Data Privacy Policy

Responsible Body:

BioNTech AG (and affiliates)
An der Goldgrube 12
D-55131 Mainz
Germany

Tel.: +49-6131-9084-0
Fax: +496131-9084-390
E-Mail: info@biontech.de
Website: www.biontech.de

Represented by:

Managing Directors
Prof. Dr. Ugur Sahin, CEO
Sean Marett, CBO & CCO
Dr. Sierk Poetting, CFO & COO

Commercial Register:
HRB 41865, District court Mainz
Tax ref. no: DE 263 382 495

Protecting your privacy when we process your data is a matter of importance to BioNTech that is taken into consideration in all of our business processes. We’d therefore like to take this opportunity to explain to you the guidelines that we apply to the processing of personal data. The present declaration and any further information that may be pertinent to the processing and use of your personal data will be provided at any location on this site where we ask you to supply such data.

Scope of processing personal data

As a general rule, we only collect and utilize your personal data to the extent that is necessary for providing a functional website and our content and services. The collection and utilization of personal data generally only occurs with the user’s consent. Exceptions apply in cases where obtaining consent is impossible for factual reasons and where data processing is permitted by law.

Legal basis for processing personal data

To the extent we obtain the consent of the data subject for processing personal data, Art. 6 (1) (a), EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.

With regard to processing personal data that is required for the performance of a contract to which the data subject is party, Art. 6 (1) (b), GDPR serves as the legal basis. This also applies to processing steps that are necessary for carrying out pre-contractual measures.

To the extent processing personal data is required for compliance with legal obligations to which our company is subject, Art 6 (1) (c), GDPR serves as the legal basis.

In the event that the vital interests of the data subject or of another natural person require processing personal data, Art 6 (1) (d) GDPR serves as the legal basis.

If processing is required for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override such interests, Art. 6 (1) (f), GDPR serves as the legal basis for processing.

Data that we collect

You can use almost the entirety of BioNTech website without ever having to supply us with personal data. Only a fraction of the information and services located on our website require you to enter personal data in order to use them.
Whenever you use the BioNTech website, the BioNTech Internet server (web server) automatically records and evaluates technical access data. However, this data cannot be attributed to a specific person, which means that the individual user remains anonymous.

Compilation of technical access data

This technical access data includes, for example, the name of your internet service provider, the IP address, information about the internet browser and the operating system that are in use, the domain name of the website that acts as a platform for a visit to our own website, the average duration of a visit to our website, and the pages called from our website. This data is sent to our web server when individual internet pages are called by your internet browser.
The legal basis for the temporary storage of data is Art. 6(1) (f), GDPR. The temporary storage of data, including the IP address, by the system is necessary to allow for delivery of the website to the user’s computer. For this purpose, the IP address of the user and other data must remain saved for the duration of the session.

Cookies

We also add cookies to some areas of our website. Cookies are small data elements that an internet server can send to your computer, thereby allowing it to be identified during your visit to our website and making it easier for you to use our website. Cookies do not cause any damage on your computer and do not contain viruses. We don’t use cookies to gather personal data. You can set your internet browser to tell you whether cookies are being accepted or refused. For more information on cookies, consult the help files in your internet browser. Deactivating cookies may limit this website’s functionality.
We use this technical access data to continually enhance the appeal, usability and contents of our website, and to detect any technical problems with the site.
The legal basis for processing personal data together with the use of technically necessary cookies is Art. 6(1)(f), GDPR.

Personal data

We collect, process and utilize your personal data only if you provide us with it voluntarily.
This can occur in connection with a query, an opinion survey, a desire on your part to contact us, an order placed by you, etc.
We also require your personal data when you wish to make use of particular services (insofar as such services may be offered) on the BioNTech website such as the newsletter or forums. Should you decide to avail yourself of such a service, you will find for each service extensive information and pointers about the type, scope and utilization of the data that is required in order to use the service in question.

How we use your data

BioNTech collects, processes and utilizes all personal data stemming from your visit to the BioNTech website strictly in accordance with the applicable legal regulations.
We use this personal data only for the purposes specified in the present declaration (e.g., to process a query or in connection with the utilization of internet services). In addition, we will only gather, process or use personal data if we need to do so in order to protect the legitimate business interests of BioNTech.
BioNTech will not provide third parties with any personal data that you may have sent without first obtaining your express written permission.

You can withdraw the consent you gave to use your personal data at any time with future effect by sending an email to the email address provided in the Legal Notice or to the data protection officer.
We retain control over and take responsibility for the use of the personal data that you send to us. It is possible that some or all of this data is stored or processed in other countries (for example in the United States) that have different data protection laws from your country of residence. In this case, we will ensure that the company commissioned to process the data has taken appropriate steps to protect your personal data in accordance with the requirements applicable in your country of residence.

Information, changes and deletions with respect to your data

Pursuant to the applicable legal regulations, you are entitled to query us in writing at any time as to which (if any) of your personal data we are currently archiving. We will then send you a letter containing the information requested. Please address your inquiry to the data protection officer. You may also arrange with him to have changes made in your data or to have such data deleted.

Storing your data

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Furthermore, storage may occur if required by European or national laws in EU directives, laws or other regulations to which the controller is subject. Data will also be blocked or deleted if the storage period specified in one of the above-referenced standards expires unless there is a need for further storage of data for concluding a contract or for contract performance.

Protecting your data

Any data provided by you to BioNTech will be protected by suitable technical and organizational mechanisms against adventitious or intentional manipulation, loss or destruction, access by unauthorized persons, and against unauthorized disclosure to third parties. With this goal in mind, our security measures are continually monitored and enhanced in accordance with technological advances and organizational resources.

Use of social plugins

If you reach third-party internet offers through the use of links (including Twitter and LinkedIn), please note their privacy statements and statements regarding the processing of your personal data. The responsibility for this lies with the respective providers.

Use of Web Fonts

We do use external fonts on our website, so called Google Web Fonts. Google Fonts is a service of Google Inc. (“Google”). The integration of these web fonts is carried out through server calls, generally via a server of Google in the U.S. The information about which of our web pages you visited is hereby transferred to the server. Further, Google saves the IP address of the browser of the final device of the visitor of these web pages. For further information, please consult the data protection notice of Google which can be found here: www.google.com/fonts#AboutPlace:about and www.google.com/policies/privacy.

Your rights

If BioNTech processes personal data, you are a data subject in the definition of the GDPR and have the following data subject rights in accordance with Art 12 ff, GDPR: Right to information, right to correction, right to restriction of processing, right to deletion, right to information, right to data portability, right of objection, and right to file a complaint with a supervisory authority.

The BioNTech data protection officer

Should you have any questions regarding the processing of your personal data or if you would like to address data subject rights, please do not hesitate to contact our data protection officer who will be also happy to help you if you need any further information or have any complaints or problems in connection with the security of your data.

Dr. Michael Kruse
An der Goldgrube 12
D-55131 Mainz
Germany

Tel.: +49-6131-9084-1030
E-Mail: data.privacy@biontech.de
An der Goldgrube 12
D-55131 Mainz

Please consider also our data protection guidelines for unsolicited job applications via our websites.

BioNTech AG, latest update: May 25, 2018