BioNTech SE (and affiliates)
An der Goldgrube 12
Prof. Dr. Ugur Sahin, CEO
Sean Marett, CBO & CCO
Dr. Sierk Poetting, CFO & COO
PD Dr. Özlem Türeci, CMO
HRB 41865, District court Mainz
Tax ref. no: DE 263 382 495
Protecting your privacy when we process your data is a matter of importance to BioNTech that is taken into consideration in all of our business processes. We’d therefore like to take this opportunity to explain to you the guidelines that we apply to the processing of personal data. The present declaration and any further information that may be pertinent to the processing and use of your personal data will be provided at any location on this site where we ask you to supply such data.
Scope of processing personal data
As a general rule, we only collect and utilize your personal data to the extent that is necessary for providing a functional website and our content and services. The collection and utilization of personal data generally only occurs with the user’s consent. Exceptions apply in cases where obtaining consent is impossible for factual reasons and where data processing is permitted by law.
Legal basis and purposes for processing personal data
BioNTech processes all personal data stemming from your visit to the BioNTech website strictly in accordance with the applicable legal regulations. We use this personal data only for the purposes specified in the present declaration (e.g., to process a query or in connection with the utilization of internet services). In addition, we will only process personal data if we need to do so in order to protect the legitimate business interests of BioNTech.
The legitimate interests of BioNTech include advising the public of the activities and goals of our company. In conjunction with running our website, we are processing personal data of website visitors to a minor degree. Provided the interests, fundamental rights and freedoms of these data subject do not override our interests, Art. 6 (1) (f), GDPR serves as the legal basis for processing.
In cases where we are obtaining the consent of the data subject for processing personal data, Art. 6 (1) (a), EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.
With regard to processing personal data that is required for the performance of a contract to which the data subject is party, Art. 6 (1) (b), GDPR serves as the legal basis. This also applies to processing steps that are necessary for carrying out pre-contractual measures.
If processing personal data is required for compliance with legal obligations to which our company is subject, Art 6 (1) (c), GDPR serves as the legal basis.
In the event that the vital interests of the data subject or of another natural person require processing personal data, Art 6 (1) (d) GDPR serves as the legal basis.
Data that we collect
You can use almost the entirety of BioNTech website without ever having to supply us with personal data. Only a fraction of the information and services located on our website require you to enter personal data in order to use them.
We process your personal data only if you provide us with it voluntarily. This can occur in connection with a query, an opinion survey, a desire on your part to contact us, an order placed by you, etc. We also require your personal data when you wish to make use of particular services (insofar as such services may be offered) on the BioNTech website such as the newsletter or forums. Should you decide to avail yourself of such a service, you will find for each service extensive information and pointers about the type, scope and utilization of the data that is required in order to use the service in question.
When visiting our website, we compile technical access data. Such technical access data include, for example, the name of your internet service provider, the IP address, information about the internet browser and the operating system, the domain name of the website that acts as a platform for a visit to our own website, the average duration of a visit to our website, and the pages called from our website. This data will be sent to our web server when your internet browser calls individual internet pages. The legal basis for the temporary storage of data is Art. 6(1) (f), GDPR. The temporary storage of data, including the IP address, by the system is necessary to allow for delivery of the website to the user’s computer. For this purpose, the IP address of the user and other data must remain saved for the duration of the session.
We also add cookies to some areas of our website. Cookies are small data elements that an internet server can send to your computer, thereby allowing it to be identified during your visit to our website and making it easier for you to use our website. Cookies allow a site or services to know if your computer or device has visited it before. These technologies can then be used to help us understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your experience in using our services. Cookies do not cause any damage on your computer and do not contain viruses.
Generally, two types of cookies exist: a) cookies which are required for the proper use of the website. The legal basis for processing personal data together with the use of technically necessary cookies is Art. 6 (1) (f) GDPR; and b) cookies which are not required for the usage of the website and which are therefore optional. The legal bases for the usage of these cookies is a prior consent of the data subject.
You can set your internet browser to tell you whether cookies are being accepted or refused. For more information on cookies, consult the help files in your internet browser. Please note that deactivating cookies may limit this website’s functionality.
The length of time a cookie will stay on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your computer or mobile device until they expire or are deleted.
Further recipients of your personal data
In order to run this website properly, BioNTech may share technical access data including personal data with other companies on a need to know basis in accordance with applicable data protection laws, for example for technical reasons or temporary data storage, provided a legal basis for such data processing exists. Examples for such companies are providers of cloud storage solutions or companies providing technical assistance for Websites. Furthermore, BioNTech collaborates with admedicum® Business for Patients GmbH & Co KG, a Cologne-based company focused on patient-engagement. If you contact us in terms of patient matters, e.g. by sending an e-mail to email@example.com or firstname.lastname@example.org, or by calling us by phone via +49 6131 9084 1919, your request including will be forwarded to admedicum® Business for Patients GmbH & Co KG, Industriestraße 171, 50999 Köln.
In all such cases, BioNTech will ensure that the company commissioned to process the data has taken appropriate steps to protect your personal data.
Withdrawal of consent
In cases where we are obtaining the consent of the data subject for processing personal data in accordance with Art. 6 (1) (a) GDPR, you can withdraw the consent you gave to use your personal data at any time with future effect by sending an email to the email address provided in the Legal Notice or to the data protection officer.
Transfer of personal data to a third country
We retain control over and take responsibility for the use of the personal data that you send to us. It is possible that some or all of this data is stored or processed in other countries (for example in the United States) that have different data protection laws from your country of residence. In such case, we will ensure that the company commissioned to process the data has taken appropriate steps to protect your personal data in accordance with the requirements applicable in your country of residence. Usually, we will make use of standard contractual clauses (SSC) which are one of several mechanisms approved by the European Commission to ensure adequate safeguards for personal data transferred from the EU to countries that the European Commission has not found to offer adequate protection for personal data. Standard contractual clauses contain obligations for both data controllers wishing to transfer personal data to counties outside the EU/EEA and data controllers or data processors who receive such data. The clauses also regulate other matters concerning the transfer, for example the data subjects' rights and how disputes arising from the contract are to be settled.
Storing your data
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Furthermore, storage may occur if required by European or national laws in EU directives, laws or other regulations to which the controller is subject. Data will also be blocked or deleted if the storage period specified in one of the above-referenced standards expires unless there is a need for further storage of data for concluding a contract or for contract performance.
Protecting your data
Any data provided by you to BioNTech will be protected by suitable technical and organizational mechanisms against adventitious or intentional manipulation, loss or destruction, access by unauthorized persons, and against unauthorized disclosure to third parties. With this goal in mind, our security measures are continually monitored and enhanced in accordance with technological advances and organizational resources.
Use of social plugins
If you reach third-party internet offers through the use of links (including Twitter and LinkedIn), please note their privacy statements and statements regarding the processing of your personal data. The responsibility for this lies with the respective providers.
Use of Web Fonts
We do use external fonts on our website, which we have licensed from the Typotheque Type Foundry, in particular, the Neutral L+ (complete). Through the integration of these web fonts Typotheque Type Foundry collects browser requests data that is necessary to serve webfonts. This log file is processed within one hour for the purposes of Typeotheque Type Foundry’s internal statistics concerning the number of page views used per webfont licence. The log file is deleted immediately after processing. The Company neither collects nor stores any information about the client of the webfont, nor about website visitors. For further information, please consult the data protection notice of Typotheque Type Foundry which can be found here: https://www.typotheque.com/ordering/privacy
If BioNTech processes personal data, you are a data subject in the definition of the GDPR and have the following data subject rights in accordance with Art 12 ff, GDPR: Right to information, right to correction, right to restriction of processing, right to deletion, right to information, right to data portability, right of objection, right to file a complaint with a supervisory authority. Further rights are the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR), and the right to object (Art. 21 GDPR).
Pursuant to the GDPR and other applicable legal regulations, you are entitled to query us in writing at any time. We will then provide you with the relevant information. Please address your inquiry to the data protection officer. You may also arrange with him to have rectifications made in your data or to have such data deleted.
The BioNTech data protection officer
Should you have any questions regarding the processing of your personal data or if you would like to address data subject rights, please do not hesitate to contact our data protection officer who will be also happy to help you if you need any further information or have any complaints or problems in connection with the security of your data.
Dr. Michael Kruse
An der Goldgrube 12
An der Goldgrube 12
Please consider also our data protection guidelines for unsolicited job applications via our websites.
BioNTech SE, latest update: May 25, 2018