Privacy statement
Welcome to our privacy page. At BioNTech, privacy means fair data processing and transparent communication.
This data privacy statement describes how we collect, use, store, disclose, and delete (together “process”) your personal data, when you visit our websites and use the functionalities on these websites (such as contact forms). We also inform you about your rights and how you can exercise them.
To make it easier for you to read our privacy statement, we segmented our data privacy statement into different parts. At first, we will give you general information on how we are processing personal data that applies for every processing we conduct. In the second part we will provide you information on the following processing situations:
- When you’re a visitor of one of our websites
- When you’re a healthcare professional
- When you’re an investor or interested party
- When you’re a job applicant
- When you are interacting with one of our social media accounts
You can read the general as well as the specific information by expanding the texts under the corresponding headings below. In certain processing scenarios, additional privacy statements are displayed that you should read. For example, there is a specific privacy statement for adverse event reporting, product quality complaints, and medical information requests.
If you have any questions regarding the processing of your personal data or if you wish to exercise your rights as a data subject, please don’t hesitate to contact our global data privacy officer or the global data privacy team.
They can be reached at:
BioNTech SE
Data Protection Officer
An der Goldgrube 12
55131 Mainz
Germany
E-Mail: data.privacy@biontech.de
When we process your data, we follow the EU General Data Protection Regulation (GDPR). If we rely on legal bases outside the GDPR for processing your data, like country specific data privacy legislation, we will inform you accordingly. We are allowed to process your data for the following overarching purposes:
Responding to your requests
Where you have given your consent (Art. 6 (1)(a) GDPR), we will process your data for the consented purpose (e.g., to respond to your questions via our web form).
Legal and compliance requirements
We will process your personal information to comply with legal obligations (Art. 6 (1)(c) GDPR), including the disclosure of information in connection with a legal process or litigation.
Enabling business activities and pursuing our legitimate interests
Always provided that your data protection rights are not overridden by our legitimate interests (Art. 6 (1)(f) GDPR), we will process your data for various reasons such as providing you with a convenient website experience.
Fulfilment of contract and pre-contractual inquiries
We will process your personal information if this is required for the fulfilment of a service contract or to conduct pre-contractual actions (Art. 6 (1)(b) GDPR).
Besides the above stated regulations, the national data privacy legislation of Germany applies. This particularly applies for the Federal Data Protection Law (BDSG) and the German Telecommunications-Telemedia Data Protection Act (TTDSG). We will specify the legal basis in the respective subsections below.
Your personal data will be deleted as soon as the purpose required for processing has been fulfilled. Different retention periods may apply due to legal requirements.
The retention periods differ depending on the type of personal data collected and the purpose of the processing. The German Commercial Code and the German Tax Code for example require the storage a certain information from 6 up to 10 years.
We will specify the retention period in the respective subsections.
We have appropriate technical and organizational measures in place to protect your privacy and personal information. This includes measures against data loss, falsification, and unauthorized access. We choose service providers accordingly. However, data disclosure on the internet is at your own risk. Please contact our global data privacy team, if you have reasons to believe that your data is no longer secure with us.
In general, your personal data is only processed inside of BioNTech and not shared with third parties. In some cases, it may be necessary to share your personal data with associated companies or service providers. In such cases we have concluded respective data processing agreements (Art. 28 GDPR) or joint controller agreements (Art. 26 GDPR) to ensure the lawfulness of the transfer and secure your personal data.
Eventually, your personal data may be transferred outside of the European Union and the European Economic Area (together “Europe”). If we conduct such a transfer, there is an adequate level of data privacy in place by ensuring at least one of the following:
- Adequacy Decision of the European Commission according to Art. 45 GDPR that there is an adequate level of data privacy in the target country of the transfer.
- The conclusion of so-called Standard Contractual Clauses (SCC) that have been approved by the EU Commission in accordance with Art. 46 GDPR.
- The presence of Binding Corporate Rules (BCR) which were approved by an EU based supervisory authority after Art 47 GDPR.
We would like to inform you that we may be legally obliged to disclose personal data to authorities under certain circumstances. Depending on the legal reason, it is prohibited to inform you about the disclosure.
If BioNTech processes personal data, you are a data subject as defined by the GDPR and have the following rights:
- Right of access:
You have the right to request information about to request information about whether we process personal data about you and to request a copy of the personal data we process. - Right to rectification:
You have the right to rectify personal data of which you think is inaccurate or incomplete. - Right to erasure:
You have the right to request us to delete your personal data in some cases. - Right to restrict processing:
You have the right to request us to restrict the processing of personal data in some cases. - Right to data portability:
You have the right to request us if we transfer personal data you provided to us to another organisation. This doesn’t apply in certain cases. - Right to withdrawal of consent:
When you have given us a consent to process your personal data you can withdraw your consent anytime without having to fear negative effects. However, the withdrawal does not affect the lawfulness of the processing carried out until the withdrawal. - Right to object to processing:
In the case that we are relying our processing of your personal data on our legitimate interest (Art. 6 (1)(f) GDPR) you have the right to object to the processing on grounds relating to your situation.
You also have the right not to be subject to automated decision making. When you wish to exercise these rights, please contact our global data privacy team.
If you think that the processing of your personal data violates the GDPR you furthermore have the right to lodge a complaint with a supervisory authority. You can lodge this complaint to the authority in the member state of your habitual residence, place of work or the place where an alleged incident occurred in your opinion.
You can refer to the list of supervisory authorities of the European Data Protection Board to find the contact information of the corresponding authority.
We maintain various websites including its subdomains on which processing of personal data takes place when you visit them. In this section we will give you Information about this processing of your personal data.
To protect your personal data when you visit our website, we’re using SSL/TLS encryption on all sub-pages to prevent manipulation, sniffing or similar unauthorised data processing especially on transit. You can recognize the encrypted connection at the lock symbol next to the address bar of your browser. In general, you can use our website without having to provide us with personal data, beyond such data necessary for technical operation of the website or data you provide us in forms or similar occasions.
This privacy policy is valid for the following websites and its subdomains:
- www.biontech.com
- investors.biontech.com
- jobs.biontech.de
- jobs.biontech.com
- pro.biontech.com
We (i.e., our web hosting provider) collect data on every access to the server (so-called server log files) your browser is providing to us.
No usage profiles are created in which these information and other personal data are linked.
Categories of personal data |
|
Purpose of the processing |
|
Legal basis |
|
Data subjects affected |
|
Recipients or categories of recipients |
|
Duration of processing or storage |
|
Use of cookies and third-party tools
We use cookies on our websites to ensure you have a convenient website experience. A cookie is a small piece of data (text file) that a website asks your browser to store on your device in order to remember information about you, such as your language preference or login information when you visit a website. Those cookies are set by us and are called first-party cookies. We also use third-party cookies for tracking the performance of our website or other marketing purposes. Please see our cookie statement for more information.
Plugins and embedded functions
We integrate third-party content and tools (hereafter third party content) to enhance the functionality of the website, improve user experience while visiting the website and to ensure the website security. Such third-party content can be graphics, videos, stock prices or maps.
Every time when you visit a site which includes third-party content at least your IP-address is sent to this particular third-party content provider as part of the content delivery of your browser. Some third-party content providers may also include so called web beacons (invisible graphics to allow tracking activities) or set cookies on your device depending on the functionality of the third-party content.
Categories of personal data |
|
Data subjects affected |
|
Recipients or categories of recipients |
|
Purpose of the Processing |
|
Legal basis |
|
More information on plugins and embedded functions can be found in our cookie statement.
Contact via contact form or e-mail
When using the contact form or contacting us via e-mail, personal data is processed. The data entered will be transmitted to BioNTech. This section does not apply to adverse event reports or product quality complaints or medical inquiries. This specific privacy statement can be found here.
Purpose of the processing |
|
Categories of personal data |
|
Legal basis |
|
Data subjects affected |
|
Recipients or categories of recipients |
|
Duration of processing or storage | Your personal data will be deleted as soon as the purpose of the communication has been fulfilled. Different retention periods may apply due to legal requirements. If the communication can be deemed a business correspondence, we are obliged by the German commercial code to retain the communication for at least 6 years. If the communication is tax related the German Tax Code requires us to retain the data for 10 years. |
Webshop
On our website "webshop.biontech.com " we offer a webshop. To enable you to access our webshop, we ask you to identify and verify your affiliation with a health profession.
Once you have verified that you belong to a health profession, we process your data based on your consent by voluntarily placing an order and sending your contact details. Please note that providing personal data is necessary for us to take action regarding an order for products or services you have purchased. For example, we share your address with shipping companies in order to send you a product you have ordered. Our order form clearly identifies which fields are required to complete the transaction. If you do not provide us with this information, we will not be able to complete the transaction.
Your data will remain in the European Union. It is stored and processed on servers within Europe. Since we are a global company, we involve our affiliates to assist us with hosting and administration. These subsidiaries process the data solely for the purposes set out in this privacy policy. We also share your personal data with service providers who use the data to provide services to us, such as shipping companies or hosting providers. In rare cases, we may share your personal data if we are required to do so by law or if it is necessary to respond to claims made against us or to comply with legal processes.
After the order has been fully processed, your transaction data (such as products ordered and number of products) will be stored for further data processing in the ordering system for two years and is then either anonymised or deleted. We store this data in order to analyse order histories and to be able to respond better to your queries about orders. We reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy statement, unless you have expressly objected to further use of your data.
For example, we use your transaction data to maintain our relationship with you or to analyse order histories of our customers at an aggregated level. Certain transaction data is also stored in your customer profile to provide you with personalised services. Deletion of your profile is possible at any time and can be done by sending a message to widerruf@biontech.de.
Newsletter subscription
On our website, we offer health professionals the opportunity to sign up for a newsletter to stay up to date on our mRNA vaccine COMIRNATY® and other products, receive event announcements and medical information.
In order to offer you the newsletter service, we use the Salesforce Marketing Cloud. Salesforce is a service provider, i.e., if you use the newsletter service, Salesforce supports us in providing the service. We have concluded a data processing agreement with Salesforce. As Salesforce is a globally active company based in the USA, it cannot be ruled out that personal data may also be processed in countries other than Germany.
We analyse the performance of our newsletters by individually measuring, storing and evaluating opening rates and click-through rates in recipient profiles for the purpose of designing future newsletters according to the interests of our readers.
Categories of personal data |
|
Purpose of the processing |
|
Legal basis |
|
Persons concerned |
|
Beneficiaries or categories of beneficiaries |
|
Duration of processing or storage | Your subscription to the newsletter together with your click and open rates will be stored until you unsubscribe. |
You can unsubscribe from the newsletter at any time by sending an email with your request to widerruf@biontech.de. If you are registered in our HCP portal (pro.biontech.com), you can also select your email preferences in your profile settings or unsubscribe from the newsletter. In any case, you will find your personal link to your settings in every newsletter e-mail from BioNTech.
Marketing Tool / Customer Management
We collect data about you in our customer management system that you have provided to us yourself or through secondary sources such as business directories. If we process data from you directly, this is based on your consent. When we collect data from secondary sources, it is based on our legitimate interest in knowing our audience and maintaining interactions. Generally, we collect your data to provide you with requested information or services, e.g. information on relevant products, services and/or promotions, answering questions about our products or services such as events, sending you newsletters or other marketing/promotional materials based on your choice and consent, or providing you with access to one of our portals or web shops. In order to provide you with information you have requested or may be interested in, we may customise the content you request based on the information we collect about you. We use your data such as name, address, email address, profession, field of expertise and contact history to provide you with a requested service according to your preferences.
Participation in surveys
When you participate in surveys from us, we process your personal data if you disclose it voluntarily. Your data will be processed on the basis of your consent pursuant to Art. 6 (1) (a) GDPR. Your consent is implied by your participation in the survey. The processing of your log files is also partly based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in ensuring the proper operation of the survey tool. Please refer to the relevant survey for the exact purpose of the data processing.
For the online survey we use the tool of the service provider Qualtrics (https://www.qualtrics.com/). A contract for data processing has been concluded with this service provider. The provider is therefore not authorised to access your data without explicit instructions from us, unless it is legally obliged to do so. In particular, it may neither read your data for its own purposes nor process it in any other way.
Within the BioNTech Group, only the employees responsible for carrying out the respective survey have access to your data.
We do not transfer or process your data to countries outside the EU.
Categories of personal data |
|
Purpose of the processing |
|
Legal basis |
|
Persons concerned |
|
Beneficiaries or categories of beneficiaries |
|
Duration of processing or storage | Your responses will be anonymised or deleted as soon as we have completed the evaluation. Unless there are reasons that justify longer storage (for example, if you have given your consent in accordance with Art. 6 (1) a GDPR). |
Registration and participation in events
Your personal data will be used by BioNTech for event management - to provide you with information about specific events or to ensure access to the event. We store your personal data confidentially and use it exclusively for this purpose, unless you have given us further consent to do so, or the processing of your data is necessary for our business relations. The legal basis for the use of your data is your consent (Art. 6 (1) (a) GDPR).
For the event management we use the tool of the service provider Cvent (https://www.cvent.com). A contract for data processing has been concluded with this service provider.
Categories of personal data |
|
Purpose of the processing |
|
Legal basis |
|
Persons concerned |
|
Beneficiaries or categories of beneficiaries |
|
| Data Protection Notice of the Minister | www.cvent.com/de/event-management-produkte/event-datenschutz-datensicherheit |
| Country of data processing | European Union |
| Duration of processing or storage | Your participation data will be anonymised or deleted as soon as the event and the associated documentation has ended, unless there are reasons that justify longer storage (for example, if you have given your consent in accordance with Art. 6 (1) (a) GDPR). |
If you are an investor or interested party, we may process your personal data in the following ways in addition to processing for website visits as described in the section “Processing of personal data when you’re visiting our website”.
Subscription to our investor relations newsletter
On our investor relations website we give interested parties the opportunity to sign-up for a newsletter to get alerts on certain topics.
To provide you with this service we are using the notified investor relations service from Intrado (former West Cooperation). Intrado is a US-based service provider, which means that when you are using the newsletter service your personal data will be transferred to a third country outside of the EU. To ensure an adequate level of data privacy we have concluded Standard Contractual Clauses with Intrado.
Purpose of the processing |
|
Categories of personal data |
|
Legal basis |
|
Data subjects affected | Interested parties (e.g., users, investors, potential applicants) |
Recipients or categories of recipients | LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland |
Country of possible recipients | A transfer into third countries like the USA cannot be ruled out. |
Duration of processing or storage | Your personal data will be deleted on our side as soon as the purpose required for processing has been fulfilled. Different retention periods may apply due to legal requirements. Comments under our posts are available until we delete the post you commented on. |
If you are a job applicant, we may process your personal data in the following ways in addition to processing for website visits as described in the section “Processing of personal data when you’re visiting our website”.
If you are applying for a job with us, you submit personal data directly to BioNTech through our job portal and follow-up communications and/or through alternative channels (e.g., via professional recruiting firms). In our job portal at jobs.biontech.de we offer you the opportunity to submit an online application for a job offer at BioNTech. When you want to apply for a job offer you have to provide personal data, as we need personal data to check eligibility for the vacancy and for the conduction of the application procedure.
By submitting your personal data to us, you acknowledge that you have read and understand the privacy notice applicable for job applicants and agree to the use of your personal data as set out herein. You are not required to provide any requested information to us, but your failure to do so may result in our not being able to continue your candidacy for the job for which you have applied. You confirm that all your representations are true and correct to the best of your knowledge and belief, and you have not knowingly omitted any related information of an adverse nature.
For the application process we use the Recruiting solution “SAP Success Factors” from SAP (Germany, EU, Andorra, Färöer Islands, Guernsey, der Isle of Man, Jersey, Switzerland, Great Britain: SAP SE, Dietmar-Hopp-Allee 16 in 69190 Walldorf, Deutschland; USA: SAP America Inc., 3809 West Chester Pike, Suite 200 in Newtown Square, PA 19073, USA). We have concluded a data processing agreement of personal data according to Art. 28 GDPR with SAP.
Purpose of the processing | Conducting the application process |
Categories of personal data | · Name, address data (e.g., address, ZIP Code) · Contact data (e.g., telephone number, email-address), · Application data (e.g., data from curriculum vitae or references) |
Legal basis | · § 26 (1) BDSG. Establishment of an employment relationship. · Art. 6 (1)(b) GDPR. If necessary, conduction of pre-contractual measures and the fulfilment of a contract. · Art. 6 (1)(a) GDPR. Consent regarding personal data you provide us voluntary beyond what is required for the application. |
Data subjects affected | · Applicants · Persons who are interested in working at BioNTech |
Recipients or categories of recipients | We only share your personal data with employees of BioNTech and subsidiaries who need the data to perform the recruitment process. In some cases, our recruitment and pre-employment screening activities are carried out for us by specialised service providers. We will share your personal data with their teams which require this data as part of their service. We will also share your personal data with local or overseas regulators or governments and law enforcement agencies where we are required to do so by law. These may be in or outside the country where you live. We will share your personal data with our service provider SAP. If you are based in Germany, EU, Andorra, Färöer Islands, Guernsey, der Isle of Man, Jersey, Switzerland, Great Britain: SAP SE, Dietmar-Hopp-Allee 16 in 69190 Walldorf, Deutschland If you are based in the USA: SAP America Inc., 3809 West Chester Pike, Suite 200 in Newtown Square, PA 19073, USA |
Privacy statement | |
Duration of processing or storage | In principle, the data is deleted as soon as it is no longer required for the selection of applicants. In the case of unsuccessful applications, your personal data will be deleted six months after the rejection decision unless longer storage is required due to legal disputes. |
In addition, we would like to point out that you can also change or request the deletion of your application data in the application system at any time. We will then delete or completely anonymise the application data immediately. For more information on your data subject rights based on the GDPR and our data protection officer, please refer to our general privacy statement of this website.
If you receive an offer from us, we may conduct a background check on you or instruct a third party to do so on our behalf. Background checks will only be done where permitted by the law applicable to the location where the position is located and to the extent necessary and proportionate to the role that you are being offered. A background check will involve the validation of your former employers, certificates, trainings, and other CV data to the extent permitted by law. The legal basis for background checks is our need to perform precontractual measures concerning the establishment of our employment relationship. In case a background check is performed by a service provider on our behalf, you may be contacted by this service provider to request authorization for the release of your information, and at that time you will be provided with further information about the processing of your personal information and categories of data it might involve. The service provider will only process your personal information as long as it is required for the background check and will delete your data after having sent us a final report of the check.
Contact via contact form or e-mail
When using the contact form or contacting us via e-mail for application purposes, personal data is processed. The data entered will be transmitted to BioNTech.
Purpose of the processing | Handling of the contact request |
Categories of personal data | · Contact information (e.g., first, or last name, e-mail address) · Message content · Document data (e.g., if you are attaching any additional documents such as a CV) |
Legal basis | · § 26 (1) BDSG. If the contact to us is in connection with the establishment of an employment relationship. · Art. 6 (1)(b) GDPR. If the contact to us is in connection with an existing contractual relation or in a pre-contractual setting · Art. 6 (1)(f) GDPR. Our legitimate interest consists in the proper processing of the contact. |
Data subjects affected | · Applicants · Persons who are interested in working at BioNTech |
Recipients or categories of recipients | · Hosting provider · Mail provider |
Duration of processing or storage | Your personal data will be deleted as soon as the purpose of the communication has been fulfilled. Different retention periods may apply due to legal requirements. If the communication can be deemed a business correspondence, we are obliged by the German commercial code to retain the communication for at least 6 years. If the communication is tax related the German Tax Code requires us to retain the data for 10 years. |
We maintain publicly accessible profiles on various social networks. As the operator of theses presences on the social media platforms we are processing personal data, for example if we are communicating with you via the platforms or posting content and you interact with this content. Furthermore, we can access personal data you have publicly available on your social media profile.
In the case you’re visiting one of our social media profiles your personal data is also processed by the social media platforms themselves. This applies even if you don’t have a profile on the certain social media platform. The specific data processing operations and their extent differ depending on the operator of the respective social media platform and we have no influence regarding this processing by the platforms. More information regarding the processing of personal data through the social media platform can be found in their respective privacy statement.
For the most social media platforms it cannot be ruled out that a processing personal data is also taking outside of the European Union/European Economic Area. This means that a transfer of personal data into third countries without an adequate level of data privacy is possible and that there are possible difficulties regarding the enforcement of the rights of the data subject.
We maintain profiles on the following social media platforms:
We use LinkedIn a platform of the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland to inform you about the latest developments and information about our company and products and to communicate with you and other interested parties. In addition, we are conducting recruiting activities to attract new employees and are marketing our products.
As mentioned above social media platforms like LinkedIn are conducting their own processing of your personal data on their own without any influence from our site.
Data Processing of BioNTech
We are processing your personal data in the following way when you are using LinkedIn:
Purpose of the processing | · Marketing · Communication with interested parties (e.g., users, investors, potential applicants) · Recruiting |
Categories of personal data | · Publicly available information from your profile (e.g., your name, current, employer) · Content data (e.g., if you comment our posts) · Probably meta/location data (e.g., if you include your location into a post on LinkedIn) |
Legal basis | · Art. 6 (1)(f) GDPR. Our legitimate interest to inform the public about our company in a business context and to communicate with parties who are interested in BioNTech. · Art. 6 (1)(a) GDPR. Consent regarding personal data you provide us voluntary. |
Data subjects affected | Interested parties (e.g., users, investors, potential applicants) |
Recipients or categories of recipients | LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland |
Country of possible recipients | A transfer into third countries like the USA cannot be ruled out. |
Duration of processing or storage | Your personal data will be deleted on our side as soon as the purpose required for processing has been fulfilled. Different retention periods may apply due to legal requirements. Comments under our posts are available until we delete the post you commented on. |
Regarding the above-described data processing LinkedIn is acting as our processor, and in some cases as a separate controller. We have concluded a data processing agreement in accordance with Art. 28 GDPR. This agreement can be found here: https://legal.linkedin.com/dpa. The data processing agreement has also incorporated the Standard Contractual Clauses to provide an adequate level of data privacy in case your personal data in transferred into a third country.
Data processing of LinkedIn
LinkedIn processes your personal data in different ways for different purposes. LinkedIn also uses cookies to track your activities on their website and other websites you visit. For more information regarding the processing conducted by LinkedIn please refer to their privacy statement: https://www.linkedin.com/legal/privacy-policy
LinkedIn offers you the possibility to Opt-out targeted advertising through the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
X / Twitter
We are using X a platform of the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland to inform you about the latest development and information about our company and products.
As mentioned above social media platforms like X are conducting their own processing of your personal data on their own without any influence from our side.
Data processing of BioNTech
We are processing your personal data in the following way when you are using Twitter:
Purpose of the processing | · Marketing · Communication with users (e.g., via direct message or interaction on our Twitter posts) |
Categories of personal data | · Publicly available information from your profile (e.g., your username, content of your bio) · Content data (e.g., if you comment on our posts) · Probably meta/location data (e.g., if you include your location into a post on Twitter) |
Legal basis | · Art. 6 (1)(f) GDPR. Our legitimate interest to inform the public about our company and to communicate with parties who are interested in BioNTech. · Art. 6 (1)(a) GDPR. Consent regarding personal data you provide us voluntary. |
Data subjects affected | · Users of Twitter · Unregistered users who visit our profile or tweets |
Recipients or categories of recipients | Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland |
Country of possible recipients | A transfer to third countries like the USA cannot be ruled out. |
Duration of processing or storage | Your personal data will be deleted as soon as the purpose required for processing has been fulfilled. Different retention periods may apply due to legal requirements. Comments under our posts are available until we delete the post you commented on. |
Regarding the above-described data processing Twitter is acting as our processor. We have concluded a data processing agreement with Twitter in accordance with Art. 28 GDPR. This agreement can be found here: https://privacy.twitter.com/en/for-our-partners/global-dpa The data processing agreement has also incorporated the Standard Contractual Clauses to provide an adequate level of data privacy in case your personal data in transferred into a third country.
Data processing of Twitter
Twitter processes your personal data in different ways for different purposes on various legal basis. This includes also tracking an analysing your usage of Twitter. For further information how Twitter is processing your personal data if you are using it, please refer to their privacy statement: https://twitter.com/en/privacy.
Twitter gives you a certain amount of control regarding their processing of personal data. For more information, see the following link: https://twitter.com/settings/account/personalization.
YouTube
We are using YouTube provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA to inform you about the latest development and information about our company and products.
As mentioned above social media platforms like YouTube are conducting their own processing of your personal data on their own without any influence from our side.
Data processing of BioNTech
We are processing your personal data in the following way when you are visiting our YouTube site:
Purpose of the processing | · Marketing · Interacting with users |
Categories of personal data | · Publicly available information from your profile (e.g., your username, content of your bio) · Content data (e.g., if you comment on our posts) |
Legal basis | · Art. 6 (1)(f) GDPR. Our legitimate interest to inform the public about our company and to communicate with parties who are interested in BioNTech. · Art. 6 (1)(a) GDPR. Consent regarding personal data you provide us voluntary. |
Data subjects affected | · Users of YouTube · Unregistered users who visit our profile |
Recipients or categories of recipients | · Google Inc. · Employees of BioNTech |
Country of possible recipients | A transfer to third countries like the USA cannot be ruled out. |
Duration of processing or storage | We do not store users’ personal data available on YouTube on our own databases, if it does not contain adverse event reports. If adverse event reports are published on YouTube by its users, we process this data according to our adverse event data privacy policy. |
Data processing of YouTube
YouTube processes your personal data in different ways for different purposes on various legal basis. This includes also tracking and analysing your usage of YouTube. For further information how YouTube is processing your personal data if you are using it, please refer to their privacy statement: https://policies.google.com/privacy?hl=de.
Linking to social media content
Within our website, we provide you with direct access to social media content (LinkedIn, X/Twitter, YouTube) through links. The offers that can be accessed under the integrated link originate from the respective companies (hereinafter referred to as "social media providers") and do not represent social plug-ins that automatically forward your personal data to the social media provider. Only when you use the link and click on one of the social media buttons is personal data transmitted to the respective social media provider. The transmission ensures that the respective social media provider is aware of your IP address. Without your IP address, the social media provider cannot send the content to your browser.
By transmitting your IP address, the respective social media provider may also be able to assign your personal data to your user account, in case you are currently logged in with this account. If you do not want the assignment to your user account with the respective provider, you can log out of your user account before using the social media button.
An automated forwarding of your personal data to the social media providers by visiting our website and without clicking on the respective button does not take place.
The legal basis for the processing of your personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. We integrate the content of social media providers into our site to provide you with useful information or to facilitate a process for you, without any further data processing.
We endeavour to use such content whose respective providers only use the IP address to deliver the content. Notably, we have no influence on the extent to which providers store the IP address for statistical purposes, for example.
The recipients of the personal data collected are the social media providers. We have no knowledge of the content and use of your personal data by them. Therefore, we cannot roll out that they process the collected data outside the European Union.
For more information, please visit the privacy statement of the social media providers:
LinkedIn: Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. You can find LinkedIn’s data privacy policy at:
https://www.linkedin.com/legal/privacy-policy
Twitter (X): Twitter International Company, 26 Fenian St, Dublin, D02 FX09, Ireland, a subsidiary of Twitter Inc, 1355 Market St #900, San Francisco, CA 94103, USA, You can find Twitter’s privacy policy at:
https://twitter.com/de/privacy
YouTube: provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. You can find Google's privacy policy at:
The BioNTech’s internet presence may be subject to change, which means that it may be necessary to amend the data privacy statement accordingly. BioNTech reserves the right to change this data privacy statement at any time.
This data privacy statement was last updated: March 2024
