Privacy Policy

BioNTech Australia Pty Ltd (ABN 89 663 290 104) (“BioNTech”, “we”, “us”) is collecting your personal information, if not stated otherwise:

BioNTech Australia Pty Ltd
360 Elizabeth Street
Melbourne
VIC 3000
Australia

E-mail: ICAustralia@biontech.com

This may involve the processing of personal information by related companies of BioNTech, including BioNTech’s parent company, BioNTech SE in Germany and providers on behalf of BioNTech. 

If you have any questions regarding the processing of your personal information or if you wish to exercise your privacy rights, please don’t hesitate to contact our global data privacy officer or the global data privacy team.

They can be reached at:

BioNTech SE
Data Protection Officer
An der Goldgrube 12
55131 Mainz
Germany

E-Mail: data.privacy@biontech.com

When we process your data, we comply with the Privacy Act 1988 (Cth) including the Australian Privacy Principles (“APPs”) in Schedule One of the Privacy Act. We will process your data for the following overarching purposes:

Responding to your requests
Where you have given your consent, we will process your data for the consented purpose (e.g., to respond to your questions via our web form).

Legal and compliance requirements
We will process your personal information to comply with legal obligations, including the disclosure of information in connection with a legal process or litigation.

Enabling business activities and pursuing our legitimate interests
Always provided that your privacy rights are not overridden by our legitimate interests, we will process your data for various reasons such as providing you with a convenient website experience.

Fulfilment of contract and pre-contractual inquiries
We will process your personal information if this is required for the fulfilment of a service contract or to conduct pre-contractual actions.

We take reasonable steps to destroy or deidentify your personal information when it is no longer required for a purpose for which it can be used or disclosed under the APPs and we are not required to retain the personal information to comply with our legal or regulatory obligations.

The retention periods differ depending on the type of personal information collected and the purpose of the processing.

We will specify the retention period in the respective subsections.

We have appropriate technical and organisational measures in place to protect your privacy and personal information. This includes measures to protect against data loss, falsification, and unauthorised access. We choose service providers accordingly. However, data disclosure on the internet is at your own risk. Please contact our global data privacy team, if you have reasons to believe that your data is no longer secure with us.

In general, your personal information is only processed inside of BioNTech and not shared with third parties. In some cases, it may be necessary to share your personal information with associated companies (for example our parent company, BioNTech SE in Germany) or service providers. In such cases we have data processing agreements with the third parties to ensure the lawfulness of the transfer and secure your personal information.

Your personal information may be transferred outside of Australia. If we conduct such a transfer, there is an adequate level of data privacy in place by ensuring at least one of the following:

• there is an adequate level of data privacy in the location where the recipient is located.
• the conclusion of a contract requiring the recipient to only process the data for the purposes for which it was provided and to handle the data securely.
• the presence of Binding Corporate Rules (BCR) which were approved by an EU based supervisory authority after Art 47 GDPR.

We may be legally obliged to disclose personal information to authorities under certain circumstances. 

If BioNTech processes your personal information, you have the following rights:

• Right of access
  You have the right to request whether we process your personal information and to request a copy of your personal information that we process.
• Right to correct
  You have the right to correct any of your personal information that you think is inaccurate or incomplete.
• Right to erasure
  You have the right to request us to delete your personal information in some cases, unless applicable laws or regulations require us to retain such information.
• Right to restrict processing for marketing purposes
  You have the right to request us not to use your personal information for marketing purposes.

When you wish to exercise these rights, please contact our global data privacy team.

If you think that the processing of your personal information violates the Privacy Act 1988 (Cth) and the APPs, you have the right to lodge a complaint and you can do so by contacting our global data privacy team. Your complaint will be investigated. We may ask you to verify your identity and to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved. In most cases, we will investigate and respond to a complaint within a reasonable time, usually within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with the response to your complaint, you may make a complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au. 

We maintain a website on which the processing of personal information takes place when you visit the website. In this section we will give you information about this processing of your personal information.

To protect your personal information when you visit our website, we’re using SSL/TLS encryption on all sub-pages to prevent manipulation, sniffing or similar unauthorised data processing especially on transit. You can recognise the encrypted connection at the lock symbol next to the address bar of your browser. In general, you can use our website without having to provide us with personal information, beyond such data necessary for technical operation of the website or data you provide us in forms or similar occasions.

We (i.e., our web hosting provider) collect data on every access to the server (so-called server log files) your browser is providing to us.

No usage profiles are created in which this information and other personal information are linked.

Use of cookies and third-party tools

We use cookies on our websites to ensure you have a convenient website experience. A cookie is a small piece of data (text file) that a website asks your browser to store on your device in order to remember information about you, such as your language preference or login information when you visit a website. Those cookies are set by us and are called first-party cookies. We also use third-party cookies for tracking the performance of our website or other marketing purposes. Please see our cookie statement for more information.

Plugins and embedded functions

We integrate third party content and tools (hereafter third-party content) to enhance the functionality of the website, improve user experience while visiting the website and to ensure the website security. Such third-party content can be graphics, videos, stock prices or maps.

Every time when you visit a site which includes third-party content at least your IP-address is sent to this third-party content provider as part of the content delivery of your browser. Some third-party content providers may also include so called web beacons (invisible graphics to allow tracking activities) or set cookies on your device depending on the functionality of the third-party content.

More information on plugins and embedded functions can be found in our cookie statement.


Contact via contact form or e-mail

When using the contact form or contacting us via e-mail, personal information is processed. The data entered will be transmitted to BioNTech. This section does not apply to adverse event reports or product quality complaints or medical inquiries. (See the specific section of our Privacy Policy addressing these reports, complaints and inquiries below).

If you are a visitor to one of our sites and premises, we process your personal information as described in the following. Our sites and premises are not freely accessible. Access is only possible after registration. When you register, your personal information will be collected directly from you by the BioNTech employees at reception or by employees responsible for your visit. The data collection includes the personal information listed below.

To facilitate visits, we use the services of our service provider:

Quentic GmbH ("Quentic")
Gürtelstrasse 30
10247 Berlin
Germany

BioNTech and Quentic have concluded a data processing agreement. You will be registered as a visitor to one of our sites via Quentic and will receive an e-mail with a link to our online briefing. You may be given a temporary visitor access card at reception, but visitors must still be collected at reception by the responsible BioNTech employee. In the event of a criminal offense or if required by law, your personal information may be transferred to competent security authorities or our external lawyers.

Please note that access to our sites and premises is not possible without processing the personal information listed below for security reasons.

Your personal information will be used by BioNTech for event management - to provide you with information about specific events or to ensure access to the event. We store your personal information confidentially and use it exclusively for this purpose, unless you have given us further consent to do so, or the processing of your data is necessary for our business relations.

If you are an investor or interested party, we may process your personal information in the following ways in addition to processing for website visits as described in the section “Processing of personal information when you’re visiting our website”.

Subscription to our investor relations newsletter

If you are using the BioNTech investor relations website at investors.biontech.com (which is operated by BioNTech SE) to subscribe to our investor relations newsletter, your personal information will be handled in accordance with BioNTech SE’s privacy statement.

If you are using our jobportal at jobs.biontech.com (which is operated by BioNTech SE), we may process your personal information for the application process. You can find the privacy statement for job applicants here.

If you are making an adverse event report, product quality complaint or medical information request, we may process your personal information in the following ways in addition to processing for website visits as described in the section “Website Visitors – What you should know when using our website”.
 

Categories of information collected
We generally only collect personal information and sensitive information (collectively “information”) that is necessary for handling and reporting adverse events and product quality complaints and for handling medical information requests. This can be:

• Your personal information, which may include: your name, surname, initials, gender, residential address, age and date of birth, email address, phone number, and job title (if you are a healthcare professional who is reporting for a third party).
  
  
• Your sensitive information, which may include medical diagnostic data, prescription data, other health related information such as relevant health information, any pre-existing conditions, concomitant medications, pregnancy, lactation, allergies, and disabilities.
   

Purpose and basis for the processing of your information
We collect data from you that is necessary to process your report of an adverse event, product quality complaint or medical information request.

Processing of personal information about you is required so that we can comply with our legal obligation to monitor and report adverse events and product quality issues. Pharmaceutical companies by law have to monitor, evaluate and take actions to prevent adverse events (side effects) for their medicinal products, called “pharmacovigilance”. Pharmaceutical companies also have to do the same for product quality issues. Pharmacovigilance helps to protect public safety and enables actions to be taken by national and international regulatory authorities as needed. Pharmacovigilance includes BioNTech making notifications to regulatory authorities, as well as the other activities required by law.

We may need to use your email address or telephone number that you have submitted to us to ask further questions in the case of adverse event reports and product quality complaints, or in order to respond to your medical information request.
 

Collection of your information
We collect your information directly from you. The provision of your information is voluntary. However, non-disclosure may mean that we are unable to adequately evaluate your report, as queries remain unanswered.

If you contacted us via telephone and agreed to the recording of the call, we may process this recording for training purposes. We delete the recording after it is no longer needed for this purpose, but latest after six months. You may revoke your consent at any time with effect for the future. Please address your revocation to data.privacy@biontech.com.

We may also collect information about you indirectly from third parties when they report an adverse event, product quality complaint or medical information request for you as a patient. This may include reports from, for example, your physician or other healthcare professional, a distributor of our products, another company within our group (if they receive information about adverse events), or another person (such as a family member or acquaintance).
 

Disclosures / transfers to third parties
In order to process your report/request, we may pass on your information to our order processors, to regulatory authorities, and under certain circumstances to members of the BioNTech Group of companies and our collaboration partners, some of which may be located overseas. Our parent company BioNTech SE, for example, is in Germany.

However, your information will only be passed on if this is necessary for the processing of your report and if we take appropriate measures to protect your data.

BioNTech Group of Companies:
As a member of the BioNTech Group, we have various related companies. If we share your data within the BioNTech Group, we have intercompany agreements for this purpose that specify data sharing in conjunction with applicable data protection laws. 

Collaboration partners:
We work closely with other pharmaceutical companies that partner with us regarding the distribution and promotion of our products. Where a collaboration partner is responsible for handling adverse event reporting, we will need to pass on your report to our partner. If you would like to know more about our collaboration partners, please contact our data protection officer with your question at [data.privacy@biontech.com].

Service providers:
We also work together with third-party service providers (e.g. data storage providers, call center providers) who process personal and sensitive information while providing a service for us. If we commission such a service provider, we will take appropriate protective measures regarding your information. Processors are required to keep your information secure and may not use your information for their own purposes.

National Regulatory Authorities or Other Regulatory Authorities:
We are required by law to report adverse events or certain product complaints to national regulatory authorities and other regulatory authorities. For this purpose, data will be shared with them where required. They will use the data for the purposes described above, and their own privacy policies will apply to their use of the data.

Information Security
After your information is provided, it is stored directly on a server of our order processors and, if applicable, collaboration partners via an encrypted connection. All data is encrypted on the basis of the SSL procedure. BioNTech, order processors and partners use technical and organisational security measures to protect your collected data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

BioNTech SE (on behalf of the BioNTech Group) (collectively referred to as “we” in this section) maintains publicly accessible profiles on various social networks. As the operator of theses presences on the social media platforms, we are processing personal information, for example if we are communicating with you via the platforms or posting content and you interact with this content. Furthermore, we can access personal information you have publicly available on your social media profile.

In case you’re visiting one of our social media profiles, your personal information is also processed by the social media platforms themselves. This applies even if you don’t have a profile on the certain social media platform. The specific data processing operations and their extent differ depending on the operator of the respective social media platform and we have no influence regarding this processing by the platforms. More information regarding the processing of personal information through the social media platform can be found in their respective privacy statement.

For most social media platforms, the processing of personal information is taking place outside of Australia. This means that a transfer of personal information into third countries without an adequate level of privacy is possible and that there are possible difficulties regarding the enforcement of the rights of individuals.

We maintain profiles on the following social media platforms:

LinkedIn
We use LinkedIn, a platform of the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland to inform you about the latest developments and information about our company and products and to communicate with you and other interested parties. In addition, we are conducting recruiting activities to attract new employees and are marketing our products.

As mentioned above social media platforms like LinkedIn are conducting their own processing of your personal information on their own without any influence from our site.

Data Processing of BioNTech
We are processing your personal information in the following way when you are using LinkedIn:

Regarding the above-described data processing, we have concluded a data processing agreement with LinkedIn. This agreement can be found here: https://legal.linkedin.com/dpa. The data processing agreement has also incorporated the Standard Contractual Clauses to provide an adequate level of privacy in case your personal information in transferred into a third country.

Data processing of LinkedIn
LinkedIn processes your personal information in different ways for different purposes. LinkedIn also uses cookies to track your activities on their website and other websites you visit. For more information regarding the processing conducted by LinkedIn, please refer to their privacy statement: https://www.linkedin.com/legal/privacy-policy

LinkedIn offers you the possibility to opt-out of targeted advertising through the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
 

X / Twitter
We are using X, a platform of X Corp., 865 FM 1209, Building 2 Bastrop, TX 78602, USA to inform you about the latest developments and information about our company and products.

As mentioned above, social media platforms like X are conducting their own processing of your personal information on their own without any influence from our side.

Data processing of BioNTech
We are processing your personal information in the following way when you are using X:

Regarding the above-described data processing, we have concluded a data processing agreement with Twitter. This agreement can be found here: https://privacy.x.com/en/for-our-partners/global-dpa https://privacy.x.com/en/for-our-partners/global-dpa The data processing agreement has also incorporated the Standard Contractual Clauses to provide an adequate level of privacy in case your personal information in transferred into a third country.

Data processing of X
X processes your personal information in different ways for different purposes on various legal basis. This includes also tracking and analysing your usage of X. For further information how Twitter is processing your personal information if you are using it, please refer to their privacy statement: https://x.com/en/privacy .

X gives you a certain amount of control regarding their processing of personal information. For more information, see the following link: https://x.com/settings/account/personalization . 

YouTube
We are using YouTube provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA to inform you about the latest development and information about our company and products.

As mentioned above, social media platforms like YouTube are conducting their own processing of your personal information on their own without any influence from our side.

Data processing of BioNTech
We are processing your personal information in the following way when you are visiting our YouTube site:

Data processing of YouTube
YouTube processes your personal information in different ways for different purposes on various legal basis. This includes also tracking and analysing your usage of YouTube. For further information how YouTube is processing your personal data if you are using it, please refer to their privacy statement: https://policies.google.com/privacy?hl=de.

Linking to social media content
Within our website, we provide you with direct access to social media content (LinkedIn, X, YouTube) through links. The offers that can be accessed under the integrated links originate from the respective companies (hereinafter referred to as "social media providers") and do not represent social plug-ins that automatically forward your personal information to the social media provider. Only when you use the link and click on one of the social media buttons is personal information transmitted to the respective social media provider. The transmission ensures that the respective social media provider is aware of your IP address. Without your IP address, the social media provider cannot send the content to your browser.

By transmitting your IP address, the respective social media provider may also be able to assign your personal information to your user account, in case you are currently logged in with this account. If you do not want the assignment to your user account with the respective provider, you can log out of your user account before using the social media button.

An automated forwarding of your personal information to the social media providers by visiting our website and without clicking on the respective button does not take place.

We integrate the content of social media providers into our site to provide you with useful information or to facilitate a process for you, without any further data processing.

We endeavour to use such content whose respective providers only use the IP address to deliver the content. Notably, we have no influence on the extent to which providers store the IP address for statistical purposes, for example.

The recipients of the personal information collected are the social media providers. We have no knowledge of the content and use of your personal information by them.

For more information, please visit the privacy statement of the social media providers:

LinkedIn: Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. You can find LinkedIn’s data privacy policy at: https://www.linkedin.com/legal/privacy-policy

Twitter (X): provided by X Corp,  865 FM 1209, Building 2; Bastrop, TX 78602; USA. You can find Twitter’s privacy policy at: https://x.com/en/privacy

YouTube: provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. You can find Google's privacy policy at: https://policies.google.com/privacy?hl=de

BioNTech’s internet presence may be subject to change, which means that it may be necessary to amend the Privacy Policy accordingly. BioNTech reserves the right to change this Privacy Policy at any time. However, where changes to the Privacy Policy are material, reasonable notice of the changes will be provided before the changes take effect.

This Privacy Policy was last updated: December 2025