What does it mean?
Personal data is information that can identify you or could be used to potentially identify you personally. JPT only accepts requests for any kind of communication if you are a representative of a company, university, institute or another legal entity in the field of science and technology. You can neither inquire about products, nor can you place orders with JPT if you are acting as an individual and are not affiliated with a recognized scientific institution or registered organization. Thus, any personal information collected by us in the course of establishing a business relationship with you or providing information to you will only identify you as an agent of the institution you are employed by, are associated with or acting on behalf of. You must be at least 18 years of age and of full legal capacity in order to engage in communication with us. This means that JPT will not knowingly store any personal data of children. If you are aware that any minor has provided us with information, please contact us by any of the means detailed below.
The Data Controller
Who is responsible for the processing of your personal data?
JPT are the “data controller” of your personal data, if not stated otherwise:
JPT Peptide Technologies GmbH
12489 Berlin, Germany
Telephone: +49 30 6392 5500
This may involve the processing of personal data by other group companies and providers on behalf of BioNTech.
Our Global Data Privacy Team
Who are your contacts?
If you have any questions regarding the processing of your personal data or if you wish to exercise your rights as a data subject, please do not hesitate to contact our global data privacy officer or the global data privacy team.
They can be reached at:
JPT Peptide Technologies GmbH
Data Protection Officer
12489 Berlin, Germany
Purposes & Legal Bases
Why are we allowed to process your personal data?
When we process your data, we follow the EU General Data Protection Regulation (GDPR). If we rely on legal bases outside the GDPR for processing your data, like country specific data privacy legislation, we will inform you accordingly. We are allowed to process your data for the following overarching purposes:
Responding to your requests
Where you have given your consent (Art. 6 (1)(a) GDPR), we will process your data for the consented purpose (e.g., to respond to your questions via our web form).
Legal and compliance requirements
We will process your personal data to comply with legal obligations (Art. 6 (1)(c) GDPR), including the disclosure of information in connection with a legal process or litigation. We would like to inform you that we may be legally obliged to disclose personal data to authorities under certain circumstances. Depending on the legal reason, it is prohibited to inform you about the disclosure.
Enabling business activities and pursuing our legitimate interests
Always provided that your data protection rights are not overridden by our legitimate interests (Art. 6 (1)(f) GDPR), we will process your data for various reasons such as providing you with a convenient website experience. As we are constantly striving to improve upon our existing products and developing new ones, we may also use your contact information to notify you of products, services or promotions that are relevant to your research. Such communication may include information about third party activities if we think this is appropriate to your area of interest. If you do not wish to receive this information, simply notify us. All communications that you receive from JPT will provide the opportunity to opt out of future exchanges. We may also use part of the data we collect from you for internal marketing and business purposes in order to improve the products and service we offer. That means that we may collect part of the data you provide in anonymized or pseudonymized form to produce statistics and other analyses for internal use.
Fulfilment of contract and pre-contractual inquiries
We will process your personal information if this is required for the fulfilment of a service contract or to conduct pre-contractual actions (Art. 6 (1)(b) GDPR).
Besides the above stated regulations, the national data privacy legislation of Germany applies. This particularly applies for the Federal Data Protection Law (BDSG) and the German Telecommunications-Telemedia Data Protection Act (TTDSG). We will specify the legal basis in the respective subsections below.
How do we collect it?
The kind of personal data we may collect when you use the JPT digital services or when you contact us personally by any means of communication are described in this section. This includes data you provide us or we collect automatically.
Data you provide
To access most of the information or services provided by the JPT website, you don’t have to register with us. However, in order to request a quote or place an order, registration is compulsory through either our website or written communication. Typically, personal data collected, processed and stored by JPT upon registration include names, academic title, position, phone numbers, email addresses and postal, billing and delivery addresses of the institution or company you are affiliated with. We may also ask you to provide information about your areas of research interest. When an order is placed with JPT we will obviously also ask you for and store billing information such as account or credit card details. We will never collect personal data from anyone but you directly except when authorized by you.
Data we collect automatically
By using JPT’s websites certain types of information are automatically stored in the hosting company’s computer log files. This data may include the following information: browser type and version, IP number of the user, date and time of access, referring websites. This data only serves the purpose of maintaining functionality of the website and delivering its content to you. They are not used to track you or identify you personally.
Cookies and other tracking technologies
In general, we are using technically necessary cookies and other performance or marketing cookies. Technically necessary cookies cannot be deactivated in your systems and are required to enable core site functionalities. They are essential to provide website functionalities and its features. Generally, these cookies are only set in response to actions you take that correspond to a request for service, such as setting your cookie preferences, logging in or completing forms. We process your personal data by using these cookies based on § 25 (2) TTDSG for saving the cookie on your device and reading the saved cookie on a later visit.
We also use performance and marketing cookies if you have consented to it. Those cookies are the Google Tag Manager, Google Ads, and Google Analytics. [AW9][SF10]Our website uses Google Analytics, a web analysis service provided by Google, Inc. solely for internal marketing purposes and monitoring traffic to our websites. The service analyzes our websites by placing cookies on your computer including your IP address and transmitting information to Google. However, to achieve compliance with data protection standards, JPT has restricted the service to transmitting IP addresses in an anonymized form by removing the last 8 bits of the IP numbers (“anonymize IP” feature of Google Analytics). These anonymized addresses cannot be utilized to track you personally or your activities, neither by us nor by Google. Furthermore, JPT has instructed Google Analytics to store any data on its behalf no longer than 26 months after which they will be deleted from Google’s servers.
Newsletters & General Announcements
From time-to-time JPT sends out newsletters by email to all customers (who have not objected to the use of their email for that purpose) and verified parties that have subscribed to the newsletter. These newsletters serve to inform institutional customers or interested persons of innovations, new products or changes in JPT’s business areas. Name and e-mail address are processed to receive the respective newsletter.
We analyse the performance of our newsletters by individually measuring, storing and evaluating opening rates and click-through rates in recipient profiles for the purpose of designing future newsletters according to the interests of our readers.
You can unsubscribe from the newsletter by either sending us an email to firstname.lastname@example.org or click on the ‘unsubscribe’ button in every single newsletter. Your name and email address will then be removed from the email list. We use CleverReach GmbH & Co. KG (Schafjückenweg 2, 26180 Rastede) to create and send out the newsletters. We have concluded a data processing agreement with this provider. This means that CleverReach will not use your data for their own purposes and sends out mailings based on our instructions.
Shop & Billing Information
When you order products via our web shop, you provide personal information that is necessary to fulfil the requested transaction. Name, address, and customer credit card as well as other billing account numbers will be used only for the fulfilment of individual transactions. We utilize SSL (Secure Sockets Layer) to ensure safe and secure payment transactions made in our online shop. With SSL, information sent via the Internet is encrypted, and can be trusted to arrive privately and unaltered. We believe this element provides the most effective way to ensure that your order information is protected while offering a very secure shopping environment. After completion of purchase, no credit card details are stored electronically or otherwise at JPT. Payment service provider for credit cards is Unzer GmbH (Schöneberger Str. 21 a, 10963 Berlin). Credit card information are entered in store and then forwarded to Unzer and processed. Thus, payment data are neither stored at the webshop nor at JPT.
We collect data about you in our customer management system that you have provided to us yourself or through secondary sources such as business directories. If we process data from you directly, this is based on your consent. When we collect data from secondary sources, it is based on our legitimate interest in knowing our audience and maintaining interactions. Generally, we collect your data to provide you with requested information or services, e.g. information on relevant products, services and/or promotions, answering questions about our products or services such as events, sending you newsletters or other marketing/promotional materials based on your choice and consent, or providing you with access to one of our portals or web shops. In order to provide you with information you have requested or may be interested in, we may customise the content you request based on the information we collect about you. We use your data such as name, address, email address, profession, field of expertise and contact history to provide you with a requested service according to your preferences.
Sanction Breach Prevention
JPT is required by law to ensure that no business is conducted with persons or entities sanctioned by national and international bodies for their links to terrorism, money laundering and other crimes. In order to comply with those requirements, JPT will search names and affiliations of any potential, new or existing customers against appropriate databases containing lists of sanctioned individuals and institutions. The matching is done within JPT’s computer systems in Germany by loading the EU, UN and US sanction databases from the internet and executing a search-and-match algorithm locally. If a customer name or customer institution is flagged by the search algorithms a remark is stored within JPT’s customer database preventing any dealings with the suspicious person without further review by the management. Customer names and affiliations that are already stored in JPT’s database will be subject to periodical review with regard to sanction lists at least once a year.
How long do we store and process your personal data?
Any personal data we collect may be stored for the duration of time required for the purposes specified when you gave the information to us or that is appropriate and necessary for the fulfilment of that purpose. In general, any contact information you gave to us by sending us a request for information or quotes is stored in our databases for an indeterminate period of time to enable us to review contact history and react more swiftly and comprehensively to any new requests. However, the personal details of any customer not having had any contact with us for more than five years will be deleted, unless there are any other reasons (such as overriding legal retention periods or coporate interests) that require a longer retention period. In any case, personal data of customers will be stored at least as long they are necessary for the processing and completion of pending contractual obligations and at least as long as legal requirements e.g. for storing and archiving data or for reporting to government authorities demand.
Automatically collected information from visiting our websites as explained above are deleted when you leave the website or in case of storage in a log file after a maximum of 7 days. Information stored in cookies can only be deleted by you as this is dependent on your browser settings.
With whom and to where do we share your personal data?
In general, your personal data is only processed inside of JPT and not shared with third parties. In some cases, it may be necessary to share your personal data with associated companies or service providers. In such cases we have concluded respective data processing agreements (Art. 28 GDPR) or joint controller agreements (Art. 26 GDPR) to ensure the lawfulness of the transfer and secure your personal data.
Currently, your personal data is only processed by us within the European Union and the European Economic Area (together “Europe”). If it might be necessary to transfer your data outside Europe, there will be an adequate level of data protection in place by ensuring at least one of the following:
- Adequacy Decision of the European Commission according to Art. 45 GDPR that there is an adequate level of data privacy in the target country of the transfer.
- The conclusion of so-called Standard Contractual Clauses (SCC) that have been approved by the EU Commission in accordance with Art. 46 GDPR.
- The presence of Binding Corporate Rules (BCR) which were approved by an EU based supervisory authority after Art 47 GDPR.
How do we secure your personal data?
We have appropriate technical and organizational measures in place to protect your privacy and personal information. This includes measures against data loss, falsification, and unauthorized access. We choose service providers accordingly. However, data disclosure on the internet is at your own risk. Please contact our global data privacy team, if you have reasons to believe that your data is no longer secure with us.
What are your rights as a data subject?
If JPT processes personal data, you are a data subject as defined by the GDPR and have the following rights:
When you wish to exercise these rights, please contact our global data privacy team.
If you think that the processing of your personal data violates the GDPR you furthermore have the right to lodge a complaint with a supervisory authority. You can lodge this complaint to the authority in the member state of your habitual residence, place of work or the place where an alleged incident occurred in your opinion.
You can refer to the list of supervisory authorities of the European Data Protection Board to find the contact information of the corresponding authority: https://edpb.europa.eu/about-edpb/about-edpb/members_en
- Right of access: You have the right to request information about to request information about whether we process personal data about you and to request a copy of the personal data we process.
- Right to rectification: You have the right to rectify personal data of which you think is inaccurate or incomplete.
- Right to erasure: You have the right to request us to delete your personal data in some cases.
- Right to restrict processing: You have the right to request us to restrict the processing of personal data in some cases.
- Right to data portability: You have the right to request us if we transfer personal data you provided to us to another organisation. This doesn’t apply in certain cases.
- Right to withdrawal of consent: When you have given us a consent to process your personal data you can withdraw your consent anytime without having to fear negative effects. However, the withdrawal does not affect the lawfulness of the processing carried out until the withdrawal.
- Right to object to processing: In the case that we are relying our processing of your personal data on our legitimate interest (Art. 6 (1)(f) GDPR) you have the right to object to the processing on grounds relating to your situation.
JPT on Social Media
We maintain publicly accessible profiles on various social networks. As the operator of these presences on the social media platforms we are processing personal data, for example if we are communicating with you via the platforms or posting content and you interact with this content. Furthermore, we can access personal data you have publicly available on your social media profile.
In the case you are visiting one of our social media profiles your personal data is also processed by the social media platforms themselves. This applies even if you do not have a profile on the applicable social media platform. The specific data processing operations and their extent differ depending on the operator of the respective social media platform and we have no influence regarding this processing by the platforms. More information regarding the processing of personal data through the social media platform can be found in their respective privacy statement.
For the most social media platforms it cannot be ruled out that a processing personal data is also taking outside of the European Union/European Economic Area. This means that a transfer of personal data into third countries without an adequate level of data privacy is possible and that there are possible difficulties regarding the enforcement of the rights of the data subject.
We maintain profiles on the following social media platforms:
We use LinkedIn a platform of the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland to inform you about the latest developments and information about our company and products and to communicate with you and other interested parties. In addition, we are conducting recruiting activities to attract new employees and are marketing our products. If you interact with our posts (e.g., by leaving a comment or a reaction) or follow us, you provide us information from your account (such as profile information). In case you comment under our posts, these comments are available until we delete the post you commented on.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members via the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves the performance of a public task. The evaluation of the types of actions taken on our LinkedIn company page serves as part of public relations to improve our company page based on these insights. The legal basis for this processing is Art. 6 (1)(f) GDPR. We have entered into a joint controller agreement with LinkedIn, which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.
We are using Twitter to inform you about the latest development and information about our company and products. For the processing of personal data that is collected from users of our Twitter page is partly our responsibility and partly that of Twitter, Inc. Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"), as operator of the Twitter platform in the EU and the European Economic Area ("Twitter platform") is responsible. There is no joint responsibility between us and Twitter. The focus of data processing is on the Twitter platform.
If the user follows our Twitter page, follows it, likes it or performs similar activities ("follower"), we receive the user's name. We process this data to manage our Twitter page and to adapt content to the interests of our followers. The legal basis of the processing is our legitimate interest in in evaluating the reach of our Twitter page and in improving and expanding the visibility of our Twitter page (Art. 6 (1)(f) GDPR).
Information that users provide to us in direct messages through the Twitter site (e.g., username, name, profile picture, contact details or a message to us -. "message data"), we process it in order to be able to deal effectively with the user's or to communicate with the user in this regard. The legal basis for data processing isArt. 6 (1)(b) GDPR. We store the message data as long as it is necessary for the communication. Beyond that, we store your message data only for the purpose of tracking or defense against legal claims or for the fulfillment of any legal retention obligations. [AW46][SF47]We do not profile you (no decision making that is based solely on
automated processing, including profiling) and do not combine your messaging and community data with any other data we may have about you.
Regarding the above-described data processing Twitter is acting as our processor. We have concluded a data processing agreement with Twitter in accordance with Art. 28 GDPR. This agreement can be found here: https://privacy.twitter.com/en/for-our-partners/global-dpa The data processing agreement has also incorporated the Standard Contractual Clauses to provide an adequate level of data privacy in case your personal data in transferred into a third country.
Twitter also processes your personal data for their own purposes in different ways on various legal basis. This includes also tracking and analysing your usage of Twitter. has no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties nor does it have any effective means of control in this respect.
By using Twitter, your personal data is collected, transferred, stored, disclosed and used by Twitter Inc. and, in doing so, transferred to the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your place of residence.
On the one hand, Twitter processes your voluntarily entered data such as name and username, e-mail address, telephone number or the contacts of your address book when you upload or synchronize it.
On the other hand, Twitter also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location using GPS data, information about wireless networks or your IP address in order to send you advertising or other content. For further information how Twitter is processing your personal data if you are using it, please refer to their privacy statement: https://twitter.com/en/privacy.
Twitter gives you a certain amount of control regarding their processing of personal data. For more information, see the following link: https://twitter.com/settings/account/personalization.
We are using Facebook a platform of the Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland to inform you about the latest development and information about our company and products.
The purposes and means of processing personal data when visiting our Facebook page [https://www.facebook.com/jpt.peptide.technologies ("Facebook Page") are determined by JPT and Facebook Ireland Ltd. ("Facebook") jointly within the meaning of Article 26 GDPR. This results from the fact that JPT, as the operator of the Facebook page, by setting up such a page gives Facebook the opportunity to place cookies on the computer or any other device of the person visiting the Facebook page ("visitor"), regardless of whether the visitor has a Facebook account.
JPT obtains anonymized statistical data regarding the visitors to our Facebook page with the help of the "Facebook Page Insights" function, which Facebook provides to us free of charge as a non-derogable part of the user relationship. This data is collected using cookies set by Facebook, each of which contains a unique user code that Facebook stores on the visitor's terminal device. The user code, which can be linked to the login data of such users who are registered with Facebook, is collected and processed when the Facebook page is accessed.
In particular, the fan page operator may receive demographic data provided by Facebook about its target audience - and thus the processing of such data, including. trends in age, gender, relationship status and professional situation, information about the lifestyle and interests of his target audience, as well as information about the purchases and online purchasing behavior of visitors to his page, the categories of goods or services they are most interested in, as well as geographical data that inform him about where to carry out special promotions or organize events and, more generally, allow him to target his information offer as much as possible.
Facebook assumes primary responsibility under the GDPR for the processing of Insight Data as part of its shared responsibility and complies with all obligations under the GDPR with respect to the processing of Insight Data (including, without limitation, Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR, and Articles 32 to 34 of the GDPR). In addition, Facebook provides the essence of this Page Insights Addendum to data subjects (the relevant "Page Insights Controller Addendum" can be found here: https://www.facebook.com/legal/terms/page_controller_addendum).
We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (i.e., commenting, sharing, rating).
Facebook shares information worldwide, both internally between Facebook companies and externally with its partners, as well as with such persons or organizations with whom the visitor connects and shares something around the world. In the process, data may also be transferred to and processed in the United States or other third countries that do not have an adequate level of data protection. In this regard, Facebook uses standard data protection clauses approved by the European Commission or relies on adequacy decisions issued by the European Commission regarding specific countries.
Facebook retains data until it is no longer needed to provide its services and Facebook products, or until the user's Facebook account is deleted, whichever comes first. This is a case-by-case determination and depends on things like the type of data, why it is being collected and processed, and relevant legal or operational storage needs.
We are using YouTube to distribute videos about our company and products. YouTube is a service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "YouTube"). Generally, YouTube offers free video clips that users can view, rate, comment on and upload themselves.
In our YouTube profile, we can see how many people have watched our videos and other interaction indicators. If you are liking one of our videos, your profile information is visible to us.
While browsing and interacting with YouTube, your personal data is transmitted to Youtube. With regard to the content and use of your personal data by YouTube, we have no knowledge. Thus, we cannot exclude that YouTube processes the collected data outside the European Union. Insofar as data is transmitted by YouTube to the USA, YouTube and also government authorities have access to this data.
You can find further information and individual setting options for protecting your privacy on YouTube via Google using your Google user account in the "Personal data" and "Data and personalization" area.
Linking to social media content
Within our website, we provide you with direct access to social media content (LinkedIn, Twitter, Facebook, Youtube) through links. The offers that can be accessed under the integrated link originate from the respective companies (hereinafter referred to as "social media providers") and do not represent social plug-ins that automatically forward your personal data to the social media provider. Only when you use the link and click on one of the social media buttons is personal data transmitted to the respective social media provider. The transmission ensures that the respective social media provider is aware of your IP address. Without your IP address, the social media provider cannot send the content to your browser.
By transmitting your IP address, the respective social media provider may also be able to assign your personal data to your user account, in case you are currently logged in with this account. If you do not want the assignment to your user account with the respective provider, you can log out of your user account before using the social media button.
An automated forwarding of your personal data to the social media providers by visiting our website and without clicking on the respective button does not take place.
The legal basis for the processing of your personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. We integrate the content of social media providers into our site in order to provide you with useful information or to facilitate a process for you, without any further data processing.
Notably, we have no influence on the extent to which providers store your personal data for statistical purposes, for example.
The recipients of the personal data collected are the social media providers. We have no knowledge of the content and use of your personal data by them. Therefore, we cannot roll out that they process the collected data outside the European Union.
For more information, please visit the privacy statement of the social media providers:
Last updated: September 2023