Privacy Policy

Thank you for visiting our website and for your interest in our services. Your personal data may be processed when you use our services. The protection of your data is always an important concern for us. This privacy policy explains how we process personal data and what rights you are entitled to.

This privacy policy can be accessed and printed out at any time on our website.


Privacy policy

I.     General information

II.     Person responsible

III.    Data Protection Officer

IV.    Scope of data processing

V.    Data security

VI.    Processing of personal data

VII.   Storage and deletion of data

VIII.  Your rights

IX.    Forwarding of data / third country transfers

X.    Data processing when accessing linked content

XI.    Automated decision-making/profiling

XII.   Up-to-dateness and amendment of this privacy policy

I. General information

This privacy policy informs you about how we handle your personal data when you use our website. In particular, it explains what data we collect and what we use it for. It also informs you how and for what purpose this is done.

Personal data (“data”) means any information relating to an identified or identifiable person. “Processing” of data means any operation which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”, GDPR) as well as in the German Federal Data Protection Act (BDSG) and the German Telecommunications and Telemedia Data Protection Act (TTDSG).

II. Controller

Responsible for the processing of your data is

Formo Bio GmbH
Stralauer Allee 10-11
10245 Berlin, Germany

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

Please contact us at any time using these contact details if you have specific questions about your data, its processing or your rights.

III. Data Protection Officer

We have appointed a company data protection officer for our company. You can reach our DPO under:


IV. Scope of data processing

We treat personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this privacy policy. We process your data only to the extent necessary for the purpose of providing a functional and user-friendly Internet presence or a functional and user-friendly website and for the provision of our content and services. Failure to provide the data may have legal disadvantages, such as the inability to fulfil a contract. As part of data processing, we use third-party providers in the areas of hosting, online marketing, mailing services and customer/data management (CRM), each of which processes data on our behalf. We have concluded corresponding order processing contracts with these third-party providers, insofar as the third parties are processors, which ensure that an adequate level of data protection is also guaranteed for our processors (Art. 28 GDPR). 

V. Data security

We have taken technical and organisational measures to ensure that the data protection regulations are complied with both by us and by external service providers. For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption.

VI. Processing of personal data

The following overview lists all types of data processed by us, the purposes of their processing and the legal basis for their processing.

1. Visiting the website

If you visit our website without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect the following data on our web server temporarily and anonymised via server log files: 

•     Website from which our website was requested (so-called referrer URL)

•     Name and URL of the requested website

•     Date and time of access to the website

•     Description of the type, language and version of the web browser used

•     IP address of the requesting computer, which is shortened so that a personal reference can no longer be established

•     Message as to whether access was successful (access status/ HTTP status code)

•     Internet service provider of the accessing system

•     Amount of data transferred in each case

•     Operating system used and its interface

•     the GMT time zone difference

This processing is technically necessary in order to display our website to you. We also use the data for statistical analyses to ensure the operational security and stability of our website. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The processing of the aforementioned data is necessary for the provision of the website and to ensure the stability and operational security of the website and thus serves to safeguard a legitimate interest of our company.

We also use the data to fulfil our legal obligations for reasons of data security. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. c GDPR.

2. Registration

You can register on our website. Your email address is required for signing up. After registration, you will receive an email to confirm the registration (“double opt-in”). As part of the registration process, you will be provided with the required mandatory data. The processed data includes in particular the login information (email address, password).

Within the scope of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so. We process the following data in connection with registration, login and the user account:

•     inventory data (e.g. name, address)

•     contact data (e.g. email address, telephone number if applicable)

•     content data (e.g. entries in the online form)

•     device data (device name, country code if applicable, language, name of operating system and version) 

•     connection data (IP address, mail provider)

•     date and time of registration and confirmation

Processing during registration is carried out on the basis of our legitimate interests for the performance and/or initiation of a user contract, for the provision of customer service, for the administration and/or answering of enquiries, and as a security measure (legal basis: Art. 6 para. 1 p. 1 lit. b GDPR contract performance and pre-contractual enquiries; Art. 6 para. 1 p. 1 lit. f GDPR legitimate interests).

If you have terminated your user account, your data relating to the user account will be deleted, subject to any legal permission, obligation or consent on your part. It is your responsibility to back up your data if you have terminated your account before the end of the contract. Subject to any legal permission, obligation or consent on your part, we are entitled to irretrievably delete all data stored during the term of the contract.

3. Contact and Emails

If you write to us, e.g. by sending us an email or using the contact form, we will store the contact details you provide, such as your name, address, mobile phone number, email address and the information provided in your enquiry.

If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact enquiry on the legal basis of Art. 6 para. 1 sentence 1 lit. b GDPR. Insofar as you have consented to the processing for the purpose of answering your enquiry, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Otherwise, we process your data to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the purpose of responding appropriately to customer/contact enquiries.

4. Eventbrite

On our website, we also offer users the opportunity to book events. For this purpose, we use the tool “Eventbrite,” operated by Eventbrite, Inc., located at 155 5th Street, Floor 7, San Francisco, CA 94103, USA. When you register for an event, you will be redirected to the Eventbrite website. We do not have any influence on the data processing by Eventbrite. Eventbrite Inc. participates in the EU-US Data Privacy Framework established by the US Department of Commerce and the European Commission regarding the collection, use, and retention of personal data from European Economic Area member states. To register for an event on Eventbrite, you must provide the following data to Eventbrite Inc.:

•     First name, last name

•     Email address

•     Location

•     Date of birth

•     Type of ticket

•     Event ID (which webinar was booked)

•     Redeemed vouchers

For more information on how Eventbrite Inc. uses personal data, please refer to Eventbrite’s privacy policy: As the organizer, we receive access to the above-mentioned data of event participants from Eventbrite. We use the data for the purposes of preparing and following up on the event. For better future planning of the event offering, we use data on event participation to examine the utilization and capacity of the events.

5. Data Processing of Applicants

When you apply for a job with us, we process the information and personal data you provide for the purpose of managing the application process. This data includes your name, email address, address and telephone number, age, work history, qualifications, country of residence, language skills and any other personal information you provide as part of your interaction with us. We may also ask you for additional information to help us with our recruitment process and if you are offered a job, such as your date of birth and employment records. Processing may also take place electronically. This is particularly the case when an applicant submits relevant application documents to us electronically, for example by email. 

We process your personal data in order to fulfil our contractual or pre-contractual obligations on the legal basis of Art. 6 para. 1 p. 1 lit. b GDPR or, if applicable, for the implementation of the employment relationship with you (Section 26 BDSG). If you have consented to processing for the purpose of handling your application, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

In the event that we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests prevent deletion. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG).

6. Newsletter

You have the option of subscribing to our newsletter. With our newsletter we inform you about us an our offers. Your e-mail address is required to register for the newsletter. If you register for the newsletter, your e-mail address will be transmitted to us (or our e-mail provider) and stored there. After registering, you will receive an e-mail to confirm your registration (“double opt-in”). In this context, we (or our email provider) process the following data 

•     Inventory data (e.g. name, address)

•     Contact data (e.g. email address, telephone number if applicable)

•     Content data (e.g. entries in the online form)

•     Device data (device name, country code if applicable, language, name of the operating system and version) 

•     Connection data (IP address, email provider)

•     Date and time of registration and confirmation

Our newsletter is sent on the basis of your prior express consent, Art. 6 para. 1 sentence 1 lit. a GDPR. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in efficient and secure dispatch. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR.

You can revoke your consent to the processing of data for the purpose of sending the newsletter or analysing the associated data at any time. The cancellation can be made via a link contained in every newsletter or by sending us a separate message.


We use Mailchimp for our newsletter and the waiting list. Mailchimp is a service with which the sending of newsletters can be organised and evaluated. For this purpose, we forward your e-mail address and the information as to whether you have registered for the newsletter, the waiting list and/or for further product information to Mailchimp.

With the help of Mailchimp, we can analyse our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (a so-called web beacon) connects to Mailchimp’s servers in the USA. This enables us to determine whether a newsletter message has been opened and which links have been clicked on. In addition, technical information is collected (e.g. time of registration, IP address, browser type and operating system). This information is used for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. 

Mailchimp, Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA,
Website:, Datenschutzerklärung:

7. Cookies 

We use cookies on our website that are either provided by us or by third parties.

Cookies are small text files that are stored on the device you are using and saved by the browser. Cookies are used to make our website more user-friendly, effective and secure. There are different types of cookies that are used for different purposes. Some cookies ensure that our services function correctly or that you are recognised on your end device after successful registration (“necessary” cookies). By placing these necessary cookies, for example, we make it easier for you to visit our website and use the services available there. Other cookies are placed to analyse user preferences and thus improve our services (“enhanced cookies”). We use these for purposes such as tracking (e.g. interest/behavioural profiling), remarketing, visitor action evaluation, conversion measurement, reach measurement (e.g. access statistics, recognition of returning visitors), target group formation and cross-device tracking. We only set non-essential cookies with your consent. When you visit our website for the first time, a pop-up is displayed (“cookie banner”) in which the individual cookies are described in more detail. There you have the option of allowing or rejecting cookies according to your preferences. You can change your settings at any time by clicking on the cookie icon in the bottom left-hand corner of the website. [Link] Please note that deactivating cookies may limit the functionality of this website.

Depending on the browser settings, the following data is processed when cookies are used:

•     Usage data (e.g. websites visited, interest in content, access times), 

•     Meta/communication data (e.g. device information, IP addresses)

•     Location data (data that indicates the location of an end user’s end device)

If personal data is processed when using “necessary” cookies, this is based on Art. 6 para. 1 sentence 1 lit. f GDPR due to legitimate interests in quality assurance and a technically flawless presentation of the website. The processing of personal data when using so-called “extended cookies” is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

8. Analysis Tools

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, on our website. Through this service, pseudonymised usage profiles are created and cookies are used (see “Cookies” above). The information generated by cookies about your use of this website, including browser type/version, operating system used, time of the server request, referrer URL (the previously visited page), host name of the accessing computer (IP address), is transmitted to and stored by Google on servers in the USA. 

Google LLC processes the data in the USA. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking).

For the data transfer to the USA, the European Commission adopted a new adequacy decision for the EU-US Data Privacy Framework (DPF) on 10 July 2023. Google LLC is certified under the DPF and has therefore undertaken to comply with the European data protection principles. However, we have also concluded EU standard contractual clauses (SCCs) with Google.

You may reject the use of all cookies by selecting the appropriate settings on your browser. However, please note that doing so may limit your access to the full functionality of this website. 

These processing operations will only be carried out if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TTDSG. You may revoke your consent at any time. 

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on (  Google Analytics, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for further details regarding Google Analytics’ terms of use and Google’s privacy policy, please visit  and

9. Social Media

We are represented on the following social media platforms and process user data in this context in order to communicate with the users active there or to provide information about us:

•    X, X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, website:; privacy policy: 

•    LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; website:; privacy policy:

•    YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; website:; privacy policy:

•    Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; website:; privacy policy:

We would like to point out that user data may be processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The user profiles can in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective social media providers. In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the user’s data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

VII. Storage and deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorisations cease to apply (e.g. if the purpose for processing this data no longer applies or it is not required for the purpose). This means that we only store your personal data for as long as is necessary for the respective processing purpose and limit the storage period to the minimum required. In addition, we only store your data if we are authorised or obliged to do so in accordance with statutory retention periods (e.g. in accordance with the German Commercial Code (HGB) or German Fiscal Code (AO)). For hosting services we use SiteGround Hosting Ltd. 7th Floor, 50 Broadway London SW1H 0DB with its servers based in Frankfurt. SiteGround functions as our processor with which we concluded a respective data processing agreement.

Our data protection notices may also contain further information on the retention and deletion of data, which apply primarily to the respective processing operations. 

VIII. Your rights

You have the following rights:

•     the right to information,

•     the right to rectification or erasure,

•     the right to restriction of processing,

•     the right to data portability,

•     the right to withdraw your consent with effect for the future.

•     the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning
you which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions.

To exercise your above rights, you can send an email to You also have the right to complain to a data protection supervisory authority about the processing of your personal data.

If you have any questions with regard to the processing of your data, feel free to contact us at any time.

IX. Transfer of data / third country transfers

As a matter of principle, we only pass on your data to third parties if you have consented to this or if there is another legal basis. If we use third-party tools that process your data outside the EU/EEA, we ensure that the legal requirements of Art. 44 et seq. GDPR for such a third country transfer are complied with and your data is processed in the third country in question in accordance with the European data protection standard. With regard to data transfers to the US we rely on the so-called EU-US Data Privacy Framework (DPF), provided that the service provider is certified under the DPF. In other cases we use the so-called EU standard contractual clauses (SCC), which we conclude with the respective provider. In addition, in accordance with the requirements of the ECJ (“Schrems II”), a case-by-case risk analysis is carried out with regard to the respective third country transfer in order to ensure that your data is processed lawfully in the third country concerned and, in particular, to prevent access to your data by state authorities.

X. Data processing when accessing linked content

This privacy policy only applies to this website. However, the website may also contain external links or hyperlinks to websites of other providers. These are to be distinguished from our own content. This external content does not originate from us, nor do we have any influence over the content of third-party sites. If you are redirected to other pages via links within the website, please inform yourself there about the respective handling of your data.

XI. Automated decision-making/profiling

We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).

XII. Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and has the status February 2024.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.