Data Privacy

Your data in good hands: AEB SE is compliant with all binding legislation, including the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Below you’ll find all key information and statements on this subject. We strive for utmost transparency with state-of-the-art protections tailored to our market.

Data privacy documents

Data Protection Guideline

AEB developed this binding guideline for its own internal use.
AEB Data Protection Guideline (Last update: May 20, 2019)

Data Privacy Statement

The Data Privacy Statement provides data subjects with information on how their data is protected. You can find it here.

Data Processing

Under data protection law, data processing occurs if your AEB solution contains personal data (such as the contact information of business partners or your users) and if access by AEB (employees) is at all possible.

Processing agreements

How you as the controller can best prepare

  • Get your data privacy officer involved early on
  • Make a list of all the AEB solutions (products/services) you are using
  • On this basis, collect the following information to check against the contract: 
  1. Which categories of data are affected by the use of the applications? Our assumption: Your employees as users, your employees with their contact information and the addresses of their business partners (customers, suppliers) 
  2. Which groups of data subjects are affected by the use of the applications? Our assumption: Your employees and customers.

The scope of applicable data may be broader if you screen the addresses of other parties against sanctions lists. This would require adding this information to the agreement. Scroll down for instructions on how to complete these documents.

Mutual benefits of our standard agreement

  • Tried and tested, based on reliable references
  • Ready-to-use versions already aligned with our services and circumstances
  • Highly standardized security concept of technical and organizational measures to ensure appropriate data security
  • Low implementation costs

What else you should know:

  • AEB provides IT services to a large customer base. We strive to offer the very highest standards, including services and conditions that are as uniform as possible.
  • The law provides for obligations with very little room for interpretation. AEB has already made decisions on the few legal options available based on what works best for the context in which AEB services are provided.
  • The agreement incorporates templates provided by BITKOM and the German Association for Data Protection and Data Security (GDD).
  • Your own standard contract no doubt complies with the law, but we assume that it contains some open passages that AEB would still need to clarify. This might include information on data categories, groups of data subjects, data security, the security concept, technical and organizational measures, designated subcontractors, and the procedure for dealing with changes to the designated subcontractors. AEB’s standard contract already covers all this ground in detail.
  • Regarding business terms: AEB supports its customers in their monitoring. Please be aware that AEB cannot provide unlimited support free of charge. 
  • AEB undergoes two different third-party audits at regular intervals. For this reason, please understand that AEB has a very limited capacity to accommodate changes to our standard contract.

Signing the Data Processing Agreement (DPA) with AEB

It only takes five steps to complete the agreement:

  • Enter your company name on page 1.
  • Check or correct the entries in the checkboxes in section 2.2.
  • Please name your contact person for data protection issues in section 5.3.
  • Please sign the agreement on page 15 (as the client), digital signature in the document is also possible.
  • Please send us the agreement electronically to dtprtctnffcrbcm

Download Agreement on Processing

Data security at AEB

The security concept includes the technical and organizational measures needed to ensure adequate data security in accordance with the requirements for protecting (personal) data as set forth in Art. 32 GDPR.

Security Concept (Art. 32 GDPR) (Last updated: April 30, 2019)

Other supporting materials


The document linked below provides an overview of current subcontractors for data processing as defined by Art. 28 GDPR. AEB keeps a record of current subcontractors and will duly notify customers of any changes, with reference to this document.

Overview of Subcontractors (Last updated: September 1, 2020 )

Deletion concept

The document linked below is part of the Deletion Concept that AEB maintains in its role as “processor” and shares with its customers in their role as “controllers” within the meaning of the GDPR. It is designed to give customers the information they need regarding the deletion of data. 

AEB Deletion Concept  (Last updated: October 1, 2019 )

Record of data processing activities

Art. 30 (1) GDPR refers to the controller of processing activities. You as the customer bear the responsibilities cited there in connection with the AEB solutions. The document linked below covers the information that AEB, in its role as processor, is obligated to provide to its regulatory authority. It is also intended as additional information to help you comply with any obligations you may have to inform your data subjects, such as your employees who use our solutions. You are responsible for complying with your own obligations to provide this information, however.
AEB also voluntarily permits you to see the information we maintain in accordance with Art. 30 (2) GDPR.

AEB records pursuant to Art. 30 GDPR  (Last updated: May 1, 2020 )

Data protection certificate

Our data privacy team

Tobias Zech, AEB Data Protection Coordinator
Tobias Zech, AEB Data Protection Coordinator

Volkher Wegst

AEB Data Protection Officer since 2009. 
I like my job because:

  • I promote ethical standards – with an educational mandate to protect the rights of data subjects.
  • I have the big picture at AEB and can also support our customers.
  • This job never gets boring.

That’s why this role fits well with my other roles at AEB as ISMS Manager and Emergency Officer.

Tobias Zech, AEB Data Protection Coordinator
Tobias Zech, AEB Data Protection Coordinator

Tobias Zech

Working in data privacy since 2010, AEB Data Protection Coordinator since 2018. 
I like my job because:

  • I can be helpful across a wide range of issues.
  • I am excited about finding common solutions and helping to boost awareness of data privacy.
  • There’s a lot of opportunity for connecting with customers and colleagues.

I also conduct training and awareness seminars and am an internal auditor for the ISMS.

Contact the Data Protection Officer
Contact the Data Protection Officer

Questions about data privacy at AEB?

Contact our Data Protection Officer: dtprtctnffcrbcm