Privacy policy

The DMG MORI customer portal is provided by DMG MORI USA, INC., 2400 Huntington Blvd., Hoffman Estates, IL 60192 (hereinafter: "DMG MORI", "we" or "us") as the ‘controller’ within the meaning of Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR), and complies with all current data protection laws of the United States. Our subsidiary, WERKBLiQ GmbH, Niederwall 43, DE-33602 Bielefeld, operates the DMG MORI customer portal as instructed by us.

The DMG MORI customer portal enables you to manage your DMG MORI machine tools and customer data and to communicate efficiently with us. The DMG MORI customer portal is available via our website at https://mydmgmori.com or via myDMGMORI-App.

By using the DMG MORI customer portal, we process personal data. This includes all data relating to an identified or identifiable natural person. In the following, we would like to inform you which personal data we store or process when you use the DMG MORI customer portal and how we handle or with whom we share this data. In addition, we inform you about the measures we take to safeguard your personal information, the legal basis of the processing, as far as the processing is necessary for the purposes of our legitimate interests, also about our legitimate interests, your rights as the concerned person, and finally your contact persons in case of questions or grievances.

By using our Services, you understand and consent to us collecting and using your information as described in this Privacy Policy.

1. Information about the processing of your data

  1. Processing of personal data when visiting our DMG MORI customer portal at https://mydmgmori.com / Download myDMGMORI-App
    1. When you visit the DMG MORI customer portal at https://mydmgmori.com, we initially collect the data listed below on the basis of applicable laws and Art. 6 para. 1 lit. f GDPR. This data is necessary to be able to present the DMG MORI client portal and to ensure its stability and security:
      • IP address;
      • date and time of the request;
      • time zone difference to the coordinated universal time (UTC);
      • content of the request (specific page);
      • access status/HTTP status code;
      • data amount transmitted;
      • browser used;
      • operating system and its interface;
      • language and version of the browser software.
    2. In addition to the data mentioned above, cookies are stored on your computer when you visit our website. Cookies are small text files which are stored on your hard disk assigned to the browser you are using and through which certain information flows to the location that sets the cookie (in this case by us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet and our services more user-friendly and effective by allowing us to respond to you when you return to our services. Cookies are also used to enhance the secure use of our services.
    3. Our website uses the following types of cookies:
      • Transient cookies (see below: a)
      • Persistent cookies (see below: b).
      a) Transient cookies are automatically deleted when you close the browser. This includes in particular session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the session. The session cookies are deleted when you log out or close the browser.

      b) Persistent cookies are deleted after three months at the latest. You can delete the cookies in the security settings of your browser at any time.

      c) You can configure your browser settings in accordance with your wishes and, for example, refuse to accept cookies. However, we would like to make you aware that in this case you may not be able to use all functions of the DMG MORI customer portal.

      d) We use cookies to identify you for subsequent visits, if you have an account with us. Otherwise you would have to log in again each visit.
    4. When downloading the myDMGMORI-App, certain required information will also be transmitted to the App Store you have selected (e.g. Google Play or Apple App Store), in particular the user name, e-mail address, customer number of your account, time of download, payment information and individual device identification number can be processed. The processing of this data is carried out exclusively by the respective App Store and is not subject to our influence.
  2. Processing of personal data for registration and conclusion of the end user contract
    1. If you register or log in to the DMG MORI customer portal, we use your access data (e-mail address (myDMGMORI-ID) and password) to grant access to your user account and to manage it ("Mandatory Information"). Mandatory Information are required for the conclusion of the end user agreement which is provided to you and which you will have to accept upon registration. If you do not provide this data, you will not be able to create an user account, and accordingly you will not be able to avail of our services on the portal. In detail such data is:
      • personal master data (e.g. first and last name, business address);
      • communication data (e.g. business telephone number and e-mail address);
      • status data (e.g. customer number, company function, representation authority);
      • first- and second name (if applicable), e-mail address of a person with representation authority.
    2. In addition, you may provide the following voluntary information as part of the registration process:
      • title;
      • remarks.
    3. We use the Mandatory Information to authenticate you when you log in and to respond to requests to reset your password. We process the data entered by you during registration or login (1) to verify your authorization to manage the user account; (2) to enforce the terms of the end user agreement and any rights and obligations associated therewith; and (3) to contact you in order to send you technical or legal notices, updates, security messages or other messages concerning the management of the user account.
    4. We use voluntary information to be able to address you (title) and to respond to your inquiry (remarks) adequately.
    5. If you provide personal information that we have not requested (unsolicited information) you thereby give consent for use by DMG MORI to perform contractual obligations arising from the end user agreement, e.g. performing service work. If we could not have solicited such personal information and if it is lawful and reasonable to do so, we will destroy or de-identify the information.
    6. The aforementioned data processing is lawful; if and as far as European data protection laws apply, inter alia, when (1) it is necessary for the fulfilment of the contract between you as the affected party and us in accordance with Art. 6 Para. 1 lit. b) GDPR for the use of the DMG MORI customer portal, and/or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the DMG MORI customer portal, which outweighs your rights and interests in the protection of your personal data in the sense of Art. 6 Para. 1 lit. f) GDPR.
  3. Processing of personal data by using the DMG MORI customer portal via the website
    • After registration and the conclusion of the so-called end user agreement, you can use the DMG MORI customer portal via our website, https://mydmgmori.com. After registration, you can, among other things, manage your master data, review service reports and invoices, generate tickets for service calls, place, plan and follow up orders, enter offers and participate in awarding processes, view manuals and circuit diagrams of your machine tools or use the online shop of the DMG MORI-Group for the purchase of spare parts and related services. In order to be able to offer you these services, we process your data:
      • personal master data (e.g. first and last name, business address);
      • communication data (e.g. business telephone number and e-mail address);
      • contract master data;
      • billing and payment data;
      • machine, customer and service history;
      • planning data (for example, for service calls);
      • machine-related data (for example, IBN data, machine number, machine type);
      • data of personnel belonging to the group or specified by you (if applicable).
      All data processing described above is lawful; if and as far as European data protection laws apply, as (1) the processing is necessary for the fulfilment of the contract between you as concerned person and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the DMG MORI customer portal, or (2) we have a legitimate interest - outweighing your rights and interests – to offer you a functional, error-free service that is in line with the market standard and your interests, Art. 6 para. 1 lit. f) GDPR.
  4. Processing of personal data by using the myDMGMORI-App
    1. When using the myDMGMORI-App, we initially automatically collect certain data that is necessary for the use of the myDMGMORI-App. This includes:
      • internal device ID;
      • version of the operating system;
      • time and place of access to the myDMGMORI-App.

      This data is automatically transmitted to us, but not saved, in order to (1) provide you with the service and related functions; (2) improve the functions and features of the myDMGMORI-App; and (3) prevent and eliminate misuse and malfunctions.

      This data processing is lawful; if and as far as European data protection laws apply, as (1) the processing is necessary for the fulfilment of the contract between you as a data subject and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the myDMGMORI-App, or (2) we have a legitimate interest - outweighing your rights and interests - to offer you a functional, error-free service in line with the market standard and your interests, Art. 6 para. 1 lit. f) GDPR.

    2. If you use our myDMGMORI-App, you have functions available, among other things, to manage your master data, to review service reports and invoices, to generate tickets for service calls, to place, plan and track orders, to submit offers and participate in awarding processes, to view manuals and circuit diagrams of your machine tools or to use the online shop of the DMG MORI-Group for the purchase of spare parts and related services. In addition, you have options to create photos and videos via the integrated video and photo function of the app and to send them to us. In order to be able to offer you these services, we process your:
      • personal master data (e.g. first and last name, business address);
      • communication data (e.g. business telephone number and e-mail address);
      • contract master data;
      • billing and payment data;
      • machine, customer and service history;
      • planning data (for example, for service calls);
      • machine-related data (for example, IBN data, machine number, machine type).

      The myDMGMORI-App also requires the following permissions:

      • internet access: required to transmit your submissions to our server;
      • camera access and microphone access: required in order to offer you the video and photo function of the app

      We use "Google Firebase" to analyze and categorize user groups and to optionally send out push messages. Further information on data protection with "Google Firebase" can be obtained at https://firebase.google.com/support/privacy.

      Any data processing described above is lawful; if and as far as European data protection laws apply, as (1) the processing is necessary for the fulfilment of the contract between you as a data subject and us pursuant to Art. 6 Para. 1 lit. b) GDPR for the use of the myDMGMORI-App, or (2) we have a legitimate interest - outweighing your rights and interests - to offer you a functional, error-free service that is in line with market standard and your interest, Art. 6 para. 1 lit. f) GDPR.

  5. Integration of YouTube videos
    1. We have integrated YouTube videos into our DMG MORI customer portal, which are saved on https://www.youtube.com and can be played directly from our DMG MORI customer portal. These are integrated in the "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when playing the videos, the data referred to in sections 1.5.2 and 1.5.3 will be transmitted. Such data transmission is not subject to any influence on part of us.

    2. When playing the videos, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under section 1.5.3 of this privacy information is transmitted irrespective of whether you are logged in through a YouTube user account or whether no user account exists.

      If you are logged into a Google account, your data will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out prior to activating the button.

      YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is also carried out for users who are not logged in to provide tailored advertising. You have a right of objection to the creation of these user profiles, but you must contact YouTube directly in order to exercise this right.

    3. For further information on the purpose and scope of data collection and its processing by YouTube, please see their privacy policy. There you will also find further information on your rights and settings to protect your privacy: https://policies.google.com/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
  6. Links to third party websites
    • We link websites of other providers not affiliated with us (third parties), e.g. to our profiles on social networks like LinkedIn, Xing, Twitter, YouTube, Instagram and Facebook. Please note that we have no influence on which data is processed by these providers when you click on these links. Since the data processing by third parties is beyond our control, we cannot take responsibility for this. For further information on the processing of your data by these third parties, please refer to the privacy information of the respective provider.

2. Passing on and transmission of data

  1. If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit or otherwise grant access to the data, this is only done on the basis of a legal permission, consent, a legal obligation to do so or on the basis of our legitimate interests. In particular, we disclose personal information to third parties if it is necessary for the primary purpose of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected. If contract processors are used for this purpose and if and as far as European data protection laws apply, this is done on the basis of Art. 28 GDPR. Where a disclosure to third parties is necessary, we will require that the third party undertake to treat the personal information in accordance with all applicable privacy laws to which we are bound.
  2. The data provided by you during registration will be passed on within the DMG MORI Group to the extent necessary for internal administrative purposes in order to provide you the services, including joint customer service.

  3. If there are indications of unlawful or mal usage of the DMG MORI customer portal, and if necessary for the clarification of such usage or for legal prosecution, personal data will be forwarded to law enforcement or other authorities and affected third parties or legal advisors. A transmission might also take place if it serves the enforcement of terms of use or other legal claims. We are also legally obliged to provide information to certain public bodies upon request, such as criminal prosecution authorities, authorities that pursue administrative offences including fines, and the tax authorities.

    Any disclosure of personal data is lawful; if and as far as European data protection laws apply, as (1) the processing is necessary for the fulfilment of a legal obligation which we are obliged to fulfil pursuant to Art. 6 para. 1 lit. f) GDPR in conjunction national legal obligations regarding the disclosure of data to prosecution authorities and as (2) we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of misconduct or in order to enforce our terms of use, other conditions or legal claims of third parties your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not outweigh.

  4. We are dependent for the provision of services in the DMG MORI customer portal on the services of our affiliated company WERKBLiQ GmbH, Niederwall 43, DE-33602 Bielefeld, Germany, other affiliated companies of DMG MORI AKTIENGESELLSCHAFT, Gildemeisterstraße 60, DE-33689 Bielefeld, Germany, as well as the following external companies and external service providers:
    • Hybrid Heroes GmbH, Reichenberger Str. 113a, 10999 Berlin, Germany (developer of the myDMGMORI-App);
    • GoSe Consulting LLC, 1550 East Royall Place Unit 709, Milwaukee, Wisconsin 53202, United States (concept and programming of serial interfaces);
    • diplexa GmbH, Osningstr. 25, 33605 Bielefeld, Germany (programming of serial interfaces);
    • GAB ExactlyIT Solutions GmbH, Pankofen Hauptstr.13, 94447 Plattling, Germany (implementation of central user management for my DMG MORI, connection to online shop);
    • Microsoft Ireland Operations Limited, The Atrium Building Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18, Ireland (Azure Cloud Hosting);
    • Dynatrace GmbH, Konrad-Zuse-Platz 8, 81829 Munich, Germany (System Monitoring);
    • Google LLC, ABC-Strasse 19, 20354 Hamburg, Germany (Google Maps location indicator);
    • Userlane GmbH, Rosenheimer Strasse143c, 81671 Munich, Germany (User tours).
    Any disclosure of personal data is lawful; if and as far as European data protection laws apply, as (1) we have a legitimate interest in disclosing the data for administrative purposes within our group and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not outweigh and (2) we have carefully selected our external companies and external service providers within the scope of Art. 28 para. 1 GDPR as processors, re-examined them on a regular basis and contractually obliged them to process all personal data exclusively in accordance with our instructions.

  5. In the course of the further development of our business, the structure of our company may be subject to change as regards legal form, the establishment, purchase or sale of subsidiaries, companies or parts thereof. In such transactions, customer information may be transmitted along with the company to be transferred. Whenever personal data is transferred to third parties to the extent described above, we safeguard that this is done in accordance with this privacy policy and the applicable data protection law.

    Any disclosure of personal data is lawful; if and as far as European data protection laws apply, as we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as required and as your rights and interests in the protection of your personal data do not outweigh the protection of your privacy in the sense of Art. 6 para. 1 lit. f) GDPR.

3. Data Security

  1. Personal information we collect is securely stored within our databases. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorized access, modification and disclosure.

    The steps we take to protect your personal information include the following:

    • access to data processing systems by unauthorised measures is protected by implementing access controls, implementing security measures, maintaining authorizations and other relevant measures;
    • access to IT systems by unauthorised persons is protected by technical measures regarding user ID, dedicated password protocols, information and data classification policies, secure deletion of data and other relevant measures;
    • in relation to personnel who are authorized to access the data subject to their access authorisation, we implement access rights that are based on role requirements, dedicated authorisation processes, information and data classification policies and other appropriate measures;
    • to ensure the adequate separation of data we implement physical separation of data based on the relevant purpose of collection, separate processing of personal data dependent upon intended function, encryption of personal data and other relevant measures;
    • we maintain the safety of personal data during electronic transmission by ensuring personal data can be verified, implementing an information and data classification policy, maintaining e-mail encryption and other relevant measures;
    • we maintain relevant systems and protocols that allow us to monitor access to personal data. We also implement further measures to protect data from accidental destruction or loss;
    • we ensure business continuity by maintaining contingency plans in our data centres and reviewing our recovery plans regularly; and
    • we have also implemented appropriate processes to respond to events and violations, including notification. The implementation and effectiveness of incident management is reviewed at regular intervals as part of internal audits and adjusted if necessary.

    Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

    You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our website or app whilst it is in transit over the internet and any such submission is at your own risk.

4. Data transfers to third countries

  1. In addition to the data transmissions already described, the following applies: If the data is transferred, stored or processed overseas, in particular on our servers in Germany or in another countries of the European Union or the European Economic Area, or if this is done in the context of using the services of third parties or the disclosure or transmission of data to third parties, this is only done in order to fulfil our (pre-)contractual obligations, on the basis of consent, on the basis of a legal obligation, on the basis of our legitimate interests, or if otherwise permitted by relevant laws.

    Subject to legal or contractual permissions, we will only process the data in a country or permit to be processed in a country if the special conditions of Art. 44 ff. GDPR are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially determination of an EU-compliant level of data protection or in compliance with officially recognised special contractual obligations (so-called standard contractual clauses).

5. Change of purpose

  1. Processing of your personal data for purposes other than those described above will only be carried out to the extent permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before processing and provide you with all further relevant information.

6. Period of data storage

  1. We will use secure methods to delete or permanently de-identify your personal data when it is no longer required for the purposes for which we have collected or used it in accordance with the preceding paragraphs. As a standard procedure, we store your personal data for the duration of the end user agreement relating to the DMG MORI customer portal plus a period of 6 months, during which we keep backup copies after deletion, provided that this data is no longer required for criminal prosecution or to secure, assert or enforce legal claims.

    Specific details in this data privacy policy or legal requirements for the storage and deletion of personal data, in particular those which we must store for tax reasons, remain unaffected.

7. Your rights as a data subject

  1. Right to information
    • You have the right to obtain from us, at any time and upon request, information on the personal data processed by us and relating to you in accordance with applicable laws and Article 15 of the GDPR. To do so, you can make a request by post to the address below or by e-mail to compliance@dmgmori-usa.com.
  2. Right to correct incorrect data
    • You have the right to ask us to correct any personal data concerning you without delay if it is incomplete or inaccurate. To do so, please contact us at the addresses below.
  3. Right to deletion
    • Under the conditions set forth in applicable law and Art. 17 GDPR, you have the right to request us to delete the personal data concerning you. These conditions provide in particular for a right of deletion if the personal data is no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or withdrawal of consent, or the existence of an obligation to delete them. To exercise your right of deletion, please contact us at the addresses below.
  4. Right to limit processing
    • You have the right to demand that we restrict processing in accordance with applicable law and Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period of time required to verify its accuracy, and in the event that the user requests limited processing instead of deletion in the case of an existing right to deletion; also in the event that the data is no longer required for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, and if the successful exercise of an objection is still disputed between us and you. In order to exercise your right to limit the processing, please contact us at the addresses below.
  5. Right to data transferability
    • You have the right to receive from us the personal data concerning you that you have provided us with in a structured, common, machine-readable format in accordance with applicable law and Art. 20 GDPR. To exercise your right to data transferability, please contact us at the contact addresses below.
  6. Revocation of consent
    • If you have given us your consent to process your personal data, you can revoke this consent at any time, free of charge and free of disadvantages and with effect for the future. This by e-mail to compliance@dmgmori-usa.com or by sending a message to the contact addresses given below. After revocation of your consent, your personal data will no longer be used for the aforementioned purposes and - subject to permissible processing for other purposes and compliance with applicable laws - will be deleted.

8. Right of objection

  1. Furthermore, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you (which is carried out on the basis of Article 6 paragraph 1 letter e) GDPR regarding data processing in the public interest, or Article 6 paragraph 1 letter f) GDPR regarding data processing based on a balancing of interests; this also applies to profiling based on Article 21 GDPR). If you lodge an objection, we will only process your personal data if we can prove that there are compelling legitimate reasons for doing so which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.

9. Right of complaint

  1. You also have the right, in accordance with applicable law and Art. 77 GDPR, to lodge a complaint to a data protection supervisory authority about the processing of your personal data by us.

10. Your questions and comments, our data protection officer

  1. If you have any questions or comments about our handling of your personal data or if you wish to exercise the above rights as a data subject, please contact compliance@dmgmori-usa.com.

11. Amendment of the data protection declaration

  1. We always keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to update it if there are changes in the collection, processing, storage or use of your data. The current version of the data protection declaration can always be found under "Data protection" within the myDMGMORI-App and at https://mydmgmori.com. https://emo.dmgmori.com/de/datenschutz-app