Privacy Notice for Business Partners and Visitors

Last updated: July 2020

1. Introduction

This Privacy Notice for Business Partners and visitors (“Privacy Notice”) describes how ASML processes the personal data of individuals, such as customers, suppliers and visitors of ASML premises and website. 


We have carefully drafted this Privacy Notice to inform you in plain and comprehensible language about our privacy practices. The Notice tells you what personal data we process about you, why we process it and how we use it. We encourage you to take some time to read the Notice in full.


This Privacy Notice may change over time. You can store or print this Notice by using the buttons at the top of this page.


2. When does this privacy notice apply?

This Privacy Notice applies to the processing of personal data of individuals by ASML, as set out in chapter one of this Notice.

Some countries may have different local legislation and/or standards. In case of a conflict between this Privacy Notice and local legislation and/or standards, the latter will prevail.


3. Who is ASML?

ASML is the world's leading supplier of semiconductor manufacturing equipment and the innovator behind ever-advancing lithography systems. We provide chipmakers with everything they need – hardware, software and services – to mass produce patterns on silicon through lithography.


When this Privacy Notice mentions ‘ASML’, ‘we’, ‘us’, ‘our’, it refers to ASML Holding N.V. – based at De Run 6501, 5504 DR, Veldhoven, the Netherlands – as well as its group companies.



4. What is personal data? 

It is important for you to know that ‘personal data’ (or: ‘data’, ‘personal information’, or ‘your data’), means: any information relating to an identified or identifiable natural person (‘data subject’).


An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier – or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

5. What personal data do we process about you?

While doing business with you, we may process the following personal data about you:


a. Contact and general personal details such as name, salutation and email;


b. Personal identification details such as gender, date of birth, passport details;


c. On premise information collected through access control and CCTV recordings;


d. Chamber of Commerce, VAT and tax information;


e. Order history, credit and payment information; 


f. Information from screening and background checks;


g. Information provided by you during ASML’s customer and/or supplier onboarding process;


h. Information regarding suspected and actual criminal behavior, criminal records or proceedings regarding criminal or unlawful behavior;


i. Information and results regarding surveys, tests and trainings;


j. Information from tools, systems, apps such as information required to access ASML systems, tools and applications;


k. Interaction data such as enquiries and complaints handling, management of business relationships and communications; and


l. Network traffic data and other related data, such as IP address and information obtained from cookies and similar tracking technology used on our websites, from your use of our websites. For more information please read our Cookie Notice


Special categories data (sensitive personal data)
Special categories of data may be considered sensitive personal data. We only process these for specific, legitimate purposes and where you have given your explicit consent, it is necessary, required by applicable law or inevitable, or you have deliberately made it public.


During our business processes, you may for example provide us with a photo that may disclose the following information about yourself: your race, national or ethnic origin, age, physical health (including disability) or religious beliefs. These, together with veteran status, or information relating to criminal convictions or offences, are considered special categories of personal data. 


Please note that for our business processes, some required personal data may vary, depending on the location (country).


How do we obtain your personal data?
We collect personal data directly from you when you do business with us. In addition, we collect your personal data independently from ASML employees you work with.

We process your personal data via our applications and systems, via email, via phone, in person and/or by any other means.

6. For which purposes do we process your personal data?

We process your personal data for the following purposes:


a. Assessment and (re)screening of (potential) business partners;


b. The delivery of customer services, making travel arrangements and obtaining visas, permits and technology export licenses;


c. Management of (delivered) services, products and materials to and from ASML;


d. The development and improvement of products and/or services;


e. To protect the health, safety, security and integrity of ASML and its business partners and visitors, facilities and (IT) assets, including occupational safety and health;


f. For organizational analysis and development, management reporting and corporate or financial transactions, such as acquisitions and divestitures;


g. Financial and accounting management, archiving and insurance coverage, legal and business consulting and possible dispute resolution;


h. Sales, account management and marketing.


i. To comply with the law, including the disclosure of personal data to government institutions or supervisory authorities, and to exercise or defend legal claims; and

j. To Protect the vital interests of business partners and visitors.


Secondary use of personal data

When we have collected personal data on the basis of legitimate interest, a contract or vital interests, this data can be used for a secondary purpose but only if the secondary purpose is compatible with the original purpose.


7. What is the legal basis for processing your personal data?

The legal bases (or justified reasons) for processing your personal data are:


  • The legitimate interest of business and management purposes;
  • Entering into and managing a contract;
  • Compliance with our legal obligations;
  • Protecting your vital interest; and 
  • Your specific and informed consent.

8. Who has access to your personal data?

Access to your personal data within ASML
Our employees are authorized to access personal data only to the extent necessary to serve one or more of the purposes set forth in Section 6 above and in so far as they need access to perform their job tasks.


Access to your personal data by third parties
To be able to offer you the best possible services and remain competitive in our business, we share certain data internally and outside of ASML, including but not limited to:


  • Banks, insurance companies, financial, tax and legal advisors and accountants;
  • Training and development organizations or consultants; and
  • IT service providers.

Your personal data may also be shared with competent public authorities, governments, regulatory or fiscal agencies where it is necessary to comply with legal or regulatory obligations to which ASML is subject to. 


When we transfer personal data to third parties we will, when appropriate, have an agreement concerning the processing of your personal data in place. 

ASML does not sell your personal data to anyone.


International transfers of your personal data 
ASML is a global organization, so the data we process may be transferred internationally throughout our organization and to third parties worldwide. 
To protect your rights we only store and transfer your personal data in a country where:


  1. An adequate level of protection for personal data is provided; 
  2. An instrument covers the requirements for the transfer of personal data
    such as:  
    a.  EU Standard Contractual Clauses; 
    b.  Codes of conduct; and 
    c.  Certification mechanisms.


What's not covered in this Notice?
Our website sometimes links to services run by other companies. Those companies have their own privacy and cookie notices, so remember that the information you give them will follow their rules and not ours.

9. How long will we keep your personal data?

Your data will be kept only for the period required to serve the purposes mentioned under Section 6 above (and to comply with legal requirements – if any). After the applicable retention period your personal data will be securely deleted, destroyed or de-identified.

10. How is your personal data secured?

We have taken adequate measures to protect the confidentiality, integrity and availability of your personal data. The implementation of appropriate technical, physical and organizational measures protects your personal data against the following incidents:


  • Accidental or unlawful destruction;
  • Accidental loss, damage or alteration;
  • Unauthorized disclosure or access; and
  • Any other forms of unlawful processing (including, but not limited to unnecessary collection or further processing).

We have procedures in place to deal with a (suspected) data breach. You and/or the applicable data protection authorities will be notified of a data breach, where we are legally required to do so. 

11. What about your rights?

You have the following rights in relation to your personal data:


  • The right to access the personal data we have about you;
  • The right to have your personal data deleted;
  • The right to restrict processing of your personal data by us;
  • The right to object to automated decisions; and
  • The right to withdraw consent at any time and without detriment.

Under certain provisions you also have the right to:


  • Object to certain data processing operations; and
  • Request a transfer of your personal data.

If you wish to exercise any of these rights, please contact our Privacy Office. We will always check your identity to ensure that it is you exercising your rights. If we cannot verify your identity, your request will be rejected. When exercising your right, the more specific you are, the better we can assist you with your question. In some cases, permitted by law, we may deny your request, in which case we will notify you of the reason for denial.

If you feel we are not handling your question or request appropriately, you also have the right to lodge a complaint with the relevant data protection authority.



12. What about your responsibilities?

We would like to kindly remind you that you are responsible for providing us with accurate, complete and up-to-date data. In case you provide us with personal data of other individuals, please be aware to comply with legal (local) and ASML requirements, including, informing the individuals concerned sufficiently about the processing of their data, providing them with this Notice and obtaining their consent before sharing their data with us. 


13. How to contact us

When you have a question about the use of your personal data or about this Privacy Notice, we invite you to send an email to our to our Privacy Office via [email protected].


Please contact us if you wish to receive this Notice in one of the following languages: Dutch, French, German, Italian, Japanese, Korean and (simplified) Chinese.

This Privacy Notice may be changed over time. You can download this Notice below.