1. General

Regarding the personal data processed on the Website, Affimed GmbH, Gottlieb-Daimler Straße 2, 68165 Mannheim, Germany (“Affimed”, “we”, “us” or “our”) is the controller within the meaning of the General Data Protection Regulation (“GDPR”). This Policy shall inform you on how we collect, process, use and potentially store (together “Process”) personal data in connection with the Website.

2. Personal Data Processed by us

In general, you can use the Website without providing any personal information such as your name, email address, postal address or telephone number (all such information concerning the personal or material circumstances of an identified or identifiable individual data subject together “Personal Data”).

Thus, if you do not provide us directly with Personal Data or actively consent to the Processing of certain Personal Data (i.e. in connection with a desire on your part to contact us, or when you wish to make use of specific services on the Website such as the press distribution or job application form), we, in general, do not Process your Personal Data except for the following activities and services:

2.1 Server logfiles

Website providers gather and store information automatically in so-called server logfiles, which your browser provides automatically. When you visit our Website, our web hosting provider IONOS receives and logs the following information from your browser using a so-called pixel or logfile, which generally does not allow any conclusions to be drawn about your person:

  • IP address (which is anonymized directly upon transmission and processed further without any personal reference to you);
  • Browser type and browser version;
  • Operating system used;
  • Referrer URL (i.e., the website previously visited);
  • Accessed URL or file;
  • Host name of the accessing device; and
  • Time of the server enquiry.

To this end, IONOS does not rely on Cookies (as described in more detail in 2.5). Any data collected will not be merged with any other sources of Personal Data and IONOS stores this data on our behalf only for statistical purposes and technical optimization of the Website as well as to enable us to access them if this becomes necessary. We reserve the right to check these logfiles if concrete indications of illegal use become known to us, to enable the use of the Website (connection establishment) and for internal system-related purposes (technical administration, system security). This data will not be passed on to any third parties or processed in a country outside the EU/EEA.

We Process the data described above (to the extent such data is to be considered Personal Data) on the basis of our legitimate interests (Article 6 (1) sentence 1 lit. f GDPR) to use such data in order to display the Website to our customers and/or other users in a proper and secure manner.

The logfiles will be deleted eight weeks after their creation.

2.2 Contact via email

If you wish to send us an enquiry via email, we will store the information from the enquiry, along with any contact details and other Personal Data you provide in the course of contacting us, in order to process your enquiry and potentially reach out to you. We will not pass these data on to any third party without your consent.

We Process the Personal Data described above on the basis of our legitimate interests (Article 6 (1) sentence 1 lit. f GDPR). The legitimate interest to Process such Personal Data arises from the fact that we can only appropriately respond to the respective contact request by Processing your Personal Data accordingly.

If the contact is aimed at potentially concluding a business relationship with us, the legal basis for the Processing of the Personal Data is the fulfilment of a contract and pre-contractual measures (Article 6 (1) sentence 1 lit. b GDPR).

We will keep your Personal Data only as long as this is required for answering your request and necessary for sufficiently providing you with the information requested.

2.3 News Distribution

You may use the online sign-up form offered on our Website if you like to sign-up for our news distribution. For this purpose, we use the double opt-in procedure. This means that after you did use the sign-up form, we will send you an email to the email address provided, in which we ask you to confirm that you wish to receive our press releases. If you do not confirm your sign-up within 72 hours from the receipt of this email, your sign-up request will be automatically deleted after a period of not more than four weeks. In addition, we save certain technical data such as your the times of registration. We need your email address as well as these technical data to be able to prove that you are the owner of the email address provided and wish to receive the press releases and, if necessary, to clarify any possible misuse of your Personal Data. No other Personal Data will be Processed in this context. If you no longer wish to receive our news releases you can cancel your subscription using the “Unsubscribe” link included in each news release. In this case, we will automatically delete the Personal Data mentioned above.

We Process these Personal Data exclusively for sending the requested information and we will only pass it to those third parties who meet the requirements set forth in Section 3 of this Policy. However, as our news distribution is a service of our external service provider Notified, a US-based company, and also managed by employees of Affimed Inc., your email address will need to be transferred to the USA as a so called “third country” outside the EU/EEA. For ensuring an adequate level of protection for the transfer of Personal Data to the US, we have entered into standard contractual clauses with these recipients outside of the EU/EEA. You may request a copy of these standard contractual clauses on request (see Section 7 for possibilities how to contact us). The consent granted to Process Personal Data for the purpose of sending the press releases can be revoked at any time, such as via the “Unsubscribe” link in every press release.

The legal basis for the Processing of Personal Data described above is your consent (Article 6 (1) sentence 1 lit. a GDPR) or, in case of a business relationship, the fulfilment of a contract and pre-contractual measures (Article 6 (1) sentence 1 lit. b GDPR).

2.4 Application process

On our Website, we offer the option to submit applications for posted employment opportunities or unsolicited applications. If you provide us with Personal Data within the application process or to the extent we collect or create additional information in this regard (e.g., from references mentioned in your application), these Personal Data can be divided into the following data categories:

  • Personal identifiers (name, date of birth, address);
  • Contact data (telephone number, mobile telephone number, fax number, email address);
  • Information provided by third parties (e.g. reference contacts in your application);
  • Information relating to the evaluation and assessment in the application process;
  • Information and documentation relating to your education (e.g. school, vocational training, military/civilian service, degree, doctorate), your previous employment history (e.g. training course certificates and job references) and other qualifications (e.g. language skills, computer skills, voluntary work);
  • Application photo;
  • Information on desired salary; and
  • Job application history

We will use any Personal Data you have provided or we have collected or created in the context of the application process solely for processing your application for the advertised employment opportunity or your unsolicited application and only individuals dedicated to the application process will have access to these Personal Data. .

If you wish to apply for an employment opportunity at Affimed or provide us with an unsolicited application (your “Application Request”), you may use the online application form offered on our Website. For this purpose, we use a double opt-in procedure. This means that after you did use the online application form, we will send you an email to the email address provided, in which we ask you to confirm your Application Request. If you do not confirm your Application Request within seven days after the receipt of such email, your Application Request will be automatically deleted. In addition, we save certain technical data such as the IP address you use and the times of registration. We need your email address as well as these technical data to be able to prove that you are the owner of the email address provided and wish to provide us with an Application Request and, if necessary, to clarify any possible misuse of your Personal Data. No other Personal Data will be Processed in this context.

We will store any data provided by you in the application form or provided in additional documents as part of an application process in our IT systems.

The legal basis for the processing of the Personal Data described above is your consent (Article 6 (1) sentence 1 lit. a GDPR) or, if applicable, the fulfilment of a contract and pre-contractual measures to conclude an employment relationship (Article 6 (1) sentence 1 lit. b GDPR).

If we do not enter into an employment relationship, we will delete your Personal Data provided to us as part of an Application Request after a maximum period of six months from the receipt of the Personal Data, unless we require to retain the Personal Data for another legitimate purpose (e.g. in connection with the assertion of legal claims or defense against such claims).

2.5 Cookies

Cookies are small text files that are stored on your personal device when visiting a Website and through which certain information is submitted to the party that sets the Cookie (in this case us). In general, Cookies serve to make the Website offering more user-friendly and effective overall.

We currently do not use any Cookies on our Website (or any similar tracking technologies apart from the server logfiles described in 2.1.).

3. Sharing of Personal Data with Third Parties

We may disclose Personal Data to third parties where such disclosure is required by law (for example, upon request of a court or of law enforcement authorities). The legal basis for the Processing of your Personal Data for this purpose follows from our legal obligation (Article 6 (1) sentence 1 lit. c GDPR).

For certain activities in relation to our Website, we use service providers who Process Personal Data on behalf of us to operate the technical platform of the Website. These service providers are bound to data processing agreements in accordance with the GDPR and Process the Personal Data exclusively according to our instructions.

Unless explicitly mentioned above (i.e., as part of our news distribution), we do not transfer any Personal Data outside of the EU/EEA.

4. Retention of Personal Data

Unless no specific storage period is indicated in this Policy, we, in general, store Personal Data as long as (i) required for providing the Website to you, and/or (ii) necessary with regard to the contractual relationship with you, thereafter only if and to the extent that we are obliged to do so by mandatory retention obligations. If we no longer require the respective Personal Data for the purposes described above, such Personal Data will only be stored during the respective legal retention period and not Processed for other purposes.

5. Security of your Personal Data

We have taken extensive, state-of-the-art technical and operational precautions to protect the Personal Data Processed by us against unauthorized access and misuse. Our security procedures are revised regularly and adapted to reflect technological progress.

6. Your rights

Subject to certain requirements that need to be met, you have the following rights in accordance with GDPR:

  • Right of access: You have the right to request confirmation whether your Personal Data is being Processed by us and may request access to such data as defined in Article 15 GDPR.
  • Right to request rectification: If the Personal Data we Process is incomplete or inaccurate, you have the right to request the completion or rectification of such data at any time as defined in Article 16 GDPR.
  • Right to request erasure: You have the right to request the erasure of all or some of your Personal Data Processed by us as defined in Article 17 GDPR. However, there may be reasons why immediate erasure is not possible (e.g. if retention of such data is required by law).
  • Right to request restriction of Processing: You have the right to request that we restrict the Processing of your Personal Data in certain cases as defined in Article 18 GDPR.
  • Right to data portability: You have the right to request that we provide your Personal Data in a machine-readable format as defined in Article 20 GDPR.
  • Right to object: You have the right to object to the Processing of your Personal Data by us at any time for the future as defined in Article 21 GDPR.
  • Right to withdraw consent: If your Personal Data is Processed on the basis of your consent, you have the right to withdraw your consent at any time for the future as defined in Article 7 (3) GDPR.

If you believe that the Processing of your Personal Data is in breach of applicable data protection laws, you can issue a complaint with the competent data protection supervisory authority. The data protection supervisory authority responsible for us is: The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart.

7. Contact and Data Protection Officer

You can contact us (e.g. if you have any questions about data protection at Affimed or in relation to your rights further explained in Section 5), by post, telephone (see details above in Section 1) or via email at: email hidden; JavaScript is required.

You can also contact our data protection officer directly. The contact details of the data protection officer are:

Data Privacy Officer Affimed, c/o Affimed GmbH
Gottlieb-Daimler Straße 2
68165 Mannheim, Deutschland

Phone: +49 621 56003 0
Email: email hidden; JavaScript is required

8. Changes

Our Policy may change from time to time, for example due to further developments of the Website or legal changes. Therefore, we reserve the right to change this Policy at any time with effect for the future.

Last update: 11 September 2023