privacy policy at any time. Any changes will be announced by publishing the amended privacy policy on our website. Unless otherwise specified, such changes take effect immediately. Therefore, please review this privacy policy regularly to view the most current version.

to top