Under the terms of data protection law, a processing situation exists if your AEB solution contains personal data (e.g. contact information of business partners or of your users) and if access by AEB (employees) cannot be ruled out. Under the current law (section 11 of the German Federal Data Protection Act (BDSG)), a written agreement between AEB as the processor and you as the controller must be drafted.
As of May 25, 2018, the new EU General Data Protection Regulation (GDPR) will be applicable and enter into force. Art. 28 GDPR governs data processing (referred therein as processing), stipulating specific duties, for instance, to agree by contract.
Here you can find the
AEB provides suitable document materials for this purpose. As an IT provider for a large number of customers, we operate with standard agreements.
We particularly refer to: