Privacy Notice for Business Partners and Visitors

Last updated: July 2021

1. Introduction

This Privacy Notice for Business Partners and Visitors (‘Privacy Notice’) describes how ASML processes the personal data of individuals, such as customers, suppliers and visitors of ASML premises, collaboration portals and website.


We have carefully drafted this Privacy Notice to inform you in plain and comprehensible language about our privacy practices. The Privacy Notice tells you what personal data we process about you, why we process it and how we use it. We encourage you to take some time to read the Privacy Notice in full.



2. When does this privacy notice apply?

This Privacy Notice applies to the processing of personal data of Business Partners and Visitors by ASML, as set out in chapter one of this Privacy Notice.

Some countries may have more strict or deviating local legal requirements. In case of a conflict between this Privacy Notice and local legislation, the latter will prevail.



3. Who is ASML?

ASML is a leading supplier of semiconductor manufacturing equipment and the innovator behind ever-advancing lithography systems. We provide chipmakers with everything they need – hardware, software and services – to mass produce patterns on silicon through lithography.

 

When this Privacy Notice mentions ‘ASML’, ‘we’, ‘us’, ‘our’, it refers to ASML Holding N.V. – based at De Run 6501, 5504 DR, Veldhoven, the Netherlands – as well as its group companies.



4. What is personal data?

It is important for you to know that ‘personal data’ (or: ‘data’, ‘personal information’, or ‘your data’), means: any information relating to an identified or identifiable natural person (‘data subject’).

 

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier – or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.



5. What personal data do we process about you?

While doing business with you, we may process personal data about you, such as:


a. Contact and general personal details such as name, salutation and email;


b. Personal identification details such as gender, date of birth, passport details;


c. On premise information collected through access control and CCTV recordings;


d. Chamber of Commerce, VAT and tax information;


e. Order history, credit and payment information; 


f. Information from screening and background checks;


g. Information provided by you during ASML’s customer and/or supplier onboarding process;


h. Information regarding suspected and actual criminal behavior, criminal records or proceedings regarding criminal or unlawful behavior;


i. Information and results regarding surveys, tests and trainings;


j. Information from tools, systems, apps such as information required to access ASML systems, tools and applications;


k. Interaction data such as enquiries and complaints handling, management of business relationships and communications; and


l. Logs and monitoring data generated when transmitting information over an ASML network or while using an ASML asset, such as IP addresses, device information, user account data, time and date of your logins and the type of information and files shared; and


m. Information obtained from cookies and similar tracking technology used on our websites, from your use of our websites. For more information please read our Cookie Notice.


Special categories of personal data and sensitive personal data
We may also process personal data that is considered as special categories of personal data or sensitive personal data. You may, for example, provide us with a photo that may disclose the following information about yourself: your race, national or ethnic origin, age, physical health (including disability) or religious beliefs. Furthermore, we may process personal data that is considered sensitive, such as veteran status or information relating to criminal convictions or offences (statement of conduct).


We will only process such personal data where it is necessary for the establishment, exercise or defence of claims or where necessary for the purposes of providing occupational medical advice and support, to protect the vital interests of an individual (such as in an emergency), where necessary for reasons of public health or where you have provided us with your explicit consent.


Please note that personal data required for our business processes may vary, depending on applicable local rules and regulations.


How do we obtain your personal data?
We collect personal data directly from you when you do business with us or visit us.



6. For which purposes do we process your personal data?

We may process your personal data for one or more of the following purposes:


a. Assessment and (pre)screening of (potential) business partners;


b. The delivery of customer services, making travel arrangements and obtaining visas, permits and technology export licenses;


c. Management of (delivered) services, products and materials to and from ASML;


d. The development and improvement of products and/or services;


e. To protect the health, safety, security and integrity of ASML and its business partners and visitors, (IT) facilities and assets, including occupational safety and health;


f. For organizational analysis and development, management reporting and corporate or financial transactions, such as acquisitions and divestitures;


g. Financial and accounting management, archiving and insurance coverage, legal and business consulting and possible dispute resolution;


h. Sales, account management and marketing.


i. To comply with the law, including the disclosure of personal data to government institutions or supervisory authorities, and to exercise or defend legal claims; and


j. To protect the vital interests of business partners and visitors; and


k. To comply with the ASML Code of Conduct, including conducting any internal investigations.


Secondary use of personal data

When we have collected personal data, this data may be used for a secondary purpose, but only if the secondary purpose is compatible with the original purpose. For example, statistical analysis may constitute as such a compatible secondary purpose.



7. What is the legal basis for processing your personal data?

The legal bases (or justified reasons) for processing your personal data are:


  • The legitimate interest of business and management purposes;
  • Entering into and managing a contract;
  • Compliance with our legal obligations;
  • Protecting your vital interest or that of another natural person; and
  • Your specific and informed consent.

8. Who has access to your personal data?

Access to your personal data within ASML
Our employees are authorized to access personal data only to the extent necessary to serve one or more of the purposes set forth in Section 6 above and in so far as they need access to perform their job tasks.


Access to your personal data by third parties
To be able to offer you the best possible services and remain competitive in our business, we share certain personal data internally and outside of ASML, including but not limited to:


  • Banks, insurance companies, financial, tax and legal advisors and accountants;
  • Training and development organizations or consultants; and
  • IT & Security Service Providers.

Your personal data may also be shared with competent public authorities, governments, regulatory or fiscal agencies where it is necessary to comply with legal or regulatory obligations to which ASML is subject.


When we transfer personal data to third parties, we will only do so under confidentiality obligations and where necessary, we will have an agreement concerning the processing of your personal data in place.


ASML does not sell your personal data to anyone.


International transfers of your personal data 
ASML is a global organization, so the data we process may be transferred internationally throughout our organization and to third parties worldwide. 
 
To protect your rights we only store and transfer your personal data in a country where:


  1. An adequate level of protection for personal data is provided; or
  2. An instrument covers the requirements for the transfer of personal data
    such as:  
    a.  EU Standard Contractual Clauses; 
    b.  Codes of conduct; and 
    c.  Certification mechanisms.

 

What's not covered in this Notice?
Our website sometimes links to services run by other companies. Those companies have their own privacy and cookie notices, so remember that the information you give them will follow their rules and not ours.



9. How long will we keep your personal data?

Your data will be kept only for the period required to serve the purposes mentioned under Section 6 above (and to comply with legal requirements – if any). After the applicable retention period your personal data will be securely deleted, destroyed or de-identified.



10. How is your personal data secured?

We have taken adequate measures to protect the confidentiality, integrity and availability of your personal data. The implementation of appropriate technical, physical and organizational measures protects your personal data against the following incidents:

 

  • Accidental or unlawful destruction;
  • Accidental loss, damage or alteration;
  • Unauthorized disclosure or access; and
  • Any other forms of unlawful processing (including, but not limited to improper use).

We have procedures in place to deal with a (suspected) personal data breach. You and/or the applicable data protection authorities will be notified of a personal data breach, where we are legally required to do so.



11. What about your rights?

You have the following rights in relation to your personal data:


  • The right to access the personal data we have about you;
  • The right to have your personal data corrected;
  • The right to have your personal data deleted (‘right to be forgotten’);
  • The right to restrict processing of your personal data by us;
  • The right to object to automated decisions;
  • The right to withdraw consent at any time and without detriment;
  • The right to object to certain data processing operations, and
  • The right to request a transfer of your personal data (‘right to data portability’).

If you wish to exercise any of these rights, please use our Privacy Rights Request Form, which can be found on the ASML website, ’Privacy’ section. Alternatively, you may email [email protected]. We will always check your identity to ensure that it is you exercising your rights. If we cannot verify your identity, your request will be rejected. When exercising your right, the more specific you are, the better we can assist you with your request. In some cases, where permitted by law, we may deny your request, in which case we will notify you of the reason for denial. Furthermore, we would like to draw your attention to the fact that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.


If you feel we are not handling your request appropriately, you also have the right to lodge a complaint with the relevant data protection authority.



12. What about your responsibilities?

We would like to kindly remind you that you are responsible for providing us with accurate, complete and up-to-date data. In case you provide us with personal data of other individuals, comply with (local) legal and ASML requirements, including, informing the individuals concerned sufficiently about the processing of their data, providing them with this Privacy Notice and obtaining their agreement before sharing their data with us.


13. How to contact us

When you have a question about the use of your personal data or about this Privacy Notice, we invite you to send an email to our Privacy Office via [email protected].


This Privacy Notice may be amended from time to time. You can find previous versions of the Privacy Notice in the Privacy Notice Archive.


Archive