We take the protection of your private data very seriously throughout the entire application process and would like you to feel comfortable visiting our website. In the following, we explain what information we collect during your application process and how it is used.
Responsible body for data processing
BioNTech AG (and subsidiaries)
An der Goldgrube 12
Tel.: +49 6131 9084 0
Fax: +49 6131 9084 390
Data Protection Officer of the Responsible Body
Dr. Michael Kruse
An der Goldgrube 12
Tel.: +49 6131 9084 1030
Our principles/legal basis for the processing of personal data
We process data that is collected when you visit our site exclusively in accordance with the
data protection regulations of the Federal Republic of Germany (BDSG) and the European General Data Protection Regulation (GDPR).
Insofar as we obtain consent from the person concerned for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the person concerned is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that the vital interests of the person concerned or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.
Data deletion and storage
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been established by the European or national legislator in EU regulations, laws or other provisions to which the person concerned is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Collection and processing of personal data when visiting our website
We process personal data of our users as far as this is necessary for the provision of a functional website as well as our contents and services. You can use the information about our company on our website anonymously without disclosing your personal data. However, when you access our pages, some data is automatically stored for backup purposes; this includes your IP address, the name of your Internet service provider and the individual websites visited by us. This collected data can be evaluated for statistical purposes; however, this information is not used for personal reasons. If the data is passed on to external service providers in an anonymized form, technical and organizational measures are in place to ensure that the data protection regulations are observed. In addition, we collect and store personal information only if this is provided to us voluntarily, e.g., through inquiries to the email addresses specified by us.
Use and disclosure of personal data in the context of online applications
As part of the application process via our website, you provide the BioNTech Group with personal data electronically. All data relevant to the application process is recorded and processed on the basis of the consent we have received from you. This includes your first name and last name, contact details, date of birth, information about your career and certificates. In addition to processing your data as part of the application process, your data may be stored for backup purposes or evaluated for statistical purposes. However, this evaluation is made anonymous.
When using our online application portal, we use the personal data provided by you in compliance with the provisions of the German Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR) exclusively for the purpose of fulfilling your wishes and requirements, i.e. for processing your application. We will only store your data for as long as is necessary for the purposes you have requested. Your personal data will only be passed on or otherwise transmitted to persons involved in the process as part of the application process. Your personal data will not be passed on to third parties unless you have given your consent or an official order to do so.
Sharing your application documents, possible applications within the BioNTech Group
If we can foresee you working within the BioNTech Group, we would like to forward your application to other BioNTech companies so that we can check your job opportunities for suitable positions for you. In this case, your application can be viewed by all persons involved in the application process. If you agree that we may forward your application for the purpose of a group-wide application and job filling process within the above framework, please confirm this in our online application form under "Other".
Once your data has been entered and transmitted, it is transferred directly via an encrypted connection to the server of our external service provider. All data is encrypted on the basis of the SSL procedure. Your data will be hosted for order processing at a provider in Germany. Both BioNTech and the provider use technical and organizational security measures to protect your collected data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Should you wish to contact us by email outside the applicant management system, we would like to highlight that the confidentiality of the information transmitted is not guaranteed, as the content of emails can be viewed by third parties as a result of the system.
Your rights in the processing of personal data
If personal data about you is processed, you are affected in terms of the GDPR and have the following rights against the person responsible:
1. Right to information
Upon request, we will be happy to inform you, in accordance with applicable law, whether and which personal data about you is stored and processed by us.
If such processing has taken place, you can request the following information from the person responsible:
- The purposes for which the personal data is processed
- The categories of personal data processed
- The recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed
- The planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period
- The existence of a right to have the personal data concerning you corrected or deleted, a right to have processing restricted by the person responsible or a right to object to such processing
- The existence of a right of appeal to a supervisory authority
- All available information on the origin of the data if the personal data is not collected from the person concerned
- The existence of an automated decision-making process including profiling in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned.
2. Right to correction
You have a right to correction and/or completion vis à vis the person responsible if the personal data processed concerning you is incorrect or incomplete. The person responsible shall make the correction without delay.
3. Right to limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
- if the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- if the person responsible no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims; or
- if you object to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right to deletion
You may request the person responsible to delete the personal data concerning you without delay, and the person responsible is obliged to delete this data without delay if one of the following reasons applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR is based, and there is no other legal basis for processing.
- You submit an objection to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you submit an objection to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you has been processed unlawfully.
- The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
- The personal data concerning you has been collected in relation to services provided by the Information Society in accordance with Art. (8) (1) GDPR.
- to exercise the right to freedom of expression and information;
- for the performance of a legal obligation required for the processing under the law of the Union or the Member States to which the person responsible is subject or for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible;
- on the grounds of public interest in terms of public health in accordance with Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes according to Art. 89 (1) GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously impair the attainment of the objectives of such processing; or
- to assert, exercise or defend legal claims
5. Right to information
If you have exercised your right to have the person responsible correct or delete the data or restrict the processing, he/she is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of such recipients by the person responsible.
6. Right to data transferabilityYou have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person responsible without obstruction by the person responsible to whom the personal data was provided, provided that
- the processing is based on a consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract according to Art. 6 (1) (b) GDPR; and
- the processing is carried out using automated methods.
The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible.
7. Right to objectionYou have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which may be processed in accordance with Art. 6 (1) (e) or (f) GDPR.
The person responsible will then no longer process the personal data concerning you, unless he/she can evidence compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You have the opportunity to exercise your right to objection in connection with the use of the services of the Information Society, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
8. Right to revoke the data protection declaration of consentYou have the right to revoke your data protection declaration of consent at any time. The revocation can be made in writing (letter, email or fax) to the BioNTech Group.
Address: BioNTech AG, An der Goldgrube 12, 55131 Mainz, Germany
Fax: +49 6131 9084 390
You thus revoke further processing of your personal data. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
9. Automated decision in individual cases including profilingYou have the right not to be subject to a decision based exclusively on automated processing, including profiling, that has a legal effect on you or significantly impairs you in a similar manner. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the person responsible;
- is admissible by legislation of the Union or of the Member States to which the person responsible is subject, and this legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
- has been made with your express consent.
In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to request the intervention of a person on the part of the person responsible to state his or her own position and to challenge the decision.
10. Right to appeal to a supervisory authorityWithout prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State where you reside or work or where the alleged infringement took place, if you believe that the processing of personal data concerning you is contrary to the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
Confirmation of consent
We have informed you that the use of our portal is voluntary. By using the BioNTech Group's online application portal, you consent to the processing and transfer of your data exclusively for the application process and declare that your information is true.
Last updated: 24 May 2018