Bionta Logo
Get in touch

Privacy Policy

Thank you for your interest in our company. We take data protection seriously.

You can generally use our website without providing personal data. If a data subject wishes to use services of our company via our website, processing of personal data may become necessary. If such processing is required and there is no legal basis, we will seek the data subject’s consent.

We always process personal data (e.g., name, address, email address or phone number) in accordance with the EU General Data Protection Regulation (GDPR) and the applicable national data protection laws. With this privacy policy, we inform the public about the nature, scope, and purpose of the personal data we collect, use, and process, as well as the rights of data subjects.

As the controller, we have implemented technical and organizational measures to ensure a level of protection of personal data appropriate to the risk. Nevertheless, internet-based data transmissions may have security gaps; absolute protection cannot be guaranteed. Therefore, data subjects may also transmit personal data to us by alternative means, e.g., by telephone.

1. Definitions

This policy uses GDPR terms as defined in Article 4, including, among others:

  • “personal data”: any information relating to an identified or identifiable natural person (“data subject”);
  • “data subject”: any identified or identifiable natural person whose personal data are processed by the controller;
  • “processing”: any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, restriction, erasure, or destruction;
  • “restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future;
  • “profiling”: any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person;
  • “controller”: the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  • “recipient”: a natural or legal person, public authority, agency, or other body to which the personal data are disclosed.

2. Controller and Contact

Controller: Bionta Plant GmbH (or the respective entity as indicated on our site)

Contact for privacy requests: privacy@bionta.example

3. Categories of Data and Purposes of Processing

We process personal data only to the extent necessary for the following purposes:

  • Website operation, security, and performance (server logs, IP addresses, device/browser data)
  • Communication and handling of inquiries (contact details and message content)
  • Provision of our services, fulfillment of pre-contractual and contractual obligations
  • Analytics (where applicable) to improve content and user experience

4. Legal Bases for Processing

We process personal data based on the following legal grounds under Article 6(1) GDPR:

  • Consent (Art. 6(1)(a) GDPR), e.g., for optional analytics or marketing
  • Contract performance or pre-contractual measures (Art. 6(1)(b) GDPR)
  • Legal obligations (Art. 6(1)(c) GDPR)
  • Legitimate interests (Art. 6(1)(f) GDPR), e.g., for security, fraud prevention, and improving our services

5. Recipients and International Transfers

We may share data with service providers (processors) who support our operations (e.g., hosting, analytics). Where data are transferred to third countries without an EU adequacy decision, we use appropriate safeguards (e.g., Standard Contractual Clauses) and assess the risk.

6. Cookies and Analytics

We use only the cookies necessary to operate this website unless you provide consent for additional categories. If we deploy analytics (e.g., Google Analytics or similar), it will be configured to respect privacy by default and used only on the basis of consent, where required by law. You can revoke your consent at any time with effect for the future.

Google Analytics

We may use Google Analytics (Google Ireland Limited/Google LLC) for statistical analysis and optimization purposes on the basis of consent where required by law. The following data can be processed: browser type/version, operating system, referrer URL, host name (IP address), time of server request. The information is usually transmitted to a Google server in the USA and stored there. IP anonymization (IP masking) is enabled so that your IP address is shortened beforehand within the EU/EEA. Google will use this information to evaluate website usage, compile reports, and provide other services related to website and internet use. Data may be transferred to third parties if required by law or where third parties process data on Google’s behalf. Your IP address will not be merged with other Google data.

You can prevent cookies by configuring your browser accordingly; however, some features of the site may not function properly. You can also prevent collection and processing of data generated by the cookie (including IP address) by installing the browser add‑on available at: https://tools.google.com/dlpage/gaoptout?hl=en. As an alternative, especially on mobile devices, you can set an opt‑out cookie via a provided link on our site to prevent future tracking in this browser only. If you delete cookies, you must set the opt‑out again.

Further information on data protection with Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en

Google Ads Conversion Tracking

To measure reach and optimize our website, we may use Google Ads Conversion Tracking. A cookie is set when you arrive via a Google ad. These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages and the cookie has not expired, Google and the customer (us) can see that the user clicked the ad and reached the target page. Each Ads customer receives a different cookie. The information is used to compile conversion statistics. We do not receive information that personally identifies users. You can disable conversion cookies by blocking cookies from the domain www.googleadservices.com. More information: https://services.google.com/sitestats/en.html

7. Storage Period

We store personal data only as long as necessary for the purposes for which they were collected or as required by law. After the storage period expires, the data are routinely deleted or anonymized.

8. Social Media Plugins

On the basis of our legitimate interests (Art. 6(1)(f) GDPR) in public visibility and communication, we may integrate social plugins using a two‑click solution to protect visitors.

a) Facebook

When you access a page containing a Facebook plugin (e.g., Like/Share), your browser connects directly to Facebook’s servers; the plugin content is transmitted directly to your browser and integrated into the page. This informs Facebook that your browser accessed the relevant page—even if you do not have a Facebook account or are not logged in. This data (including IP address) is transmitted from your browser directly to a Facebook server (potentially in the USA) and stored there. If you are logged in, Facebook can associate the visit with your account. If you interact with the plugin (e.g., click Like/Share), the corresponding information is also transmitted to Facebook and stored. For the purpose and scope of data collection, further processing, your rights, and settings to protect your privacy, please see Facebook’s privacy policy.

b) Twitter

Plugins of the Twitter service may be integrated. When you use Twitter and the “Retweet” function, the websites you visit are linked to your Twitter account and disclosed to other users. Data are also transmitted to Twitter. For details on Twitter’s data processing and privacy settings, consult Twitter’s privacy policy.

c) Google+

Plugins of the Google+ social network may be used. Collection and sharing of information via the +1 button are described in Google’s policies. Google stores both the information that you gave +1 for content and information about the page you viewed when clicking +1. Your +1s can be displayed as hints along with your profile name and photo in Google services. Google records information about your +1 activity to improve Google services for you and others. For detailed information, see Google’s +1 button policy and privacy policy.

9. Data Subject Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR), particularly to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent at any time (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise these rights, contact us at privacy@bionta.example.

10. Right to Object

Where processing is based on our legitimate interests under Art. 6(1)(f) GDPR, you have the right to object to processing on grounds relating to your particular situation. If the objection concerns direct marketing, you have a general right to object which we will implement without requiring a specific situation. To exercise this right, email privacy@bionta.example.

11. Security

We use industry-standard encryption (e.g., TLS/SSL) during website visits and maintain appropriate technical and organizational measures to protect data against manipulation, loss, destruction, or unauthorized access. Our security measures are continually improved in line with technological developments.

12. Updates to This Policy

This privacy policy is currently valid as of September 2025. Due to updates to our website, services, or legal requirements, it may be necessary to change this policy. The current version can be accessed at any time on our website.

13. Contact

If you have questions about this policy or data protection at Bionta, contact: privacy@bionta.example

Note: Supervisory authorities in some jurisdictions may require a data processing agreement for analytics tools. Please consult the provider’s terms and your legal counsel.