Privacy Policy

1. Scope of Personal Information

"Personal Information" in this policy refers to personal information as defined in Article 2 (1) of the Act on the Protection of Personal Information (Act No. 57 of 2003) ("Personal Information Protection Act").

2. Acquisition of Personal Information

When obtaining Personal Information, DMG MORI Group expressly indicates the purpose of use, and obtains information through lawful and fair means.

3. Management of Personal Information

1. DMG MORI Group complies with the Personal Information Protection Act, guidelines stipulated by the Personal Information Protection Act, and this policy.
2. In order to manage the security of Personal Information, DMG MORI Group implements required and appropriate measures with regard to internal management and supervision, employee training, and supervision of entrusted persons, and strives to prevent the leaking, destruction, and loss of Personal Information.
3. DMG MORI Group obtains and uses Personal Information within the scope required of the purposes defined in this policy. In cases where Personal Information will be used outside of the scope of the purposes defined in this policy, we will obtain the consent of Customers beforehand, through appropriate means.
4. In order to prevent Personal Information from being leaked, lost, or falsified, DMG MORI Group manages Personal Information appropriately according to the security control measures defined in this policy.

4. Purposes of use of Personal Information

DMG MORI Group uses the Personal Information of Customers for the following purposes:

1. Personal Information of individuals who plan to purchase or have already purchased DMG MORI Group products and services
   • a）Providing DMG MORI Group products and services, and related transactions.
     The following are examples of such use:
   • Setting up meetings concerning DMG MORI Group products and services
   • Issuing written quotations containing DMG MORI Group products and services
   • Registering visitors and guests touring DMG MORI Group facilities
   • Processing internal decisions concerning purchases of DMG MORI Group products and services
   • Arranging delivery schedules for DMG MORI Group products and services
   • Confirming payment statuses concerning DMG MORI Group products and services
   • Responding to inquiries concerning DMG MORI Group products and services
   • Verifying the identity of individuals applying to use DMG MORI Group online services
   • Checking purchase histories of individuals requesting after-sales service
   • b）Improving DMG MORI Group products and services.
     The following are examples of such use:
   • Conducting questionnaire surveys concerning DMG MORI Group products and services
   • Creating internal records when technical errors occur in DMG MORI Group products and services
   • Analyzing feedback on new products and services
   • c）Distributing advertising information concerning DMG MORI Group products and services.
     The following are examples of such use:
   • Providing information on exhibitions, seminars, etc. concerning DMG MORI Group products and services
   • Sending catalogs and PR materials concerning DMG MORI Group products and services
   • Distributing email newsletters concerning DMG MORI Group products and services
   • Providing notice about scheduled maintenance, etc. of DMG MORI Group products and services
   • d）Maintaining business operations of DMG MORI Group.
     The following are examples of such use:
   • Fulfilling obligations or exercising rights as stipulated in contracts
   • Managing potential and existing customers
   • Formulating sales strategies and product strategies based on purchase/service history
   • Maintaining the information security of IT systems managed by DMG MORI Group
   • Operating and maintaining the security of facilities managed by DMG MORI Group
   • Acting in compliance with laws and regulations, or according to instructions from authorities
   • Otherwise acting in accordance with purposes of use expressly indicated when obtaining Personal Information
2. Personal Information of other business partners including suppliers
   • a）Purchasing business partner products and services, and related transactions:
     The following are examples of such use:
   • Setting up meetings concerning business partner products and services
   • Registering business partners as visitors or guests touring DMG MORI Group facilities
   • Processing internal decisions concerning purchases of business partner products and services
   • Arranging delivery schedules for business partner products and services
   • Confirming payment statuses concerning business partner products and services
   • Responding to inquiries concerning business partner products and services
   • Checking or requesting after-sales service
   • b）Maintaining business operations of DMG MORI Group.
     The following are examples of such use:
   • Fulfilling obligations or exercising rights as stipulated in contracts
   • Managing existing and new business partners
   • Distributing communications concerning the business operations, etc. of DMG MORI Group
   • Verifying the identity of individuals when DMG MORI Group holds events for business partners
   • Formulating purchasing strategies based on purchase histories
   • Maintaining the information security of IT systems managed by DMG MORI Group
   • Operating and maintaining the security of facilities managed by DMG MORI Group
   • Conducting surveys and preparing reports based on information sent to compliance hotlines managed by DMG MORI Group
   • Acting in compliance with laws and regulations, or according to instructions from authorities
   • Otherwise acting in accordance with purposes of use expressly indicated when obtaining Personal Information
3. Personal Information of shareholders
   • a）Exercising rights and fulfilling obligations as a share-issuing company.
     The following are examples of such use:
   • Verifying the identity of individuals participating in general shareholders meetings
   • Responding to inquiries concerning the business operations of DMG MORI Group
   • Managing shareholder registers
4. Personal Information of job applicants and interns
   • a）Engaging in hiring and internship activities.
     The following are examples of such use:
   • Distributing information concerning DMG MORI Group hiring and internship events
   • Providing notice about recruitment schedules of DMG MORI Group
   • Providing notice about recruitment results of DMG MORI Group
   • Providing various notice during internship
   • Maintaining the information security of DMG MORI Group IT systems if access is granted during internshipsv

5. Security control measures concerning Personal Information

1. Formulation of basic policy
   This privacy policy was created in order to ensure that Personal Information is handled appropriately, and to provide information on how to submit inquiries and complaints.
2. Establishment of rules concerning the handling of Personal Information
   We formulate internal policies defining obligations and methods for handling Personal Information, for each process (such as obtaining, using, storing, providing, deleting, and disposing of Personal Information), and strive to ensure that company directors and employees follow such policies.
3. Organizational level security control measures
   We appoint an individual responsible for the handling of Personal Information (“Chief Information Security Officer”), and clarify which employees handle Personal Information along with their scope of handling Personal Information. We maintain a reporting system to report incidents to the Chief Information Security Officer when related laws or internal rules are violated or could have been violated, and also conduct regular self-inspections and receive audits conducted by other departments with regard to how Personal Information is being handled. In cases where the handling of Personal Information is outsourced to an external party, we conduct audits of such entrusted persons with regard to the status of handling Personal Information, as required.
4. Personnel security control measures
   We establish work regulations for items related to maintaining the confidentiality of Personal Information and conduct regular training for employees on Personal Information.
5. Physical security control measures
   We thoroughly control access to areas in which crucial information systems handling Personal Information are managed, restrict access to Personal Information, and restrict storage of Personal Information on external devices. We also implement measures to prevent devices, media, and records handling Personal Information from being stolen or lost and implement measures to prevent Personal Information from being easily accessed in the event of theft or loss.
6. Technical security control measures
   We control access to Personal Information, restrict which operators are given access and to what extent, and implement measures to prevent unauthorized external access to devices handling Personal Information and the installation of unauthorized software to said devices.
7. Understanding of external environments
   In order to carry out the purposes of use defined in this policy, DMG MORI Group may allow overseas subsidiaries to handle the personal data of Customers. In such cases, DMG MORI Group implements security control measures after confirming the framework, etc. concerning the protection of Personal Information in the applicable country. Please contact the "Information Desk" below regarding any inquiries on security control measures implemented in an applicable country or by DMG MORI Group.

6. Shared use

DMG MORI Group shares and uses the personal data of Customers within DMG MORI Group, as described below.

1. Items which are subject to shared use:
   • Full name
   • Affiliated company or organization name, job title, address, phone number, email address
   • Inquiry history
   • Purchase history of DMG MORI Group products and services
   • Participation history for exhibitions, seminars, etc.
   • Information related to allowing or denying transmission of advertising information
   • Access history for websites operated by DMG MORI Group
2. Scope of shared use: DMG MORI Co., Ltd. and affiliated companies (including affiliated overseas companies)
3. Purpose of use of users: To carry out the purposes of use defined in this policy (excluding purposes of use concerning the Personal Information of shareholders)
4. Person in charge of handling Personal Information: DMG MORI Co., Ltd. (refer to the following website for information regarding its address and representative, etc.)
   https://www.dmgmori.co.jp/corporate/en/company/profile/outline.html

7. Provision to entrusted persons

DMG MORI Group may completely or partially outsource the handling of Personal Information obtained from Customers, within the scope required to carry out the purposes of use defined in this policy, to entrusted persons. In such cases, DMG MORI Group contractually requires that entrusted persons do not leak or disclose Personal Information, or use Personal Information outside of the purposes of use.

8. Disclosure and provision to third parties

DMG MORI Group does not disclose or provide personal data to third parties, except when providing Personal Information to entrusted persons as described above, or in any of the following cases:

1. When the Customer has provided consent
2. When disclosure or provision is required by law
3. When required to protect human life and limb or property, and obtaining Customer consent would be difficult
4. When required in cooperating with national or local governments in conducting public work, and obtaining Customer consent would hinder such work

9. Information obtained concerning Personal Information (including information concerning the external transmission of information)

1. DMG MORI Group obtains and analyzes purchase details and dates for products and services purchased by Customers, as well as information concerning the use and browsing of websites operated by DMG MORI Group (including Cookie information, information concerning usage such as access logs, information on devices used, OS information, location information, IP addresses, browser information, browser languages, and other information concerning Customer communications), regardless of whether this corresponds to the definition of Personal Information. This information is used to advertise products and services based on browsing and purchase histories, and to improve the functionality of websites operated by DMG MORI Group.
2. The following tools are used by websites operated by DMG MORI Group, for the purposes stated above. Please check the websites of the companies providing the tools for information on how to stop information obtained from these tools from being handled and how to stop information from being sent to these tools.
   <Google Analytics>
   • Provider: Google LLC
   • Transmitted information:
     • Browsing history within site (including browsing date/time, number of views, and time spent on site)
     • Browser and OS type/version
     • Screen size
     • Referrer
     • Member ID and other identifiers used to identify user
     • Cookies and other identifiers stored on device
     • IP address (used to estimate location information)
   • Google Analytics Terms of Service:
     https://marketingplatform.google.com/about/analytics/terms/jp/
   • Google Privacy Policy:
     https://policies.google.com/privacy?hl=ja
   • How Google uses information from sites or apps that use Google services:
     https://policies.google.com/technologies/partner-sites
   • Google Analytics Opt-out Browser Add-on:
     https://tools.google.com/dlpage/gaoptout?hl=ja
     In order to disable Google Analytics, access the Google Opt-out Browser Add-on Download Page, download and install the "Google Analytics Browser Opt-out Add-on," and then change the browser add-on setting. Disabling Google Analytics will also disable Google Analytics on sites other than DMG MORI sites. However, the browser add-on setting can be changed to enable Google Analytics again. Websites operated by DMG MORI Group use functionality for Google ads, and may use the following functions. In order to opt-out from this functionality, the Google Analytics Opt-out Browser Add-on must be installed, and ad personalization must also be disabled in your Google account.
   • Google Analytics Remarketing
   • Google Display Network Impression Reporting
   • Google Analytics User Attributes Report and Interest Category Reports
   • Integrated services that require Google Analytics in order to collect data for the purpose of posting ads (including collecting data through ad cookies and identifiers)
   • Modify ad customization:https://adssettings.google.com/
<KARTE>
• Provider: PLAID, Inc.
• Transmitted information:
  • Browsing history within site (including browsing date/time, number of views, and time spent on site)
  • Browser and OS type/version
  • Screen size
  • Referrer
  • Member ID and other identifiers used to identify user
  • Cookies and other identifiers stored on device
• KARTE Terms of Use:
  https://karte.io/legal/terms-of-use.html
• KARTE Privacy Policy:
  https://karte.io/karte-policy.html
• KARTE Opt-out Settings:
  https://karte.io/optout/

10. Disclosure, etc.

Customers who wish to have their own information disclosed may request that their personal data be disclosed, corrected, added, or deleted; may request that the use of their personal data be stopped or removed; and may request to be notified of the purposes of use of their personal data, by following the procedures determined by DMG MORI Group. However, we may be unable to respond to Customer requests in the following situations:

1. When requirements to identify the individual are not satisfied, as defined by DMG MORI Group
2. When the personal data in question does not correspond to "personal data a business holds" as defined in the Personal Information Protection Act
3. When the request corresponds to an exemption from obligation as defined in the Personal Information Protection Act

11. Intake of Disclosure, etc. requests and Information Desk

Any requests for personal data held by DMG MORI Group as described above, as well as any other inquiries concerning this policy, should be sent by mail to the following address. In order to prevent unauthorized requests due to impersonation, DMG MORI Group will confirm the identity of the individual through rational means, such as requesting that the individual submit identification during the request. If all requirements to confirm the identity of the individual as defined by DMG MORI Group are satisfied, DMG MORI Group will respond under the assumption that the request was made by the individual. However, DMG MORI Group will not be responsible for any loss or damage that occurs as a result of our responding to the request, even if the request was received from a third party other than the Customer who has somehow obtained the personal data or identification confirmation documents of the Customer, except in the case of the bad faith or gross negligence on the part of DMG MORI Group. Please use caution in managing your own Personal Information.