Privacy

Thank you for your visit to our website and your interest in our offers. We take the protection of your personal data very seriously. Below we would like to inform you how your personal data is processed when you use our website and make use of our contents and services. Personal data is all data that can be connected to you as a person, e.g. name, address, e-mail addresses, user behaviour.

1. Responsible person, processor, data protection officer

1. The responsible party according to Art. 4 No. 7 EU General Data Protection Regulation (GDPR) is DMG MORI Digital GmbH, Niederwall 43, 33602 Bielefeld („We“).
   
2. Should you have any questions concerning data privacy law, our group data protection officer Frank Kopp is available for you. You can reach him under responsibility [at] istos.com.
   

2. General information about processing of personal data

1. We only process personal data, if this is required for providing a functional website and our content and services. In general, we only process your personal data with your consent. An exception applies in cases, in which prior consent is not feasible and legal provisions permit processing of data.
   
2. Art. 6 section 1 (a) GDPR is the legal foundation for processing personal data after requesting the consent of the affected person.
   
   Art. 6 section 1 (b) GDPR is the legal foundation for processing personal data required for performance of a contract, of which the affected person is a contracting party. This also applies to data processing required for pre-contractual measures
   
   Art. 6 section 1 (C) GDPR is the legal foundation for processing personal data to comply with a legal obligation to which we are subject.
   
   Art. 6 section 1 (d) GDPR is the legal foundation for processing personal data required due to vital interests of the affected person or another natural person.
   
   If data processing is required to fulfil our legitimate interest or the legitimate interest of a third party and if the interests, fundamental rights and freedoms of the affected party do not override these aforementioned interests, Art. 6 section 1 (f) GDPR is the legal foundation for data processing.
   
3. The personal data of the affected person will be deleted or blocked, as soon as the purpose of storage no longer applies. Data may also be stored, if this is intended by European and national lawmakers in EU directives, laws or other regulations to which the responsible party is subject. The data will also be blocked or deleted, when a storage period required by the above-mentioned standards ends, unless further storage of the data is required for contract conclusion or performance.
   
4. When you contact us by e-mail, through a contact form or by registering on our website, we will save the data supplied by you to process your questions/enquiries. We will delete the data collected in this context, once storage is no longer required, or limit processing thereof, if legally mandated retention periods apply.
   
5. If we use commissioned service providers for individual functions included in our offer or wish to use your data for promotional purposes, we will inform you in detail about these processes as described below. We will also name the criteria defined for the duration of storage.
   

3. Collection of personal data when you visit our website

1. If you use our website purely for information purposes, that is, if you do not register or otherwise transmit information, we only collect the personal data transmitted to our server by your browser. If you wish to view our website, we will collect the following data required for technical purposes to display our website and ensure stability and security (the legal foundation is Art. 6 section 1 (f) GDPR):
   
   • ΙP address
   • Date and time of access
   • Time zone difference from Greenwich Mean Time (GMT)
   • Contents of the request (specific site)
   • Access status/HTTP status code
   • Data volume transferred
   • Website where the request originated
   • Browser
   • Operating system and its interface
   • Language and version of the browser software.
   
   
2. In addition to the above-mentioned data, cookies are saved on your computer when you use our website. Cookies are small text files saved on your hard drive in association with the browser you use and used to transmit certain information to the body responsible for setting the cookie (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. They are used to make the overall web presence more user-friendly and effective.
   
3. Use of cookies:
   
   1. This website uses the following types of cookies, the extent and function of which is described below:
      • Transient cookies (see b)
      • Persistent cookies (see c).
   2. Transient cookies are deleted automatically, when you close your browser. This includes in particular session cookies. These save a so-called session ID, which permits association of various requests by your browser to a single session. This allows your computer to be recognised when you return to our website. These session cookies are deleted, when you log out or close your browser.
   3. Persistent cookies are deleted after no more than three months. You can delete the cookies in the security settings of your browser at any time.
   4. You can configure your browser settings as desired and, for instance, reject third-party cookies or all cookies. We would, however, like to notify you that you may not be able to use all functions of this website, if you do so.
   5. We use cookies to identify you during follow-up visits, if you have an account with us. Otherwise, you would have to log in again each time you visit.

4. Use of Google Analytics

1. This website uses Google Analytics, a web analytics service of Google Inc. ("Google"). Google Analytics uses "cookies", i.e. text files saved on your computer permitting analysis of your use of our website. The information on your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, your IP address will, however, first be abbreviated by Google within the European Union member states and other states party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and abbreviated there in exceptional cases. On behalf of the provider of this website, Google uses this information to evaluate your use of the website, to compile reports on website activities and to provide the website provider with further services connected to website use and internet use.
   
2. The IP addresses transmitted in connection with Google Analytics will not be associated with other data stored by Google.
   
3. You can prevent storage of cookies by making the appropriate settings in your browser software; we would, however, like to point out that, if you do so, you may not be able to use all functions of this website to their full extent. Moreover, you can prevent collection of the data generated by the cookie and referring to your use of the website (incl. your IP address) by Google and processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en..
   
4. This website uses Google Analytics with the extension "_anonymizeIp()“. This means IP addresses are abbreviated before being processed further, preventing association with a person. If the data collected could be associated with your person, this is therefore immediately prevented and the data related to your person is immediately deleted.
   
5. We use Google Analytics in order to be able to analyse and regularly improve use of our website. We can use the statistics gathered to improve our offer and make it more interesting for you as a user. For those exceptional cases, in which personal data is transmitted to the USA, Google has subjected itself to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. The legal foundation for our use of Google Analytics is Art. 6 section 1 sentence 1 (f) GDPR.
   
6. Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms:
   http://www.google.com/analytics/terms/us.html, overview on data privacy: http://www.google.com/intl/en/analytics/learn/privacy.html, and data privacy statement: http://www.google.de/intl/en/policies/privacy.
   

5. Use of Google Fonts

We use Google Fonts on our website. This allows us to integrate certain fonts into our website. These fonts are provided by Google through servers in the USA. When accessing our website, your web browser establishes a direct connection to these servers. During this process, the visitor's IP address, among other things, is transmitted to Google and stored there. Google participates in the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework
Further information about Google: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA.
Further information on data privacy at Google:
https://www.google.com/policies/privacy/

6. Use of Google reCAPTCHA

We use Google reCAPTCHA on our website. This allows us to prevent automated spam robots from misusing our contact forms. This functionality is provided by Google through servers in the USA. When accessing our website, your web browser establishes a direct connection to these servers. During this process, the visitor's IP address, among other things, is transmitted to Google and stored there. Google participates in the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework
Further information about Google: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA.
Further information on data privacy at Google:
https://www.google.com/policies/privacy/

7. Integration of Google Maps

1. Our website uses the services of Google Maps. This allows us to display interactive maps on our website and permits you convenient usage of the map function.
2. When you visit the website, Google receives the information that you have accessed the respective sub page of our website. In addition, the data listed under section 3 of this statement is transmitted. This is the case irrespective of whether or not you have a Google user account and are logged into it. If you are logged into a Google account, your data is associated directly with your account. If you do not wish for your data to be associated with your Google profile, log out before activating the button. Google saves your data as usage profiles and uses it for the purposes of promotion, market research and/or tailoring its website to the users' needs. In particular, this evaluation is conducted (even for users not logged into a user account) to provide tailored advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, but in order to exercise this right, you will have to contact Google.
3. For further information on the purpose and extent of data collection and processing thereof by the plug-in provider, refer to the provider's data privacy statement. It also contains information on your associated rights and setting options to protect your privacy: https://www.google.de/intl/en/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
   

8. LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag, provided by LinkedIn Corporation, Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland on this website.

The "LinkedIn Insight Tag" generates a cookie in your web browser, which enables the collection of the following data, among others IP address, device and browser properties and page events (e.g. page views). This technology enables us to monitor the performance of our ads and read information regarding user interaction on our website. This data is encrypted, anonymised within seven days and the anonymised data is deleted within 90 days. LinkedIn does not share any personal data with DMG MORI Digital GmbH, but offers anonymised reports on the website target group and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. DMG MORI Digital GmbH can use this data to display targeted advertising outside its website without identifying you as a website visitor. Find more information on data protection in the LinkedIn data protection information.

The use of the LinkedIn plugin is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Further information on this can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website ("opt-out") click here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

9. Links to third-party websites

We link to the websites of other providers not associated with us (third parties), e.g. to our profiles on social networks such as LinkedIn, Twitter, YouTube, Instagram and Facebook. We would like to inform you that we have no influence on the data processed by these providers, when you click these links. As data processing by third parties is not under our control, we cannot assume any liability for it. For further information on data processing by these third parties, please refer to the data privacy information published by the respective provider.

10. Safety measures

1. As required by Art. 32 GDPR, we take suitable technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons.
   
2. These measures include, in particular, the safeguarding of reliability, integrity and availability of data by controlling physical access to the data as well as access associated with the data, input, disclosure, safeguarding of availability and separation. Moreover, we have established methods for ensuring that affected parties can exercise their rights, for ensuring data deletion and appropriate reactions to risks to the data. Moreover, we take the protection of personal data into account even when developing or selecting hardware, software and methods, based on the principle of data protection by design and by default settings conducive to data protection (Art. 25 GDPR).
   
3. To ensure security and safeguard the transfer of confidential data, e.g. enquiries, transmitted by you to us in our role as the provider of the websites, these websites use SSL encryption. An encrypted connection is indicated by the address bar of your browser changing from "http://“ to "https://" and a padlock symbol in your browser bar. When this SSL encryption is active, the data you transmit to us cannot be read by third parties.
   
4. We would, however, like to point out that online data transmission (e.g. when communicating by e-mail) is subject to security vulnerabilities. Perfect protection of data from access by third parties is not possible.
   

11. Cooperation with processors and third parties

1. If we disclose, transmit or otherwise grant access to data to other persons and companies (order processors or third parties) in the context of our processing of this data, this is only done on the basis of legal permissibility (e.g. when transmission of data to third parties, such as financial service providers, is required according to Art. 6 section 1 (b) GDPR for contract performance), on the basis of your consent, based on a legal obligation or our legitimate interest, e.g. when commissioning service providers, web hosts, etc.
   
2. If we commission third parties to process our data based on a so-called processing contract, this will be based on Art. 28 GDPR.
   

12. Transfer to third countries

If we process data in a third country, i.e. outside of the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services or disclosure or transfer of data to third parties, this shall only be done, if it is required for performing our (pre-)contractual obligations, if you have given your consent, or if it is based on a legal obligation or on our legitimate interest. Subject to legal or contractual permissions, we only process data or have data processed in third countries, if the special prerequisites of Art. 44 ff. GDPR exist. I.e. processing is, e.g. based on special safeguards, such as the official establishment of a data protection level equivalent to that of the EU (e.g. the "Privacy Shield" for the USA) or adherence to officially recognised special contractual obligations ("standard contractual clauses").

13. Your rights

1. You have the following rights with regard to personal data related to your person:
   
   • Right of access (Art. 15 GDPR),
   • Right to rectification or erasure (Art. 16 and Art. 17 GDPR),
   • Right to restriction of processing (Art. 18 GDPR),
   • Right to notification (Art. 19 GDPR),
   • Right to data portability (Art. 20 GDPR).
   
   
2. Moreover, you have the right to object to processing of personal data related to your person at any time for reasons based on your specific situation, if this processing is based on Art. 6 section 1 (e) GDPR (data processing for public interest) or Art. 6 section 1 (f) GDPR (data processing based on weighing of interests); this also applies to profiling based on these provisions (Art. 21 GDPR). If you object, your personal data will only be processed further, if we can prove that there are compelling, legitimate reasons overriding your interests, rights and freedoms or if processing is for the purpose of asserting, exercising or defending legal claims.
   
3. If you have given us permission to process your personal data, you can revoke it at any time. The legitimacy of processing of your personal data up to the point at which you revoked your consent remains unaffected. Further processing of this data based on a different legal foundation, for instance to meet legal obligations, also remains unaffected.
   
4. You have the right to file a complaint with a data privacy supervisory authority about our processing of your personal data.
   
5. We would like to ask you to address claims or statements to the following contact address, if possible: responsibility [at] istos.com