Data Processing Agreement (Art. 28 GDPR)

Last updated: March 13, 2026

Parties:
Controller: Customer
Processor: AEA GmbH & Co. KG

Processor Obligations

Process personal data only on documented instructions
Ensure confidentiality and proper access control
Implement technical and organizational security measures
Assist controller with data subject rights
Notify controller without undue delay in case of data breaches
Delete or return personal data upon termination, unless retention is legally required

Sub-processors may include cloud and hosting providers operating within the EU or with valid safeguards.