Thank you for your interest in our company. We take data protection seriously.
You can generally use our website without providing personal data. If a data subject wishes to use services of our company via our website, processing of personal data may become necessary. If such processing is required and there is no legal basis, we will seek the data subject’s consent.
We always process personal data (e.g., name, address, email address or phone number) in accordance with the EU General Data Protection Regulation (GDPR) and the applicable national data protection laws. With this privacy policy, we inform the public about the nature, scope, and purpose of the personal data we collect, use, and process, as well as the rights of data subjects.
As the controller, we have implemented technical and organizational measures to ensure a level of protection of personal data appropriate to the risk. Nevertheless, internet-based data transmissions may have security gaps; absolute protection cannot be guaranteed. Therefore, data subjects may also transmit personal data to us by alternative means, e.g., by telephone.
This policy uses GDPR terms as defined in Article 4, including, among others:
Controller: Bionta Plant GmbH, represented by Managing Director Oliver Urs Freiherr von Haxthausen
Contact for privacy requests: hey@biontaplant.de
We process personal data only to the extent necessary for the following purposes:
We process personal data based on the following legal grounds under Article 6(1) GDPR:
We may share data with service providers (processors) who support our operations (e.g., hosting, analytics). Where data are transferred to third countries without an EU adequacy decision, we use appropriate safeguards (e.g., Standard Contractual Clauses) and assess the risk.
We use only the cookies necessary to operate this website unless you provide consent for additional categories. If we deploy analytics (e.g., Google Analytics or similar), it will be configured to respect privacy by default and used only on the basis of consent, where required by law. You can revoke your consent at any time with effect for the future.
We may use Google Analytics (Google Ireland Limited/Google LLC) for statistical analysis and optimization purposes on the basis of consent where required by law. The following data can be processed: browser type/version, operating system, referrer URL, host name (IP address), time of server request. The information is usually transmitted to a Google server in the USA and stored there. IP anonymization (IP masking) is enabled so that your IP address is shortened beforehand within the EU/EEA. Google will use this information to evaluate website usage, compile reports, and provide other services related to website and internet use. Data may be transferred to third parties if required by law or where third parties process data on Google’s behalf. Your IP address will not be merged with other Google data.
You can prevent cookies by configuring your browser accordingly; however, some features of the site may not function properly. You can also prevent collection and processing of data generated by the cookie (including IP address) by installing the browser add‑on available at: https://tools.google.com/dlpage/gaoptout?hl=en. As an alternative, especially on mobile devices, you can set an opt‑out cookie via a provided link on our site to prevent future tracking in this browser only. If you delete cookies, you must set the opt‑out again.
Further information on data protection with Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en
To measure reach and optimize our website, we may use Google Ads Conversion Tracking. A cookie is set when you arrive via a Google ad. These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages and the cookie has not expired, Google and the customer (us) can see that the user clicked the ad and reached the target page. Each Ads customer receives a different cookie. The information is used to compile conversion statistics. We do not receive information that personally identifies users. You can disable conversion cookies by blocking cookies from the domain www.googleadservices.com. More information: https://services.google.com/sitestats/en.html
We store personal data only as long as necessary for the purposes for which they were collected or as required by law. After the storage period expires, the data are routinely deleted or anonymized.
On the basis of our legitimate interests (Art. 6(1)(f) GDPR) in public visibility and communication, we may integrate social plugins using a two‑click solution to protect visitors.
When you access a page containing a Facebook plugin (e.g., Like/Share), your browser connects directly to Facebook’s servers; the plugin content is transmitted directly to your browser and integrated into the page. This informs Facebook that your browser accessed the relevant page—even if you do not have a Facebook account or are not logged in. This data (including IP address) is transmitted from your browser directly to a Facebook server (potentially in the USA) and stored there. If you are logged in, Facebook can associate the visit with your account. If you interact with the plugin (e.g., click Like/Share), the corresponding information is also transmitted to Facebook and stored. For the purpose and scope of data collection, further processing, your rights, and settings to protect your privacy, please see Facebook’s privacy policy.
Plugins of the Twitter service may be integrated. When you use Twitter and the “Retweet” function, the websites you visit are linked to your Twitter account and disclosed to other users. Data are also transmitted to Twitter. For details on Twitter’s data processing and privacy settings, consult Twitter’s privacy policy.
Plugins of the Google+ social network may be used. Collection and sharing of information via the +1 button are described in Google’s policies. Google stores both the information that you gave +1 for content and information about the page you viewed when clicking +1. Your +1s can be displayed as hints along with your profile name and photo in Google services. Google records information about your +1 activity to improve Google services for you and others. For detailed information, see Google’s +1 button policy and privacy policy.
You have the following rights under the GDPR:
To exercise these rights, contact us at hey@biontaplant.de.
Where processing is based on our legitimate interests under Art. 6(1)(f) GDPR, you have the right to object to processing on grounds relating to your particular situation. If the objection concerns direct marketing, you have a general right to object which we will implement without requiring a specific situation. To exercise this right, email hey@biontaplant.de.
We use industry-standard encryption (e.g., TLS/SSL) during website visits and maintain appropriate technical and organizational measures to protect data against manipulation, loss, destruction, or unauthorized access. Our security measures are continually improved in line with technological developments.
This privacy policy is currently valid as of September 2025. Due to updates to our website, services, or legal requirements, it may be necessary to change this policy. The current version can be accessed at any time on our website.
If you have questions about this policy or data protection at Bionta, contact: hey@biontaplant.de
Note: Supervisory authorities in some jurisdictions may require a data processing agreement for analytics tools. Please consult the provider’s terms and your legal counsel.
