Data Privacy Statement

Protecting your privacy when we process your data is important and taken into consideration in all of our business processes. We’d therefore like to explain to you the guidelines that we apply to the processing of personal data. This statement and any further information that may be pertinent to the processing and use of your personal data will be provided at any location on this site, where we ask you to provide such data.

Please consider also our protection guidelines for unsolicited job applications via our websites.

As a general rule, we collect and utilize your personal data only to the extent necessary for providing a functional website and our content and services. The collection and utilization of personal data generally only occurs with the user’s consent. Exceptions apply in cases where obtaining consent is impossible for factual reasons and where data processing is permitted by law.

BioNTech processes all personal data stemming from your visit to the BioNTech website strictly in accordance with the applicable laws. We use this personal data only for the purposes specified in this declaration (e.g., to process a query or in connection with the utilization of internet services). In addition, we will only process personal data if we need to do so in order to protect the legitimate business interests of BioNTech.

In accordance with Art 13 GDPR we inform you about the legal basis for our data processing.

• Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Para. 1 lit. a) GDPR serves as the legal basis.
• When processing personal data that is required to fulfill a contract to which the data subject is a party, Art. 6 Para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
• Insofar as the processing of personal data is required to fulfill a legal obligation to which we are subject to, Art. 6 Para. 1 lit. c) GDPR serves as the legal basis.
• In the event that the vital interests of the data subject or of another natural person require processing personal data, Art 6 (1) (d) GDPR serves as the legal basis.
• The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit. f) GDPR.
• The legal basis for processing personal data using technically necessary cookies is Art. 6 Para. 1 lit. f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 Para. 1 lit. f) GDPR
• If processing is necessary to safeguard a legitimate interest of us or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. f) GDPR as the legal basis for processing.

You can use almost the entire website of BioNTech without ever having to provide us with personal data, beyond such data necessary for the sole technical operation of the website.

During any visit of our website, we compile technical access data. Such technical access data include, for example, the name of your internet service provider, the IP address, information about the internet browser and the operating system, the domain name of the website that acts as a platform for a visit to our own website, the average duration of a visit to our website, and the pages called from our website. This data will be sent to our web server when your internet browser calls individual internet pages. The legal basis for the temporary storage of data is Art. 6(1) (f) GDPR. The temporary storage of data, including the IP address, by the system is necessary to allow for delivery of the website to the user’s computer. For this purpose, the IP address of the user and other data must remain saved for the duration of the session.

In addition, we process your personal data that you provide to us voluntarily. This can occur in connection with a query, an opinion survey, a desire on your part to contact us, an order placed by you, etc. We also require your personal data when you wish to make use of particular services on the BioNTech website such as the newsletter or closed user forums. Should you decide to avail yourself of such a service, you will find for each service extensive information and pointers about the type, scope and utilization of the data that is required in order to use the service in question.

The aforementioned data will be deleted as soon as they are no longer required, but no later than 3 months after the last time the respective service was accessed on our website.

With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

We use the so-called double opt-in procedure to register for our newsletter if we are not in personal contact with you. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we save the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible abuse of your personal data.

The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used in order to be able to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 (1) (a) GDPR.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email, by email to service@biontech.de or by sending a message to the contact details given in the imprint.

We process the data you have entered in our contact forms and which you have entered in the input mask of the contact form. The legal basis for the processing of personal data is Art. 6 (1) (a) GDPR.

We will only use the data recorded via our contact form or via our contact forms to process the specific contact request received via the contact form. Please note that we may also be able to send you e-mails to the address provided to fulfill your contact request. The purpose of this is so that you can receive confirmation from us that your request has been correctly forwarded to us. Sending this confirmation e-mail is not mandatory for us and is for your information only.

The use of the contact forms is on a voluntary basis and is neither contractually nor legally required. You are not obliged to contact us via the contact form, but can also use the other contact options listed on our website. If you would like to use our contact form, you must fill out the fields marked as mandatory. If you do not fill in the necessary information on the contact form, you will either not be able to send the request or we will unfortunately not be able to process your request.

After your request has been processed, the data collected will be deleted immediately, provided there are no statutory retention periods.

The revocation and deletion options are based on the general provisions on the right of revocation and deletion under data protection law described below in this data protection declaration.

We also add cookies to some areas of our website. Cookies are small data elements that an internet server can send to your computer, thereby allowing it to be identified during your visit to our website and making it easier for you to use our website. Cookies allow a site or services to know if your computer or device has visited it before. These technologies can then be used to help us understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your experience in using our services. Cookies do not cause any damage on your computer and do not contain viruses.

Generally, two types of cookies exist: a) cookies which are required for the proper use of the website. The legal basis for processing personal data together with the use of technically necessary cookies is Art. 6 (1) (f) GDPR; and b) cookies which are not required for the usage of the website and which are therefore optional. The legal bases for the usage of these cookies is a prior consent of the data subject, Art 6 (1) (a) GDPR.

Generally, in the case of cookies that are collected on the basis of a legitimate interest, our legitimate interest is to ensure the functionality of our website and the services included on it (technically necessary cookies). In addition, it may be that the cookies increase their user-friendliness and allow a more individualized approach. Here we have weighed up your interests against our interests.

Based on the cookie technology, we can identify, analyze and track individual website visitors only if the website visitor has consented to the use of the cookie pursuant to Art. 6 (1) (a) DSGVO.

You can set your internet browser to tell you whether cookies are being accepted or refused. For more information on cookies, consult the help files in your internet browser. Please note that deactivating cookies may limit this website’s functionality.

Cookies are set by our website or the external web services to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent. Cookie technology also allows us to recognize individual visitors by pseudonyms, such as a unique or random IDs, so that we can provide more customized services. Details are listed in the following table.

The length of time a cookie will stay on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your computer or mobile device until they expire or are deleted.

In order to run this website properly, BioNTech may share technical access data including personal data with other companies on a need to know basis in accordance with applicable data protection laws, for example for technical reasons or temporary data storage, provided a legal basis for such data processing exists.

Examples for such companies are providers of cloud storage solutions or companies providing technical assistance for Websites. Furthermore, BioNTech collaborates with admedicum® Business for Patients GmbH & Co KG, a Cologne-based company focused on patient-engagement. If you contact us in terms of patient matters, e.g. by sending an e-mail to patientenanfragen@biontech.de or patients@biontech.de, or by calling us by phone via +49 6131 9084 1919, your request including will be forwarded to admedicum® Business for Patients GmbH & Co KG, Industriestraße 171, 50999 Köln.

We also collect personal data to answer your questions by means of an Artificial Intelligence (AI)-based Chatbot technology provided by Cognigy GmbH, Duesseldorf. In case the Chatbot cannot answer your inquiry sufficiently, we will send the data you have entered for further analysis to Ströer Dialog Group GmbH (AVEDO), Leipzig, and HCL Technologies Germany GmbH (C3i), Frankfurt, and return information matching your inquiry to you.Data resulting from the dialogue with the AI-based Chatbot as well as data resulting from the dialog with us over our webforms, email, letter, phone or fax will be stored at CRM solution of Zendesk Inc. and specifically for phone conversations also in our telephony solution of Talkdesk Inc. When using the chatbot, there is the option to use a service and information channel based on the instant message service "WhatsApp" from Facebook Inc. By using this service, the user consents to the transfer of their personal data to WhatsApp/Facebook at their own risk and to processing and use by Facebook. For information on WhatsApp's data processing practices, please refer to the data protection policy at https://www.whatsapp.com/legal/privacy-policy.

"Access to an online survey platform “LamaPoll” provided by Lamano GmbH & Co. KG, Prenzlauer Allee 36 G, 10405 Berlin is still available on our website. You can provide feedback of various types, including on the newsletter/mailouts, on our printed materials and on our websites including the online shop. For security reasons (for example to identify, impede and block DDoS attacks and bots), the participant’s IP address is communicated as part of the survey, and is deleted after two weeks. Further information on the handling of personal data in connection with LamaPoll is available on https://www.lamapoll.de/Support/Datenschutz. All data analysis is carried out in anonymized form exclusively for the above-mentioned purpose of customer feedback, so BioNTech is not able to determine the identity of the persons using the survey platform."

We may forward product quality complaints and adverse events reports relating to BioNTech’s/Pfizer’s COVID-19 (SARS-COV-2) vaccine products/clinical trials to our collaboration partner Pfizer Inc., but only on the basis of an appropriate legal basis, e.g. your consent in accordance with Art. 6 Para. 1 lit. a) GDPR, or due to a legal obligation to which we are subject to in accordance with Art. 6 Para. 1 lit. c) GDPR, Without a legal basis, we will send only anonymized data to Pfizer.

In all such cases, BioNTech will ensure that the company commissioned to process the data has taken appropriate steps to protect your personal data. If necessary, contracts on order processing (Art. 28 GDPR) or agreements on joint responsibility (Art. 26 GDPR) have been concluded with these external service providers.

We are only permitted to make certain information about prescription drugs on this website available to certain persons who belong to the medical profession. To verify your access authorization, we are therefore obliged to request proof of your professional affiliation. With your consent (Art. 6 (1) (a) General Data Protection Regulation), we offer you the opportunity to verify yourself via the external service provided by DocCheck Medical Services GmbH (hereinafter referred to as the “login provider”). If you want to use this login service, you will be asked to log in to the login provider with your corresponding login data. Your profile will be linked to our services, i.e. the login provider receives the information that you are using our services and the following information is automatically transmitted to us:

• The information that your identity has been authenticated by the login provider

We will only use this information for the purpose of registration and to identify you when you log in. If the login provider transmits more information about you than we need for login verification, we will delete this immediately.

Further information about the service of the login provider and how it processes your personal data can be found in the DocCheck data protection declaration.

Closed access for special user groups

In addition, there is certain information that we are only allowed to make available to certain and limited groups of people. For this purpose we store the following personal data:

• First and Last Name
• Username and password
• E-mail address

We process this personal data in order to enable you to access our website. They are automatically deleted if you deactivate your access account.

When you access this website or individual files on the website, we collect, process and save the following data: IP address, website from which the file was called up, name of the file, date and time of the call, amount of data transferred and notification of success the retrieval (so-called web log). We use this access data exclusively in a non-personalized form for the continuous improvement of our website and for statistical purposes. We also use the following web trackers to evaluate visits to this website:

Google Tag Manager

On our website we use the service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Tag Manager). Google Tag Manager offers a technical platform for executing and bundling other web services and web tracking programs using so-called “tags”. In this context, Google Tag Manager saves cookies on your computer and analyzes your surfing behavior (so-called "tracking") if web tracking tools are executed using Google Tag Manager. This data sent by individual tags integrated in Google Tag Manager is merged, saved and processed by Google Tag Manager under a uniform user interface. All integrated "tags" are listed again separately in this data protection declaration. You can find more information on the data protection of the tools integrated in Google Tag Manager in the relevant section of this data protection declaration. When using our website with the activated integration of tags from Google Tag Manager, data such as your IP address and your user activities are transmitted to the server of Google Ireland Limited. Concerning. of the web services integrated using Google Tag Manager, the regulations in the respective section of this data protection declaration apply. The tracking tools used in Google Tag Manager ensure by anonymizing the source code by IP that the Google Tag Manager's IP address is anonymized before transmission. In doing so, Google Tag Manager is only enabled to collect IP addresses anonymously (so-called IP masking).

The legal basis for data processing is in accordance with Art. 6 (1) (a) GDPR your consent in our information banner regarding the use of cookies and web tracking (consent through clear confirmatory action or behavior).

On our behalf, Google will use the information obtained by means of the Google Tag Manager to evaluate your visit to this website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.

Google will store the data relevant for the function of Google Tag Manager for as long as it is necessary to fulfill the booked web service. The data is collected and saved anonymously. If there is a personal reference, the data will be deleted immediately, provided that it is not subject to any statutory retention requirements. In any case, the deletion takes place after the retention period expires.

You can prevent the collection and forwarding of personal data to Google (especially your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser or Activate the "Do Not Track" setting in your browser. You can also prevent Google from collecting the data generated by the Google cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link http://tools.google.com/dlpage/gaoptout?hl=en. You can find Google's security and data protection principles at https://policies.google.com/privacy.

New Relic

On our website we use a web tracking service provided by New Relic, Inc., 188 Spear Street, 94105 San Francisco, United States of America (hereinafter: New Relic). New Relic uses cookies for web tracking, which are stored on your computer and which enable an analysis of the use of our website and your surfing behavior (so-called tracking). We carry out this analysis on the basis of New Relic's tracking service in order to continuously optimize our website and make it more available. When you use our website, data, in particular your IP address and your user activities, are transferred to the servers of New Relic, Inc. and processed and stored outside the European Union. The standard contractual clauses concluded between us and New Relic, Inc. serve as the legal basis for the transfer to a third country without an adequacy decision. According to Art. 46 GDPR represents a suitable guarantee within the meaning of the GDPR. The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of the transferred data can be found in New Relic's data protection declaration: https://newrelic.com/privacy.

Google-Analytics

On our website we use the web tracking service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Analytics). In the context of web tracking, Google Analytics uses cookies that are stored on your computer and that enable analysis of the use of our website and your surfing behavior (so-called tracking). We carry out this analysis on the basis of the Google Analytics tracking service in order to constantly optimize our website and make it more available. When you use our website, data, in particular your IP address and your user activities, are transmitted to the servers of Google Ireland Limited. We carry out this analysis on the basis of Google's tracking service in order to continuously optimize our website and make it more available. We also need web tracking for security reasons. Web tracking enables us to track whether third parties attack our website. The information from the web tracker enables us to take effective countermeasures and protect the personal data processed by us from these cyber attacks. By activating the IP anonymization within the Google Analytics tracking code of this website, your IP address will be anonymized by Google Analytics before transmission. This website uses a Google Analytics tracking code that has been expanded to include the operator gat._anonymizeIp (); has been expanded to allow only an anonymous collection of IP addresses (so-called IP masking).

The legal basis for data processing is in accordance with Art. 6 (1) (a) GDPR your consent in our information banner regarding the use of cookies and web tracking (consent through clear confirmatory action or behavior).

On our behalf, Google will use this information to evaluate your visit to this website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. We also need web tracking for security reasons. Web tracking enables us to track whether third parties attack our website. The information from the web tracker enables us to take effective countermeasures and protect the personal data processed by us from these cyber attacks.

Google will save the data relevant to the provision of web tracking for as long as it is necessary to fulfill the web service booked. The data is collected and saved anonymously. If there is a personal reference, the data will be deleted immediately, provided that it is not subject to any statutory retention requirements. In any case, the deletion takes place after the retention period expires.

You can prevent the collection and forwarding of personal data to Google (especially your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser or by deactivating the “Do Not Track” setting in your browser activate. You can also prevent Google from collecting the data generated by the Google cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking on the following link (http: //tools.google.com/dlpage/gaoptout?hl=en) download and install the available browser plug-in. You can find Google's security and data protection principles at https://policies.google.com/privacy?hl=en.

Adobe Tag Manager

On our website we use a web tracking service from Adobe Systems Software Ireland Limited, 4-6 Riverwalk Citywest Business Campus, 24 Dublin, Ireland (hereinafter: Adobe Tag Manager). As part of web tracking, Adobe Tag Manager uses cookies that are stored on your computer and that enable an analysis of the use of our website and your surfing behavior (so-called tracking). We carry out this analysis on the basis of the tracking service from Adobe Tag Manager in order to continuously optimize our website and make it more available. When you use our website, data, in particular your IP address and your user activities, are transmitted to the servers of Adobe Systems Software Ireland Limited and processed and stored within the European Union. The legal basis for data processing is Art. 6 (1) (a) GDPR. The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of the transferred data can be found in the Adobe Tag Manager data protection declaration: https://www.adobe.com/de/privacy/policy.html. An opt-out option is available for retrieval under the following link: https://www.adobe.com/de/privacy/opt-out.html

Admiral Cloud

On our website we use a web tracking service provided by mmpro film- und medienproduktion GmbH, Fidicinstraße 3, 10965 Berlin, Germany (hereinafter: Admiral Cloud). As part of web tracking, Admiral Cloud uses cookies that are stored on your computer and that enable an analysis of the use of our website and your surfing behavior (so-called tracking). We carry out this analysis on the basis of the Admiral Cloud tracking service in order to continuously optimize our website and make it more available. When you use our website, data, in particular your IP address and your user activities, are transferred to the server of mmpro film- und medienproduktion GmbH and processed and stored within the European Union. The legal basis for data processing is Art. 6 (1) (a) GDPR. The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of the transferred data can be found in the Admiral Cloud data protection declaration: https://www.admiralcloud.com/datenschutz/. An opt-out option is available under the following link: https://www.admiralcloud.com/datenschutz/

We use active content from external providers on our website, so-called web services. By calling up our website, these external providers may receive personal information about your visit to our website. Processing of data outside the EU may be possible. You can prevent this by installing a corresponding browser plug-in or by deactivating the execution of scripts in your browser. This can lead to functional restrictions on the websites that you visit.

1und1-tarife.info / Tifbs.net / Profiseller.de / website-start.de

A web service from the company 1 & 1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter: 1und1-tarife.info / Tifbs.net / Profiseller.de / website-start.de) is loaded onto our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to 1und1-tarife.info / Tifbs.net / Profiseller.de / website-start.de. The legal basis for data processing is Art. 6 (1) (f) GDPR. The legitimate interest consists in the correct functioning of the website. The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of the transmitted data can be found in the data protection declaration of 1und1-tarife.info / Tifbs.net / Profiseller.de / website-start.de: https://www.1und1.de/Datenschutz?linkId=ft.nav.privacy

Google Services

A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Google) is loaded onto our website. These are: Doubleclick, Google, Google Fonts, Google Video, Google Apis, Google Photo, gstatic, Google Re-Captcha and Youtube. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Doubleclick. The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR. The legitimate interest consists in the correct functioning of the website. The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of the transferred data can be found in Google's data protection declaration: https://policies.google.com/privacy.

Google Maps

On our website we use the map service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Maps). Google Maps is integrated into the website via the Google API to visualize location information and display it in the form of a map. The processing of the IP address by Google Maps is technically necessary to display the map. Concerning. For the other web services integrated using Google Apis, the regulations in the respective section of this data protection declaration on Google Apis apply.

Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in being able to visualize the usual presentation of location information on the Internet.

On our behalf, Google will use the information obtained using Google Maps to show you the map. You can find us faster and more accurately using Google Maps than with a simple, non-interactive route map.

Google will save the data relevant for the function of Google Maps for as long as it is necessary to fulfill the booked web service. The data is collected and saved anonymously. If there is a personal reference, the data will be deleted immediately, provided that it is not subject to any statutory retention requirements. In any case, the deletion takes place after the retention period expires.

You can prevent the collection and forwarding of personal data to Google (especially your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser or Activate the "Do Not Track" setting in your browser. You can find Google's security and data protection principles at https://policies.google.com/privacy.

We have concluded a joint processing agreement with Google with regard to Google Maps. You can find the content at https://privacy.google.com/intl/en/businesses/mapscontrollerterms/.

In cases where we are obtaining your consent for processing personal data in accordance with Art. 6 (1) (a) GDPR, you can withdraw the consent you gave to use your personal data at any time with future effect for example by sending an email to the email address provided in the Legal Notice or to the data protection officer

We retain control over and take responsibility for the use of the personal data that you send to us. It is possible that some or all of this data is stored or processed in other countries (for example in the United States) that have different data protection laws from your country of residence. In such case, we will ensure that the company commissioned to process the data has taken appropriate steps to protect your personal data in accordance with the requirements applicable in your country of residence. Usually, we will at least make use of standard contractual clauses (SSC) which are one of several mechanisms approved by the European Commission to ensure adequate safeguards for personal data transferred from the EU to countries that the European Commission has not found to offer adequate protection for personal data. Standard contractual clauses contain obligations for both data controllers wishing to transfer personal data to counties outside the EU/EEA and data controllers or data processors who receive such data. The clauses also regulate other matters concerning the transfer, for example the data subjects' rights and how disputes arising from the contract are to be settled. Standard contractual clauses can also be insufficient for data transfers to certain countries. In these cases, we agree on additional technical and organizational measures and guarantees.

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Furthermore, storage may occur if required by European or national laws to which we are subject to. Data will also be blocked or deleted if the storage period specified in one of the above-referenced standards expires unless there is a legal or regulatory need for further storage of data for concluding a contract or for contract performance.

We take technical and organizational measures in accordance with the requirements of Art. 32 GDPR to protect the user's personal data. Personal data of the user are encrypted when transmitted to the website using HTTPS.

If BioNTech processes personal data, you are a data subject in the definition of the GDPR and have the following data subject rights in accordance with Art 12 ff, GDPR: Right to information, right to correction, right to restriction of processing, right to deletion, right to information, right to data portability, right of objection, right to file a complaint with a supervisory authority. Further rights are the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR), and the right to object (Art. 21 GDPR).

According to the GDPR and other applicable legal provisions, you have the right to send us a request in writing at any time. If you are entitled to information, we will provide you with the relevant information. Please contact the data protection officer with your concerns. You can also arrange a correction or deletion of your data with him.

A. Right to object based on the particular situation

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 (1) (e) (public security) or (f) (data processing based on a weighing of interests) DSGVO takes place, to object; this also applies to profiling based on these provisions. We no longer process the personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

B. Right to object to direct mail

If we process your personal data in order to operate direct mail, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

C. Exercising the right to object

The right of objection can be exercised informally, e.g. B. also by e-mail. You will find our contact information in the imprint.

The data protection supervisory authority responsible for us, to which (among others) also a complaint about a violation of data protection law, is:

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Prof. Dr. Dieter Kugelmann
Hintere Bleiche 34
55116 Mainz
Germany

Tel.: +49 6131 208-2449
Telefax: +49 6131 208-2497
E-Mail: poststelle@datenschutz.rlp.de
www.datenschutz.rlp.de

Should you have any questions regarding the processing of your personal data or if you would like to address data subject rights, please do not hesitate to contact our data protection officer who will be also happy to help you if you need any further information or have any complaints or problems in connection with the security of your data.

Dr. Michael Kruse
An der Goldgrube 12
55131 Mainz
Germany

Tel.: +49 6131 9084-1030
E-Mail: data.privacy@biontech.de