Information security: Data protection and IT security at BEX
ISO-certified
Data centers in Germany
GDPR standards
Our understanding of information security
In today’s digital business world, information security is not just a technical issue, but a critical success factor for every company. At BEX, we understand the responsibility that comes with handling sensitive business data. That is why we have implemented comprehensive security measures that go far beyond the minimum legal requirements.
Information security combines the principles of IT security with those of data protection. Only when data is technically protected and it is ensured that it is processed carefully and appropriately is it secure both internally and externally.
BEX has decided to implement an information security management system in accordance with ISO 27001 – the globally recognized standard for information security. This certification is more than just a certificate on the wall: it represents our ongoing commitment to the highest security standards and is monitored by regular external audits.
Our holistic approach to security combines modern technologies with proven organizational processes. We not only take current threats into account, but also continuously develop our security measures to meet future challenges.
Certification in accordance with the international ISO 27001 standard for information security management systems confirms this:
- Systematic management of information security
- Continuous monitoring and improvement of security processes
- Regular external audits by an independent auditing body
- Risk-based approach for all security measures
Data protection & GDPR
- Full GDPR compliance
- Privacy by design principles
- Data minimization
- Supplier audits
- Regular data protection training
Technical security measures
- End-to-end encryption
- Multi-factor authentication
- Continuous security monitoring
- Regular penetration tests
- Secure development processes
Organizational measures
- Clear roles and responsibilities
- Regular security training
- Incident response processes
- Supplier security assessment
- Business continuity management
Great security even for small companies
As a subsidiary of AEB SE, we benefit from almost 50 years of experience in the field of business software and IT security. AEB is a leading provider of customs and logistics software and has been operating highly secure IT infrastructures for companies of all sizes and from a wide range of industries for decades.
This affiliation enables us to offer our customers an infrastructure that is normally reserved for large corporations. All our systems are operated in German data centers that meet the highest security and availability standards. We benefit from the AEB Group’s many years of expertise in handling critical business processes and sensitive company data that meet the highest standards.
Own data centers
All data is processed and stored exclusively in the AEB Group’s highly secure data centers.
This guarantees
- Compliance with German data protection laws
- No data transfer to third countries
- Physical security to the highest standards
- Redundant systems and backup strategies
Made in Germany
The data from the BEX applications is stored exclusively on servers in Germany. For quality reasons, we are constantly expanding the expertise of our own teams in support and development.
- Development and hosting
- hosting
- support
Quality through the highest standards
Detailed information on security measures, certifications and proof of compliance can be found in the AEB Trust Center.
Information security – more important than ever
The threat landscape for companies has changed dramatically in recent years. Cyber attacks are becoming increasingly sophisticated and targeted, while at the same time the complexity of data protection is constantly increasing. A single security incident can not only lead to considerable financial damage, but can also shake customer confidence in the long term.
Modern information security therefore goes far beyond mere protection against hackers. It encompasses a holistic management system that combines technical, organizational and legal aspects. Only through this comprehensive approach can we offer a transparent and reliable basis for the secure processing of your data.
Protection against cyber threats
In a digitalized world, company data are the most valuable resources. Professional IT security protects against data loss, ransomware and cyber attacks
Legal compliance
GDPR, IT Security Act and industry-specific regulations require appropriate security measures. Violations can lead to significant fines.
Create trust
Customers and partners trust companies that have a proven track record of handling sensitive data responsibly and have transparent security processes.
Downloads
Trust is created through transparency. That is why we provide our customers and interested parties with all relevant information on IT security and data protection. These documents are updated regularly and reflect the current status of our security measures.
Our documentation includes legally required documents such as the order processing contract as well as further information on our technical and organizational measures. This gives you a complete picture of our current level of protection at all times.
Data processing agreement (GDPR)
Contract for order processing within the meaning of the General Data Protection Regulation (GDPR) for the BEX software solutions.
Technical and organizational measures (TOMS)
In addition to the order processing contract, we describe in this document the technical and organizational measures (TOMS) that we take to ensure data security.
Subcontractor list
As a supplement to the order processing contract, you will always receive the current and complete list of providers who are in a subcontractor relationship within the meaning of the General Data Protection Regulation.
Deletion concept (only in german)
For the handling of personal data in the operation of BEX software solutions, we have summarized all information on retention obligations and guidelines in our deletion concept.
Certificate according to ISO27001
Confirmation of our certification in the information security management system.
Privacy policy
Here you will find detailed information on what data we collect and process via our websites and other communication channels.
FAQ
Why is a Data Processing Agreement (DPA) necessary?
Whenever a company has personal data processed by an external service provider, Article 28 of the GDPR mandates a Data Processing Agreement. When you use BEX, our systems process data of your employees, customers, or suppliers on your behalf.
BEX acts as the data processor, while your company remains the controller under the GDPR. Without a valid DPA, both parties are in violation of the GDPR.
Can we use our own DPA model contract?
We ask our customers to use the data processing agreement provided by BEX. Our DPA is closely linked to our internal procedures, technical and organizational measures (TOMs) and the infrastructure of the AEB Group. A complete transfer of all the described procedures and security measures to an external template would involve considerable effort on both sides – and entails the risk that important regulations would be adopted incompletely or misleadingly. If our standard contract does not fit completely, we recommend taking the next step.
Can the wording of the BEX-DPA be adapted for our company?
This is possible in justified exceptional cases. If individual provisions of our standard agreement are not suitable for your company, we will conclude a supplementary agreement on request that regulates the deviating points separately. This ensures the completeness and legal certainty of the overall agreement without having to renegotiate the entire contract. Please feel free to contact us directly.
Where is the application data stored? Is data transferred to third countries?
All data from BEX applications is stored and processed exclusively in Germany – in the highly secure data centers of AEB SE, our parent company. There is no transfer to third countries. The data centers meet the highest physical and technical security standards and have redundant systems and comprehensive backup strategies. Detailed information on the infrastructure can be found in the AEB Trust Center.
Who has access to my data?
Access to customer data is strictly regulated and limited to the necessary minimum (need-to-know principle). All employees with access to data are contractually bound to confidentiality and receive regular training on data protection and information security. Limited, logged access may be required as part of support – this is only done to solve technical problems and only with the customer’s knowledge.
What happens to the data on termination?
After termination of the contractual relationship, your data will be deleted in accordance with the contractual and legal requirements or – on request – will continue to be stored via read-only access. The respective retention obligations must be observed independently by the client.
Does BEX use sub-processors?
Yes. Like any modern software company, BEX uses selected sub-processors. An up-to-date list of all sub-processors is available for download in the Trust Center. Customers are notified of any changes in a timely manner so they can exercise their right to object in accordance with the GDPR.
What measures are taken against data center outage scenarios?
The AEB data centers on which BEX operates are designed with multiple redundancies. Automatic failover, two independent uninterruptible power supply systems, and a diesel generator providing at least 24 hours of emergency power ensure availability even during disruptions.
Customer data is regularly backed up and stored encrypted at a separate location (disk-to-disk backup + tape libraries). All data centers are ISO 27001-certified and located exclusively in Germany. Customers are kept transparently informed about the current system status and maintenance work via a public status page.
Do you have further questions about information security?
Contacting IT security and data protection
We will be happy to answer any questions you may have about data protection and IT security at BEX Components AG.