FAQ

How can I delete personal data from Compliance & Risk Management?

We understand that you are interested in how to fulfill your obligations, in particular concerning the deletion of personal data after the expiration of any retention periods. AEB will create further documentation regarding this topic. Until then you can ask our support for help.

Where do I find further information on data security at AEB?

Further information is available for you in the AEB Service Portal.

Why do we need this mutual agreement now?

According to Art. 28 GDPR you are the controller and therefore required to enter into a contract on processing with AEB.

I am not sure whether we have already entered into such an agreement with AEB.

We recommend that you contact your data protection officer regarding this question.

However, it is likely that you have not yet concluded a current agreement under the new GDPR. We recommend that you do so as soon as possible. When in doubt you can ask AEB support for information. Older agreements on processing (based on the old BDSG) will become void on this date.

What do I have to observe when completing the data processing agreement?

Please note the individual instructions for filling out the agreement which we added to the two versions on the page of the agreements.

For the purpose of preparation, we provided some preceding information there, followed by “editing instructions” for each agreement.

 

Please note that the BDSG still demands the written form, while the GDPR deems sufficient a text format (i.e., also e-mail with a scan of the signed contract).

What happens if I don't conclude any agreement?

This contract is legally binding. Failure to comply is considered a regulatory offense, punishable with a fine as set forth in section 43 BDSG and Art. 83 and 84 GDPR.

Are we required to sign the agreement with AEB only once or every time a solution is agreed on?

The agreement on processing has to be signed once between your company and AEB. The agreement is so far conceived to contain all employed applications. To clarify in a transparent manner which solutions/applications have been ordered and are being used therefore, please complete Annex 2 provided for this purpose. If changes to the subject of the agreement are required, this Annex can be updated or replaced.

We are currently introducing an AEB solution. Haven't the necessary agreements therefore already been made available to us?

Within the scope of accepting the order or contract, you should already be in possession of the documents. When in doubt please ask your AEB-accountmanager for guidance.

I would like to include another passage in the agreement. How should I proceed?

Please send it to us via e-mail at service(at)aeb.com.

 

At this point we would kindly ask you to take note of the following:

  • AEB provides IT services to a large multitude of customers. AEB strives to provide a high standard to its customers. Such a standard also involves the highest level of uniformity in view of services and conditions.
  • Legislation provides for obligations which leave only little scope. AEB has already decided on, selected, and specified the few available legal options to suit its conditions and practical requirements.
  • Templates provided by BITKOM and the German Association for Data Protection and Data Security (GDD) have been incorporated in the agreement.

 

We kindly ask for your understanding as our scope concerning modifications is very limited.

May I also include my own contract standard?

No. Please take a look at the previous question. We kindly ask for your understanding also in view of mutual costs.

 

Please note our following detailed argumentation:

  • We do not question that your standard will be in conformity with the law.
  • However, we must assume that your agreement is going to contain a few open passages which would have to be further elaborated by AEB. Examples: Indicating data categories, circles of data subjects, details about data security/security concept/technical and organizational measures, specification and dealing with changes regarding subcontractors. These are just a few examples we have already included and elaborated on in the standard version of AEB.
  • Regarding commercial conditions: AEB will help you the customer conduct controls. Please understand that AEB cannot provide unlimited support free of charge. At present, AEB is currently undergoing two different audits conducted by third parties.

Where can I find the documents and information referred to in section 7(2) of the Agreement on Processing?

You can find the information and documents referred to in section 7(2) as follows:

  • For certificates, refer to our website https://service.aeb.de/en/open/guidelines-and-certificates/ 
    a. Certificate on ISO 27001
    b. Data protection certificate
  • You can view the self-audit, current attestations, reports, or report excerpts from independent authorities as part of an audit on our premises.
  • Currently, there are no approved codes of conduct applicable to AEB yet.
  • As there are no certified providers yet, it is currently not possible to get a certification in accordance with Art. 42, 43 GDPR. As soon as such providers exist, AEB will most likely pursue such a certification. Our existing certifications can be found at https://service.aeb.de/en/open/guidelines-and-certificates/.

Can’t find the answer to your question? We’ll be happy to assist you.

 
 
AEB SE - Services | Sigmaringer Straße 109 | D-70567 Stuttgart | Phone +49-711-72842-110 | service(at)aeb.com