Data Protection

Safe Data - Clear Processes

Our data protection policy

In our view, data protection is a measure of quality which puts the interests of customers first.

As a data processor, we are governed by the requirements of the German Data Protection Act – the Bundesdatenschutzgesetz or BDSG for short – and supplementary data protection regulations set out in many other codes and directives (the Telecommunications Act, for example).

In our view, data protection is not simply a legal obligation. It is also a socio-political issue and a measure of quality which puts the interests of customers first. Accordingly, we have had a data protection policy in place within our organisation for many years.

In our view, all data and information are equally worthy of protection. Such data and information include the personal data belonging to our employees, customers, suppliers and other business partners as well as their and our corporate data.

We only process data as appropriate for its intended purpose. All employees handling personal data are bound by the data secrecy obligation in accordance with Section 5 of the BDSG and receive training accordingly. We meet the requirements of the BDSG relating to data processing security by implementing organisational and technical measures in accordance with Section 9 of the BDSG and Appendix.

Unauthorised users have no access our data processing facilities and cannot use our systems. Only authorised users can access our data and only they are permitted to process and transfer it; various security controls are in place and data availability is assured. When undertaking data processing outsourced to us by third parties, we work exclusively under the instructions issued to us by the contracting party in writing in accordance with Section 11 of the BDSG. These instructions specify the how data is to be processed, the organisational and technical measures to be implemented and any subcontractual relations between principal and agent. They also define the parties responsible for the individual tasks to be completed.

Card Data Protection Guarantee

We, B+S Card Service GmbH, herewith state that we are responsible for the security of cardholder data we possess or otherwise store, process, or transmit on behalf of our customers or to the extent that they could impact the security of your cardholder data environment.

Use of our online products and services

Personal data belonging to the users of our online products and services is only processed insofar as is necessary for the performance of the services offered. In principle, our online products and services can also be used anonymously. However, this does not apply to our areas and services protected by login mechanisms, where users must register with their personal data. You do not have to reveal your true identity. If you purchase the newsletter, for example, we will ask you for your name and other personal information. You are free to choose whether or not to enter your data. We save the data you provide on servers which are afforded particular protection.

Access to the servers is only permitted to a small number of authorised users with an official remit to perform the associated technical, commercial or editorial tasks. 

IP address storage

Your IP address is saved as pseudonymised data for the purpose of website optimisation; in other words, there is no unique assignment between an IP address saved as pseudonymised data and the user of that IP address. For reasons of operational safety and reliability, the IP addresses which access our website are retained for 7 days before being deleted completely.

Links to other providers

Some of our Internet pages contain links to other providers’ Internet pages; these pages are not covered by our data protection and privacy policy. We have no way of ensuring that the operators of these pages will comply with data protection regulations. Therefore, if you visit these Internet pages, please find out about the applicable data protection regulations.

Disclosure of personal data to third parties

We will only use your personal data within B+S Card Service GmbH and its affiliated companies for the purpose of processing your order. We will not disclose your personal data to third parties without your express consent. Where data is disclosed to service providers during the course of processing your order, said providers shall be bound by the BDSG and other legal requirements, as well as being bound contractually by the data protection guidelines set out by B+S Card Service GmbH.

Right of withdrawal

Having given it, you can at any time withdraw your consent for your personal data to be collected, processed and used from that point on.

Right to information

For information about what personal data we have on record for you, please submit a request in writing.

Questions and comments

Please direct all questions, suggestions or comments about data protection to our data protection officer:

B+S Card Service GmbH
Data protection officer
Lyoner Strasse 9
D - 60528 Frankfurt
e-mail to our data protection officer

B+S Cookie Information

What is a cookie?

A cookie is a text file no bigger than 4k that a website asks your browser to store on your computer or mobile device. This allows the website to "remember" your actions or preferences over a period of time.

Most browsers support cookies however users can set their browsers to decline them and can also delete them whenever they like.

What are they used for?

Websites mainly use cookies:

  • to identify users
  • to remember the user's custom preferences
  • to help complete a task without having to re-enter information when brows-ing from one page to another or when visiting the site again sometime later

Cookies can also be used for online behavioral target advertising and show ad-verts relevant to something that the user searched for in the past.

How are they used?

The web server supplying the webpage can store a cookie on the user's com-puter or mobile device. An external web server that manages files included or referenced in the webpage is also able to store cookies. All these cookies are called http header cookies. Another way of storing cookies is through JavaScript code contained or referenced in that page.

Each time the user requests a new page, the web server can receive the values of the cookies it previously set and return the page with content relating to these values. Similarly, JavaScript code is able to read a cookie belonging to its domain and perform an action accordingly.

What are the different types of cookies?

A cookie can be classified by its lifespan and the domain to which it belongs. By lifespan, a cookie is either a:

  • session cookie which is erased when the user closes the browser or
  • persistent cookie which remains on the user's computer/device for a pre-defined period of time.

As for the domain to which it belongs, there are either:

  • first-party cookies which are set by the web server of the visited page and share the same domain
  • third-party cookies stored by a different domain to the visited page's domain. This can happen when the webpage references a file, such as JavaScript, located outside its domain.

How long will cookies be stored?

Permanent cookies we use will be stored from 30 up to 540 days, sessions cookies will be stored until the end of the session (first-party cookies) or for up to 30 minutes (third-party cookies).

What third-party cookies do we use?

We use ‘analytical’ third-party permanent and session cookies which allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it.

For more information please read the information of our third party cookie providers

Moreover, we use cookies from googleadwords and doubleclick in order to provide individualised marketing information, please find further information here:

How can I reject the use of cookies?

If you wish, you are able to reject or disable cookies by adjusting your browser settings, however, this may adversely affect your experience of using this website in case of blocking the use of our first party cookies which are vital for the websites’ functionality.

I wish to reject the use of etracker cookies:

TheCookie Opt-out etracker:
cookies might be disabled. Please visit etracker's opt-out page to either confirm the disablement or to enable the cookies again: etracker's opt-out page.

I wish to reject the use of hurra cookies:

Cookie Opt-out hurra:
The cookies are disabled. If you wish to enable them again, please delete your browser cookie "__coo" from