This Policy shall apply to the use of the website www.affimed.com (the “Website”).
Regarding the Website Affimed GmbH, Technologiepark, Im Neuenheimer Feld 582, 69120 Heidelberg, Germany („Affimed“,“we”, “us” or “our”) is the data controller within the meaning of the General Data Protection Regulation (“GDPR”). This Policy shall inform you on how we collect, process and use (“Use”) personal data in connection with the Website.
In general, you can use the Website without providing any personal information such as e.g. your name, email address, postal address, telephone number and financial information (all such information concerning the personal or material circumstances of an identified or identifiable individual data subject together “Personal Data”). Therefore, if you do not provide us directly with Personal Data in another way or actively consent to the Use by us of certain Personal Data, we, in general, do not Use your data with the exception of the following:
Website providers gather and store information automatically in so-called server logfiles, which your browser sends to us automatically. This information includes:
This data cannot be allocated to a specific person. This data will not be merged with other data sources. We reserve the right to check this data afterwards if concrete indications of illegal use become known to us.
We use the data for the purpose of enabling the use of the website (connection establishment) and for internal system-related purposes (technical administration, system security).
The legal basis for the processing of the data described above (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests). The legitimate interests to use such data arises from the fact that without such data the Website cannot be accessed by our customers and/or other users.
If you wish to send us an enquiry via email, we will store the information from the enquiry, along with the contact details you provide on it, in order to process your enquiry and if we have any further questions.
We will not pass this data on to anyone without your consent. The aforementioned data will be used exclusively for the purpose of processing the relevant contact requests and serve to prevent misuse of the contact form and guarantee the security of our systems.
The legal basis for the processing of the data described above is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests). The legitimate interests to use such data arises from the fact that we can only carry out the action requested by the user (e.g. answering inquiries) by processing the user’s data accordingly.
If the contact is aimed at the possibility of concluding a business relationship with us, the legal basis for the processing of the data is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures).
If you would like to sign-up for our press distribution via the online sign-up form offered on our website, we will need your email address and information that allows us to check that you are the owner of the email address provided and you agree to receive the press releases. No other data will be collected. We use this data exclusively for sending the requested information and we will only pass it to those third parties who meet the requirements set forth in Sec. 3 of this Policy.
The permission granted to store the information, the email address and their use for sending the press releases can be revoked at any time, such as via the “Unsubscribe” link in every press release.
The legal basis for the processing of the data described above is Art. 6 (1) sentence 1 lit. a GDPR (consent) or, in case of a business relationship, Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures).
If you inform us of personal data within the application process, this data will be divided into the following data types and data categories for recording, processing and/or use:
We will use the personal data you have transferred solely for processing your application for the advertised post or your unsolicited application. Only individuals who are involved in the application process will be informed of your personal data. With an application, an account at our career portal is being created to view and manage the application.
The legal basis for the processing of the data described above is Art. 6 (1) sentence 1 lit. a GDPR (consent).
If the contact is aimed at the possibility of concluding an employment contract, Art. 6 para. 1 lit. b DSGVO (contract fulfilment and pre-contractual measures) is additionally the legal basis for the processing.
Our website links to Google Maps API from Google. By visiting our website, Google receives user information and IP address, which will be transferred and stored on Google servers, whether you are logged in with a Google account or not. If you are logged in to your Google account, your information will be directly associated with your account.
Further information on the use of user data can be found in Google’s data protection policy at: https://www.google.de/intl/en/policies/privacy.
Further information about Google
Google is committed (to the best of our knowledge) to the EU-US Privacy Shield Agreement published by the US Department of Commerce on the collection, use and retention of personal data from EU member states. Google has declared through certification that it will comply with the relevant privacy shield principles. The European Commission expects the US to provide adequate legal protection for personal data transferred from the EU to self-certified organizations in the US under the Privacy Shield. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework.
Cookies are stored on your computer when using the Website. Cookies are small text files that are stored on your hard disk of the computer with which you visit a website and which are allocated to your browser and through which certain information is submitted to the cookies user that sets the cookie (in this case us). Cookies serve to make the website offering more user-friendly and effective overall.
Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, which identify user session in the browser. Session cookies are deleted when you log out or close your browser.
The legal basis for the processing of the data described in this section 2.6 (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests). The legitimate interests to Use such data is that we use and analyze the respective data to improve our Website, such as by gaining a better understanding of your interests and requirements regarding our Website and to help personalize your user experience.
We may disclose Personal Data to third parties where such disclosure is required by law (for example, upon request of a court or of law enforcement authorities). The legal basis for the processing of the data described in this section 2.4 is Art. 6 (1) sentence 1 lit. c GDPR (legal obligation).
We partly use service providers who process Personal Data on behalf of us to operate the technical platform of the website. These service providers process the data exclusively according to our instructions (order processing). The legal basis for the data processing described in this section 5 is Art. 6 (1) sentence 1 lit. b GDPR (performance of contract and pre-contractual measures) and Art. 28 GDPR (order processing).
Unless no shorter storage period is indicated in this Policy, we, in general, store Personal Data as long (i) as required for the provision of the Website to you, and/or (ii) as it is necessary with regard to the contractual relationship with you, thereafter only if and to the extent that we are obliged to do so by mandatory statutory retention obligations. If we no longer require the respective Personal Data for the purposes described above, such Personal Data will only be stored during the respective legal retention period and not processed for other purposes.
You have the right to request information from us at any time about your Personal Data stored by us. If the legal requirements are met, you also have rights vis-à-vis us to request from us access to and rectification or erasure or restriction of processing concerning your Personal Data or to object the processing of your Personal Data.
If you have given your consent to the use of personal data, you can revoke such consent at any time (for the future).
If you believe that the processing of your Personal Data by us is in breach of the applicable data protection laws, you can issue a complaint with the competent supervisory authority for data protection.
You can also contact our data protection officer directly. The contact details of the data protection officer are:
Data Privacy Officer Affimed, c/o Affimed GmbH
Im Neuenheimer Feld 582
69120 Heidelberg, Germany
Phone: +49 6221 65307-0
We have taken extensive technical and operational precautions to protect the Personal Data retained by us against unauthorized access and misuse. Our security procedures are revised regularly and adapted to reflect technological progress.
Our Policy may change from time to time, for example due to further developments of our website or legal changes. We therefore reserve the right to change this Policy at any time with effect for the future. We therefore recommend that you read this data protection declaration again at regular intervals.