Privacy Notice for Business Partners and Visitors

Saved jobs

We saved your job

Loading component...

Last updated: October 2025

We are committed to being transparent about the data we process about you. For example, we will inform you about the way our company applies data protection principles and your privacy rights.

The right reasons

We only process your personal data for specific purposes and when we have a justified reason to do so, for example, in order to welcome you to our premises or to provide access to our systems.

Share with care

We only allow access to your personal data to third parties when it is necessary. In such cases, it is only disclosed to third parties that provide us with services under confidentiality obligations.

Keeping it safe

We understand how valuable your personal data is and therefore only keep it for as long as we need it and take appropriate measures to keep it safe. For example, we do this by deleting data when no longer needed and by applying encryption methods, among others.

Stay in control

We enable you to exercise your privacy rights and encourage you to keep your personal data up to date, for example, by providing you with means for you to submit a privacy right request and by being transparent.

Let us know

We are open to any questions, comments and complaints you might have about the processing of your personal data or our Privacy Notice. You can contact us via privacyoffice@asml.com and via the contact form on asml.com/privacy.

1. Introduction

This Privacy Notice for Business Partners and Visitors (‘Privacy Notice’) describes how ASML Holding N.V. – based at De Run 6501, 5504 DR, Veldhoven, the Netherlands – and its group companies (‘ASML’, ‘us’, ‘our’ or ‘we’) processes the personal data of individuals who are not workers or job applicants, such as customers, suppliers and visitors of ASML premises, collaboration portals and website.

We have carefully drafted this Privacy Notice to inform you in plain language about our privacy practices. The Privacy Notice tells you what personal data we process about you, why we process it and how we use it. We encourage you to read the Privacy Notice in full.

Translated versions of this Privacy Notice are available. The translated versions are provided for convenience only. In the event of any difference in meaning between the English language version and any translated version, the English language version will prevail.

Assistance For The Disabled

Alternative formats of this Privacy Policy are available to individuals with a disability. Please contact privacyoffice@asml.com for assistance.

2. When does this privacy notice apply?

This Privacy Notice applies to the processing of personal data of Business Partners and Visitors by ASML, as set out in Chapter One of this Privacy Notice. Processing personal data is a broad term and includes (amongst other things) collecting, recording, storing, amending, reviewing, using and deleting personal data.

Some countries may have stricter or deviating local legal requirements. For example, local law may impose different requirements on how long we have to keep your data (data retention). In case of a conflict between this Privacy Notice and such requirements, the latter will prevail.

3. Who is ASML?

ASML is a supplier of semiconductor manufacturing equipment and the innovator behind lithography systems. We provide chipmakers with everything they need – hardware, software and services – to mass produce patterns on silicon through lithography.

4. What is personal data?

It is important for you to know that ‘personal data’ (or: ‘data’, ‘personal information’, or ‘your data’) means any information relating to an identified or identifiable natural person (‘data subject’).

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier – or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

5. What personal data do we process about you?

As a business partner or visitor to ASML, we process and use your information to do business with you, to facilitate your access to our premises or website and to manage our processes. We may process personal data about you, such as:

Government-issued data and documentation required under immigration laws, such as passport number and expiry date, nationality, social security/national insurance/equivalent identification number and work permit;
Internal data, such as employee/user ID, title, department, working hours, travel and expense claims, (corporate) credit or debit card numbers and relocation data;
Personal identifiers, such as contact details (i.e., name, alias, telephone number, postal address, e-mail address), date of birth and gender;
Sensory or surveillance data, such as on premise information collected through access control and CCTV recordings;
Organizational information, such as your employer and role, Chamber of Commerce number, VAT and tax information;
System logs, including data generated when transmitting information over an ASML network or while using an ASML asset, such as IP addresses, telecom data, device information, user account information and user’s activity logs, time and date of your logins and the type of information and files exchanged (including business emails contained in the professional email account along with attachments);
Geolocation data, such as geographical location identifiers (e.g. to verify your access rights to high risk or export-controlled data);
Background information, such as screening and background checks;
Onboarding and registration data, such as information provided by you during ASML’s customer and/or supplier onboarding process;
Transactional and financial data, such as order history, credit card and payment information;
Information provided by you in order to attend an ASML event, such as education details and dietary preferences;
Internet or other electronic network activity information, such as Information obtained from cookies and similar tracking technology from your use of our websites or applications. For more information, please read our Cookie Notice;
User-generated content, such as documents and notes; and
Photos, video and/or sound recordings.

Special categories of personal data and sensitive personal data
We may also process personal data that is considered as special categories of personal data or sensitive personal data. Such data may include data relating to racial or ethnic origin, genetic or biometric data, as well as data concerning your health. Furthermore, we may process personal data that is considered sensitive, such as veteran status or information relating to criminal convictions or offences.

Please note that personal data required for our business processes may vary, depending on applicable local rules and regulations. We may process special category or sensitive personal data taking into account local legal requirements.

We do not collect or process sensitive personal data or characteristics of protected classifications for the purpose of inferring characteristics about you.

How do we obtain your personal data?
We collect personal data directly from you when you do business with us or visit us. In addition, we may collect personal data through technical means such cookies or similar technologies on our website, CCTV, or the ASML systems and assets you might use. We also collect your personal data from third parties, such as professional screening agencies and background check providers, to the extent permitted by applicable law.

Loading component...

6. What are the purposes and legal bases for processing your personal data?

We may process your personal data for one or more of the purposes in the table below.

The legal bases (or justified reasons) for processing your personal data are:

The legitimate interests of ASML as detailed in the table below (‘legitimate interests’);
For entering into and managing a contract or employment relationship (‘performance of a contract’);
Compliance with our legal obligations (‘legal obligation’);
Protecting your vital interest or that of another natural person (‘vital interests’); and
Your specific and informed consent (‘consent’).

Loading component...

Purpose	Personal data we process (as set forth in Section 5 above)	Legal basis
a. Assessment and (re)screening of (potential) business partners;	Internal data Personal identifiers Government-issued data and documentation Background information	Legitimate interests Legal obligation
b. For business processes, work execution, and internal management, including (company) audits.	Internal data Personal identifiers System logs Sensory or surveillance data Geolocation data	Legitimate interests Legal obligation
c. The delivery of customer services, making travel arrangements and obtaining visas, permits and technology export licenses;	Government-issued data and documentation Internal data Personal identifiers	Legitimate interests Performance of a contract Legal obligation
d. Management of (delivered) services, products and materials to and from ASML;	Organizational information Transactional and financial data Internal data	Legitimate interests Performance of a contract
e. The development and improvement of products and/or services;	User-generated content System logs	Legitimate interests
f. To efficiently manage and operate administrative, information technology, and communications systems, risk management and insurance functions, budgeting, financial management, and strategic planning;	Internal data Organizational information System logs	Legitimate interests
g. To protect the health, safety, security and integrity of ASML and its workers, business partners and visitors, (IT) facilities and assets, including occupational safety and health, and intellectual property;	Internal data Personal identifiers System logs Health data Biometric data Sensory or surveillance data Geolocation data	Legitimate interests Legal obligation
h. For organizational analysis and development, management reporting and corporate or financial transactions, such as acquisitions and divestitures;	Internal data Organizational information Transactional and financial data	Legitimate interests Legal obligation
i. Financial and accounting management, archiving and insurance coverage, legal and business consulting and possible dispute resolution;	Organizational information Transactional and financial data	Legitimate interests Legal obligation
j. Sales, account management, marketing and community engagement;	Personal identifiers User-generated content Onboarding and registration data	Legitimate interests
k. To comply with the law, including the investigation of any possible cases of non-compliance with statutory or contractual obligations or the disclosure of personal data to government institutions or supervisory authorities, as well as to exercise or defend legal claims;	Government-issued data and documentation System logs Sensory or surveillance data	Legal obligation
l. To protect the vital interests of business partners and visitors;	Internal data Personal identifiers System logs Health data Biometric data Sensory or surveillance data Geolocation data	Legitimate interests Legal obligation Vital interests
m. To comply with the ASML Code of Conduct and other ASML policies, including any internal investigations;	Internal data Organizational information System logs Sensory or surveillance data	Legitimate interests Legal obligation
n. To test, develop and use Artificial Intelligence systems or other similar technologies;	System logs User-generated content	Legitimate interests
o. For internal and/or external communications purposes, such as to be used on our website, our social media channels, or in traditional media;	Photos, video and/or sound recordings User-generated content Personal identifiers	Legitimate interests Consent
p. To enhance user experience such as analyzing data to optimize platforms functionality, improve workflow efficiency etc.;	Internet or other electronic network activity information System logs	Legitimate interests Consent

Loading component...

Secondary use of personal data

When we have collected personal data, this data may be used for a secondary purpose, but only if the secondary purpose is compatible with the original purpose. For example, statistical analysis may constitute a compatible secondary purpose.

7. What is the legal basis for processing your personal data?

Access to your personal data within ASML
Our workers are authorized to access personal data only to the extent necessary to serve one or more of the purposes set forth in Section 6 above and in so far as necessary within the scope of their roles and responsibilities as ASML workers.

Access to your personal data by third parties
Your personal data may be disclosed to third parties for the purpose of providing their products and/or services to ASML or vice versa. When we transfer personal data to third parties, we will only do so under strict confidentiality obligations and where necessary, we will have an agreement concerning the processing of your personal data in place. We may share your personal data with the following categories of third parties, including but not limited to:

Financial and legal services providers, including banks, insurance companies, tax advisors, legal counsel, and auditors;
Training and development organizations or consultants;
IT service providers, including providers of infrastructure, cloud services, software solutions, and cybersecurity tools;
Customers, suppliers and other business partners;
Corporate transaction stakeholders, including potential investors, acquirers, or legal advisors involved in mergers, acquisitions, or divestitures; and
Agencies and organizations for making travel or relocation arrangements.

Your personal data may also be disclosed to competent public authorities, governments, regulatory or fiscal agencies where it is necessary to comply with rules or regulations to which ASML is subject. Additionally, we may disclose your personal data to third parties at your direction and we may also disclose your personal data when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of ASML, its customers, or others.

ASML does not sell your personal data or disclose it for cross-context behavioral advertising to anyone.

International transfers of your personal data

Due to our company’s multinational nature, the data we process about you may be transferred to, or accessed by, ASML, our affiliates and trusted third parties from different countries around the world. Your personal data will only be transferred to a country other than your country of residence if this is necessary for the fulfilment of the purposes described in this Privacy Notice.

When you are located in the EEA, we only transfer your personal data to countries based on transfer mechanisms as detailed in the table below, including but not limited to the following countries. This table does not apply to other regions:

Loading component...

Transfer Mechanism	Countries	Download
1. An adequate level of data protection is provided based on a decision adopted by the European Commission; or	Israel, Japan, Republic of Korea, United Kingdom, United States (for organizations participating in the EU-US Data Privacy Framework), Canada, Switzerland	The list of countries which the European Commission has recognized as providing adequate protection
2. An instrument covers the requirements for the transfer of personal data, including: a. Standard Contractual Clauses; b. ASML’s approved Binding Corporate Rules; c. Codes of conduct; and d. Certification mechanisms; or	United States (for organizations not participating in the EU-US Data Privacy Framework), China, Malaysia, Singapore, Taiwan, India	Standard Contractual Clauses
3. Where the transfer is otherwise permitted under applicable data protection laws.

Loading component...

8. How long will we keep your personal data?

Your personal data will be retained only for as long as necessary to fulfill the purposes outlined in Section 6 above, and to comply with any applicable legal, regulatory, or contractual obligations. Once the relevant retention period has ended, your data will be securely deleted, destroyed, or irreversibly anonymized to prevent unauthorized access or use.

The specific duration for which your data is retained is determined by a combination of the following factors:

Legal and regulatory requirements: Compliance with applicable laws, regulations, and government directives that mandate specific retention periods.
Contractual obligations: Commitments arising from agreements with business partners that require data to be retained for a defined period.
Business and operational needs: Requirements related to the continuity of services, customer support, dispute resolution, audits, and internal reporting.
Technical constraints and system capabilities: Limitations or capabilities of the systems used to store and manage data, including backup and archival processes.
Data sensitivity and risk: The nature and classification of the data, including whether it contains sensitive or high-risk information that may require shorter retention or enhanced protection.

Loading component...

9. How is your personal data secured?

We take adequate measures to protect the confidentiality, integrity and availability of your personal data. The implementation of appropriate technical, physical and organizational measures protects your personal data against the following instances:

Accidental or unlawful destruction;
Accidental loss, damage or alteration;
Unauthorized disclosure or access; and
Any other forms of unlawful processing (including, but not limited to improper use).

We have procedures in place to deal with any (potential) personal data breach. You and the relevant data protection authorities will be notified of a personal data breach, where we are required to do so.

Loading component...

10. What about your rights?

Where provided under the applicable law, you have rights in relation to your personal data, such as:

The right to access the personal data we have about you;
The right to know how we process your personal data;
The right to obtain information on the instruments implemented in the context of international data transfers set forth in Section 7;
The right to have your personal data corrected;
The right to have your personal data deleted (‘right to be forgotten’);
The right to restrict processing of your personal data by us;
The right to object to automated decisions;
The right to withdraw consent at any time and without detriment;
The right to object to certain data processing operations;
The right to request a transfer of your personal data (‘right to data portability’);
The right to copy, correct, delete your personal data by your relative in case of your death (if applicable); and
The right to obtain compensation if the data subject has suffered damage.

If you feel we are not handling your request appropriately you also have the right to lodge a complaint with the relevant data protection authority.

How to exercise your rights

If you wish to exercise any of these rights, please use our Privacy Rights Request Form, which can be found on the intranet page of the Privacy Office. Alternatively, you may email privacyoffice@asml.com. Some countries in which ASML operates require a single point of contact to address your requests or questions . When sending your request to privacyoffice@asml.com, we will forward that question or request to the person located in your region.

We will always check your identity to ensure that it is you exercising your rights. To verify your identity, we match personal data that you provide us against personal data we maintain in our files. The more risk entailed by the request (e.g., a request for specific pieces of personal data), the more items of personal data we may request to reduce the risk that someone might try to impersonate you. If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot verify your identity and what further information we might need from you in order to be able to properly verify your identity and comply with your request.

When exercising your right, the more specific you are, the better we can assist you with your request. In some cases, where permitted by law, we may deny your request, in which case we will notify you of the reason for denial.

ASML’s Non-Discrimination and Non-Retaliation Policy

ASML will not unlawfully discriminate or retaliate against you for exercising your rights.

Authorized Agents of California Business Partners and Visitors

If an authorized agent submits a request to know, correct, or delete on your behalf, the authorized agent must submit with the request either (a) a power of attorney that is valid under California law, or (b) document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you to follow the applicable process described above for verifying your identity. You can obtain an “Authorized Agent Designation” form by contacting us at privacyoffice@asml.com.

Loading component...

11. What about your responsibilities?

We would like to kindly remind you that you are responsible for providing us with accurate, complete and up-to-date data. In case you provide us with personal data of other individuals, you must comply with (local) legal and ASML requirements, including, informing the individuals concerned sufficiently about the processing of their data, providing them with this Privacy Notice and obtaining their agreement before disclosing their data to us.

Loading component...

12. How to contact us

When you have a question about the use of your personal data or about this Privacy Notice we invite you to send an email to our Privacy Office via privacyoffice@asml.com.

For business partners and visitors at ASML Berlin GmbH, the Controller with respect to the processing of your data is ASML Berlin GmbH (Waldkraiburger Straße 5, Waldkraiburger Straße 5, 12347 Berlin, Germany). If you want to address your enquiry directly to our German Data Protection Officer, you can also send your email to dl-dsb@asml.com for the attention of our German Data Protection Officer (please add “attn. German DPO” or similar in the subject line of your email).

This Privacy Notice may be amended from time to time. You can find the previous versions of the Privacy Notice in the Privacy Notice Archive.

Loading component...

Privacy notice for business partners and visitors October 2025

PDF

Privacy notice for business partners and visitors October 2025 - Germany

PDF

Loading component...

Privacy Notice for Business Partners and Visitors

Last updated: October 2025

1. Introduction

2. When does this privacy notice apply?

3. Who is ASML?

4. What is personal data?

5. What personal data do we process about you?

Loading component...

6. What are the purposes and legal bases for processing your personal data?

Loading component...

Loading component...

7. What is the legal basis for processing your personal data?

Loading component...

Loading component...

8. How long will we keep your personal data?

Loading component...

9. How is your personal data secured?

Loading component...

10. What about your rights?

Loading component...

11. What about your responsibilities?

Loading component...

12. How to contact us

Loading component...

Loading component...

Archive

Loading component...

Social Media