MorphoSys AG Privacy Principles

MorphoSys AG ("MorphoSys" or "we") takes the protection of your personal data very seriously. This Privacy Statement discloses the items of information that are collected, processed and utilized when using our website and for what purpose. 

  • Our Privacy notice for patient recruitment activities can be accessed here. 
  • Our Privacy notice for Healthcare Professionals (Business Partners) can be accessed here.
  • Our Privacy notice for Business Contacts can be accessed here.  
  • Our Privacy notice for United States residents can be accessed here.

The constant development of the Internet, changes to our services, the legal environment and other reasons may require us to make adjustments to our Privacy Policy / privacy notices. We therefore reserve the right to modify this Privacy Statement and our privacy notices at any time and ask that you check our Privacy Statement and privacy notices regularly in order to keep up-to-date with its current status.



MorphoSys complies with the legal provisions for the protection of personal data. Personal data are data that serve to identify a person, such as their name, date of birth, email address, postal address and telephone number (Article 4 No. 1 GDPR). Personal data are always processed pursuant to the current German and European statutory regulations.



The company responsible for data processing pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is

MorphoSys AG
Semmelweisstr. 7
82152 Planegg
Phone: +49 89 899 27-0
Fax: +49 89 899 27-222




Our Data Protection Officer may be contacted at the email address or addressed to "Data Protection Officer" at our postal address.



You have the following rights with respect to the personal data concerning you:



You have a right to information, correction, deletion, limitation of data processing, objection to data processing and data portability. If the processing we perform is based on your consent, you have the right to revoke this consent with effect in the future.



Under Article 21 (1) of the GDPR, you have the right to object to the processing of your personal data at any time for reasons arising out of your particular situation, occurring as a result of Article 6 (1e) of the GDPR (Data Processing in the Public Interest) or Articles 6 (1f) GDPR (Data Processing for the Protection of a Legitimate Interest). This also applies to profiling supported by this provision. If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.



If we process your personal data for direct marketing, you have the right to object at any time under Article 21 (2) GDPR to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling insofar as it is connected with such direct marketing.

If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.



You also have the right to complain to the competent data protection supervisory authority about our processing of your personal data.



In principle, you can visit our website without revealing your identity and use the information and Internet services provided without your personal registration.

We collect only the personal data that your browser transmits to our server. If you wish to view our website, we collect the following information that is technically necessary for us to display our website and to ensure its stability and safety. The legal basis for collecting this data is Article 6 (1f) GDPR:

IP address; date and time of the request; content request (concrete page); access status/HTTP status code; amount of data transferred; site requesting; browser; operating system and its interface; language and version of the browser software.

However, for certain services, such as ordering documents or subscribing to press releases, we ask for your name, address and/or other personal information as appropriate. If we use your personal information for a purpose that requires your consent, we will always request your consent. If you do not agree with this use, we ask that you understand that you may not be able to use the respective service. The legal basis for data processing is always Article 6 (1a) GDPR.



When you contact us through email or a contact form, the information you provide (your email address and, where necessary, your name and telephone number) will be stored by us to answer your questions. Insofar as we use our contact form to request entries that are not required for contacting us, we always mark these as optional. This information serves to substantiate and improve the handling of your request. A statement of this information is expressly provided on a voluntary basis and with your consent under Article 6 (1a) GDPR. If this concerns information on channels of communication (such as your email address and telephone number), you also agree that we may contact you via this communication channel to answer your request. You may naturally revoke this consent for the future at any time.

We delete the data that arises in this context after its storage is no longer required and limit the processing if this data when statutory retention requirements exist.



We use the personal data provided by you only to provide you with the information and services you require and for other purposes for which you have given your consent or which legally require such use (for example, due to a court or administrative order).



When you contact us at a trade fair or other occasion, the data you provide us with, e.g. via a business card (your name, activity, e-mail address, telephone number, etc.) will be stored by us in our CRM-system in order to answer your enquiry and to inform you about current news, events and products from MorphoSys.

This information is provided on a voluntary basis and with your consent, art. 6 Para. 1 a GDRP. You may naturally revoke this consent for the future at any time.

We delete the data that arises in this context after its storage is no longer required and limit the processing if this data when statutory retention requirements exist.



You can apply for a job at our company using one of the following electronic means:

  • Via email or web forms. Please note that unencrypted emails are not transmitted with access protection.
  • Via our online application portal. Your online application will be forwarded via an encrypted connection directly to the HR department and treated with absolute confidentiality

If we do not receive a job application directly from you, we may obtain your personal data via recruitment agencies, or by one of our employees via our referral program. In any of the above cases, we will only use your information to process your job application and will only transfer it to (i) our vendor(s) providing employment application management cloud services; and (ii) companies in our company group, (currently MorphoSys US Inc., and Constellation Pharmaceuticals, Inc.) but only if the application process requires interviews with teams from MorphoSys US Inc, and/or Constellation Pharmaceuticals, Inc. If you have applied for a specific position that has already been filled or we are considering you for a different position or believe you are more suitable for a different position, we would like to be able to forward your application within our company. Please let us know if you do not agree to the forwarding of your application.

Our vendor(s) providing employment application management cloud services; MorphoSys US Inc., and Constellation Pharmaceuticals, Inc., are based in the United States of America. This means that it may be necessary to transfer your personal data from the European Union (and the European Economic Area "EEA") to the Unites States of America. Countries outside the European Union (and the European Economic Area "EEA"), in this particular case the United States of America handle the protection of personal data differently from countries within the European Union. Currently there no valid decision by the EU Commission that the United States of America generally offers an adequate level of protection.

We have therefore taken special measures to ensure that your data are processed in the United States of America as securely as within the European Union. We conclude the standard data protection clauses provided by the Commission of the European Union within our company group and with our vendor(s) in the United States of America. These clauses provide appropriate guarantees for the protection of your data with service providers in third countries.

Your personal data will be deleted immediately after completing the application process or after a maximum period of 6 months unless you have explicitly given us your consent to store your data for a longer period or have concluded a contract with us. The legal basis is Article 6 (1 a, b and f) GDPR and Section 26 of the Federal Data Protection Act (Bundesdatenschutzgesetzes – BDSG).


With your consent under Article 6 (1a) GDPR, you may subscribe to our Job Newsletter, which will inform you of our current vacancies.

The only information required to receive the Job Newsletter is your email address. After your confirmation, we will save your email address for the purpose of sending you the Job Newsletter. The legal basis is Article 6 (1a) GDPR.

You may revoke your consent for delivery of the Job Newsletter at any time and unsubscribe from the newsletter. You may register your cancellation by clicking on the link provided in each Job Newsletter email.



MorphoSys will not disclose your information to third parties without your consent, except as required by a court or administrative order. Personal data may also be disclosed to MorphoSys external service providers who act on behalf of MorphoSys in order to process the personal data in accordance with their intended purpose, such as providing services, evaluating the usability of our website, processing data or providing technical support. These service providers are contractually obliged vis-à-vis MorphoSys under Article 28 GDPR to use personal data for the agreed purpose only and not to pass on your personal data to other parties without permission and to transfer your personal data with our permission or if required by law and only to the extent permitted by law.



MorphoSys complies with the principles of data avoidance and data minimization. We store personal data only for the period necessary the respective purposes and in accordance with statutory regulations.



MorphoSys uses a variety of security technologies and standardized protection mechanisms to ensure the security and confidentiality of the personal information it gathers. For example, we store personal data on computer servers that are located in controlled facilities in Germany and allow only limited access. MorphoSys takes all commercially reasonable measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction but cannot guarantee this due to the remaining general security risks of the Internet.

If you wish to send us personal data electronically by entering it on our website, your data will be transmitted, stored and secured in encrypted form via the Internet to our web server using a state-of-the-art secure connection (SSL).

If you would like to correspond with us by email, you are aware that emails are only conditionally secure and that the confidentiality can only be ensured by using the appropriate encryption programs. Please note that the transmission of data via email is generally not encrypted. By sending emails to us, you confirm that you are aware of these risks.

Data security for the transmission of data on the Internet cannot be fully guaranteed given the current state of technology. Other users may be technically able to intervene illegally in network security and to control the message traffic. Please consider this when contacting us.



Cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard drive and assigned to the browser you are using through which specific information is provided to the body that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make Internet offers generally more user-friendly and more effective.

This website uses the following types of cookies, the scope and operation of which are explained below:



Temporary cookies are automatically deleted when you close the browser. These specifically include session cookies, which store a so-called session ID with which various requests from your browser can be assigned to the common session. This process enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.



Permanent cookies are automatically deleted after a specified period that may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.



Flash cookies used are not detected by your browser but by your Flash plug-in. Furthermore, we use HTML5 storage objects, which are stored on your device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not want Flash cookies to be processed, you must install a corresponding add-on such as "Better Privacy" for Mozilla Firefox or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. In addition, we recommend that you delete your cookies and browser history manually on a regular basis.



You can configure your browser settings as you wish and, for example, decline the acceptance of third-party cookies or all cookies. Please be aware that in doing so you may not be able to use all functions of this website.



If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies that allow an analysis of the use of our websites.The information collected by means of the cookies about the use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID feature. User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and analyze user behavior across devices.

We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographics), and ads can be delivered to these users in cross-device remarketing campaigns.

Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, the IP address of users from the EU/EEA is anonymized by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links
  • internal search requests
  • interaction with videos
  • seen / clicked ads

Also recorded:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/ via which advertising medium you came to this website)

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.

Recipients of the data are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR).
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

The data sent by us and linked to cookies are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

The legal basis for this data processing is your consent pursuant to Art. 6 (1) lit. a GDPR.

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected. Alternatively, you can prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to refuse all cookies, you may experience limitations in functionality on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by

a.) Not giving your consent to the setting of the cookie or

b.) downloading and installing the browser add-on to disable Google Analytics HERE.

For more information on Google Analytics' terms of use and Google's privacy policy, please visit and at



MorphoSys uses so-called social plug-ins from the social networking sites Linkedin, Xing, Facebook, Google+ and Twitter ("Service Providers") on its website. The plug-ins can be recognized by the fact that they are marked with the logo that corresponds to the respective network.

Through plug-ins, personal data may be sent to and used by the Service Provider of the respective social network. We prevent the unintended and unwanted collection and transmission of data to the Service Provider through a so-called two-click solution. This means that the plug-ins on our website are turned off by default to protect your personal data. To activate the desired plug-in, it must first be activated by clicking on the corresponding button. Only this activation of the plug-in triggers the gathering of information and its transmission to the Service Provider. With a second click, you then have the option to use the plug-in button, for example, to point out MorphoSys to the social network and other users. MorphoSys does not collect personally identifiable information by means of the plug-ins or their use.

The plug-ins establish a direct connection to the respective Service Provider. The respective Service Provider is thereby informed about the visit to the website. If you are logged in to a social network at the same time, its Service Provider can identify you as a visitor to a particular page and associate it with your account on the social network. If you do not agree to such transmission, then you need to log off of your account with the respective Service Provider before visiting our website. Even if you are not a member of a social network, there is still the possibility that the network's Service Provider will find out and store your IP address after activating the plug-ins.

We have no control over the extent and content of data collected by the providers through their services. For more information, please refer to the privacy policies of Linkedin Inc., Xing AG, Facebook Inc., Google Inc. and Twitter Inc., which are available on their websites. There you will also find additional ways to protect your privacy within the respective social network.



The privacy policy described here applies only to this website. We have no influence on the content of third-party websites, including those linked by our website. Please familiarize yourself with the privacy policies and other legal statements of third-party websites. Continuous control of the content of the link is not possible. MorphoSys is unable to guarantee the privacy standards of any linked websites or to accept any liability for their content.