Data protection

We take the protection of your private data very seriously throughout the entire application process and would like you to feel comfortable visiting our website. In the following, we explain what information we collect during your application process and how it is used.

Our principles/legal basis for the processing of personal data

We process data that is collected when you visit our site exclusively in accordance with the
data protection regulations of the Federal Republic of Germany (BDSG) and the European General Data Protection Regulation (GDPR).
Insofar as we obtain consent from the person concerned for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the person concerned is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our companies are subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that the vital interests of the person concerned or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our companies or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.
 
Data deletion and storage

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been established by the European or national legislator in EU regulations, laws or other provisions to which the person concerned is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
 
Collection and processing of personal data when visiting our website

We process personal data of our users as far as this is necessary for the provision of a functional website as well as our contents and services. You can use the information about our PhD program on our website anonymously without disclosing your personal data. However, when you access our pages, some data is automatically stored for backup purposes; this includes your IP address and the individual websites visited by us. If the data is passed on to external service providers in an anonymized form, technical and organizational measures are in place to ensure that the data protection regulations are observed. In addition, we collect and store personal information only if this is provided to us voluntarily, e.g., through inquiries to the email addresses specified by us.
If you reach third-party internet offers through the use of links (including Twitter and LinkedIn), please note their privacy statements and statements regarding the processing of your personal data. The responsibility for this lies with the respective providers.

Use and disclosure of personal data in the context of online applications

As part of the application process via our website, you provide TRON gGmbH and the BioNTech Group with personal data electronically. All data relevant to the application process is recorded and processed on the basis of the consent we have received from you. This includes your first name and last name, contact details, date of birth, information about your career and certificates. In addition to processing your data as part of the application process, your data may be stored for backup purposes or evaluated for statistical purposes. However, this evaluation is made anonymous.
When using our online application portal, we use the personal data provided by you in compliance with the provisions of the German Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR) exclusively for the purpose of fulfilling your wishes and requirements, i.e. for processing your application. We will only store your data for as long as is necessary for the purposes you have requested. Your personal data will only be passed on or otherwise transmitted to persons involved in the process as part of the application process. Your personal data will not be passed on to third parties unless you have given your consent or an official order to do so.

In the course of application processes, we may use virtual meetings. For this purpose, we use "Zoom" from Zoom Video Communications Inc. (55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA) or "Teams" from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) to conduct conference calls, online meetings, video conferences and live webinars.

The following personal data may be processed:

Registration Data/Profile Data: Name, email address, password, picture, phone number (partly optional).
Hosting & usage data (meeting metadata): IP address, user ID, hardware type, operating system type and version, client version, IP addresses along the network path, endpoint MAC address (if applicable), service version, actions performed, meeting session information (title, date and time, frequency, average and actual duration, quantity, quality, network activity, network connectivity), number of meetings, number of sessions with and without screen sharing, number of attendees, host name, screen resolution, joining method, performance / troubleshooting / diagnostic information, chat content (optional).

We protect the participants of our virtual meetings as best as possible through data protection-friendly settings and internal usage guidelines. Sound and video recordings are prohibited and software-based "attention monitoring" and automated decision-making within the meaning of Art. 22 GDPR are not used. Personal data processed in connection with participation in virtual meetings are generally not disclosed to third parties unless they are specifically intended for disclosure. The aforementioned service providers necessarily obtain knowledge of the aforementioned data to the extent provided for in the respective order processing agreement. For the processing of personal data for virtual meetings, there is a legitimate interest pursuant to Art. 6 (1) (f) GDPR on the part of both TRON gGmbH and BioNTech Group. If applicable, the lawfulness also arises on the basis of Art. 6 (1) (b) GDPR for (pre)contractual measures. The relevant personal data of the participants will be stored until the purpose of the data processing no longer applies. Usually, the above-mentioned data will, however, be deleted within 30 days ("zoom") after the end of the service at the latest insofar as they are not subject to a legal retention period or serve to improve the service. The processing of personal data in virtual meetings usually takes place in data centers in Europe. In this case, as well as when processing takes place outside of Europe, we ensure an appropriate level of data protection together with the aforementioned service providers by means of order processing agreements pursuant to Art.28 GDPR as well as data protection certifications and EU standard contractual clauses. If applicable, please also refer to the data protection declarations of the named service providers.

Sharing your application documents, possible applications within TRON gGmbH or the BioNTech Group

If we can foresee you working within TRON gGmbH or the BioNTech Group, we would like to forward your application to other company parts of TRON gGmbH or BioNTech companies so that we can check your job opportunities for suitable positions for you. In this case, your application can be viewed by all persons involved in the application process. If you agree that we may forward your application for the purpose of a company/group-wide application and job filling process within the above framework, please confirm this in our online application form under "Other".
 
Data integrity

Once your data has been entered and transmitted, it is transferred directly via an encrypted connection to the server of our external service provider. All data is encrypted on the basis of the SSL procedure. Your data will be hosted for order processing at a provider in Germany. Both BioNTech and the provider use technical and organizational security measures to protect your collected data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Should you wish to contact us by email outside the applicant management system, we would like to highlight that the confidentiality of the information transmitted is not guaranteed, as the content of emails can be viewed by third parties as a result of the system.
 
Your rights in the processing of personal data

If personal data about you is processed, you are affected in terms of the GDPR and have the following rights against the person responsible:

1. Right to information

Upon request, we will be happy to inform you, in accordance with applicable law, whether and which personal data about you is stored and processed by us.

If such processing has taken place, you can request the following information from the person responsible:

1. The purposes for which the personal data is processed

2. The categories of personal data processed

3. The recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed

4.  The planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period

5. The existence of a right to have the personal data concerning you corrected or deleted, a right to have processing restricted by the person responsible or a right to object to such processing

6. The existence of a right of appeal to a supervisory authority

7.  All available information on the origin of the data if the personal data is not collected from the person concerned

8. The existence of an automated decision-making process including profiling in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or an international organization. In connection with this, you can request the appropriate guarantees in accordance with Art. 46 GDPR regarding this transfer.

2. Right to correction

You have a right to correction and/or completion vis à vis the person responsible if the personal data processed concerning you is incorrect or incomplete. The person responsible shall make the correction without delay.

3. Right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;

2. if the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

3. if the person responsible no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims; or

4. if you object to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed, apart from being stored, with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right to deletion

You may request the person responsible to delete the personal data concerning you without delay, and the person responsible is obliged to delete this data without delay if one of the following reasons applies:

1.  The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

2. You revoke your consent on which the processing according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR is based, and there is no other legal basis for processing.

3. You submit an objection to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you submit an objection to the processing pursuant to Art. 21 (2) GDPR.

4. The personal data concerning you has been processed unlawfully.

5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

6. The personal data concerning you has been collected in relation to services provided by the Information Society in accordance with Art. (8) (1) GDPR.

The right to cancellation does not exist insofar as the processing is necessary

1. to exercise the right to freedom of expression and information;

2. for the performance of a legal obligation required for the processing under the law of the Union or the Member States to which the person responsible is subject or for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible;

3. on the grounds of public interest in terms of public health in accordance with Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;

4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes according to Art. 89 (1) GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously impair the attainment of the objectives of such processing; or

5. to assert, exercise or defend legal claims

5. Right to information

If you have exercised your right to have the person responsible correct or delete the data or restrict the processing, he/she is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of such recipients by the person responsible.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person responsible without obstruction by the person responsible to whom the personal data was provided, provided that

1. the processing is based on a consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract according to Art. 6 (1) (b) GDPR; and

2. the processing is carried out using automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible.

7. Right to objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which may be processed in accordance with Art. 6 (1) (e) or (f) GDPR.

The person responsible will then no longer process the personal data concerning you, unless he/she can evidence compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You have the opportunity to exercise your right to objection in connection with the use of the services of the Information Society, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

8. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation can be made in writing (letter or email) to TRON and BNT joint PhD Program.

Address: BioNTech SE, An der Goldgrube 12, 55131 Mainz, Germany and TRON gGmbH, Freiligrathstraße 12, 55131 Mainz, Germany

Email: [javascript protected email address]

You thus revoke further processing of your personal data. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing, including profiling, that has a legal effect on you or significantly impairs you in a similar manner. This does not apply if the decision

1. is necessary for the conclusion or performance of a contract between you and the person responsible;

2. is admissible by legislation of the Union or of the Member States to which the person responsible is subject, and this legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or

3. has been made with your express consent.

However, these decisions must not be based on special categories of personal data according to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to request the intervention of a person on the part of the person responsible to state his or her own position and to challenge the decision.

10. Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State where you reside or work or where the alleged infringement took place, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
 
Confirmation of consent

We have informed you that the use of our portal is voluntary. By using the BioNTech Group's online application portal, you consent to the processing and transfer of your data exclusively for the application process and declare that your information is true.