The CHIRON Group SE (hereinafter referred to as the »CHIRON Group«) takes your justified concerns regarding data privacy very seriously, and complies with the provisions of the General Data Protection Regulation (GDPR), the Telemediengesetz (German Telemedia Act) and any other applicable data protection regulations.
The CHIRON Group handles the data that you send to us carefully and diligently. Any collection, processing or use of data, in any form, is always performed within the scope of legal provisions or with your express consent.
Privacy protection is vitally important for the future of Internet-based business models and for the development of an Internet-based economy. This policy underlines the commitment of the CHIRON Group to protecting privacy. Below you can find information about how the CHIRON Group handles personal data on this website.
The controller pursuant to Art. 4 (7) of the General Data Protection Regulation (GDPR) is:
CHIRON Group SE
registered in the Commercial Register of the Stuttgart Local Court (Amtsgericht), HRB 750831
78532 Tuttlingen, Germany
Tel. +49 (0) 7461 940-0
You can contact our data protection officer at:
CHIRON Group SE
Data protection officer
78532 Tuttlingen, Germany
Our handling of personal data is based on international principles and standards concerning transparency regarding the use of personal data, observing and granting rights of choice, access rules, data integrity rules, data protection rules, data transfer rules and rules regarding monitoring the lawfulness of data processing. In particular, CHIRON Group is compliant with the General Data Protection Regulation (GDPR).
In addition, where required by applicable data protection laws, we will ask for your express permission for further processing of the personal data collected on this website or provided by you.
The CHIRON Group would like to better understand your wishes and interests and provide you with the best possible service. For this reason, the CHIRON Group collects and uses personal data in the manner described below, in compliance with applicable data protection law.
We also record and process data that you voluntarily share with us, for example, if you register for events, subscribe to our newsletter, participate in online surveys, discussion groups or forums, or make purchases.
The CHIRON Group uses the data collected as part of our efforts to provide you with consistent personal support. The CHIRON Group uses your data exclusively as described in this policy or when collected. Any subsequent changes to the intended use of your data is subject to your express permission, unless the change is otherwise justified by applicable legal provisions.
We process your data for the following purposes, among others:
To maintain our relationship with you, e.g. via our databases in which we amalgamate data about you from various sources in order to gain an overview of our collaboration with you; this is also intended to enable us to better understand your preferences and improve and individualize our communications with you;
To process and deliver services and products ordered by you;
To perform tasks required to prepare or fulfill contracts;
To provide proof of business transactions;
To provide you with suitable and up-to-date information regarding our products and services;
To improve the quality of our products and services by adjusting them to meet your specific needs;
To answer your queries and provide you with efficient support;
To manage communication and collaboration with you;
To track our activities (e.g. measurement of collaboration or purchases, number of meetings/appointments, topics discussed, documents presented);
To invite you to events sponsored by or used by us (e.g. speeches, conferences);
To manage our IT resources, including infrastructure management and business continuity;
To safeguard the commercial interests of the company and ensure compliance and reporting (e.g. compliance with our guidelines and local legal provisions, taxes and deductions, compliance with internal contribution limits, management of alleged misconduct or fraud, completion of audits and defense against legal disputes);
For archiving and record-keeping;
For processing job applications;
For invoicing and accounting; and
For other purposes as required by law and authorities.
In certain cases, we are legally obligated to provide data to government agencies (institutions or authorities) upon request. The legal basis for processing is Art. 6 (1)(c) GDPR or Section 24 (2)(1) BDSG (German Federal Data Protection Act).
In some cases, contractual partners require the personal data of our customers. This generally occurs as part of contract fulfillment (e.g. in the event of complaints). This is expressly prescribed by law. In the event of this, the CHIRON Group remains responsi-ble for protecting your data – potentially alongside the data processor. The business partner in question will work in accordance with our instructions, which the CHIRON Group ensures via strict contractual provisions.
To meet statutory obligations concerning recording, documentation, and reporting to responsible authorities.
IP addresses are used for the analysis of malfunctions, management of the website, and gathering demographic information. We also use IP addresses and, where applicable, other information that you provide us on this website to determine which of our pages are accessed by our visitors and which topics interest them. We use the insights we gain as a result to optimize the information we provide you about our products and services. The CHIRON Group only records such data in anonymized form and will never link it to the profile of a registered user without that user's permission. By default, only the domain name is recorded when our website is accessed.
The CHIRON Group only records data in connection with your visit to the CHIRON Group website. We do not record personal data when you visit websites belonging to other companies or organizations that are not part of the CHIRON Group.
b) In addition, to optimize the user experience of our website, we also use temporary cookies that are stored on your end device for a defined length of time. If you visit our website again in order to use our services, the fact that you have already visited us will be automatically detected along with the inputs and settings you have previously entered, so that you do not need to enter them again.
d) These cookies process data and are required for the specified purposes in order to safeguard our legitimate interests as well as the interests of third parties in accordance with Art. 6 (1)(f) GDPR.
e) Most browsers accept cookies automatically. However, you can configure your browser to prevent cookies being stored on your computer or to provide you with a prompt to accept before a new cookie is stored. Fully deactivating cookies may, however, mean that you are not able to make full use all of the functions of our website.
If you provide us with your e-mail address directly or via the contact form, we will also contact you via e-mail. We will not pass on your e-mail address to third parties outside of the CHIRON Group. You can decide at any time that you no longer wish to receive any e-mails from the CHIRON Group.
Depending on your e-mail program settings, information may be sent to the CHIRON Group automatically when you send an e-mail to the CHIRON Group.
Our website contains order forms that you can fill out to request information, products and services.
We work together with service providers who process specific data on behalf of us. This is performed exclusively in accordance with applicable data privacy law in each case. In particular, we have agreements in place with processors for data processing on our behalf that are in compliance with Article 28 of the GDPR.
The information below provides clarification about the content of our newsletter as well as the processes for subscription, distribution and statistical evaluation as well as your right to object. By subscribing to our newsletter, you agree to receive the newsletter and to the processes described here.
If you wish to receive the newsletter offered on our website, we need your e-mail address as well as information that enables us to check that you are the owner of the provided e-mail address and that you consent to receive the newsletter. No further data is gathered, except on a voluntary basis. This data is used exclusively for the purposes of sending the requested information, and we do not disclose it to third parties.
Processing of the data entered in the newsletter subscription form is performed exclusively on the basis of your consent (Art. 6 (1)(a) GDPR).
You can revoke the consent you give for storage of your data and e-mail address and for the use of this data for sending the newsletter at any time, for example by using the »Unsubscribe« link in the newsletter. This revocation does not affect the legality of any data processing that has already taken place.
The data that you provide to us for the purposes of subscribing to the newsletter is stored until you unsubscribe from the newsletter, and is deleted once you unsubscribe from the newsletter. Data stored for other purposes (e.g. e-mail addresses for the members only area) is not affected by this.
Subscription to our newsletter uses a double opt-in process. This means that once you subscribe, you will receive an e-mail asking you to confirm your subscription. This confirmation is necessary to prevent users subscribing using e-mail addresses belonging to others. Subscriptions to the newsletter are recorded in order to provide evidence of the subscription process for the purposes of meeting legal obligations. This includes storage of the time at which the subscription and confirmation were made, as well as the IP address.
This website uses CleverReach for distribution of newsletters. This is a service provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that enables the organization and analysis of distribution of the newsletter. The data provided by you for the purposes of subscribing to the newsletter (e.g. e-mail address) is stored on the CleverReach servers in Germany and/or Ireland.
Using CleverReach to send our newsletters enables us to analyze the behavior of newsletter recipients. This includes, among other things, analyzing how many recipients opened the newsletter message and how often each of the links in the newsletter were clicked. Using the process known as conversion tracking, we are also able to analyze whether a predefined action (e.g. purchasing a product on our website) occurred after a newsletter link was clicked.
Further information about data analysis using CleverReach newsletters is available here: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
Data processing is performed on the basis of your consent (Art. 6 (1)(a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. This revocation does not affect the legality of any data processing that has already taken place.
If you do not wish for any analysis to be performed by CleverReach, you must unsubscribe from the newsletter. We provide a link to do so in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
The data that you provide to us for the purposes of subscribing to the newsletter is stored until you unsubscribe from the newsletter, and is deleted from our servers and the CleverReach servers once you unsubscribe from the newsletter. Data stored for other purposes (e.g. e-mail addresses for the members only area) is not affected by this.
We have entered into a contract with CleverReach for data processing performed on our behalf, which incorporates the strict provisions of German data protection authorities in full for the use of data by CleverReach.
We do not disclose your personal data to third parties except for the purposes listed below. We will only disclose your personal data to third parties if:
a) You have given your express consent for us to do so in accordance with Art. 6 (1)(a) GDPR, Section 26 (2) of the Bundesdatenschutzgesetz (BDSG, German Federal Data Protection Act),
b) Disclosure is necessary in accordance with Art. 6 (1)(f) GDPR for asserting, exercising or defending against legal claims and there is no reason to assume that you have an overriding protected interest in the nondisclosure of your data,
c) In the event of a legal obligation for disclosure in accordance with Art. 6 (1)(c) GDPR, or
d) If it is legally permitted and necessary for execution of a contractual relationship with you or for precontractual measures at your request in accordance with Art. 6 (1)(b) GDPR, Section 26 (1) BDSG (German Federal Data Protection Act).
If necessary, the CHIRON Group will transfer data to business partners, service providers, third parties or subcontractors. This may be necessary to provide you with a service or transaction you have requested, such as order handling, for customer service purposes or to inform you about services or products.
Your personal data will not be transferred, disclosed or otherwise provided to third parties for marketing purposes without your prior consent.
The CHIRON Group may be obligated to disclose your data and associated information as a result of a court order or official order. We also reserve the right to use your data to assert or defend against legal claims.
In the event of a takeover or merger with another company, disclosure or transfer of personal data to potential or actual acquirers may be necessary. In such a case, the CHIRON Group will endeavor to ensure the highest possible level of data protection.
In accordance with applicable law, we reserve the right to store and transfer personal and other data to investigate and combat illegal activities and fraud attempts or infringements of the CHIRON Group terms of service.
The adoption of the European General Data Protection Regulation (GDPR) created a unified basis for data protection in Europe. Your data is therefore predominantly processed by companies subject to the GDPR. However, if processing takes place using services provided by third parties outside of the European Union or the European Economic Area, these third parties must meet the special requirements of Art. 44 et seq. GDPR. This means that processing takes place on the basis of special guarantees, such as the determination of a data protection level equivalent to EU requirements that has been officially recognized by the EU Commission, or compliance with officially recognized contractual obligations, known as »Standard contractual clauses«.
The tracking measures listed below and used by us are implemented on the basis of Art. 6 (1)(f) GDPR. The use of the subsequent measures is intended to ensure that our website is designed in a way that meets the needs of its users and is continuously optimized. We also use these tracking measures to record statistical information about the use of our website and for evaluation in order to optimize the services we offer for you. These interests are considered to be justified in accordance with the aforementioned provision. The relevant data processing purposes and data categories can be found in the more detailed descriptions of the tracking tools below.
This website uses the Fathom analysis service. Fathom is not based on »cookies«. It does not create cookies or save any personal information about you. This means that Fathom is fully GDPR-compliant. The use of Fathom is based on Art. 6 (1)(f) GDPR. The site operator has a legitimate interest in anonymized analysis of user behavior in order to optimize their web services and marketing campaigns. The Fathom Data Privacy Notice can be found here: https://usefathom.com/privacy
The CHIRON Group website occasionally uses links to social media platforms such as Facebook, Instagram, LinkedIn and XING on certain pages.
These links can create a brief connection between your Internet browser and the servers of the social media platform in question, at which point the content of that platform is transferred from there to your Internet browser.
As a result, the operator of the social media platform will learn your IP address. In some cases, the operators of social media platforms will also attempt to save cookies onto your computer which will be deleted once your Internet browser is closed.
If you are logged into the social media platform at the same time, information about your visit to the CHIRON Group website could be associated with your user account at the social media platform in question, and stored, processed and used by the operator of that social media platform.
The CHIRON Group website contains links to the social media networks www.facebook.com and www.instagram.com. You can only use the page if you have a Facebook user account and/or an Instagram user account and are logged into that account. You can learn about how Facebook processes and uses the data that you disclose as a user of facebook.com and how you can limit its disclosure at www.facebook.com/about/privacy/.
We use services by »TikTok« on our website (for EU: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland).
If you have not given your consent with the Consent Manager, you have the option to subsequently give consent via the »two-click process«. If you access a page in which a TikTok video is embedded, a connection is only established to the TikTok servers when you click on the button to confirm. If you do so, TikTok will create cookies and use your visit data for its own purposes. If you are logged into TikTok at that time, the information regarding the video you viewed will be assigned to your TikTok user account. You can prevent this by logging out of your user account before visiting our website.
There is a risk that your data could be processed in the USA and transferred to there, i.e. to a third country outside of the European Union (EU) or the European Economic Area (EEA). There is no adequacy decision by the EU Commission indicating that there is a level of data protection equivalent to the European standard present in the USA. According to the European Court of Justice (ECJ), there is a particular risk that data could be processed by US agencies for monitoring purposes without you noticing. The legal basis for processing of your data is your consent in accordance with Article 49 (1)(a) GDPR. This consent can be revoked with effect for the future at any time.
The legal basis for this data processing is your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time with effect for the future by opening your cookie settings and changing them accordingly.
We have no influence over the information that Facebook processes or amalgamates. It may be possible for you to be identified by Facebook if data can be associated with your Facebook account or you are logged into a Facebook account, for example.
You can find out about and change the relevant settings regarding Facebook advertising at https://www.facebook.com/about/basics/advertising.
Instructions for doing so are available here: https://www.facebook.com/about/basics/advertising/ad-preferences. Users who are logged into Facebook can deactivate and adjust these functions here: https://www.facebook.com/settings/?tab=ads#_.
The data collected in this context may be transferred to a server in the USA for analysis and saved there by Facebook. In the event that personal data is to be transferred to the USA, we will first obtain your express permission for this data transfer via the cookie banner in accordance with Art. 49 (1)(a) GDPR.
We use the »Microsoft Teams« service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter referred to as »Microsoft Teams«) to hold online meetings, video conferences and/or webinars. In the event of usage of Microsoft Teams, a variety of data is processed.
The scope of the processed data depends on the data that you share before or while taking part in an online meetings, a video conference or a webinar. During usage of Microsoft Teams, data of the participants in the communication is processed and stored on Microsoft Teams servers. This data may include but is not limited to your login details (name, e-mail address, phone number (optional) and password) and meeting data (topic, participant IP address, device information, and description (optional)).
In addition, visual and audio contributions by participants as well as voice input in chats can be processed. The processing of personal data required to perform a contract with you (this also applies for processing operations required to complete precontractual measures) uses Art. 6 (1)(b) GDPR as its legal basis.
If you have given us your consent for the processing of your data, processing is performed on the basis of Art. 6 (1)(a) GDPR. Any consent given can be revoked with effect for the future at any time. Otherwise, the legal basis for data processing as part of holding online meetings, video conferences or webinars is our legitimate interest in accordance with Art. 6 (1)(f) GDPR in effectively holding the online meeting, webinar or video conference.
Further information about data usage by Microsoft Teams is available in the Microsoft Teams privacy statement at: https://privacy.microsoft.com/en-US/privacystatement
Our website may contain links to websites belonging to third-party providers. The CHIRON Group is not responsible for the data protection practices or content of websites outside of the CHIRON Group.
The CHIRON Group only retains personal data for as long as necessary for the purpose or legal provisions for which it was collected.
The application data you send to us is processed and stored electronically until the end of the application process.
Collecting and storing personal data as well as the type and purpose of and its use.
If you contact us as part of your application, we will collect the following information:
Title, first name, last name, a valid e-mail address
Phone number (landline and/or mobile phone)
Information that we need for the application process
This data is collected in order to enable us to correspond with you. Data processing is performed on the basis of your application and is required for the stated purposes for the reasonable processing of your application in accordance with Art. 6 (1)(b) GDPR. Your personal data will not be transferred to third parties.
The data you disclose will be treated as confidential. As part of a specific application, only persons who are involved with the recruitment process for that vacancy will have access to the data you disclose. These include but are not limited to members of the personnel department of the CHIRON Group SE, company management and the relevant division manager.
We store and use your data only for as long as necessary for making a decision regarding establishment of an employment relationship with you. If your application is rejected, the application process is concluded.
In general, your personal data will be deleted automatically six months following the conclusion of the application process. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have given consent to further storage in accordance with Art. 6 (1)(a) GDPR.
You have the right,
a) in accordance with Art. 15 GDPR, to obtain access to the personal data processed by us. In particular, you can obtain information about the purposes of processing, the categories of personal data concerned, the categories of recipient to whom your personal data has been or will be disclosed, the planned period for which the personal data will be stored, the existence of a the right to request rectification, erasure, restriction of processing or to object to processing, the existence of a right to lodge a complaint, the origin of the data where it was not collected by us, and the existence of automatic decision-making, including profiling, and where applicable meaningful information about the details of such;
b) in accordance with Art. 16 GDPR, to obtain without undue delay the rectification of inaccurate personal data or to have incomplete personal data stored by us completed;
c) in accordance with Art. 17 GDPR, to obtain the erasure of personal data stored by us, unless the processing of such data is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
d) in accordance with Art. 18 GDPR, to obtain restriction of processing of your personal data where the accuracy of the data is contested by you, the processing is unlawful and you oppose the erasure of the personal data, where we no longer need the personal data but you require it for the establishment, exercise or defense of legal claims, or where you have objected to processing pursuant to Art. 21 GDPR;
e) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to have the data transmitted to another controller;
f) in accordance with Art. 7 (3) GDPR, to withdraw the consent that you have given us at any time. This would mean that we would no longer be permitted to continue data processing based on such consent in the future; and
g) in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you can lodge a complaint with the supervisory authority associated with your habitual residence or place of work, or the place of our company.
The supervisory authority responsible for data protection for the CHIRON Group SE is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (The state representative for data protection and information freedom of Baden-Württemberg)
Postfach 10 29 32, 70025 Stuttgart, Germany
Königstraße 10a, 70173 Stuttgart, Germany
Tel.: +49 711 615541-0
Fax: +49 711 615541-15
To exercise any of the rights listed above or for any questions regarding data protection, you can contact the controller in accordance with para. 1 above or send an e-mail to firstname.lastname@example.org.
If your personal data is processed on the basis of legitimate interest in accordance with Art. 6 (1)(f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data where there are grounds for doing so resulting from your specific situation or the objection concerns direct marketing. In the latter case, you have a general right to object, which we will honor without the need to indicate a specific situation. If you wish to exercise your right to revoke your consent or to object, simply send an e-mail to email@example.com.
a) For security within the context of your visit to our website, we use the commonly used SSL (Secure Sockets Layer) method in conjunction with the highest level of encryption supported by your browser. In general, this is 256 bit encryption. If your browser does not support 256 bit encryption, we will instead use the 128 bit v3 technology. You can determine whether an individual page of our website is transmitted with encryption by checking whether the key or lock symbol in the bottom status bar of your browser is closed. Any data entered into the registration form in our career section is likewise only transmitted to us in an encrypted form.
b) We otherwise use technical and organizational security measures to protect your data against accidental or intentional tampering, partial or complete loss, destruction or unauthorized access by third parties. Our security measures undergo continuous development to ensure they remain up to date with technological developments.
Data from: July 1, 2022