BioNTech AG (and affiliates)
An der Goldgrube 12
Prof. Dr. Ugur Sahin, CEO
Sean Marett, COO
Dr. Sierk Poetting, CFO
HRB 41865, District court Mainz
Tax ref. no: DE 263 382 495
Protecting your privacy when we process your data is a matter of importance to BioNTech that is taken into consideration in all of our business processes. We’d therefore like to take this opportunity to explain to you the guidelines that we apply to the processing of personal data. The present declaration and any further information that may be pertinent to the processing and use of your personal data will be provided at any location on this site where we ask you to supply such data.
Scope of processing personal data
As a general rule, we only collect and utilize your personal data to the extent that is necessary for providing a functional website and our content and services. The collection and utilization of personal data generally only occurs with the user’s consent. Exceptions apply in cases where obtaining consent is impossible for factual reasons and where data processing is permitted by law.
Legal basis for processing personal data
To the extent we obtain the consent of the data subject for processing personal data, Art. 6 (1) (a), EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.
With regard to processing personal data that is required for the performance of a contract to which the data subject is party, Art. 6 (1) (b), GDPR serves as the legal basis. This also applies to processing steps that are necessary for carrying out pre-contractual measures.
To the extent processing personal data is required for compliance with legal obligations to which our company is subject, Art 6 (1) (c), GDPR serves as the legal basis.
In the event that the vital interests of the data subject or of another natural person require processing personal data, Art 6 (1) (d) GDPR serves as the legal basis.
If processing is required for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override such interests, Art. 6 (1) (f), GDPR serves as the legal basis for processing.
Data that we collect
You can use almost the entirety of BioNTech website without ever having to supply us with personal data. Only a fraction of the information and services located on our website require you to enter personal data in order to use them.
Whenever you use the BioNTech website, the BioNTech Internet server (web server) automatically records and evaluates technical access data. However, this data cannot be attributed to a specific person, which means that the individual user remains anonymous.
Compilation of technical access data
This technical access data includes, for example, the name of your internet service provider, the IP address, information about the internet browser and the operating system that are in use, the domain name of the website that acts as a platform for a visit to our own website, the average duration of a visit to our website, and the pages called from our website. This data is sent to our web server when individual internet pages are called by your internet browser.
The legal basis for the temporary storage of data is Art. 6(1) (f), GDPR. The temporary storage of data, including the IP address, by the system is necessary to allow for delivery of the website to the user’s computer. For this purpose, the IP address of the user and other data must remain saved for the duration of the session.
We use this technical access data to continually enhance the appeal, usability and contents of our website, and to detect any technical problems with the site.
The legal basis for processing personal data together with the use of technically necessary cookies is Art. 6(1)(f), GDPR.
We collect, process and utilize your personal data only if you provide us with it voluntarily.
This can occur in connection with a query, an opinion survey, a desire on your part to contact us, an order placed by you, etc.
We also require your personal data when you wish to make use of particular services (insofar as such services may be offered) on the BioNTech website such as the newsletter or forums. Should you decide to avail yourself of such a service, you will find for each service extensive information and pointers about the type, scope and utilization of the data that is required in order to use the service in question.
How we use your data
BioNTech collects, processes and utilizes all personal data stemming from your visit to the BioNTech website strictly in accordance with the applicable legal regulations.
We use this personal data only for the purposes specified in the present declaration (e.g., to process a query or in connection with the utilization of internet services). In addition, we will only gather, process or use personal data if we need to do so in order to protect the legitimate business interests of BioNTech.
BioNTech will not provide third parties with any personal data that you may have sent without first obtaining your express written permission.
You can withdraw the consent you gave to use your personal data at any time with future effect by sending an email to the email address provided in the Legal Notice or to the data protection officer.
We retain control over and take responsibility for the use of the personal data that you send to us. It is possible that some or all of this data is stored or processed in other countries (for example in the United States) that have different data protection laws from your country of residence. In this case, we will ensure that the company commissioned to process the data has taken appropriate steps to protect your personal data in accordance with the requirements applicable in your country of residence.
Information, changes and deletions with respect to your data
Pursuant to the applicable legal regulations, you are entitled to query us in writing at any time as to which (if any) of your personal data we are currently archiving. We will then send you a letter containing the information requested. Please address your inquiry to the data protection officer. You may also arrange with him to have changes made in your data or to have such data deleted.
Storing your data
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Furthermore, storage may occur if required by European or national laws in EU directives, laws or other regulations to which the controller is subject. Data will also be blocked or deleted if the storage period specified in one of the above-referenced standards expires unless there is a need for further storage of data for concluding a contract or for contract performance.
Protecting your data
Any data provided by you to BioNTech will be protected by suitable technical and organizational mechanisms against adventitious or intentional manipulation, loss or destruction, access by unauthorized persons, and against unauthorized disclosure to third parties. With this goal in mind, our security measures are continually monitored and enhanced in accordance with technological advances and organizational resources.
Use of social plugins
If you reach third-party internet offers through the use of links (including Twitter and LinkedIn), please note their privacy statements and statements regarding the processing of your personal data. The responsibility for this lies with the respective providers.
Use of Web Fonts
We do use external fonts on our website, so called Google Web Fonts. Google Fonts is a service of Google Inc. (“Google”). The integration of these web fonts is carried out through server calls, generally via a server of Google in the U.S. The information about which of our web pages you visited is hereby transferred to the server. Further, Google saves the IP address of the browser of the final device of the visitor of these web pages. For further information, please consult the data protection notice of Google which can be found here: www.google.com/fonts#AboutPlace:about and www.google.com/policies/privacy.
If BioNTech processes personal data, you are a data subject in the definition of the GDPR and have the following data subject rights in accordance with Art 12 ff, GDPR: Right to information, right to correction, right to restriction of processing, right to deletion, right to information, right to data portability, right of objection, and right to file a complaint with a supervisory authority.
The BioNTech data protection officer
Should you have any questions regarding the processing of your personal data or if you would like to address data subject rights, please do not hesitate to contact our data protection officer who will be also happy to help you if you need any further information or have any complaints or problems in connection with the security of your data.
Dr. Michael Kruse
An der Goldgrube 12
E-Mail: An der Goldgrube 12
BioNTech AG, latest update: May 25, 2018