As the controller, you are required to keep a record of processing activities in accordance with Art. 30 GDPR and the requirements for transparency and accountability. The same obligation to take responsibility for its processing activities applies to AEB. AEB is also required to keep records of its processing activities in areas where AEB acts as the processor. It is required to disclose (by request) such activities vis-a-vis the regulatory authority. AEB will (on a voluntary basis) provide you with insight into the information as stipulated by Art. 30 (2) GDPR.
Please find information about AEB's contribution in our document: Information from AEB on Art. 30 (2) GDPR
Art. 30 (1) refers to the controller of activities involving processing. As the customer you have obligations in connection with the AEB solutions. The above stated document covers only those mandatory statements where AEB as the processor has an obligation (vis-a-vis its regulatory authority). The following document shall provide further support to assist you, if necessary, in fulfilling your requirement to inform your data subjects accordingly. These data subjects may be your employees who are the users of our solutions. Please ensure to observe your own responsibility when providing this information.
Please find information about AEB's contribution in our document: Support from AEB Art. 13, 14 and 30 (1)
The security strategy includes technical and organizational measures to provide adequate data security in accordance with the protection needs of (personal) data. Legal principle is Art. 32 GDPR.
You can find the current version of the security strategy also at https://service.aeb.de/en/open/guidelines-and-certificates/.
This documentation is part of the Deletion Concept that AEB maintains in its role as “processor” and shares with its customers in their role as “controllers” within the meaning of the European Union’s General Data Protection Regulation (GDPR). This document is intended to support customers by providing the necessary information regarding deletion.
Please find information about AEB's deletion concept in our document: Deletion Concept
This document provides an overview of the current subcontractors according to the present order processing pursuant to Art. 28 DS-GVO. The AEB maintains the current status in this document. In the event of changes, AEB will inform you in good time and refer you to this overview.
Please find information about AEB's contribution in our document: Overview subcontractors.