Regarding the personal data processed on the Website, Affimed GmbH, Technologiepark, Im Neuenheimer Feld 582, 69120 Heidelberg, Germany (“Affimed”, “we”, “us” or “our”) is the controller within the meaning of the General Data Protection Regulation (“GDPR”). This Policy shall inform you on how we collect, process, use and potentially store (together “Process”) personal data in connection with the Website.
In general, you can use the Website without providing any personal information such as your name, email address, postal address or telephone number (all such information concerning the personal or material circumstances of an identified or identifiable individual data subject together “Personal Data”).
Thus, if you do not provide us directly with Personal Data or actively consent to the Processing of certain Personal Data (i.e. in connection with a desire on your part to contact us, or when you wish to make use of specific services on the Website such as the press distribution or job application form), we, in general, do not Process your Personal Data except for the following activities and services:
Website providers gather and store information automatically in so-called server logfiles, which your browser provides automatically. When you visit our Website, our web hosting provider IONOS receives and logs the following information from your browser using a so-called pixel or logfile, which generally does not allow any conclusions to be drawn about your person:
To this end, IONOS does not rely on Cookies (as described in more detail in 2.5). Any data collected will not be merged with any other sources of Personal Data and IONOS stores this data on our behalf only for statistical purposes and technical optimization of the Website as well as to enable us to access them if this becomes necessary. We reserve the right to check these logfiles if concrete indications of illegal use become known to us, to enable the use of the Website (connection establishment) and for internal system-related purposes (technical administration, system security). This data will not be passed on to any third parties or processed in a country outside the EU/EEA.
We Process the data described above (to the extent such data is to be considered Personal Data) on the basis of our legitimate interests (Article 6 (1) sentence 1 lit. f GDPR) to use such data in order to display the Website to our customers and/or other users in a proper and secure manner.
The logfiles will be deleted eight weeks after their creation.
If you wish to send us an enquiry via email, we will store the information from the enquiry, along with any contact details and other Personal Data you provide in the course of contacting us, in order to process your enquiry and potentially reach out to you. We will not pass these data on to any third party without your consent.
We Process the Personal Data described above on the basis of our legitimate interests (Article 6 (1) sentence 1 lit. f GDPR). The legitimate interest to Process such Personal Data arises from the fact that we can only appropriately respond to the respective contact request by Processing your Personal Data accordingly.
If the contact is aimed at potentially concluding a business relationship with us, the legal basis for the Processing of the Personal Data is the fulfilment of a contract and pre-contractual measures (Article 6 (1) sentence 1 lit. b GDPR).
We will keep your Personal Data only as long as this is required for answering your request and necessary for sufficiently providing you with the information requested.
You may use the online sign-up form offered on our Website if you like to sign-up for our news distribution. For this purpose, we use the double opt-in procedure. This means that after you did use the sign-up form, we will send you an email to the email address provided, in which we ask you to confirm that you wish to receive our press releases. If you do not confirm your sign-up within 72 hours from the receipt of this email, your sign-up request will be automatically deleted after a period of not more than four weeks. In addition, we save certain technical data such as your the times of registration. We need your email address as well as these technical data to be able to prove that you are the owner of the email address provided and wish to receive the press releases and, if necessary, to clarify any possible misuse of your Personal Data. No other Personal Data will be Processed in this context. If you no longer wish to receive our news releases you can cancel your subscription using the “Unsubscribe” link included in each news release. In this case, we will automatically delete the Personal Data mentioned above.
We Process these Personal Data exclusively for sending the requested information and we will only pass it to those third parties who meet the requirements set forth in Section 3 of this Policy. However, as our news distribution is a service of our external service provider Notified, a US-based company, and also managed by employees of Affimed Inc., your email address will need to be transferred to the USA as a so called “third country” outside the EU/EEA. For ensuring an adequate level of protection for the transfer of Personal Data to the US, we have entered into standard contractual clauses with these recipients outside of the EU/EEA. You may request a copy of these standard contractual clauses on request (see Section 7 for possibilities how to contact us). The consent granted to Process Personal Data for the purpose of sending the press releases can be revoked at any time, such as via the “Unsubscribe” link in every press release.
The legal basis for the Processing of Personal Data described above is your consent (Article 6 (1) sentence 1 lit. a GDPR) or, in case of a business relationship, the fulfilment of a contract and pre-contractual measures (Article 6 (1) sentence 1 lit. b GDPR).
On our Website, we offer the option to submit applications for posted employment opportunities or unsolicited applications. If you provide us with Personal Data within the application process or to the extent we collect or create additional information in this regard (e.g., from references mentioned in your application), these Personal Data can be divided into the following data categories:
We will use any Personal Data you have provided or we have collected or created in the context of the application process solely for processing your application for the advertised employment opportunity or your unsolicited application and only individuals dedicated to the application process will have access to these Personal Data. .
If you wish to apply for an employment opportunity at Affimed or provide us with an unsolicited application (your “Application Request”), you may use the online application form offered on our Website. For this purpose, we use a double opt-in procedure. This means that after you did use the online application form, we will send you an email to the email address provided, in which we ask you to confirm your Application Request. If you do not confirm your Application Request within seven days after the receipt of such email, your Application Request will be automatically deleted. In addition, we save certain technical data such as the IP address you use and the times of registration. We need your email address as well as these technical data to be able to prove that you are the owner of the email address provided and wish to provide us with an Application Request and, if necessary, to clarify any possible misuse of your Personal Data. No other Personal Data will be Processed in this context.
We will store any data provided by you in the application form or provided in additional documents as part of an application process in our IT systems.
The legal basis for the processing of the Personal Data described above is your consent (Article 6 (1) sentence 1 lit. a GDPR) or, if applicable, the fulfilment of a contract and pre-contractual measures to conclude an employment relationship (Article 6 (1) sentence 1 lit. b GDPR).
If we do not enter into an employment relationship, we will delete your Personal Data provided to us as part of an Application Request after a maximum period of six months from the receipt of the Personal Data, unless we require to retain the Personal Data for another legitimate purpose (e.g. in connection with the assertion of legal claims or defense against such claims).
Cookies are small text files that are stored on your personal device when visiting a Website and through which certain information is submitted to the party that sets the Cookie (in this case us). In general, Cookies serve to make the Website offering more user-friendly and effective overall.
We currently do not use any Cookies on our Website (or any similar tracking technologies apart from the server logfiles described in 2.1.).
We may disclose Personal Data to third parties where such disclosure is required by law (for example, upon request of a court or of law enforcement authorities). The legal basis for the Processing of your Personal Data for this purpose follows from our legal obligation (Article 6 (1) sentence 1 lit. c GDPR).
For certain activities in relation to our Website, we use service providers who Process Personal Data on behalf of us to operate the technical platform of the Website. These service providers are bound to data processing agreements in accordance with the GDPR and Process the Personal Data exclusively according to our instructions.
Unless explicitly mentioned above (i.e., as part of our news distribution), we do not transfer any Personal Data outside of the EU/EEA.
Unless no specific storage period is indicated in this Policy, we, in general, store Personal Data as long as (i) required for providing the Website to you, and/or (ii) necessary with regard to the contractual relationship with you, thereafter only if and to the extent that we are obliged to do so by mandatory retention obligations. If we no longer require the respective Personal Data for the purposes described above, such Personal Data will only be stored during the respective legal retention period and not Processed for other purposes.
We have taken extensive, state-of-the-art technical and operational precautions to protect the Personal Data Processed by us against unauthorized access and misuse. Our security procedures are revised regularly and adapted to reflect technological progress.
Subject to certain requirements that need to be met, you have the following rights in accordance with GDPR:
If you believe that the Processing of your Personal Data is in breach of applicable data protection laws, you can issue a complaint with the competent data protection supervisory authority. The data protection supervisory authority responsible for us is: The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart.
You can also contact our data protection officer directly. The contact details of the data protection officer are:
Data Privacy Officer Affimed, c/o Affimed GmbH
Im Neuenheimer Feld 582
69120 Heidelberg, Germany
Phone: +49 6221 65307-0
Our Policy may change from time to time, for example due to further developments of the Website or legal changes. Therefore, we reserve the right to change this Policy at any time with effect for the future.
Last update: 6 July 2022