CHIRON Group SE (hereinafter referred to as "CHIRON") takes your legitimate interests in data protection very seriously and observes the provisions of the European General Data Protection Regulation (GDPR), the German Telemedia Act and, where applicable, the provisions of other applicable data protection regulations.
CHIRON handles the data transmitted by you carefully and with due diligence. As far as data of any kind is collected, processed or used, this is always done within the scope of the applicable legal provisions or after obtaining explicit consent from you.
Protecting the individual’s privacy on the Internet is crucial to the future of Internet-based business models and the move toward a true Internet economy. CHIRON has created this privacy statement to demonstrate its firm commitment to the individual’s right to privacy. The following outlines CHIRON's personal information handling practices for this website.
This Privacy Statement covers this website and all other sites that reference this Privacy Statement. Some CHIRON entities may have their own, possibly different, privacy statements. We encourage you to read the privacy statements of each of the CHIRON websites you visit.
The data controller according to Art. 4 Para. 7 of the General Data Protection Regulation (GDPR) is:
CHIRON Group SE
registered in the Commercial Register at the District Court Stuttgart under HRB 750831
Tel. +49 7461 940-0
You can contact our data protection officer at:
CHIRON Group SE
Data Protection Officer
Global Privacy Fundamentals
Our privacy practices reflect current global principles and standards on handling personal information. These principles include notice of data use, choice of data use, data access, data integrity, security, onward transfer, and enforcement/oversight. CHIRON abides by the EU General Data Protection Regulation (GDPR).
By using this website, you consent to the electronic collection and use of your information as described here. If CHIRON decides to make changes to this Privacy Statement, we will post the changes on this site so that you will always know what information we collect and how we use it.
From time to time, as may be required by applicable law, we may also seek your explicit consent to process certain data and information collected on this website or volunteered by you.
Collection and Processing of Your Personal Data
To serve you better and understand your needs and interests, CHIRON collects and uses personal information with adequate notice and consent, along with required filings with data protection authorities, when applicable.
We may further collect and process any information and data that you volunteer to us, e.g. when you register for events, subscribe to newsletters, participate in online surveys, discussion groups or forums, or when you make purchases.
Use and Purpose of Collected Personal Data
The information CHIRON collects to understand your needs and interests helps CHIRON deliver a consistent and personalized experience. CHIRON will use such information only as described in this Privacy Statement and/or in the way specified at the time of collection. We will not subsequently change the way your personal data is used without your consent, unless this is otherwise permitted by law.
Some of the ways we may use your personal data include, but are not limited to:
- To process your orders and deliver the products and services that you have ordered.
- To keep you up to date on the latest service and product announcements, special offers, and other information. This may occasionally include information from other companies or business partners about products and services that can add value to the CHIRON products.
- To tailor information about our products and services to your individual needs, allowing us to provide you with specific information on products and services that may be of interest to you.
- To provide the ability to contact you, and provide you with shipping and billing information, and to provide customer feedback and support.
- To conduct questionnaires and surveys in order to provide better products and services to our customers and end users. Your completion of any questionnaires is voluntary.
- To support recruitment inquiries.
- To meet contractual obligations.
We use IP addresses to help diagnose problems, to administer our website, and to gather demographic information. We may also use IP addresses or other information you have shared on this website to determine which pages on our sites are being visited and topics that may be of interest so we can provide you with information about relevant products and services. Generally, CHIRON will aggregate such data only in an anonymous way and will not tie it to a particular individual unless he or she has given consent. When you visit our site, we recognize only your domain name.
CHIRON will only gather information related to your visit to the CHIRON website. We do not track or collect personal information from your visits to companies or entities outside the CHIRON group of companies.
b) In addition, to further improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our website again to use our services, we will automatically determine that you have already visited our website and what inputs and settings you have made in order to avoid having to re-enter them.
d) The data processed by cookies are necessary for the purposes mentioned in order to safeguard our legitimate interests and the interests of third parties under Art. 6 Para.1 Sent. 1 (f) GDPR.
e) Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your computer or that a notice is displayed before a new cookie is created. Disabling cookies completely, however, may mean that you will not be able to all the features on our website.
If you choose to give us your email address or submit it through our contact form, we will communicate with you via email. We do not share your email address with others outside the CHIRON group of companies. You can choose not to receive any more emails from CHIRON at any time.
Depending on how your email application is set up, information about you may be transmitted automatically when you send an email to CHIRON.
Orders or Event Registration
Our site includes order forms that you fill out to request information, products, and services.
External Service Providers
We work with service providers that process certain data on our behalf. This is done exclusively in accordance with the applicable data protection laws. In particular, we have entered into commissioned data processing agreements with our service providers which satisfy the requirements of Art. 28 GDPR.
Information About the Newsletter and Consent
With the following information, we inform you about the content of our newsletter as well as the registration, sending and statistical analysis procedures as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.
Content of the Newsletter
We send newsletters, emails and other electronic notifications with promotional information (hereinafter referred to as "newsletter") only with the consent of the recipient or a legal permission. The content of the newsletter described as part of the newsletter registration are authoritative for the consent of the users.
Double Opt-in and Logging
Subscribing to our newsletter involves what is known as a double opt-in process. This means that after subscribing, you will receive an email requesting that you confirm your subscription. This confirmation is necessary to verify that you are subscribing with your own email address. Subscriptions to the newsletter are logged in order to be able to verify that the subscription process was consistent with legal requirements. This includes storing the time of subscription and confirmation as well as the IP address.
To sign up for the newsletter, it is sufficient to enter your email address. We also use additional data such as last and first name, country, and customer group. The sole purpose of the information provided is personalization and segmentation of the newsletter.
Statistical Survey and Analysis
The newsletters contain a "web beacon", that is, a pixel-sized file that is retrieved when the newsletter is opened. With this retrieval, technical information such as information about the browser and your system as well as your IP address and the time of retrieval is initially collected. This information serves to improve the technical performance of services based on the technical data or target audiences and their reading habits, based on their locations (which can be determined using the IP address) or access times.
These statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. Even though this information can be attributed to individual newsletter recipients for technical reasons we do not endeavor to monitor individual users. Rather, these analytics serve to determine the reading habits of our users and to adapt our content accordingly or to send different content that accommodates the interests of our users.
Data Transfer, Transfer to a Third Country
Your personal data will not be transferred to third parties for any purposes other than those set out below. We will only transfer your personal data to third parties if:
a) You have given your express consent in accordance with Art. 6 Para. 1 Sent. 1 (a) GDPR, Art. 26 Para. 2 German Federal Data Protection Act (BDSG);
b) The transfer is necessary in accordance with Art. 6 Para. 1 Sent. 1 (f) GDPR for the purpose of asserting, exercising or defending legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
c) In the event that there is a legal obligation to transfer the data pursuant to Art. 6 Para. 1 Sent. 1 (c) GDPR and
d) This is legally permissible and necessary under Art. 6 Para. 1 Sent. 1 (b) GDPR, Art. 26 Para. 1 German Federal Data Protection Act (BDSG) for the execution of a contractual relationship with you or for pre-contractual measures at your request.
Transfer to a third country or an international organization is not intended and there is no automated decision making, including profiling, unless otherwise provided in this Privacy Statement.
CHIRON may also share such information with business partners, service vendors, authorized third-party agents or contractors in order to provide a requested service or transaction, including processing orders, providing customer support, or providing you with information on products and services that may be of interest to you.
We do not sell or rent your personal data to third parties for marketing purposes unless you have granted us permission to do so.
CHIRON may respond to subpoenas, court orders, or legal process by disclosing your personal data and other related information, if necessary. We also may choose to establish or exercise our legal rights or defend against legal claims.
Circumstances may arise where, whether for strategic or other business reasons, CHIRON decides to sell, buy, merge, or otherwise reorganize businesses. Such a transaction may involve, in accordance with applicable law, the disclosure of personal information to prospective or actual purchasers. It is CHIRON’s practice to seek appropriate protection for information in these types of transactions.
The tracking measures listed below and used by us are carried out based on Art. 6 Para. 1 Sent. 1 (f) GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. Furthermore, we use tracking measures to statistically record the use of our website and to analyze it for the purpose of optimizing our website offerings. These interests are considered legitimate within the meaning of the aforementioned provision. For the respective data processing purposes and data categories, please refer to the corresponding tracking tools described in detail below.
Privacy Statement for the Use of Google Analytics
a) Google Analytics uses "cookies", which are text files placed on your computer to help analyze how you use the website. The information generated by the cookie about your use of this website will be generally transmitted to and stored by Google on servers in the United States of America. If IP anonymization is activated on this website, however, Google will truncate your IP address within member states of the European Union or in other member states of the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing the website operator with other services relating to website activity and internet usage.
b) You may refuse the storing of cookies by selecting the appropriate settings on your browser, however, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in provided under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
c) This website uses Google Analytics with the add-on „_anonymizelp()“. This means that IP addresses are processed in abbreviated form, so as to eliminate any direct tracking to a specific person. If data collected about you refers to a specific person, it is therefore eliminated immediately and the personal data thus immediately deleted.
d) We use Google Analytics to be able to analyze the use of our website and regularly improve it. The statistics we compile enable us to improve our offering and make it more interesting for you as a user. With regard to the exceptional cases in which personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield at https://www.privacyshield.gov/EU-US-Framework . The legal basis for the use of Google Analytics is Art. 6 Para. 1 Sent. 1 (f) GDPR.
e) Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. Terms of Service: https://www.google.com/analytics/terms/us.html, data protection overview: https://support.google.com/analytics/answer/6004245?hl=en, and privacy statement: https://policies.google.com/privacy?hl=en&gl=en.
Privacy Statement for the Use of YouTube Plug-ins
Our website uses plug-ins of the Google-operated site YouTube. Operator of the sites is: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
When you visit a site equipped with a YouTube plug-in, a connection is established to the YouTube servers. In the process, the YouTube server is informed which of our pages you have visited. If you are logged in to your YouTube account, you enable YouTube to associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
Links to Other Websites
Our website may contain links to third-party websites. CHIRON is not responsible for the privacy practices or the content of other websites outside of CHIRON.
CHIRON will not retain your personal data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.
Information on Data Processing for the Purpose of Application Pursuant to Art. 13 GDPR
Your submitted applicant data will be electronically processed and stored until the application process is concluded.
Collection and Storage of Personal Data as Well as Type and Purpose and Their Use
If you contact us as part of your application, we will collect the following information:
- Title, first name, last name, valid email address
- Phone number (landline and/or cell phone)
- Information we need for the application process
This data is collected for the purpose of correspondence with you. The data is processed as a consequence of your application and, pursuant to Art. 6 Para. 1 Sent. 1 (b) GDPR, is required for the purposes stated for the proper processing of your application. Your personal data will not be transferred to third parties.
Access to the Data
The data provided by you will be treated confidentially. In dealing with a specific job application, only persons who are involved in filling this position have access to the data you have provided. Specifically, these are the employees of the HR department of CHIRON Group SE, its management, and the respective division managers.
Deletion of the Data
We will only store and use your information for as long as is necessary to decide whether to enter into an employment relationship with you. If you receive a rejection of your application, the application process is complete.
Your personal application data will be automatically deleted six months after completion of the application process. This does not apply if legal provisions prevent the deletion, as further storage is necessary for the purpose of presenting evidence, or if you have consented to further storage in accordance with Art. 6 Para. 1 Sent. 1 (a) GDPR.
Data Subject Rights
You have the right
a) In accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your personal data have been or will be disclosed, the planned storage period, the existence of the right to rectification, deletion, restriction or objection of processing of personal data, the right to lodge a complaint with a supervisory authority, the origin of your data where the personal data was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved;
b) In accordance with Art. 16 GDPR, to demand without delay the correction of incorrect data or the completion of your personal data stored by us;
c) To request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
d) In accordance with Art. 18 GDPR to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims, or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
e) In accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request its transfer to another person responsible;
f) In accordance with Art. 7 Para. 3 GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing the data based on this consent in the future and
g) In accordance with Art. 77 GDPR, to complain to a supervisory authority. As a general rule, you can contact the supervisory authority of your usual place of residence or workplace or of the registered office of our company.
The competent supervisory authority for data protection for CHIRON Group SE is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart, Germany
Königstraße 10a, 70173 Stuttgart, Germany
Phone: +49 711 615541-0
Fax: +49 711 615541-15
For the assertion of the afore mentioned rights as well as for questions regarding data protection, you can contact the data controller pursuant to section 1 above or send a corresponding email to firstname.lastname@example.org.
Right to Object
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Para. 1 Sent. 1 (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to exercise your right of withdrawal or objection, simply send an email to email@example.com.
a) While you visit our website, we use the common SSL procedure (Secure Socket Layer) with the highest possible encryption level supported by your browser. As a general rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will resort to128-bit v3 technology instead. Whether an individual page of our website is transmitted in encrypted form is indicated by the display of the closed key/lock symbol in the lower status bar of your browser. The data that you enter in the form for registration in the job exchange will also be transmitted to us only in encrypted form.
b) We also use appropriate technical and organizational security measures to protect your data against accidental or intentional tampering, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Changes to This Privacy Statement
In the event of new developments such as changes to the applicable data privacy laws, we will, if necessary, update this privacy statement accordingly.
Last updated: May 15, 2019