Privacy Notice for Business Partners and Visitors

Last updated: July 2022

1. Introduction

This Privacy Notice for Business Partners and Visitors (‘Privacy Notice’) describes how ASML processes the personal data of individuals, such as customers, suppliers and visitors of ASML premises, collaboration portals and website.


We have carefully drafted this Privacy Notice to inform you in plain and comprehensible language about our privacy practices. The Privacy Notice tells you what personal data we process about you, why we process it and how we use it. We encourage you to read the Privacy Notice in full.


Translated versions of this Privacy Notice are available on request. The translated versions are provided for convenience only. In the event of any difference in meaning between the English language version and any translated version, the English language version will prevail.



2. When does this privacy notice apply?

This Privacy Notice applies to the processing of personal data of Business Partners and Visitors by ASML, as set out in chapter one of this Privacy Notice. Processing personal data is a broad term and includes (amongst other things) collecting, recording, storing, amending, reviewing, using and deleting personal data.


Some countries may have stricter or deviating local legal requirements. For example, local law may impose different requirements on how long we have to keep your data (data retention). In case of a conflict between this Privacy Notice and local legislation, the latter will prevail.



3. Who is ASML?

ASML is a leading supplier of semiconductor manufacturing equipment and the innovator behind ever-advancing lithography systems. We provide chipmakers with everything they need – hardware, software and services – to mass produce patterns on silicon through lithography.


When this Privacy Notice mentions ‘ASML’, ‘we’, ‘us’, ‘our’, it refers to ASML Holding N.V. – based at De Run 6501, 5504 DR, Veldhoven, the Netherlands – as well as its group companies.



4. What is personal data?

It is important for you to know that ‘personal data’ (or: ‘data’, ‘personal information’, or ‘your data’), means: any information relating to an identified or identifiable natural person (‘data subject’).


An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier – or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.



5. What personal data do we process about you?

While doing business with you, we may process personal data about you, such as:


a. Contact and general personal details such as name, salutation and email;


b. Personal identification details such as gender, date of birth, passport details;


c. On premise information collected through access control and CCTV recordings;


d. Chamber of Commerce, VAT and tax information;


e. Order history, credit and payment information; 


f. Information from screening and background checks;


g. Information provided by you during ASML’s customer and/or supplier onboarding process;


h. Information regarding suspected and actual criminal behavior, criminal records or proceedings regarding criminal or unlawful behavior;


i. Information and results regarding surveys, tests and trainings;


j. Information from tools, systems, apps such as information required to access ASML systems, tools and applications;


k. Interaction data such as enquiries and complaints handling, management of business relationships and communications;


l. System logs and data generated when transmitting information over an ASML network or while using an ASML asset, such as IP addresses, device information, user account information and user activity logs, time and date of your logins and the type of information and files shared;


m. Geographical location identifiers (e.g. to verify your access rights to high risk or export-controlled data); and


n. Information obtained from cookies and similar tracking technology used on our websites, from your use of our websites. For more information, please read our Cookie Notice.


Special categories of personal data and sensitive personal data
We may also process personal data that is considered as special categories of personal data or sensitive personal data. You may, for example, provide us with a photo that may reveal the following information about yourself: your race, national or ethnic origin, age, physical health (including disability) or religious beliefs. Furthermore, we may process personal data that is considered sensitive, such as veteran status or information relating to criminal convictions or offences (statement of conduct).


Please note that personal data required for our business processes may vary, depending on applicable local rules and regulations. We may process special category or sensitive personal data taking into account local legal requirements. In case we process special or sensitive personal data based on local requirements, we will notify you in advance.


How do we obtain your personal data?
We collect personal data directly from you when you do business with us or visit us.



6. For which purposes do we process your personal data?

We may process your personal data for one or more of the following purposes:


a. Assessment and (re)screening of (potential) business partners;


b. The delivery of customer services, making travel arrangements and obtaining visas, permits and technology export licenses;


c. Management of (delivered) services, products and materials to and from ASML;


d. The development and improvement of products and/or services;


e. To protect the health, safety, security and integrity of ASML and its business partners and visitors, (IT) facilities and assets, including occupational safety and health;


f. For organizational analysis and development, management reporting and corporate or financial transactions, such as acquisitions and divestitures;


g. Financial and accounting management, archiving and insurance coverage, legal and business consulting and possible dispute resolution;


h. Sales, account management and marketing;


i. To comply with the law, including the disclosure of personal data to government institutions or supervisory authorities, and to exercise or defend legal claims;


j. To protect the vital interests of business partners and visitors; and


k. To comply with the ASML Code of Conduct, including any internal investigations.


Secondary use of personal data

When we have collected personal data, this data may be used for a secondary purpose, but only if the secondary purpose is compatible with the original purpose. For example, statistical analysis may constitute as a compatible secondary purpose.



7. What is the legal basis for processing your personal data?

The legal bases (or justified reasons) for processing your personal data are:


  • The legitimate interest of business and management purposes;
  • Entering into and managing a contract;
  • Compliance with our legal obligations;
  • Protecting your vital interest or that of another natural person, for example in case of a medical emergency; and
  • Your specific and informed consent.

In the event that the processing of your personal data is based on your consent, you have the right to withdraw you consent. We would like to draw your attention to the fact that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.


8. Who has access to your personal data?

Access to your personal data within ASML
Our workers are authorized to access personal data only to the extent necessary to serve one or more of the purposes set forth in Section 6 above and in so far as necessary within the scope of their roles and responsibilities as ASML workers.


Access to your personal data by third parties
Your personal data may be shared with third parties for the purpose of providing their products and/or services to ASML or vice versa. When we transfer personal data to third parties, we will only do so under strict confidentiality obligations and where necessary, we will have an agreement concerning the processing of your personal data in place. We may share your personal data with the following categories of third parties, including but not limited to:


  • Banks, insurance companies, financial, tax and legal advisors and accountants;
  • Training and development organizations or consultants; and
  • IT & Security Service Providers.

Your personal data may also be shared with competent public authorities, governments, regulatory or fiscal agencies where it is necessary to comply with legal or regulatory obligations to which ASML is subject.


ASML does not sell your personal data to anyone.


International transfers of your personal data 

Due to our company’s multinational nature, the data you provide to with us may be transferred to or accessed by ASML’s affiliates and trusted third parties from different countries around the world. Your personal data will only be transferred to a country other than your country of residence if this is necessary for the fulfilment of the purposes described in this Privacy Notice. To protect your rights, we only transfer your personal data to a country where:


  1. An adequate level of protection for personal data is provided; or
  2. An instrument covers the requirements for the transfer of personal data
    such as:  
    a.  EU Standard Contractual Clauses; 
    b.  Codes of conduct; and 
    c.  Certification mechanisms.


9. How long will we keep your personal data?

Your data will be kept only for the period required to serve the purposes mentioned under Section 6 above (and to comply with legal requirements – if any). After the applicable retention period your personal data will be securely deleted, destroyed or de-identified.



10. How is your personal data secured?

We have taken adequate measures to protect the confidentiality, integrity and availability of your personal data. The implementation of appropriate technical, physical and organizational measures protects your personal data against the following incidents:

 

  • Accidental or unlawful destruction;
  • Accidental loss, damage or alteration;
  • Unauthorized disclosure or access; and
  • Any other forms of unlawful processing (including, but not limited to improper use).

We have procedures in place to deal with a (suspected) personal data breach. You and/or the applicable data protection authorities will be notified of a personal data breach, where we are legally required to do so.



11. What about your rights?

You have the following rights in relation to your personal data, where required, such as:


  • The right to access the personal data we have about you;
  • The right to have your personal data corrected;
  • The right to have your personal data deleted (‘right to be forgotten’);
  • The right to restrict processing of your personal data by us;
  • The right to object to automated decisions;
  • The right to withdraw consent at any time and without detriment;
  • The right to object to certain data processing operations;
  • The right to request a transfer of your personal data (‘right to data portability’); and
  • The right to copy, correct, delete your personal data by your relative in case of your death (if applicable).

If you wish to exercise any of these rights, please use our Privacy Rights Request Form, which can be found on the ASML website, ’Privacy’ Section. Alternatively, you may email [email protected]. Some countries in which ASML operates may have a single point of contact to direct privacy related questions or requests too. When sending your request to [email protected], we will forward that question or request to the relevant person.


We will always check your identity to ensure that it is you exercising your rights. If we cannot verify your identity, your request will be rejected. When exercising your right, the more specific you are, the better we can assist you with your request. In some cases, where permitted by law, we may deny your request, in which case we will notify you of the reason for denial.


If you feel we are not handling your request appropriately, you also have the right to lodge a complaint with the relevant data protection authority.



12. What about your responsibilities?

We would like to kindly remind you that you are responsible for providing us with accurate, complete and up-to-date data. In case you provide us with personal data of other individuals, comply with (local) legal and ASML requirements, including, informing the individuals concerned sufficiently about the processing of their data, providing them with this Privacy Notice and obtaining their agreement before sharing their data with us.


13. How to contact us

When you have a question about the use of your personal data or about this Privacy Notice, we invite you to send an email to our Privacy Office via [email protected].


This Privacy Notice may be amended from time to time. You can find previous versions of the Privacy Notice in the Privacy Notice Archive.


Archive