Data protection

• Bring in your Data Protection Officer at an early stage.
  
• Compile a list of the AEB solutions (products/services) you are using.
  
• On this basis collect the following information for the purpose of a comparison with the agreement:

1. Which data categories are affected by the use of the applications? Our assumption: Your employees as the users, your employees with contact information, and addresses of your business partners (customers, suppliers).
2. Which groups of data subjects are affected by the use of the applications? Our assumption: Your employees and customers.

Further data may be involved if you are screening addresses of other parties against sanctions lists. In this case you will have to make amendments to the agreement. Scroll down for instructions on how to complete these documents.

• Tried and tested, also based on reliable references
• Ready-to-use versions already aligned with our services and circumstances
• Largely uniform security basis (technical and organizational measures to ensure appropriate data security)
• Low processing costs

Further arguments for using AEB 's standard agreement:

• AEB provides IT services to a large customer base. We strive to offer the very highest standards, including services and conditions that are as uniform as possible.
• The law provides for obligations with very little room for interpretation. AEB has already made decisions on the few legal options available based on what works best for the context in which AEB services are provided.
• The agreement incorporates templates provided by BITKOM and the German Association for Data Protection and Data Security (GDD).
• Your own standard agreement no doubt complies with the law, but we assume that it contains some open passages that AEB would still need to clarify. This might include information on data categories, groups of data subjects, data security, the security concept, technical and organizational measures, designated subcontractors, and the procedure for dealing with changes to the designated subcontractors. AEB 's standard contract already covers all this ground in detail.
• Regarding business terms: AEB will support you with your controls. However, please be aware that AEB cannot provide unlimited support free of charge.
• AEB undergoes two different third-party audits at regular intervals. For this reason, please understand that AEB has a very limited capacity to accommodate changes to our standard agreement.

Signing the Data Processing Agreement (DPA) with AEB

It only takes five steps to complete the agreement:

• Enter your company name on page 1.
• Check or correct the entries in the checkboxes in section 2.2.
• Please name your contact person for data protection issues in section 5.3.
• Please sign the agreement on page 15 (as the client), digital signature in the document is also possible.
• Please send the agreement by email to dtprtctnffcrbcm

Download Agreement on Data Processing, AEB SE

Download Agreement on Data Processing, AEB (International) Ltd.

The security concept includes the technical and organizational measures needed to ensure adequate data security in accordance with the requirements for protecting (personal) data as set forth in Art. 32 GDPR.

Security Concept (Art. 32 GDPR) (last updated on April 30, 2019)

Subcontractor

The document linked below provides an overview of current subcontractors for data processing as defined by Art. 28 GDPR. AEB keeps a record of current subcontractors and will duly notify customers of any changes, with reference to this document.

Overview subcontractors (last updated on September 9, 2020)

Deletion concept

The document linked below is part of the Deletion Concept that AEB maintains in its role as „processor” according to the EU 's General Data Protection Regulation (GDPR) and provides it to its customers in their role as „controllers”. It contains the information necessary for the customer on the subject of data deletion.

Deletion concept of AEB (last updated on October 10, 2019)

Record of data processing activities

Art. 30 (1) GDPR refers to the controller of data processing activities. You as the customer bear the responsibilities cited there in connection with the AEB solutions. The document linked below covers the information that AEB, in its role as processor, is obligated to provide to its regulatory authority. The document also provides additional information to help you comply with any obligations you may have to inform your data subjects, such as your employees who use our solutions. Please ensure to observe your own responsibility when providing this information.
In this document you will also find, voluntarily provided by us, information about our data in accordance with Art. 30 (2) GDPR.

Information from AEB relating to Art. 30 GDPR (last updated on May 1, 2020)