Data protection

Your data in good hands: AEB SE is compliant with all binding legislation, including the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Below you 'll find all key information and statements on this subject. We strive for utmost transparency with state-of-the-art protections tailored to our market.

Data protection documents

Data Protection Guideline

For implementation and its own internal use, AEB has created a binding guideline.


  • Data Protection Guideline

    Last update: 31.01.2022
    The primary aim of this guideline is to ensure proper application of relevant data protection laws such as the EU’s General Data Protection Regulation (GDPR) and national legislation.

Data Protection Statement

The Data Protection Statement provides information about data protection for data subjects. 

  • Data Protection Statement

    The Data Protection Statement informs as to how AEB handles your personal data.

Data processing

Under the terms of data protection law, a data processing situation exists if your AEB solution contains personal data (e.g. contact information of business partners or of your users) and if access by AEB (employees) cannot be ruled out.

Data processing agreements

How you as the controller can best prepare

  • Bring in your Data Protection Officer at an early stage.
  • Compile a list of the AEB solutions (products/services) you are using.
  • On this basis collect the following information for the purpose of a comparison with the agreement:
  1. Which data categories are affected by the use of the applications? Our assumption: Your employees as the users, your employees with contact information, and addresses of your business partners (customers, suppliers).
  2. Which groups of data subjects are affected by the use of the applications? Our assumption: Your employees and customers.

Further data may be involved if you are screening addresses of other parties against sanctions lists. In this case you will have to make amendments to the agreement. Scroll down for instructions on how to complete these documents.

Mutual benefits of our standard agreement

  • Tried and tested, also based on reliable references
  • Ready-to-use versions already aligned with our services and circumstances
  • Largely uniform security basis (technical and organizational measures to ensure appropriate data security)
  • Low processing costs

Further arguments for using AEB 's standard agreement:

  • AEB provides IT services to a large customer base. We strive to offer the very highest standards, including services and conditions that are as uniform as possible.
  • The law provides for obligations with very little room for interpretation. AEB has already made decisions on the few legal options available based on what works best for the context in which AEB services are provided.
  • The agreement incorporates templates provided by BITKOM and the German Association for Data Protection and Data Security (GDD).
  • Your own standard agreement no doubt complies with the law, but we assume that it contains some open passages that AEB would still need to clarify. This might include information on data categories, groups of data subjects, data security, the security concept, technical and organizational measures, designated subcontractors, and the procedure for dealing with changes to the designated subcontractors. AEB 's standard contract already covers all this ground in detail.
  • Regarding business terms: AEB will support you with your controls. However, please be aware that AEB cannot provide unlimited support free of charge.
  • AEB undergoes two different third-party audits at regular intervals. For this reason, please understand that AEB has a very limited capacity to accommodate changes to our standard agreement.

Signing the Data Processing Agreement (DPA) with AEB

It only takes five steps to complete the agreement:

  • Enter your company name on page 1.
  • Check or correct the entries in the checkboxes in section 2.2.
  • Please name your contact person for data protection issues in section 5.3.
  • Please sign the agreement on page 15 (as the client), digital signature in the document is also possible.

  • Please send the agreement by email to cstmrcrbcm if you are not located in the UK
  • Please send the agreement by email to kcmbcm  if you are located in the UK

  • Click to open: Agreement on Processing AEB (International) Ltd. (UK only)

    Last update: 09.08.2021
    This document contains all the information to be considered for the Agreement on Processing for AEB (International) Ltd.

  • Click to open: Agreement on Processing (all countries, except UK)

    Last update: 09.08.2021
    This document contains all the information to be considered for the Agreement on Processing.

Data security at AEB

The security concept includes the technical and organizational measures needed to ensure adequate data security in accordance with the requirements for protecting (personal) data as set forth in Art. 32 GDPR.

  • Security Concept

    Last update: 08.01.2024
    The security concept provides information about the technical and organizational measures taken to ensure appropriate security of data and services. Here you will also find AEB's statements on the controls of ISO 27001 (Annex A / Statement of Applicability (SOA)).

Data protection – global regulations

Standard Contractual Clauses AEB

  • Standard Contractual Clauses AEB

    Last update: 02.09.2021
    The transfer of personal data to non-EU countries is subject to Chapter 5 of the General Data Protection Regulation (GDPR). The use of Standard Contractual Clauses (SCC) offers one possible safeguard pursuant to Art. 46 GDPR. The document “AEB Standard Contractual Clauses” includes the agreement between AEB SE with headquarters in Germany/EU and AEB (Asia Pacific) with headquarters in Singapore. This is based on the SCC version 2021/914 and draws on MODULE THREE, “Transfer Processor to Processor.”
    The transfer of personal data to non-EU countries is subject to Chapter 5 of the General Data Protection Regulation (GDPR). The use of Standard Contractual Clauses (SCC) offers one possible safeguard pursuant to Art. 46 GDPR. The document “AEB Standard Contractual Clauses” includes the agreement between AEB SE with headquarters in Germany/EU and AEB (Asia Pacific) with headquarters in Singapore. This is based on the SCC version 2021/914 and draws on MODULE THREE, “Transfer Processor to Processor.”

Transfer Impact Assessment (TIA)

  • Transfer Impact Assessment (TIA)

    Last update: 20.11.2023
    In addition to the Standard Contractual Clauses (SCC), AEB performs a Transfer Impact Assessment (TIA) for the business relationship between AEB SE and AEB (Asia Pacific) Pte Ltd. In the TIA, AEB provides information on the mandatory controls resulting from the SCC, for which AEB carries out risk assessments with AEB's subsidiary in Singapore.
    In addition to the Standard Contractual Clauses (SCC), AEB performs a Transfer Impact Assessment (TIA) for the business relationship between AEB SE and AEB (Asia Pacific) Pte Ltd. In the TIA, AEB provides information on the mandatory controls resulting from the SCC, for which AEB carries out risk assessments with AEB's subsidiary in Singapore.

Notice on 2021 version

  • Notice on 2021 version

    Last update: 27.06.2022
    Here, AEB comments on developments in data protection law in the area of global data protection. AEB has wholly owned subsidiaries in Switzerland, the UK, and Singapore. Switzerland and the UK are covered by an EU adequacy decision in line with EU data protection requirements. Based on the new regulations for non-EU countries, it is now possible to conclude Standard Contractual Clauses (SCC) between processors and sub-processors. AEB SE has promptly concluded an SCC with AEB in Singapore under this regulation in 2021. We do not see a need for further action.
    Here, AEB comments on developments in data protection law in the area of global data protection. AEB has wholly owned subsidiaries in Switzerland, the UK, and Singapore. Switzerland and the UK are covered by an EU adequacy decision in line with EU data protection requirements. Based on the new regulations for non-EU countries, it is now possible to conclude Standard Contractual Clauses (SCC) between processors and sub-processors. AEB SE has promptly concluded an SCC with AEB in Singapore under this regulation in 2021. We do not see a need for further action.

Other supporting materials

Joint Controller Agreement

  • Joint Controller Agreement pursuant to Art. 26 GDPR

    Last update: 10.01.2022
    The AEB Joint Controller Agreement provides information on the rights and obligations of data controllers when jointly processing personal data.
    The AEB Joint Controller Agreement provides information on the rights and obligations of data controllers when jointly processing personal data.

Deletion Concept

  • Deletion Concept

    Last update: 01.12.2020
    The document "Deletion concept of AEB" is part of the deletion concept that AEB maintains in its role as “processor” according to the EU’s General Data Protection Regulation (GDPR) and provides it to its customers in their role as “controllers”. It contains the information necessary for the customer on the subject of data deletion.
    The document "Deletion concept of AEB" is part of the deletion concept that AEB maintains in its role as “processor” according to the EU’s General Data Protection Regulation (GDPR) and provides it to its customers in their role as “controllers”. It contains the information necessary for the customer on the subject of data deletion.

Subcontractor

  • Overview subcontractors

    Last update: 04.09.2023
    The document "Overview subcontractors" provides an overview of current subcontractors for data processing as defined by Art. 28 GDPR. AEB keeps a record of current subcontractors and will duly notify customers of any changes, with reference to this document.
    The document "Overview subcontractors" provides an overview of current subcontractors for data processing as defined by Art. 28 GDPR. AEB keeps a record of current subcontractors and will duly notify customers of any changes, with reference to this document.

Record of data processing activities

Art. 30 (1) GDPR refers to the controller of data processing activities. You as the customer bear the responsibilities cited there in connection with the AEB solutions. The document linked below covers the information that AEB, in its role as processor, is obligated to provide to its regulatory authority. The document also provides additional information to help you comply with any obligations you may have to inform your data subjects, such as your employees who use our solutions. Please ensure to observe your own responsibility when providing this information.
In this document you will also find, voluntarily provided by us, information about our data in accordance with Art. 30 (2) GDPR.

  • Record of data processing activities

    Last update: 06.03.2024
    The document "Record of data processing activities" covers the information that AEB, in its role as processor, is obligated to provide to its regulatory authority. This document shall provide further support to assist you, if necessary, in fulfilling your requirement to inform your data subjects accordingly.

Data protection certificate

  • DEKRA

    DEKRA

    2021: DEKRA confirms AEB's successful integration of ISO 27018 (data protection in the cloud) into its ISMS.
    /media/docs/en/certificate-data-protection-aeb.pdf
Click here for a complete list of certificates

Our data protection team

Volkher Wegst, AEB Data Protection Officer
Volkher Wegst, AEB Data Protection Officer

Volkher Wegst

AEB Data Protection Officer since 2009.
I like my job because:

  • I promote ethical standards - with an educational mandate to protect the rights of data subjects.
  • I have the big picture at AEB and can also support our customers.
  • This job never gets boring.

That 's why this role fits well with my other roles at AEB as ISMS Manager and Emergency Officer.

Tobias Zech, AEB Data Protection Coordinator
Tobias Zech, AEB Data Protection Coordinator

Tobias Zech

Working in data protection since 2010, AEB Data Protection Coordinator since 2018.
I like my job because:

  • I can be helpful across a wide range of issues.
  • I am excited about finding common solutions and helping to boost awareness of data protection.
  • There 's a lot of opportunity for connecting with customers and colleagues.

I also conduct training and awareness seminars and am an internal auditor for the ISMS.

Geoff Taylor, AEB Data Protection Officer
Geoff Taylor, AEB Data Protection Officer

Geoff Taylor

Data Protection Officer for AEB (International) Ltd in UK.


Questions about data protection at AEB?

Contact our Data Protection Officer (all countries, except UK): dtprtctnffcrbcm
Contact our Data Protection Officer (UK only): nfkbcm