Last updated: October 2025
We are committed to being transparent about the data we process about you. For example, we will inform you about the way our company applies data protection principles and your privacy rights.
We only process your personal data for specific purposes and when we have a justified reason to do so, for example, in order to welcome you to our premises or to provide access to our systems.
We only allow access to your personal data to third parties when it is necessary. In such cases, it is only disclosed to third parties that provide us with services under confidentiality obligations.
We understand how valuable your personal data is and therefore only keep it for as long as we need it and take appropriate measures to keep it safe. For example, we do this by deleting data when no longer needed and by applying encryption methods, among others.
We enable you to exercise your privacy rights and encourage you to keep your personal data up to date, for example, by providing you with means for you to submit a privacy right request and by being transparent.
We are open to any questions, comments and complaints you might have about the processing of your personal data or our Privacy Notice. You can contact us via privacyoffice@asml.com and via the contact form on asml.com/privacy.
1. Introduction
This Privacy Notice for Business Partners and Visitors (‘Privacy Notice’) describes how ASML Holding N.V. – based at De Run 6501, 5504 DR, Veldhoven, the Netherlands – and its group companies (‘ASML’, ‘us’, ‘our’ or ‘we’) processes the personal data of individuals who are not workers or job applicants, such as customers, suppliers and visitors of ASML premises, collaboration portals and website.
We have carefully drafted this Privacy Notice to inform you in plain language about our privacy practices. The Privacy Notice tells you what personal data we process about you, why we process it and how we use it. We encourage you to read the Privacy Notice in full.
Translated versions of this Privacy Notice are available. The translated versions are provided for convenience only. In the event of any difference in meaning between the English language version and any translated version, the English language version will prevail.
Assistance For The Disabled
Alternative formats of this Privacy Policy are available to individuals with a disability. Please contact privacyoffice@asml.com for assistance.
2. When does this privacy notice apply?
This Privacy Notice applies to the processing of personal data of Business Partners and Visitors by ASML, as set out in Chapter One of this Privacy Notice. Processing personal data is a broad term and includes (amongst other things) collecting, recording, storing, amending, reviewing, using and deleting personal data.
Some countries may have stricter or deviating local legal requirements. For example, local law may impose different requirements on how long we have to keep your data (data retention). In case of a conflict between this Privacy Notice and such requirements, the latter will prevail.
3. Who is ASML?
ASML is a supplier of semiconductor manufacturing equipment and the innovator behind lithography systems. We provide chipmakers with everything they need – hardware, software and services – to mass produce patterns on silicon through lithography.
4. What is personal data?
It is important for you to know that ‘personal data’ (or: ‘data’, ‘personal information’, or ‘your data’) means any information relating to an identified or identifiable natural person (‘data subject’).
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier – or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
5. What personal data do we process about you?
As a business partner or visitor to ASML, we process and use your information to do business with you, to facilitate your access to our premises or website and to manage our processes. We may process personal data about you, such as:
- Government-issued data and documentation required under immigration laws, such as passport number and expiry date, nationality, social security/national insurance/equivalent identification number and work permit;
- Internal data, such as employee/user ID, title, department, working hours, travel and expense claims, (corporate) credit or debit card numbers and relocation data;
- Personal identifiers, such as contact details (i.e., name, alias, telephone number, postal address, e-mail address), date of birth and gender;
- Sensory or surveillance data, such as on premise information collected through access control and CCTV recordings;
- Organizational information, such as your employer and role, Chamber of Commerce number, VAT and tax information;
- System logs, including data generated when transmitting information over an ASML network or while using an ASML asset, such as IP addresses, telecom data, device information, user account information and user’s activity logs, time and date of your logins and the type of information and files exchanged (including business emails contained in the professional email account along with attachments);
- Geolocation data, such as geographical location identifiers (e.g. to verify your access rights to high risk or export-controlled data);
- Background information, such as screening and background checks;
- Onboarding and registration data, such as information provided by you during ASML’s customer and/or supplier onboarding process;
- Transactional and financial data, such as order history, credit card and payment information;
- Information provided by you in order to attend an ASML event, such as education details and dietary preferences;
- Internet or other electronic network activity information, such as Information obtained from cookies and similar tracking technology from your use of our websites or applications. For more information, please read our Cookie Notice;
- User-generated content, such as documents and notes; and
- Photos, video and/or sound recordings.
Special categories of personal data and sensitive personal data
We may also process personal data that is considered as special categories of personal data or sensitive personal data. Such data may include data relating to racial or ethnic origin, genetic or biometric data, as well as data concerning your health. Furthermore, we may process personal data that is considered sensitive, such as veteran status or information relating to criminal convictions or offences.
Please note that personal data required for our business processes may vary, depending on applicable local rules and regulations. We may process special category or sensitive personal data taking into account local legal requirements.
We do not collect or process sensitive personal data or characteristics of protected classifications for the purpose of inferring characteristics about you.
How do we obtain your personal data?
We collect personal data directly from you when you do business with us or visit us. In addition, we may collect personal data through technical means such cookies or similar technologies on our website, CCTV, or the ASML systems and assets you might use. We also collect your personal data from third parties, such as professional screening agencies and background check providers, to the extent permitted by applicable law.
6. What are the purposes and legal bases for processing your personal data?
We may process your personal data for one or more of the purposes in the table below.
The legal bases (or justified reasons) for processing your personal data are:
- The legitimate interests of ASML as detailed in the table below (‘legitimate interests’);
- For entering into and managing a contract or employment relationship (‘performance of a contract’);
- Compliance with our legal obligations (‘legal obligation’);
- Protecting your vital interest or that of another natural person (‘vital interests’); and
- Your specific and informed consent (‘consent’).
| Purpose | Personal data we process (as set forth in Section 5 above) | Legal basis |
|---|---|---|
| a. Assessment and (re)screening of (potential) business partners; | Internal data Personal identifiers Government-issued data and documentation Background information | Legitimate interests Legal obligation |
| b. For business processes, work execution, and internal management, including (company) audits. | Internal data Personal identifiers System logs Sensory or surveillance data Geolocation data | Legitimate interests Legal obligation |
| c. The delivery of customer services, making travel arrangements and obtaining visas, permits and technology export licenses; | Government-issued data and documentation Internal data Personal identifiers | Legitimate interests Performance of a contract Legal obligation |
| d. Management of (delivered) services, products and materials to and from ASML; | Organizational information Transactional and financial data Internal data | Legitimate interests Performance of a contract |
| e. The development and improvement of products and/or services; | User-generated content System logs | Legitimate interests |
| f. To efficiently manage and operate administrative, information technology, and communications systems, risk management and insurance functions, budgeting, financial management, and strategic planning; | Internal data Organizational information System logs | Legitimate interests |
| g. To protect the health, safety, security and integrity of ASML and its workers, business partners and visitors, (IT) facilities and assets, including occupational safety and health, and intellectual property; | Internal data Personal identifiers System logs Health data Biometric data Sensory or surveillance data Geolocation data | Legitimate interests Legal obligation |
| h. For organizational analysis and development, management reporting and corporate or financial transactions, such as acquisitions and divestitures; | Internal data Organizational information Transactional and financial data | Legitimate interests Legal obligation |
| i. Financial and accounting management, archiving and insurance coverage, legal and business consulting and possible dispute resolution; | Organizational information Transactional and financial data | Legitimate interests Legal obligation |
| j. Sales, account management, marketing and community engagement; | Personal identifiers User-generated content Onboarding and registration data | Legitimate interests |
| k. To comply with the law, including the investigation of any possible cases of non-compliance with statutory or contractual obligations or the disclosure of personal data to government institutions or supervisory authorities, as well as to exercise or defend legal claims; | Government-issued data and documentation System logs Sensory or surveillance data | Legal obligation |
| l. To protect the vital interests of business partners and visitors; | Internal data Personal identifiers System logs Health data Biometric data Sensory or surveillance data Geolocation data | Legitimate interests Legal obligation Vital interests |
| m. To comply with the ASML Code of Conduct and other ASML policies, including any internal investigations; | Internal data Organizational information System logs Sensory or surveillance data | Legitimate interests Legal obligation |
| n. To test, develop and use Artificial Intelligence systems or other similar technologies; | System logs User-generated content | Legitimate interests |
| o. For internal and/or external communications purposes, such as to be used on our website, our social media channels, or in traditional media; | Photos, video and/or sound recordings User-generated content Personal identifiers | Legitimate interests Consent |
| p. To enhance user experience such as analyzing data to optimize platforms functionality, improve workflow efficiency etc.; | Internet or other electronic network activity information System logs | Legitimate interests Consent |
Secondary use of personal data
When we have collected personal data, this data may be used for a secondary purpose, but only if the secondary purpose is compatible with the original purpose. For example, statistical analysis may constitute a compatible secondary purpose.
9. How is your personal data secured?
We take adequate measures to protect the confidentiality, integrity and availability of your personal data. The implementation of appropriate technical, physical and organizational measures protects your personal data against the following instances:
- Accidental or unlawful destruction;
- Accidental loss, damage or alteration;
- Unauthorized disclosure or access; and
- Any other forms of unlawful processing (including, but not limited to improper use).
We have procedures in place to deal with any (potential) personal data breach. You and the relevant data protection authorities will be notified of a personal data breach, where we are required to do so.
10. What about your rights?
Where provided under the applicable law, you have rights in relation to your personal data, such as:
- The right to access the personal data we have about you;
- The right to know how we process your personal data;
- The right to obtain information on the instruments implemented in the context of international data transfers set forth in Section 7;
- The right to have your personal data corrected;
- The right to have your personal data deleted (‘right to be forgotten’);
- The right to restrict processing of your personal data by us;
- The right to object to automated decisions;
- The right to withdraw consent at any time and without detriment;
- The right to object to certain data processing operations;
- The right to request a transfer of your personal data (‘right to data portability’);
- The right to copy, correct, delete your personal data by your relative in case of your death (if applicable); and
- The right to obtain compensation if the data subject has suffered damage.
If you feel we are not handling your request appropriately you also have the right to lodge a complaint with the relevant data protection authority.
How to exercise your rights
If you wish to exercise any of these rights, please use our Privacy Rights Request Form, which can be found on the intranet page of the Privacy Office. Alternatively, you may email privacyoffice@asml.com. Some countries in which ASML operates require a single point of contact to address your requests or questions . When sending your request to privacyoffice@asml.com, we will forward that question or request to the person located in your region.
We will always check your identity to ensure that it is you exercising your rights. To verify your identity, we match personal data that you provide us against personal data we maintain in our files. The more risk entailed by the request (e.g., a request for specific pieces of personal data), the more items of personal data we may request to reduce the risk that someone might try to impersonate you. If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot verify your identity and what further information we might need from you in order to be able to properly verify your identity and comply with your request.
When exercising your right, the more specific you are, the better we can assist you with your request. In some cases, where permitted by law, we may deny your request, in which case we will notify you of the reason for denial.
ASML’s Non-Discrimination and Non-Retaliation Policy
ASML will not unlawfully discriminate or retaliate against you for exercising your rights.
Authorized Agents of California Business Partners and Visitors
If an authorized agent submits a request to know, correct, or delete on your behalf, the authorized agent must submit with the request either (a) a power of attorney that is valid under California law, or (b) document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you to follow the applicable process described above for verifying your identity. You can obtain an “Authorized Agent Designation” form by contacting us at privacyoffice@asml.com.
11. What about your responsibilities?
We would like to kindly remind you that you are responsible for providing us with accurate, complete and up-to-date data. In case you provide us with personal data of other individuals, you must comply with (local) legal and ASML requirements, including, informing the individuals concerned sufficiently about the processing of their data, providing them with this Privacy Notice and obtaining their agreement before disclosing their data to us.
12. How to contact us
When you have a question about the use of your personal data or about this Privacy Notice we invite you to send an email to our Privacy Office via privacyoffice@asml.com.
For business partners and visitors at ASML Berlin GmbH, the Controller with respect to the processing of your data is ASML Berlin GmbH (Waldkraiburger Straße 5, Waldkraiburger Straße 5, 12347 Berlin, Germany). If you want to address your enquiry directly to our German Data Protection Officer, you can also send your email to dl-dsb@asml.com for the attention of our German Data Protection Officer (please add “attn. German DPO” or similar in the subject line of your email).
This Privacy Notice may be amended from time to time. You can find the previous versions of the Privacy Notice in the Privacy Notice Archive.